Mattermost Changelog

This changelog summarizes updates to Mattermost Team Edition, an open source team messaging solution released monthly under an MIT license, and Mattermost Enterprise Edition, a commercial upgrade offering enterprise messaging for large organizations.

Also see changelog in progress for the next release.

Release v5.29 - Quality Release

Compatibility

  • A new configuration setting ThreadAutoFollow has been added to support Collapsed Reply Threads releasing in beta in Q1 2021. This setting is enabled by default and may affect server performance. It is recommended to review our documentation on hardware requirements to ensure your servers are appropriately scaled for the size of your user base.

IMPORTANT: If you upgrade from a release earlier than v5.28, please read the other Important Upgrade Notes.

Highlights

Channel Moderation Settings now generally available (E20)

Mattermost Omnibus now generally available

Improvements

User Interface (UI)

  • Added a new browser favicon state for when there are new messages but no mentions.
  • Improved sort order of the channel switcher to prioritize recently viewed channels.
  • Improved filter control for the new channel sidebar to show unread channels without categories.
  • The ‘More unreads’ banner in the new channel sidebar was updated to match the new mobile app styling.
  • A threshold was added from the bottom of the screen for the new messages toast.

Bug Fixes

  • Fixed an issue where Enterprise CLI commands would not run.
  • Fixed an issue where the right-hand side comment box got pushed out of the view when a new message was posted in the message thread.
  • Fixed an issue where the color picker colors were missing from the Announcement Banner page in the System Console.
  • Fixed an issue where links in channels headers overlapped in some cases.
  • Fixed an issue where a plugin could create a blank ephymeral post, leading to a white screen.
  • Fixed an issue where the channel switcher dialog was not accessible with a screen reader.
  • Fixed an issue where email addresses were not auto-detected on invites.
  • Fixed an issue where duplicate sidebar categories could be created on first use of the new experimental sidebar.
  • Fixed an issue where installing plugins on a server using FileSettings.PathPrefix caused issues.
  • Fixed an issue where the error message was unclear when a plugin crashed during a slash command execution.
  • Fixed an issue where bot icon images had too much height.
  • Fixed an issue where tags where nested in Plugin Marketplace labels.
  • Fixed an issue with inconsistent behaviour in channel mentions in message attachments.
  • Fixed an issue where ephemeral posts posted by bot accounts showed a wrong username on the right-hand side.
  • Fixed an issue where the category headings in the experimental sidebar were not sticky and overlapped the More Unreads indicators.
  • Fixed an issue where Automatic Direct Message Replies were not shown on the right-hand side.
  • Fixed an issue where Automatic Direct Message Replies were still showing after the root post was deleted.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added ThreadAutoFollow, to add support for collapsed reply threads.
    • Added ManagedResourcePaths, to add support for a setting to use with the Desktop Managed Resources feature.

Go Version

  • 5.29 is built with Go 1.14.6.

Open Source Components

  • Removed @types/react-custom-scrollbars from https://github.com/mattermost/mattermost-webapp.

Database Changes

  • Altered some types and defaults in SidebarCategories table.
  • Added a new column Threads.ChannelId.

Known Issues

  • Emoji counter in the center channel doesn’t always update immediately when a reaction is added in the right-hand side.
  • Errors related to ThreadMemberships may appear in the server logs when replying to a user on a thread.
  • A JavaScript error may appear in some cases when dismissing the new messages toast while scrolled up in the right-hand side.
  • Pressing ENTER closes the Account Settings Edit modal when adjusting the settings for desktop notification sound.
  • Admin Filter option is not disabled in AD/LDAP page for admin roles with sysconsole_write_authentication permission.
  • Twitter link previews no longer work in Mattermost as Twitter has removed OpenGraph data from its pages.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console. To fix this, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as Away or Offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Contributors

Release v5.28 - Feature Release

  • v5.28.1, released 2020-10-19
    • Fixed an issue where mmctl Command Line Tool (Beta) was broken on Mattermost server v5.28.0. MM-29740
    • Fixed an issue where the Compliance Exports were taking too long on large deployments. This was fixed with a performance optimization of the message export query.
  • v5.28.0, released 2020-10-16
    • Original 5.28.0 release

Compatibility

  • PostgreSQL ended long-term support for version 9.4 in February 2020. Mattermost is officially supporting PostgreSQL version 10 with v5.26 release as PostgreSQL 9.4 is no longer supported. New installs will require PostgreSQL 10+. Previous Mattermost versions, including our current ESR, will continue to be compatible with PostgreSQL 9.4. We plan on fully deprecating PostgreSQL 9.4 and all 9.x versions in our v5.30 release (December 16, 2020). Please follow the instructions under the Upgrading Section within the PostgreSQL documentation.
  • Support for Mattermost Server Extended Support Release (ESR) 5.19 has come to the end of its lifecycle. Upgrading to Mattermost Server v5.25 or later is required.
  • TLS versions 1.0 and 1.1 have been deprecated by browser vendors. Starting in v5.31 (January 16, 2021) mmctl will return an error when connected to Mattermost servers deployed with these TLS versions and System Admins will need to explicitly add a flag in their commands to continue to use them. We recommend upgrading to TLS version 1.2 or higher.

Breaking Changes

  • Now when the service crashes, it will generate a coredump instead of just dumping the stack trace to the console. This allows us to preserve the full information of the crash to help with debugging it. For more information about coredumps, please see: https://man7.org/linux/man-pages/man5/core.5.html.

IMPORTANT: If you upgrade from a release earlier than v5.27, please read the other Important Upgrade Notes.

Highlights

New admin roles to delegate administration tasks to other types of administrators (E20)

  • New admin roles are additional system roles that have access to designated areas of the System Console. This enables you to delegate certain administrative tasks to other members of your organization.

Certificate-based authentication with AD/LDAP (E10)

  • You can now improve the security of your AD/LDAP authentication with certificate-based AD/LDAP authentication.

Stay current with in-product notices

Improvements

User Interface (UI)

  • Improved the readability of the toast banner message timestamp, post timestamp, and date separators.
  • Added animation for emoji reactions on webapp.
  • Added the ability to use Ctrl + B and Ctrl + I to add bold and italics markdown formatting to selected text.
  • Clicking on original message creator’s username in discontinuing posts now opens the user’s profile popover.
  • Added support for PSD file preview.
  • When the Enable Latex Rendering option is set to true, the current code now doesn’t highlight.
  • Updated the UX of the More unreads indicator in the channel sidebar.
  • Select Team list container now scales in width based on browser window width.
  • Added support for signaling login to other tabs (Windows, macOS and Linux browsers).

Notifications

  • Added an option in the Account Settings to select different desktop notification sounds. This setting is available in supported browsers and in the Desktop app v4.6 and later.

Command Line Interface (CLI)

  • Added config migrate, config subpath, user delete, integrity, user migrate_auth, moveChannel, updateChannelPrivacy, restoreTeam, channel delete, and plugin marketplace commands to mmctl.

Plugins

  • Plugins now start concurrently on server startup.
  • Plugin tooltips are now only rendered when user hovers over a link.
  • Added a CreateCommand plugin API that creates a slash command that is not handled by the plugin itself.

Administration

  • Added the ability to upload and remove private and public certificates for LDAP authentication.
  • Added support for resumable file uploads.
  • Added the ability to convert a public channel to private and vice versa via Advanced Permissions.
  • Added filters to search teams in Teams page.
  • Improved logging related to sessions that are not found.
  • Created Grafana enterprise metrics for logging, such as for current queue level(s), rate of logging records emitted, and rate of logging errors.
  • Improved logging when GetUser fails during MFA Authentication.
  • Added support for sending telemetry via an environment variable set by packages to identify type of deployment (e.g. Docker, Mattermost Omnibus).

Bug Fixes

  • Fixed an issue where a large number of archived channels caused performance degradation.
  • Fixed an issue where group list-ldap mmctl command didn’t return any results.
  • Fixed an issue where user were allowed to update their profile picture on ADFS setup with SAML and LDAP configured and AD/LDAP Sync enabled.
  • Fixed an issue where patching the config with DataSourceReplicas caused a panic.
  • Fixed an issue where API invites by email were silently rate-limited.
  • Fixed an issue where deactivated users broke pagination in Manage Members modal.
  • Fixed an issue where an error occurred while inviting more than 20 users to a team via Invite People.
  • Fixed an issue where a PostUtils.formatText crashed when formatting text with unicode emoji.
  • Fixed an issue where a white screen occurred when editing a post and sending the post from a preview mode.
  • Fixed an issue on Microsoft Edge (non-Chromium) where logging out caused the user to get stuck at a loading screen.
  • Fixed an issue where a selected item in the Direct Messages More menu didn’t scroll into view when using keyboard navigation.
  • Fixed an issue where users received ghost notifications when the “First name trigger mention” setting was set but the “First Name” was not set.
  • Fixed an issue where post text was partially hidden by the post hover menu.
  • Fixed an issue where users were unable to type color hex value into custom theme color input box.
  • Fixed an issue where the badge with a mention count on the team sidebar did not increment when user was added to a channel.
  • Fixed an issue where Group Message results were prioritized over Direct Message results for Full Name in the user autocomplete.
  • Fixed an issue where the New Message indicator was broken when a webhook owned by the user posted to a channel.
  • Fixed an issue where the active search bar was not vertically aligned with left edge of the right-hand side in tablet view.
  • Fixed an issue where there were two scrollbars showing in the channel switcher.
  • Fixed an issue where the “Start trial” message was unreadable in the System Console on dark theme on first load.
  • Fixed an issue on Firefox where pasting an image also added the file as text.
  • Fixed an issue where Python syntax highlighting handled """ strangely.
  • Fixed an issue where formatting around inline codes was missing.
  • Fixed an issue where GetPluginStatus didn’t work in a non-cluster environment.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under LdapSettings in config.json:
    • Added PublicCertificateFile, to be able to upload the public certificate to be used for encryption with SAML configuration.
    • Added PrivateKeyFile, to be able to upload the private key to be used for encryption with SAML configuration.
  • Under ServiceSettings in config.json:
    • Added EnableAPIChannelDeletion, to permanently delete channels for compliance reasons.
    • Added EnableAPIUserDeletion, to permanently delete users for compliance reasons.
  • Under NotificationLogSettings and ExperimentalAuditSettings in config.json:
    • Added AdvancedLoggingConfig, to enable configuration options for setting audit targets.
  • Under AnnouncementSettings in config.json:
    • Added AdminNoticesEnabled and UserNoticesEnabled, to enable in-product notices to make users and Admins aware of the newest product enhancements from within Mattermost.
  • EnableCustomEmoji, EnableGifPicker, ExperimentalViewArchivedChannels and ExperimentalTimezone are now enabled by default for new installs.

