Due to things going on which I can't get into, I will not take new applications to Draupnir4All. Additionally, I plan to shut down the system at the end of the year. I suggest looking for alternatives, as I am unlikely to extend this timeframe.
I am at this time not aware of alternatives beyond selfhosting a draupnir. Draupnir4All is selfhostable by anyone via the appservice module of draupnir however.
We (Cat, Sky and I) are setting up a new server to help replace MTRNord's Draupnir4All service. Asgard will offer both Meowlnir and Draupnir instances to room admins who need a moderation bot, but can't host one themselves (or who want a secondary bot as backup). Expect more news in the coming weeks.
Please join me in welcoming the newest members of the Foundation! FlatTurtle has joined as a Silver Member, and c-base has joined as an Associate Member. We're grateful for their support!
Does your community or organisation use Matrix? Do you maintain an open source project that builds on Matrix? Join these organisations in demonstrating their support and apply to become a member today.
Today, Cat and Sky want to formally launch Muninn Hall.
Muninn Hall is a new community for public Matrix homeserver staff, from administrators to custodial and janitorial moderators.
We want to provide a space to pool knowledge, collaborate, and support each other in the efforts of running publix Matrix homeservers. This can range from Trust & Safety, systems administration, or general community management.
Why Muninn Hall?
While there are various Matrix rooms that may look similar to what we aim to do, we couldnt find anything with a comparable concept yet.
The plan is to:
meet in the Matrix space for easy exchange and coordination between each other
have the main Muninn Hall website where we want to pool all kinds of relevant documentation regarding public Matrix homeservers
publish blogs like Introducing Muninn Hall, or maybe a homeserver admin sharing their experiences with $topic
Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.
This big news this week is the Project Hydra coordinated security release. On August 11th, 2025, updated homeserver implementations were put out to address the vulnerabilities. And the following Thursday, August 14th, the associated spec updates were put out as well (which divulge further details).
The largest part of this is the new Room Version 12, which had a spec PR merged on the same. It explains the changes servers and clients need to make to address the vulnerabilities.
The relevant MSCs and spec PRs were merged and homeserver and client implementations should have already (or should do now if they haven't) updated to support the new changes. However, the changes to the spec won't actually appear in a new spec release until the next release cycle, keeping in line with the usual spec process. The next release is due to go out in the next few weeks as we approach the end of Q3 2025.
On July 16th 2025 we issued a pre-disclosure for vulnerabilities in the federation protocol, and announced new releases of Matrix homeservers on Mon August 11. Today we are ending the embargo and disclosing the remaining MSCs. This post will go into more detail about the changes and what led up to them.
This project has the codename “Hydra” and is an ongoing exercise in improving the security of the federation protocol. Given the security-sensitive nature of this work, it was done under embargo by the backend team at Element, the Matrix.org Security Team, the Spec Core Team, alongside Timo Kösters (who privately reported a related vulnerability, helping jumpstart the project) and Florian Jacob (at Karlsruher Institut für Technologie). The work was subsequently shared, reviewed and MSC’d under embargo with maintainers of all known Matrix homeserver implementations which implement State Resolution 2.0 on June 13th, so they could prepare for the coordinated release on August 11. We have then given server admins 3 more days to upgrade before lifting the embargo and disclosing the vulnerability details here.
This entire process has been highly unusual for the ecosystem, and it’s unfortunate that we were unable to make these changes out in the open. Where possible, we moved to release redacted versions of the MSCs as soon as we were comfortable from a security perspective (e.g. releasing MSC4289 and MSC4291 ahead of time, with redacted sections). Furthermore, we’d like to apologise for the disruption in landing a new stable room version and specification release with immediate effect rather than allowing for a period of public review. Going forwards, normal MSC work will continue in public as it ever has, along with normal on-cycle specification releases.
Last month we issued a Pre-disclosure: Upcoming coordinated security fix for all Matrix server implementations, describing a coordinated release to fix two high severity protocol vulnerabilities (CVE-2025-49090; the other not yet allocated a CVE). That release is now available as of 17:00 UTC on August 11, 2025. Server updates are now available, and MSCs & spec updates will follow on Thursday, August 14, 2025, bringing us to version 1.16 of the spec later in the month, and introducing room version 12.
A reminder that patches for the coordinated security release of Matrix server implementations will go out this Monday, August 11th 2025 at 17:00 UTC. If you run your own homeserver, please be ready to update around that time to receive security patches!
Last week we were excited to announce two new Working Groups! Huge thanks to Nico who is acting as the Governing Board sponsor for both the Trust & Safety Research & Development Working Group and the Room Directory Working Group. You can learn more about both as well as the existing Events Working Group and Website & Content Working Group on the website at https://matrix.org/foundation/working-groups/!
Feedback form getting these new Working Groups set up helped us at the Governing Board identify some parts in our bylaws and processes documents that were a bit more difficult to grasp. The Governance Committee of the Governing Board is responsible for improving both the Governing Board's own as well as the Foundations processes and has been working in parallel to fill the gaps: You can read the new description about what the tasks of Working Group Chairs are at https://matrix.org/foundation/governing-board/bylaws/02-bylaws/#working-group-chairs-and-vice-chairs-expectations. Tl;dr: if you really care about something getting done, then being the chair is your role for ensuring progress keeps getting made.
By the time you read this, you should be able to find documentation about the Trust and Safety working groups doing Research and Documentation as well as planning to support maintaining the matrix.org room directory on the working groups page.
If those interest you and you want to help out, feel free to join their public offices and introduce yourself! Sorry it took so long to set up and it will take a while longer until you see some output from those groups, but we are slowly organizing ourselves!
Users of the Matrix.org homeserver have recently received – or will shortly receive as the notifications are rolled out progressively – an invite from a user called Matrix.org (Official Account). Those checking the room will have noticed that it announces upcoming changes to our the Matrix.org Homeserver Terms and Conditions.
Some of you have asked us questions about these two events so we would like to offer some clarification and (hopefully) some reassurance.
Please join us in welcoming < polycule >, a geeky and efficient Matrix client, as the newest Ecosystem Member of the Foundation! ✨
Does your community use Matrix? Or do you maintain a community project that builds on Matrix? Join the Foundation as a member! This helps us demonstrate the breadth of the ecosystem, and all members are entitled to participate in our Governing Board elections.