Open Source Components

  • Added react-is and tinycolor2 to https://github.com/mattermost/mattermost-webapp.
  • Removed @types/highlight.js, @typescript-eslint/parser, bootstrap-colorpicker, and intl from https://github.com/mattermost/mattermost-webapp.
  • Removed react-native-v8 from https://github.com/mattermost/mattermost-mobile.

Database Changes

  • Added a new column Commands.PluginId.
  • Changed to data type of Teams.Type to varchar(255).
  • Changed to data type of Teams.SchemeId to varchar(26).
  • Changed to data type of IncomingWebhooks.Username to varchar(255).
  • Changes to data type of IncomingWebhooks.IconURL to text",.

API Changes

  • Added POST /upgrade_to_enterprise API endpoint.
  • Added GET /upgrade_to_enterprise/status API endpoint.
  • Added POST /restart API endpoint.
  • Added GET /warn_metrics/status API endpoint.
  • Added POST /warn_metrics/ack/:warn_metric_id API endpoint.

Known Issues

  • Emoji counter in the center channel doesn’t always update immediately when a reaction is added in the right-hand side.
  • Pressing ENTER closes the Account Settings Edit modal when adjusting the settings for desktop notification sound.
  • Admin Filter option is not disabled in AD/LDAP page for admin roles with sysconsole_write_authentication permission.
  • Twitter link previews no longer work in Mattermost as Twitter has removed OpenGraph data from its pages.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console. To fix this, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as Away or Offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Release v5.27 - Quality Release

  • v5.27.1, released 2020-10-19
    • Fixed an issue where the Compliance Exports were taking too long on large deployments. This was fixed with a performance optimization of the message export query.
  • v5.27.0, released 2020-09-16
    • Original 5.27.0 release

Mattermost v5.27.0 contains a low level security fix. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Improvements

  • Added the ability to upgrade Mattermost from Team Edition to Enterprise Edition directly from the System Console.
  • Added various improvements for Admin Advisor feature (Team Edition), including that the bot messages now appear only once for the 500-user advisory and the banner notification interval is reduced from daily to weekly.
  • Changed the Default Theme setting in the System Console to a drop-down field.

Bug Fixes

  • Fixed an issue where the server crashed when a Compliance Export job was run for Global Relay EML.
  • Fixed an issue where Compliance Jobs did not restart correctly after a Warning status.
  • Fixed an issue where users were not matching on mixed-case SAML assertions.
  • Fixed an issue where Channel Admin was not able to make the default role as Channel Admin for AD/LDAP Groups.
  • Fixed an issue where user role was not added correctly in the Members block in System Console > Teams.
  • Fixed an issue where a team stopped loading in the System Console Filter By-dropdown when a search was performed and then cleared.
  • Fixed an issue where the ability to demote Admins to members and to deactivate accounts from System Console > Users was not available.
  • Fixed an issue where a false message “Group Mentions is already taken” was shown when a System Admin tried to add a channel to an AD/LDAP Group.
  • Fixed an issue where a AD/LDAP group mention of an outsider group was highlighted in a Group Synced channel.
  • Fixed an issue where incoming webhooks owned by a bot did not consistently allow a username override.
  • Fixed an issue where the emoji picker in the Edit Post modal was misaligned.
  • Fixed an issue where pasted unicode emojis failed to appear once posted.
  • Fixed an issue where long text in message edit modal did not scroll with a scroll bar.
  • Fixed an issue with Accessibility where user’s name was not displayed in alt text on some images.
  • Fixed an issue where dates on System Console > Site Statistics - Dates were displayed out of order on days when there were no posts.
  • Fixed an issue where the Admin Advisor bot was unexpectedly displayed in the Integrations > Bot Accounts page.
  • Fixed an issue where a new badge in the channel sidebar category header reappeard after a channel was removed from the category.
  • Fixed an issue where the theme color for Sidebar Text Active Border was not currently being used in the active border in the sidebar.
  • Fixed an issue where users saw an incorrect mention count when added to a channel by another user.
  • Fixed an issue where channels created from another browser tab did not immediately appear in the channel sidebar.
  • Fixed an issue where a console error showed when creating a new custom category in the channel sidebar.
  • Fixed an issue where enabling the new channel sidebar created invalid channel links.
  • Fixed an issue where a channel state got broken after an “unallowed” deletion.
  • Fixed an issue where dynamic slash command autocomplete options did not update between requests.
  • Fixed an issue where an incorrect callback URL with OAuth 2.0 allowed users to click Back to Mattermost in the authentication window.
  • Fixed an issue where editing “Full Name” got overwritten by Single Sign-On settings.
  • Fixed an issue where “You do not have the appropriate permissions” error was shown for warn_metrics call for non-admin users.
  • Fixed an issue where the channel switcher sometimes showed a wrong empty state with network API.
  • Fixed an issue where the loader was not hidden when posts were not loading which affected the performance of some Linux distros.
  • Fixed an issue where PatchConfig caused a panic if SiteURL was not set.
  • Fixed an issue where a panic occurred when the server was getting a shutdown before InitPlugins() was able to complete.
  • Fixed an issue where a panic was caused when a user joined a team with default channels archived.
  • Fixed an issue where App.GetSidebarCategories() panicked on nil returned value.
  • Fixed an issue where the SendEmailNotifications setting blocked testing the SMTP connection.

Open Source Components

  • Removed @types/redux-mock-store and tinycolor2 from https://github.com/mattermost/mattermost-webapp.
  • Added bootstrap-colorpicker in https://github.com/mattermost/mattermost-webapp.
  • Added @react-native-community/clipboard in https://github.com/mattermost/mattermost-mobile.

API Changes

  • Added POST api/v4/upgrade_to_enterprise API endpoint to be able to execute an inplace upgrade from Team Edition to Enterprise Edition.
  • Added GET api/v4/upgrade_to_enterprise/status API endpoint to get the current status for the inplace upgrade from Team Edition to Enterprise Edition.
  • Added POST api/v4/restart API endpoint to restart the system after an upgrade from Team Edition to Enterprise Edition.

Known Issues

  • A blank screen occurs when user edits a post and submits or cancels the edits while on Preview mode.
  • Twitter link previews do not work in Mattermost.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console. To fix this, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as Away or Offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Contributors

Release v5.26 - Feature Release

  • v5.26.2, released 2020-09-03
    • Forcefully disabled the SAML Setting “Use Improved SAML Library (Beta)”, as we have identified some issues in this feature. Please follow instructions at https://docs.mattermost.com/deployment/sso-saml-before-you-begin.html for enabling SAML using the feature-equivalent xmlsec1 utility.
  • v5.26.1, released 2020-08-25
    • Fixed an issue where users were unable to use the PictureAttribute setting with SAML authentication. MM-27852
    • Fixed an issue where users got unexpectedly logged out from the mobile app when ExtendSessionLengthWithActivity was enabled as opening the mobile app called an API that overrode session extension triggers of typing, channel change, and posts. MM-27184
    • Fixed an issue where users experienced a kernel panic during LDAP sync when AuthData value was null. MM-27965
  • v5.26.0, released 2020-08-16
    • Original 5.26.0 release

Compatibility

  • PostgreSQL ended long-term support for version 9.4 in February 2020. Mattermost is officially supporting PostgreSQL version 10 with v5.26 release as PostgreSQL 9.4 is no longer supported. New installs will require PostgreSQL 10+. Previous Mattermost versions, including our current ESR, will continue to be compatible with PostgreSQL 9.4. In our 6.0 release (date to be announced), we plan on fully deprecating PostgreSQL 9.4. Please follow the instructions under the Upgrading Section within the PostgreSQL documentation.

Breaking Changes

  • In v5.26, Elasticsearch indexes needed to be recreated. Admins should re-index Elasticsearch using the Purge index and then Index now button so that all the changes will be included in the index. Systems may be left with a limited search during the indexing, so it should be done during a time when there is little to no activity because it may take several hours.
  • An EnableExperimentalGossipEncryption option was added under ClusterSettings. If this is set to true, and UseExperimentalGossip is also true, all communication through the cluster using the gossip protocol will be encrypted. The encryption uses AES-256 by default, and it is not kept configurable by design. However, if one wishes, they can set the value in Systems table manually for the ClusterEncryptionKey row. A key is a byte array converted to base64. It should be either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256. To update the key, one can execute UPDATE Systems SET Value='<value>' WHERE Name='ClusterEncryptionKey'; in MySQL and UPDATE systems SET value='<value>' WHERE name='ClusterEncryptionKey' for PostgreSQL. For any change in this config setting to take effect, the whole cluster must be shutdown first. Then the config change made, and then restarted. In a cluster, all servers either will completely use encryption or not. There cannot be any partial usage.

IMPORTANT: If you upgrade from a release earlier than 5.25, please read the other Important Upgrade Notes.

Highlights

Archive & unarchive channels from the System Console (E20 Edition)

  • Channels can now be archived and unarchived with ease from the System Console.

Manage members and channels in System Console using search filters (E20 Edition)

  • Managing members & channels is now lot easier with new search filters.

Customize log configuration and output targets (E20 Edition)

  • Customize log level records beyond the standard levels of trace, debug, info, and panic, as well as configure different destinations based on discrete log levels.

Categorize and reorder channels with channel sidebar enhancements (Experimental)

  • Users now have the ability to create custom categories in the sidebar to group channels together for easier navigation, drag channels between or within categories to prioritize conversations most important to you, and much more.

Improvements

User Interface (UI)

  • Improved the styling of a deactivated user’s Direct Message channel footer.
  • All emoji aliases are now shown on the emoji picker.
  • Added support for allowing copying and pasting of emoji shortcodes.
  • Added Online, Away, Do Not Disturb, and Offline icons to the status menu for quicker recognition.
  • Increased visibility of user and channel autocomplete suggestions when editing a long post.
  • Added a flag icon to the post hover menu and updated pinned and flagged post styling in the channel.
  • Added support for PostgreSQL & PL/pgSQL syntax highlighting.
  • Expanded the width of server logs page in System Console UI to full screen width.

Localization

  • Promoted Russian and Dutch languages to “official”.

Command Line Interface (CLI)

  • Added new mmctl CLI commands, such as ldap idmigrate, user convert, channel move, and user deleteall.

Search

  • Added ability for Elasticsearch to search terms inside links.
  • Searching for a user with a leading “@” in the search term with Elasticsearch now returns results for those users.
  • Added ability to include filtering search/autocompletion by roles.
  • Added ability to search/autocomplete inactive users from Elasticsearch.
  • Added missing methods such as PermanenteDeleteByUser and PermanenteDeleteByChannel that update and/or delete entities in the searchlayer.
  • Implemented prefix/suffix search on Teams and Channel pages in System Console.

Integrations

  • Added slash command autocomplete functionality to enable commands to be executed on selection (mouse click, tab or enter).
  • Added plugin API endpoint to run a slash command.
  • Implemented http.Hijacker for plugins’ ServeHTTP to make it possible to upgrade the ServeHTTP hook to expose a websocket connection.

Command Line Interface (CLI)

  • Added the ability to remove non-members of the target team if channel move fails.

Administration

  • Added support for a System Admin warning system that displays warnings in the announcement bar and sends Direct Messages to admins if one or more metric fulfills a certain condition.
  • System Console > Plugins section now lists all the installed plugins regardless of the number of configurable settings associated with each plugin.
  • Servers now send a push notification to mobile clients when a user’s session expires.
  • Clearing the Site URL in the System Console is no longer allowed.
  • Changed the patch post API endpoint authorization logic to allow the edit_others_posts permission to function independently from edit_own_posts.
  • Included a response code in the “Received HTTP Request” log line.
  • Added support for a new environment variable MM_LICENSE which can contain the contents of a license file. When set, this license takes priority over all other license sources.
  • Added support for encryption for gossip protocol.
  • Move gossip protocol to use only gossip.

Bug Fixes

  • Fixed an issue where an empty outgoing webhook response generated a spurious ERROR.
  • Fixed an issue where quick switch user search was always falling back to the database.
  • Fixed an issue where a user’s status was displayed as online while the database status was displayed as offline.
  • Fixed an issue where Elasticsearch indexing job did not index users and/or channels older than the first post.
  • Fixed an issue where Global Relay SMTP connection timeout was not independent of the regular SMTP email settings timeout.
  • Fixed an issue with a poor performance when opening More Direct Messages modal.
  • Fixed an issue where bot username validation message was unclear as it did not mention which value was invalid.
  • Fixed an issue where Command+K input field lost focus when the window lost focus, causing search results to disappear.
  • Fixed an issue where a highlight was missing when users at-mentioned themselves, followed by period, underscore, or hyphen.
  • Fixed an issue where a 500 error was returned by the /posts/unread endpoint caused by an integer overflow when limit_after was set to 0.
  • Fixed an issue where the footer text in invitation emails was not translated.
  • Fixed an issue where PermanentDeleteTeam did not return an error but did a soft deletion if EnableAPITeamDeletion was not set.
  • Fixed an issue on PostgreSQL where logging in using MFA did not respect the uppercase of the email address.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added ExperimentalDataPrefetch, to enable messages in all unread channels to be pre-loaded from the server whenever the client reconnects to the network to eliminate loading time when users switch to unread channels.
  • Under ClusterSettings in config.json:
    • Added EnableExperimentalGossipEncryption, to enable all communication through the cluster using the gossip protocol to be encrypted.
  • Under LogSettings in config.json:
    • Added EnableSentry, to enable sentry reporting.
    • Added AdvancedLoggingConfig, to enable optional logging capability to allow sending log records to a number of destinations.
  • Under FileSettings in config.json:
    • Added AmazonS3PathPrefix, to allow using the same S3 bucket for multiple deployments.
  • Under EmailSettings in config.json:
    • Added PushNotificationBuffer, to remove hardcoded goroutine workers from push notifications to improve notifications arriving in order.
  • Under SupportSettings in config.json:
    • Added EnableAskCommunityLink, to enable showing a link in the Mattermost channel header under the Help menu. When clicked, users are redirected to https://mattermost.com/pl/default-ask-mattermost-community/, where they can join the Mattermost Community to ask questions and help others troubleshoot issues. This option is not available on the mobile apps.
  • Under GlobalRelayMessageExportSettings in config.json:
    • Added SMTPServerTimeout, to ensure Global Relay SMTP connection timeout is independent of regular email settings timeout.

Open Source Components

  • Added react-native-cookies and react-native-keyboard-aware-scroll-view, and removed @react-native-community/cookies in https://github.com/mattermost/mattermost-mobile.
  • Added dynamic-virtualized-list and prettier in https://github.com/mattermost/mattermost-webapp.
  • Added rudder-sdk-js in https://github.com/mattermost/mattermost-redux.

Database Changes

  • Added a new column Sessions.ExpiredNotify.

API Changes

  • Added POST api/v4/bots/:bot_id/convert_to_user API endpoint to add the ability to convert a bot into a user.
  • Added POST api/v4/users/:user_id/convert_to_bot API endpoint to add the ability to convert a user into a bot.
  • Added GET api/v4/users/:user_id/teams/:team_id/channels/categories API endpoint to get a list of sidebar categories that will appear in the user’s sidebar on the given team, including a list of channel IDs in each category.
  • Added POST api/v4/users/:user_id/teams/:team_id/channels/categories API endpoint to create a custom sidebar category for the user on the given team.
  • Added PUT api/v4/users/:user_id/teams/:team_id/channels/categories API endpoint to update any number of sidebar categories for the user on the given team.
  • Added GET api/v4/users/:user_id/teams/:team_id/channels/categories/order API endpoint to get the order of the sidebar categories for a user on the given team as an array of IDs.
  • Added PUT api/v4/users/:user_id/teams/:team_id/channels/categories/order API endpoint to update the order of the sidebar categories for a user on the given team.
  • Added GET api/v4/users/:user_id/teams/:team_id/channels/categories/:category_id API endpoint to get a single sidebar category for the user on the given team.
  • Added PUT api/v4/users/:user_id/teams/:team_id/channels/categories/:category_id API endpoint to update a single sidebar category for the user on the given team.
  • Added DELETE api/v4/users/:user_id/teams/:team_id/channels/categories/:category_id API endpoint to delete a single custom sidebar category for the user on the given team.
  • Added POST api/v4/ldap/migrateid API endpoint to migrate LDAP IdAttribute to a new value.
  • Added GET api/v4/warn_metrics/status API endpoint to get the status of a set of metrics (enabled or disabled) from the Systems table.
  • Added POST api/v4/warn_metrics/ack/:warn_metric_id API endpoint to acknowldge a warning for the warn_metric_id metric crossing a threshold (or some similar condition being fulfilled).
  • Added GET api/v4/groups/:group_id/stats API endpoint to retrieve the stats of a given group.
  • Added GET api/v4/teams/:team_id/channels/private API endpoint to get a list of private channels on a team based on query string parameters.
  • Added GET api/v4/users/stats/filtered API endpoint to get a count of users in the system matching the specified filters.
  • Added POST api/v4/users/:user_id/email/verify/member API endpoint to verify the email used by a user without a token.
  • Added POST api/v4/users/:user_id/typing API endpoint to notify users in the given channel via websocket that the given user is typing.
  • Added Get/Update/Delete user preferences to Plugin API.
  • Added channel ID check for Plugin API UploadFile to specify the ID of the channel a file will be uploaded to.

Websocket Event Changes

  • Added sidebar_category_created Websocket Event.
  • Added sidebar_category_updated Websocket Event.
  • Added sidebar_category_deleted Websocket Event.
  • Added sidebar_category_order_updated Websocket Event.
  • Added warn_metric_status_received Websocket Event.
  • Added warn_metric_status_removed Websocket Event.

Known Issues

  • Twitter link previews do not work in Mattermost.
  • Pasted unicode emojis fail to appear once posted.
  • CMD+SHIFT+V does not paste copied text on MacOS on Safari 12 (Catalina) and Firefox.
  • Enabling Bleve search engine makes the Command Line Interface (CLI) mutually exclusive with the running server. This issue does not apply when using mmctl Command Line Tool.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Contributors

Release v5.25 - ESR

  • v5.25.6, released 2020-11-10
    • Fixed an issue where the Compliance Exports were taking too long on large deployments. This was fixed with a performance optimization of the message export query.
    • Bumped up Go patch version to 1.14.6 to fix an issue where a potential livelock was detected in the app server under heavy load. MM-26584
  • v5.25.5, released 2020-09-03
    • Forcefully disabled the SAML Setting “Use Improved SAML Library (Beta)”, as we have identified some issues in this feature. Please follow instructions at https://docs.mattermost.com/deployment/sso-saml-before-you-begin.html for enabling SAML using the feature-equivalent xmlsec1 utility.
  • v5.25.4, released 2020-08-25
    • Fixed an issue where users were unable to use the PictureAttribute setting with SAML authentication. MM-27852
    • Fixed an issue where users got unexpectedly logged out from the mobile app when ExtendSessionLengthWithActivity was enabled as opening the mobile app called an API that overrode session extension triggers of typing, channel change, and posts. MM-27184
    • Fixed an issue where users experienced a kernel panic during LDAP sync when AuthData value was null. MM-27965
    • Fixed an issue where users experienced the Mattermost server crashing on (Status).ToClusterJson calls. MM-24544
  • v5.25.3, released 2020-08-12
    • Fixed an issue where the permission to create user access tokens on environments with OpenID Connect login providers such as GitLab was denied for System Admins. MM-27623
    • Fixed an issue where deactivated users were included in compliance exports. MM-27194
    • Fixed an issue where guest user invites did not work in a SAML environment. MM-27519
    • Fixed an issue where the bulk export didn’t finish if a custom data directory was set. MM-27550
    • Fixed an issue with a performance degradation after upgrading to 5.25.0. MM-27575
    • Fixed an issue where attempting to pin a post failed if a user did not have the channel_mention permission on a channel. MM-26346
  • v5.25.2, released 2020-07-31
    • Fixed an issue where pages in the System Console didn’t scroll up or down in some browser versions. MM-27168
  • v5.25.1, released 2020-07-23
    • Smoothed the database query load while syncing teams and channel roles by fetching data in batches. MM-27114
    • Fixed a bug in pagination which queried more data redundantly. MM-27187
    • Throttled network traffic by implementing bounded concurrency.
  • v5.25.0, released 2020-07-16
    • Original 5.25.0 release

Mattermost v5.25.0 contains a low level security fix. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Breaking Changes

  • Some incorrect instructions regarding SAML setup with Active Directory ADFS for setting the “Relying party trust identifier” were corrected. Although the settings will continue to work, it is encouraged to modify those settings.

IMPORTANT: If you upgrade from a release earlier than 5.24, please read the other Important Upgrade Notes.

Improvements

  • Added the ability for admins to request a 30-day E20 trial license directly in the System Console.
  • AD/LDAP Group Sync (E20) feature was moved out of Beta to General Availability.

Bug Fixes

  • Fixed an issue where the ability to run a command to export data was erroneously available in Team Edition.
  • Fixed an issue where a user lost access to the current channel and other channels in a team when Team Override Scheme was deleted.
  • Fixed an issue where ADFS for SAML and AD/LDAP using ObjectGUID did not sync correctly.
  • Fixed an issue where LDAP Sync job failed when one of the teams had email restrictions.
  • Fixed an issue where an incorrect session length for SSO login was initiated from the mobile app.
  • Fixed an issue on web mobile narrow view where clicking a hashtag in a channel header did not open the hashtag search.
  • Fixed an issue where license ID was not populated correctly in the license renewal banner.
  • Fixed an issue where an archived team could be fully accessed with the archived team’s URL.
  • Fixed an issue where leaving an archived channel did not return user to the last viewed channel.
  • Fixed an issue where bulk import rejected team names prefixed with reserved keywords, even with additional text appended.
  • Fixed an issue where System Admin could no longer manage custom emoji after running bin/mattermost permissions reset.
  • Fixed an issue where a user’s role in Team Members dialog did not update when a user was searching for the user.
  • Fixed an issue where Bleve was not correctly setting the query size, missing search results.
  • Fixed an issue where the timezone count was not displayed correctly when a user set a new timezone and then changed it to set automatically.
  • Fixed an issue where existing users were not shown in the Invite Members flow.
  • Fixed an issue where the System Console > User Management > Users page was too tall and the Revoke All Sessions button was cut off when a license banner was present.
  • Fixed an issue where the Email verified banner was red instead of green.
  • Fixed an issue where Copy Theme Colors button in Account Settings > Display > Theme was not themed correctly.
  • Fixed an issue where archived channel icons were too dark in the Channel Info modal with the Dark Theme.
  • Fixed an issue where the Save button was not visible in browser for Safari on iPad device.
  • Fixed an issue where the thumbnail of a user was not displayed correctly when searching for a Direct Message channel.
  • Fixed an issue where text flowed outside the “Invite Members” button in “Invite People” page for some languages.
  • Fixed an issue where the Next button in Main Menu > Manage Members was not visible to be able to see the last few members of the team.
  • Fixed an issue where a different behavior was seen when pasting a table into message compose and to message edit box.
  • Fixed an issue where one-byte unicode emoji did not support skin tones.
  • Fixed an issue where no error was reported in server logs if a plugin icon was invalid.
  • Fixed an issue where providing AutocompleteData did not log a proper error in the System Console.
  • Fixed an issue where signup password minimum length error messages were inconsistent.
  • Fixed an issue where the right-hand side overlapped the GitHub Plugin tooltip.
  • Fixed an issue where the plugin right-hand side did not show tooltips when a user hovered over the Close or Expand/Shrink icons.
  • Fixed an issue where query string parameters were omitted from interactive dialog request urls.
  • Fixed an issue where store.GetPostsSince() did not sanitise deleted posts.
  • Fixed an issue with a panic caused by nil pointer dereference in importTeam.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under SamlSettings in config.json:
    • Added ServiceProviderIdentifier, as the unique identifier for the Service Provider, usually the same as Service Provider Login Url. In ADFS, this must match the Relying Party Identifier.

Known Issues

  • Twitter link previews do not work in Mattermost.
  • Highlight is missing when at-mentioning yourself, followed by period, underscore, or hyphen.
  • Ctrl+Enter doesn’t post an edited message with “Send messages on Ctrl+Enter” enabled for all messages.
  • Enabling Bleve search engine makes the Command Line Interface (CLI) mutually exclusive with the running server. This issue does not apply when using mmctl Command Line Tool.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Contributors

Release v5.24 - Feature Release

  • v5.24.3, released 2020-07-23
    • Smoothed the database query load while syncing teams and channel roles by fetching data in batches. MM-27114
    • Fixed a bug in pagination which queried more data redundantly. MM-27187
    • Throttled network traffic by implementing bounded concurrency.
  • v5.24.2, released 2020-06-26
    • Fixed an issue where changing primary keys during migration did not work with Postgres versions lower than 9.3. MM-26514
  • v5.24.1, released 2020-06-19
    • Fixed an issue with a semantic versioning violation of the plugin API that broke plugins using the GetGroupByName method. MM-26231
    • Fixed an issue with the Plugin Tooltip implementation that caused links to be truncated when rendered. This issue occured if you are using the recent GitHub plugin v1.0.0 release. All links were affected, regardless if they were related to GitHub. MM-25808
  • v5.24.0, released 2020-06-16
    • Original 5.24.0 release

Mattermost v5.24.0 contains low level security fixes. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Breaking Changes

  • A new configuration setting, ExtendSessionLengthWithActivity automatically extends sessions to keep users logged in if they are active in their Mattermost apps. It is recommended to enable this setting to improve user experience if compliant with your organizations policies. Learn more here.
  • The mattermost_http_request_duration_seconds histogram metric (in Enterprise Edition) has been removed. This information was already captured by mattermost_api_time, which also contains the api handler name, HTTP method, and the response code. As an example, if you are using rate(mattermost_http_request_duration_seconds_sum{server=~"$var"}[5m]) /   rate(mattermost_http_request_duration_seconds_count{server=~"$var"}[5m]) to measure average call duration, it needs to be replaced with sum(rate(mattermost_api_time_sum{server=~"$var"}[5m])) by (instance) /   sum(rate(mattermost_api_time_count{server=~"$var"}[5m])) by (instance).
  • Due to fixing performance issues related to emoji reactions, the performance of the upgrade has been affected in that the schema upgrade now takes more time in environments with lots of reactions in their database. These environments are recommended to perform the schema migration during low usage times and potentially in advance of the upgrade. Since this migration happens before the Mattermost Server is fully launched, non-High Availability installs will be unreachable during this time. Please see the Important Upgrade Notes for full details.
  • On mobile apps, users will not be able to see LDAP group mentions (E20 feature) in the autocomplete dropdown. Users will still receive notifications if they are part of an LDAP group. However, the group mention keyword will not be highlighted.

IMPORTANT: If you upgrade from a release earlier than 5.23, please read the other Important Upgrade Notes.

Highlights

Notify AD/LDAP Groups with a single @mention (Beta) (E20)

  • Ability to enable mentions for LDAP-synced groups so users can notify the entire group at the same time.

Manage users from the System Console (E20)

  • Ability to view and manage members via each team or channel configuration page.

Sync profile images from AD/LDAP (E10, E20)

  • Ability to ensure compliance with corporate policies by automatically syncing profile images from AD/LDAP.

Automatically extending user sessions

  • Ability to enable a feature that automatically extends session lengths when users are active on Mattermost apps.

Access CLI remotely

  • Ability to manage Mattermost without having direct access to the server with a new Local Mode for mmctl.

Improved search filters

  • Ability to use the mouse or keyboard to select search filters instead of typing them manually.

Slash command autocomplete framework (Beta)

  • Ability to make slash commands easier to use and increase discoverability with a new slash command autocomplete framework for plugins.

Full-text search and indexing (Experimental)

  • Ability to use Bleve to execute search functionality instead of the database.

Improvements

Enterprise Edition (EE)

  • Grace period after Enterprise Edition subscription expires was reduced from 15 days to 10 days. Moreover, Enterprise features are now disabled immediately after the grace period is over, instead of only after a server restart. Please see https://mattermost.com/pricing/#faq for more details.

User Interface (UI)

  • Added a count for pinned posts header icon.
  • Added the ability to view user profile pop-over when clicking the profile picture or username from the View Members and Manage Members modals.
  • Improved keyboard usability in the emoji picker search bar.
  • Improved profile popover for posts with overwritten username or icon.
  • Added support for code highlighting of TypeScript files.

Notifications

  • Mention notification settings for “Case sensitive first name” and “Non-case sensitive username” are now disabled by default.

Search

  • Added support for searching by position in user lists such as the Add Members menu.

Integrations

  • Added support for different interactive message button styles.

Administration

  • Added the ability to bulk create, update, and delete team members and channel members in the store, as well as bulk import users belonging to different teams and channels.
  • Added auditing support to all Comman Line Interface (CLI) API’s.
  • Replaced “Back to Mattermost” button with a helpful error message in the OAuth 2.0 authentication window when an incorrect Client ID is typed during authentication.
  • Centralized ID validation to a single function.

Bug Fixes

  • Fixed an issue where database read and search replicas were available in Team Edition, leading to unsupported server configuration.
  • Fixed an issue where Session Idle Timeout setting also unexpectedly affected the mobile app session expiry.
  • Fixed an issue where an unread channel disappeared from a list of unread channels immediately.
  • Fixed an issue where a user’s role was not reflected correctly in the Team Members modal when the user’s role was updated after the modal was opened.
  • Fixed an issue where the autocomplete list of channels remained populated after a user cleared the search on Add user to a channel modal.
  • Fixed an issue where Integrations menu was available for member and team admin roles only if with oAuth2 permission.
  • Fixed an issue where empty strings for auth_data created invalid users for LDAP sync during bulk import.
  • Fixed an issue where bulk import did not report errors when importing posts failed.
  • Fixed an issue where Compliance Export reported “success” when failing to export a missing file.
  • Fixed an issue where the user interface got stuck when leaving an archived channel.
  • Fixed an issue where Unicode characters appeared in users’ display names.
  • Fixed an issue where a failed plugin installation from the plugin marketplace retried automatically.
  • Fixed an issue where markdown images hosted by plugins did not appear if local image proxy was enabled.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added ExtendSessionLengthWithActivity to enable sessions to be automatically extended when the user is active in their Mattermost client.
    • Added EnableLocalMode to enable local mode for mmctl.
    • Added LocalModeSocketLocation to set the path for the socket that the server will create for mmctl to connect and communicate through local mode.
    • Changed EnableLinkPreviews to default true for new installs.
    • Changed SessionLengthWebInDays to default to 30 days for new installs.
  • Under SqlSettings in config.json:
    • Added DisableDatabaseSearch to disable the use of the database to perform searches.
  • Under LdapSettings in config.json:
    • Added PictureAttribute to configure the attribute in the AD/LDAP server used to synchronize (and lock) the profile picture used in Mattermost.
  • Under BleveSettings in config.json:
    • Added IndexDir to set the directory path to use for storing bleve indexes.
    • Added EnableIndexing to enable the indexing of new posts to occur automatically.
    • Added EnableSearching to enable search queries to use bleve search.
    • Added EnableAutocomplete to enable autocomplete queries to use bleve search.
    • Added BulkIndexingTimeWindowSeconds to determine the maximum time window for a batch of posts being indexed by the Bulk Indexer.
  • Under EmailSettings in config.json:
    • Changed PushNotificationContents to default full for new installs.

Open Source Components

  • Added @types/react-custom-scrollbars in https://github.com/mattermost/mattermost-webapp
  • Added p-queue in https://github.com/mattermost/mattermost-webapp
  • Added @react-native-community/cookies in https://github.com/mattermost/mattermost-mobile
  • Added @react-native-community/masked-view in https://github.com/mattermost/mattermost-mobile
  • Added analytics-react-native in https://github.com/mattermost/mattermost-mobile
  • Added react-native-elements in https://github.com/mattermost/mattermost-mobile
  • Added react-native-file-viewer in https://github.com/mattermost/mattermost-mobile
  • Added react-native-localize in https://github.com/mattermost/mattermost-mobile
  • Added react-native-reanimated in https://github.com/mattermost/mattermost-mobile
  • Added react-native-safe-area-context in https://github.com/mattermost/mattermost-mobile
  • Added react-native-screens in https://github.com/mattermost/mattermost-mobile

Database Changes

  • Added a new column UserGroups.AllowReference.
  • Changed the primary key on the Reactions table.

API Changes

  • Added a new route POST /api/v4/group/bleve/purge_indexes to delete all Bleve indexes and their contents.
  • Added a new route GET /api/v4/channels/:channel_id/member_counts_by_group to get the channel members counts for each AD/LDAP group that has at least one member in the channel.
  • Added a new route GET /api/v4/teams/:team_id/commands/autocomplete_suggestions to get a list of autocomplete suggestions.
  • Added a new route GET api/v4/users/:user_id/groups to get all AD/LDAP groups for a user.
  • Added a new route GET api/v4/teams/:team_id/groups_by_channels to get a set of AD/LDAP groups associated with the channels in the given team grouped by channel.
  • Added several new APIs for use by mmctl local mode, such as the ability to modify and restore teams with mmctl.

Websocket Event Changes

  • Added a new received_group Websocket Event.
  • Added a new received_group_associated_to_team Websocket Event.
  • Added a new received_group_not_associated_to_team Websocket Event.
  • Added a new received_group_associated_to_channel Websocket Event.
  • Added a new received_group_not_associated_to_channel Websocket Event.

Known Issues

  • Profile image of a user is not displayed correctly when searching for Direct Message channels.
  • “Email verified” banner is red instead of green.
  • Command+K search results disappear when the input field loses focus when Mattermost window is made unfocused.
  • Enabling Bleve search engine makes the Command Line Interface (CLI) mutually exclusive with the running server. This issue does not apply when using mmctl Command Line Tool.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Contributors

Release v5.23 - Quality Release

  • v5.23.2, released 2020-07-23
    • Smoothed the database query load while syncing teams and channel roles by fetching data in batches. MM-27114
    • Fixed a bug in pagination which queried more data redundantly. MM-27187
    • Throttled network traffic by implementing bounded concurrency.
  • v5.23.1, released 2020-06-02
    • Fixed an issue where Content-Type was no longer optional in incoming webhook requests and led to errors. MM-25677
  • v5.23.0, released 2020-05-16
    • Original 5.23.0 release

Mattermost v5.23.0 contains a low level security fix. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Compatibility

PostgreSQL ended long-term support for version 9.4 in February 2020. Mattermost will officially be supporting PostgreSQL version 10 with the Mattermost v5.26 release as PostgreSQL 9.4 is no longer supported. New installs will require PostgreSQL version 10. Previous Mattermost versions, including our current ESR, will continue to be compatible with PostgreSQL version 9.4. In our 6.0 release (date to be announced), we plan on fully deprecating PostgreSQL 9.4.

We highly recommend upgrading to PostgreSQL version 10+. Please follow the instructions under the Upgrading Section within the PostgreSQL documentation.

Bug Fixes

  • Fixed an issue where using slash command /leave failed to leave the channel.
  • Fixed an issue where clicking on a channel link from a Direct Message channel that linked to a different team resulted in a “Page not Found” error.
  • Fixed an issue where reloading a channel caused the channel to be shown as read-only for a few seconds.
  • Fixed an issue where the Channel Export plugin bot channel did not appear on the left-hand side channel sidebar until the user switched to a different channel.
  • Fixed an issue where no channel suggestions were displayed for in: search modifier for Guest Accounts.
  • Fixed an issue where Guest tags were not shown in Group Message channel header.
  • Fixed an issue where guest permissions could not be set in Team Override Schemes.
  • Fixed an issue where a “this user didn’t get notified” system message was missing if an at-mention was followed by a period and the user was not in the channel.
  • Fixed an issue where batched emails were still sent even if there was activity from the user.
  • Fixed an issue where /me messages weren’t formatted in the right-hand side.
  • Fixed an issue where mentions in header-changed system messages weren’t highlighted.
  • Fixed an issue where a thread title was missing when initial message in a thread showed as “message deleted”.
  • Fixed an issue where there was no hover effect when mousing over options in Search.
  • Fixed an issue on Firefox where using Alt+arrow stopped working on read-only channels.
  • Fixed an issue where muted channels on another team appeared as unread in team sidebar and browser tab.
  • Fixed an issue where the URL field on Rename Channel modal allowed more than two underscores.
  • Fixed an issue where pasting text from a GitHub code block erased post textbox contents.
  • Fixed an issue where keyboard shortcuts to move between teams conflicted with a native Linux OS shortcut for switching virtual desktops.
  • Fixed an issue where incoming webhooks that contained certain sized attachments resulted in an infinite loop, causing a memory leak.
  • Fixed an issue with errors appearing in logs when sending a direct message to your own account.
  • Fixed an issue with a “Failed to get membership” log spam for bot posts.

Open Source Components

  • Added react-native-mmkv-storage in https://github.com/mattermost/mattermost-mobile.
  • Added redux-action-buffer in https://github.com/mattermost/mattermost-mobile.
  • Added redux-reset in https://github.com/mattermost/mattermost-mobile.
  • Added serialize-error in https://github.com/mattermost/mattermost-mobile.

API Changes

  • Added a new API endpoint GET /api/v4/users/known to get the list of user IDs of users with any direct relationship with a user. That means any user sharing any channel, including direct and group channels.
  • GET /api/v4/teams/:team_id/channels no longer requires the list_team_channels permission.

Websocket Event Changes

  • Added a new update_team_scheme Websocket Event.

Known Issues

  • Copy Theme Colors button on custom theme Display Settings modal is not themed correctly on Mattermost dark theme.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Contributors

Release v5.22 - Feature Release

  • v5.22.3, released 2020-05-11
  • v5.22.2, released 2020-05-05
  • v5.22.1, released 2020-04-23
    • Fixed an issue where Amazon S3 file storage with IAM credentials failed due to a bug in the minio-go library. MM-24388
  • v5.22.0, released 2020-04-16
    • Original 5.22.0 release

Release day: 2020-04-16

Mattermost v5.22.0 contains a low level security fix. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Compatibility

  • v5.9.0 as our Extended Support Release (ESR) is coming to the end of its lifecycle and upgrading to 5.19.0 ESR or a later version is highly recommended. v5.19.0 will continue to be our current ESR until October 15, 2020. Learn more in our forum post.

Breaking Changes

  • Due to fixing performance issues related to emoji reactions, the performance of the upgrade has been affected in that the schema upgrade now takes more time in environments with lots of reactions in their database. These environments are recommended to perform the schema migration during low usage times and potentially in advance of the upgrade. Since this migration happens before the Mattermost Server is fully launched, non-High Availability installs will be unreachable during this time.
  • The Channel Moderation Settings feature is supported on mobile app versions v1.30 and later. In earlier versions of the mobile app, users who attempt to post or react to posts without proper permissions will see an error.
  • Direct access to the Props field in the model.Post structure has been deprecated. The available GetProps() and SetProps() methods should now be used. Also, direct copy of the model.Post structure must be avoided in favor of the provided Clone() method.

IMPORTANT: If you upgrade from a release earlier than 5.21, please read the other Important Upgrade Notes.

Highlights

Read-only channels and channel moderation settings (E20) (Beta)

  • System admins can use new channel-specific permissions to create read-only channels, restrict who can post in certain channels, and more. This feature is in beta and ships with Enterprise Edition E20.

Team switch shortcuts

  • Added new keyboard shortcuts that allow users to switch to the next or previous team using Ctrl/⌘ + Alt + Up/Down and switch to a specific team using Ctrl/⌘ + Alt + #.
  • Also added the ability to reorder teams on the sidebar via drag-and-drop.

Unarchive Channel option in the archived channels menu

  • Added the ability for users to restore archived channels via the Mattermost interface.

Channel sidebar reorganization features (Experimental)

  • Added improvements to the channel sidebar, including the ability to collapse categories in the sidebar (e.g., favorites, public channels, private channels, and direct messages) to reduce unnecessary scrolling.

Improvements

User Interface (UI)

  • Added several UI improvements, such as added a “Close Group Message” option to Group Message menu.
  • Added a keyboard shortcut to open/close the right-hand sidebar.
  • Added a keyboard shortcut to add reactions to last message in a channel or a thread.
  • Added infinite scroll to Select Teams screen.
  • Updated the message permalink view.

Localization

  • Promoted Dutch and Russian languages to Beta.

Notifications

  • Added support for notification sounds in Firefox.

Plugins

  • Allow searching for files through the plugin API.
  • Allowed prepackaged and local plugins to set ReleaseNotesURL.

Integrations

  • In interactive dialogs, the autocomplete lists now render below the input field by default.
  • Extended the payload of slash commands to include a map of the users and channels mentioned in the message to their corresponding identifiers.
  • Added support for recognizing multi-line slash commands without requiring trailing space after the trigger word.

Bulk Import

  • Added support for exporting and importing the props of a post.

Bug Fixes

  • Fixed an issue where a user’s role was not reflected correctly in the Channel Members Modal when it was updated after the modal was opened.
  • Fixed an issue where verification emails were still sent on servers with SMTP configured whenEnable Email Notifications and Require Email Verification were disabled in the System Console.
  • Fixed an issue where a user account was still created when inviting a new user to a team with an email address that didn’t match the team’s allowed domain.
  • Fixed an issue where System Admins could not access the Teams menu of the System Console.
  • Fixed an issue where an incorrect time was displayed at midnight when 24-hour clock display was enabled.
  • Fixed an issue where a channel appeared twice on the channel sidebar if the channels were created with a certain arrangement of characters.
  • Fixed an issue where pasting a custom theme caused a white screen.
  • Fixed an issue where a modified Edit Post dialog silently closed on a mouse click outside it.
  • Fixed an issue where users were unable to drag and drop files on Edge.
  • Fixed an issue where the autoresponder responded to every bot post.
  • Fixed an issue where Mattermost was unable to start if a configured mail server was listening but not responding.
  • Fixed an issue where LDAP sync did not finish if read database replica was enabled.
  • Fixed a SIGSEGV crash issue when exporting to CSV.
  • Fixed an issue where Elasticsearch error was output when running unrelated commands.
  • Fixed an issue where importing from slack crashed due to invalid memory access or nil pointer dereference.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added EnableOpenTracing, to enable a Jaeger client to be instantiated and used to trace each HTTP request as it goes through App and Store layers.
    • Added IdleTimeout, to set an explicit idle timeout in the HTTP server.
    • Added ExperimentalChannelSidebarOrganization, to enable accessing the experimental channel sidebar feature set.
  • Under NotificationLogSettings in config.json:
    • Added SMTPServerTimeout, to enable the maximum amount of time (in seconds) allowed for establishing a TCP connection between Mattermost and the SMTP server, to be idle before being terminated.
  • Added DirectoryId object, to enable the ID of the application’s AAD directory.
  • Added ExperimentalAuditSettings object, to enable the audit settings to output audit records to syslog (local or remote server via TLS) and/or to a local file.

Open Source Components

  • Added core-js in https://github.com/mattermost/mattermost-redux.
  • Added @types/redux-mock-store in https://github.com/mattermost/mattermost-webapp.
  • Added react-beautiful-dnd in https://github.com/mattermost/mattermost-webapp.
  • Added react-native-hw-keyboard-event in https://github.com/mattermost/mattermost-mobile.
  • Added react-native-v8 in https://github.com/mattermost/mattermost-mobile.
  • Removed jsc-android from https://github.com/mattermost/mattermost-mobile.

Database Changes

  • Various indexes were added.

API Changes

  • Added GET api/v4/channels/:channels/moderations and PUT api/v4/channels/:channels/moderations/patch to support channel moderation settings.
  • Added a PUT api/v4/commands/move endpoint to move a command to another team.
  • Added a GET api/v4/commands endpoint to retrieve a command by id.

Websocket Event Changes

  • Added channel_scheme_updated Websocket Event.

Known Issues

  • Batched emails are still sent even if any activity from the user is detected.
  • Keyboard shortcut to move between teams conflicts with Linux native OS shortcut.
  • Webapp crashes if the Direct Message modal is open when a guest is removed from a channel.
  • Slash command /leave fails to leave channel on webapp and crashes the Android app.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Contributors

Release v5.21 - Quality Release

Release day: 2020-03-16

Mattermost v5.21.0 contains low level security fixes. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Compatibility

  • Honour key value expiry in KVCompareAndSet, KVCompareAndDelete and KVList. We also improved handling of plugin key value race conditions and deleted keys in Postgres.

Bug Fixes

  • Fixed an issue where switching to an unread channel sometimes got stuck at “Loading…” on certain screen resolutions.
  • Fixed an issue where bots could not be added to group-synced channels or teams.
  • Fixed an issue where a user’s authentication method in the System Console was shown as email if it was actually LDAP.
  • Fixed an issue where lines in over 65536 characters caused bulk import to fail.
  • Fixed an issue where code block line numbers were copied when pasting into certain applications.
  • Fixed an issue where the right-hand side reply thread scrolled down after receiving a new message.
  • Fixed an issue where the post menu opened up in the right-hand side made the menu options float off page if the parent post was short with no replies.
  • Fixed an issue where enabling and disabling the demo plugin generated a “connection is shutdown” error.
  • Fixed an issue where deactivated users with whom a user had never interacted in a private message before appeared in the New Direct Message menu.
  • Fixed an issue where clicking on an image in external image preview opened the image within the desktop app.
  • Fixed an issue where users were unable to open email links using View in Browsers option in incognito mode.
  • Fixed an issue where Invite Guests > Emails containing upper case letters were rejected.
  • Fixed an issue where a new user got a “No more channels to join” message while scrolling through the channel list.
  • Fixed an issue where clicking on “Terms of Service” and “Privacy Policy” on account creation on the desktop app didn’t do anything.
  • Fixed an issue where gendered emojis were rendered with the wrong gender.
  • Fixed an issue where large video file uploads failed on the right-hand side without an appropriate error.

Known Issues

  • Verification emails are still sent on servers with SMTP configured whenEnable Email Notifications and Require Email Verification are disabled in the System Console.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Release v5.20 - Feature Release

  • v5.20.2, released 2020-03-12
    • Fixed an issue where Mattermost server crashed when running a compliance export. MM-23157
    • Fixed an issue where switching to an unread channel got stuck at “Loading…” in certain screen resolutions. MM-22698
  • v5.20.1, released 2020-02-16
    • Fixed an issue where upgrading to v5.20 failed on servers running with PluginSettings.Enable = false, and LogSettings.EnableDiagnostics = true.
  • v5.20.0, released 2020-02-16
    • Original 5.20.0 release

Mattermost v5.20.0 contains a low level security fix. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Compatibility

Breaking Changes

  • Any pre-packaged plugin that is not enabled in the config.json will no longer install automatically, but can continue to be installed via the plugin marketplace.
  • Boolean elements from interactive dialogs are no longer serialized as strings. While we try to avoid breaking changes, this change was necessary to allow both the web and mobile apps to work with the boolean elements introduced with v5.16.

IMPORTANT: If you upgrade from a release earlier than 5.19, please read the other Important Upgrade Notes.

Highlights

A Banner to Jump to the Most Recent Posts

  • Ability to jump to the most recent posts in a channel by clicking a banner that automatically appears in busy channels with unread messages.

Open Email Notifications in the Desktop or Mobile App

  • Ability to open messages from email notifications in the Mattermost desktop or mobile apps instead of being directed to open them in the browser.

Ship MMCTL with Mattermost

  • Manage servers remotely with mmctl, a CLI tool that mimics the Mattermost CLI tool and ships inside Mattermost.

Reworked pre-packaged plugins

  • Pre-packaged plugins are now “pre-downloaded” plugins that are available within the Plugin Marketplace, even if your server doesn’t have direct access to the internet.

Plugin Marketplace Labels

  • Plugins supported by Mattermost and community supported plugins will be visible, making it easier to select an appropriate plugin based on your organization’s security policies.

Role mapping from LDAP and SAML (E20)

  • Ability to assign and restrict users to roles within Mattermost from your single sign-on (SSO) system.

Faster SAML install and configuration (E20)

  • Ability to use SAML without installing a separate binary and pull configuration metadata directly from the Identity Provider using an account-specific URL.

Improvements

User Interface (UI)

  • Added support for mute option in Direct Message channel menus.
  • Added a red dot to browser favicon when there are unread mentions.
  • Added support for displaying a left-hand side bot icon in the webapp.
  • User’s own username with a suffix ‘you’ is now shown in the username autocomplete.
  • Allowed user autocomplete to match on terms with spaces.
  • Improved autocomplete highlighting when using mouse and keyboard together.
  • Added support for showing single image thumbnails in compact view.
  • Contents of View Members and Manage Members modals now refresh when a user’s role has changed.
  • Filtering search by channel now also shows the channel name and not only its ID.
  • Users now cannot type account input fields longer than the maximum length for first name, last name and email fields.

Plugins

  • Added a way to show that a plugin requires a certain Mattermost configuration setting.
  • Added support for plugins to add menu items to the Channel Menu.

Command Line Interface (CLI)

  • Added a CLI command webhook move for moving outgoing webhooks.

Bulk Import

  • When bulk import finds an already existing post, it now deletes existing files before importing new ones.
  • Bulk export now includes direct messages from a user to themselves.

Administration

  • Added support for Elasticsearch 7.
  • Added ability to inform System Admins when a user who managed bot accounts is deactivated, and enable them to take ownership of the bot.
  • Added LDAP/Elasticsearch/SQL Trace to server logs to make it easier for admins to diagnose problems.
  • Added plugins to the list of words that a team URL cannot start with.
  • Removed 26 character requirement from post action IDs.

Bug Fixes

  • Fixed an issue where guest account creation erroneously considered the global list of whitelisted domains.
  • Fixed an issue where inviting multiple users with valid and invalid emails caused the invites for the valid users not to be sent.
  • Fixed an issue where option to invite users by email was displayed even if email invitations were disabled.
  • Fixed an issue where the channel drop-down Leave Channel failed to leave the channel on a server with a subpath.
  • Fixed an issue where messages with 2-byte characters didn’t get posted.
  • Fixed an issue where links for recent mentions and flagged posts were doubled in smaller window widths.
  • Fixed an issue where opening the right-hand sidebar placed focus in the Search box instead of the Text box.
  • Fixed an issue where Customization > Site Name help text didn’t match text field behavior.
  • Fixed an issue where the option to mark posts as unread was unexpectedly available when viewing archived channels.
  • Fixed an issue where emoji reactions shifted down a few pixels after clicking.
  • Fixed an issue where pasting code from GitHub resulted in broken markup and loss of text.
  • Fixed an issue where importing theme colours from Slack gave an error.
  • Fixed an issue where navigating to a plugin configuration page in the System Console for a deleted plugin returned a Not Found error.
  • Fixed an issue where scroll bar was missing on the welcome tutorial screen in web mobile view.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under SamlSettings in config.json:
    • Added IdpMetadataUrl, to add the URL where Mattermost sends a request to obtain setup metadata from the provider.
    • Added EnableAdminAttribute and AdminAttribute, to add the attribute in the SAML Assertion for designating System Admins.
  • Under LdapSettings in config.json:
    • Added EnableAdminFilter and AdminFilter, to enter a filter to use for designating the System Admin role to users.
  • Under PluginSettings in config.json:
    • Added EnableRemoteMarketplace, to have the server attempt to connect to the configured Plugin Marketplace to show the latest plugins.
    • Added AutomaticPrepackagedPlugins, so that any pre-packaged plugins enabled in the configuration will be installed or upgraded automatically.

Open Source Components

  • Added @formatjs/intl-pluralrules in https://github.com/mattermost/mattermost-webapp.
  • Added @formatjs/intl-relativetimeformat in https://github.com/mattermost/mattermost-webapp.
  • Added custom-protocol-detection in https://github.com/mattermost/mattermost-webapp.
  • Added react-inlinesvg in https://github.com/mattermost/mattermost-webapp.

Database Changes

  • Added Bots.LastIconUpdate column.
  • Added GroupTeams.SchemeAdmin column.
  • Added GroupChannels.SchemeAdmin column.

API Changes

  • Added PUT /config/patch REST API endpoint that uses patch semantics to only update the fields of the config that are provided, while leaving the other fields unchanged.
  • Added POST /server_busy, GET /server_busy and DELETE /server_busy REST API endpoints to add the ability to turn off non-critical services when under load.

Websocket Event Changes

  • Added channel_restored Websocket Event.

Known Issues

  • Code block line numbers are copied when pasting into certain applications.
  • Deactivated users with whom you never interacted in a private message before appear in New Direct Message menu.
  • Verification emails are still sent on servers with SMTP configured whenEnable Email Notifications and Require Email Verification are disabled in the System Console.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Contributors

abdusabri, aeomin, agarciamontoro, AGMETEOR, agnivade, ali-farooq0, allenlai18, amyblais, andylibrian, anidok, AninditaBasu, anon6789, asaadmahmood, ashishbhate, atulya-pandey, avasconcelos114, bbodenmiller, bolariin, bpietraga, bradjcoughlin, c-yan, calebroseland, catalintomai, CEOehis, chikei, ChrisDobby, chuttam, cjohannsen81, comharris, cpanato, crspeller, ctmusicnz, davidjwilkins, DE-mbecker, deanwhillier, der-test, devinbinnie, dlclark, dra, DSchalla, emilioicai, enahum, enelson720, enolal826, esdrasbeleza, ethervoid, faase, flexo3001, fm2munsh, gabrieljackson, gigawhitlocks, gopheros, grubbins, gruceqq, gsagula, gupsho, hahmadia, hanzei, hector2, hectorskypl, hmhealey, hunterlester, ikeohachidi, imisshtml, iomodo, isacikgoz, itao, jasonblais, jasonlanderson, jaydeland, jespino, jfrerich, jomaxro, josephbaylon, JtheBAB, jupenur, justinegeffen, JustinReynolds-MM, jwilander, kaakaa, karlmarxlopez, Kaya_Zeren, khos2ow, kosgrz, larkox, lawikip, Lena, levb, lfbrock, lieut-data, lindalumitchell, lindy65, lukewest, lurcio, M-ZubairAhmed, marianunez, meilon, metanerd, mgdelacroix, michaelschiffmm, mickmister, migbot, mitchellroe, mjthomp95, mkraft, mlongo4290, nadalfederer, natalie-hub, niklabh, NiroshaV, nmlc, opllama2, phillipahereza, Pomyk, popstr, RajatVaryani, rajudev, rascasoft, rbradleyhaas, reflog, rodcorsi, rvillablanca, RyanCommits, saturninoabril, sbishel, scottjr632, sij507, somenet, sowmiyamuthuraman, streamer45, stylianosrigas, sudheerDev, svelle, tasdomas, thapakazi, thefactremains, themaverikk, thePanz, TQuock, uhlhosting, vesari, VishalSwarnkar, wget, wiersgallak, wiggin77, Willyfrog, xalkan

Release v5.19 - ESR

Mattermost v5.19.0 contains low to high level security fixes. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

  • v5.19.3, released 2020-06-19
    • Fixed an issue with the Plugin Tooltip implementation that caused links to be truncated when rendered. This issue occured if you are using the recent GitHub plugin v1.0.0 release. All links were affected, regardless if they were related to GitHub. [MM-25808]
  • v5.19.2, released 2020-04-21
    • Fixed an issue with unexpected crashes related to any action taken to modify post properties such as push notifications. Note for developers: Direct access to the Props field in the model.Post structure has been deprecated. To avoid crash issues, the available GetProps() and SetProps() methods should now be used. Also, direct copy of the model.Post structure must be avoided in favor of the provided Clone() method. MM-21378
    • Fixed an issue where a public channel appears in the list of Direct Message channels in the channel sidebar if the channel name is 40 characters long. MM-23427
  • v5.19.1, released 2020-01-21
    • Fixed a regression affecting v5.18 and v5.19 where some users were experiencing client-side performance issues. This was mainly affecting users with more than 100 channels listed in the channel sidebar and with channels sorted alphabetically. MM-20349
  • v5.19.0, released 2020-01-16
    • Original 5.19.0 release

Compatibility

Breaking Changes

  • LockTeammateNameDisplay setting was moved to Enterprise Edition E20 as it was erroneously available in Team Edition and Enterprise Edition E10.

IMPORTANT: If you upgrade from a release earlier than 5.18, please read the other Important Upgrade Notes.

Bug Fixes

  • Fixed an issue where email notifications were still sent in some cases while disabled in the user interface.
  • Fixed an issue where System Console > Site Configuration > Users & Teams > Lock Teammate Name Display should only have been available on Enterprise Edition E20 but was erroneously available also on Team Edition and Enterprise Edition E10.
  • Fixed an issue where the System Console left-hand side scrollbar was too dark to see.
  • Fixed an issue where inline markdown image links did not open with preview modal.
  • Fixed an issue on Edge where the “+” buttons in channel list were black on Mattermost default theme.
  • Fixed an issue where users were unable to scroll through message textbox autocomplete results using arrow keys.
  • Fixed an issue where clicking a line separator in the Main Menu closed the menu.
  • Fixed an issue where date separator showed long-format timestamps.
  • Fixed an issue where the Menu help text was truncated in English for Do Not Disturb status.
  • Fixed an issue where the height and width parameters in inline images didn’t work.
  • Fixed an issue where the day picker in after/before search didn’t honor the user’s timezone override.
  • Fixed an issue where editing a post and hitting <enter> in code block saved the post automatically instead of adding a newline.
  • Fixed an issue where users were unable to close the Edit Channel Header modal when opened from the Intro Message.
  • Fixed an issue where opening the channel picker using CTRL+K and then focusing on the message box using CTRL+SHIFT+L did not close the channel picker.
  • Fixed an issue where the at-mention suggestions still highlighted the previous search but not the first suggestion in the list.
  • Fixed an issue where the at-mention autocomplete always opened up in the right-hand side reply thread, sometimes cutting off users in the list.
  • Fixed an issue with a notification badge count inconsistency when push notification setting was set to All Activity.
  • Fixed an issue where timestamps on 12-hour format had a leading zero.
  • Fixed an issue with an incorrect error message when attempting to add a bot to a channel if the bot was previously on the team.
  • Fixed an issue where the client license API generated a different ETag for every response.

API Changes

  • Etag header was added to the API endpoint to get the client license.
  • Oath IsTrusted configuration can only be changed if the user has the manage_system permission.

Known Issues

  • Client-side performance issues seen while typing.
  • On a server with a subpath, channel drop-down Leave Channel fails to leave the channel.
  • Importing theme colours from Slack gives an error.
  • Inviting multiple users with valid/allowed and invalid emails causes the invites for the valid users not to be sent.
  • Option to invite users by email is displayed even if email invitations are disabled.
  • Users may need to reinstall and delete cache on Classic apps if launching and logging into the app get stuck.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Release v5.18 - Feature Release

Mattermost v5.18.0 contains low to high level security fixes. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

  • v5.18.2, released 2020-01-16
    • Fixed an issue where server crashed when a user updated their Account Settings in a high availability cluster environment, and the corresponding user_updated event did not reach a guest user. MM-21481
  • v5.18.1, released 2020-01-08
  • v5.18.0, released 2019-12-16
    • Original 5.18.0 release

Compatibility

Important Upgrade Notes

  • Marking a post unread from the mobile app requires v1.26 or later. If using v5.18, but mobile is on v1.25 or earlier, marking a post unread from webapp/desktop will only be reflected on mobile the next time the app launches or is brought to the foreground.

Breaking Changes

  • The Go module path of mattermost-server was changed to comply with the Go module version specification. Developers using Go modules with mattermost-server as a dependency must change the module and import paths to github.com/mattermost/mattermost-server/v5 when upgrade this dependency to v5.18. See https://blog.golang.org/v2-go-modules for further information.
  • Removed Team.InviteId from the related Websocket event and sanitized it on all team API endpoints for users without invite permissions.
  • Removed the ability to change the type of a channel using the PUT /channels/{channel_id} API endpoint. The new PUT /channels/{channel_id}/privacy endpoint should be used for that purpose.

IMPORTANT: If you upgrade from a release earlier than 5.17, please read the other Important Upgrade Notes.

Highlights

ID Loaded push notifications (E20)

  • Allows push notifications to be delivered showing the full message contents that are fetched from the server once the notification is delivered to the device. This means that Apple Push Notification Service (APNS) or Google Firebase Cloud Messaging (FCM) cannot read the message contents since only a unique message ID is sent in the notification payload.

Allow Plugin Upgrades

  • Added ability to upgrade plugins and prepackaged plugins via the marketplace.

Mark Posts as Unread

  • When marking a post as unread, the user will land on the unread post the next time they click on the relevant channel.

mmctl remote CLI tool

  • Allows a system admin to run commands when conventional access to the server via SSH isn’t possible.

View Archived Channels (Beta)

  • View, share and search for content of archived channels. See more details here.

Guest Account SAML & LDAP Support (EE)

  • Provision Guests directly from AD/LDAP or SAML upon login. Guests will have no access to any teams or channels until they are assigned.

Actiance Improvements (E20)

  • Added events (such as post/file deletion and edit events) to Actiance Export to improve tracking within the Vantage report interface.

LDAP Group Sync upgraded to Beta phase (E20)

  • Previously in “Experimental” phase, the linking of AD/LDAP groups to Mattermost groups is now officially in “Beta” phase.

Improvements

User Interface (UI)

  • Disabled email notifications in Do Not Disturb mode.
  • Added support for showing a tooltip on public and private channel names that get truncated.
  • Added support for allowing in-line markdown images to open a preview window.
  • Added line numbers to code blocks that have syntax highlighting.
  • Added support for trimming leading/trailing whitespace on a channel name when a channel is created.

Command Line Interface (CLI)

  • Updated CLI command “deleter user” to add ability to delete the given user’s group memberships.
  • Created CLI command “config reset” to allow resetting the value of a config setting to its default value.

Integrations

  • Added ability to disable attachment buttons and fields.
  • Added user_name, team_domain and channel_name metadata when clicking an interactive button.
  • Extended EnsureBot helper function to include bot images.
  • Added support for a generic error message in interactive dialog responses.

Plugins

  • Added support for interplugin communication.
  • Added support for server version and minimum server version checks in helper methods for plugins.
  • Added support for returning results for individual plugins in System Console > Search.
  • Added the ability to add submenus in post dropdowns for plugins.

Administration

  • Added support for System Administrators to control Teammate Name Display at the system level.
  • Added support for revoking Guest User Sessions when the Guest Accounts feature is disabled.
  • Added the ability to search in System Console > Channels and System Console > Teams.
  • Added the ability to add users as another user to the plugin API.
  • Restricted user access to /logs API endpoint.
  • Added “Remove team” and “Change role” options in Team Membership panel.
  • Added support for disabling channel settings for public and private toggle for default channels.

Enterprise Edition (EE)

  • Added SAML login events to the Audits Table.
  • Added support for configuration of SAML crypto hashing algorithms.
  • Added support for not allowing Guest invitations to teams that are managed by LDAP Group Sync.
  • Added support for custom post types to Compliance exports.

Bug Fixes

  • Fixed an issue where modifying config files caused compliance exports to run twice.
  • Fixed an issue where admins were not able to create LDAP user via /api/v4/users.
  • Fixed some bugs related to the keyboard accessibility feature.
  • Fixed issues with Guest Accounts feature, such as an issue where the option to make guest users as team admins was erroneously provided in Manage Teams dialog on System Console > Users.
  • Fixed an issue where an opened emoji picker floated while the user scrolled in the channel.
  • Fixed an issue where “Your message is too long” warning on the right-hand side reply thread overlapped the Preview button.
  • Fixed an issue where hitting escape to close autocomplete also closed channel header modal.
  • Fixed an issue where negative search filter hypens and occasional random terms were highlighted in search results.
  • Fixed an issue where deactivating a user increased Monthly Active Users and Daily Active Users count by 1 in System Console > Site Statistics.
  • Fixed an issue where Reporting > Statistics showed ‘Loading…’ when the value for any of the statistics was zero.
  • Fixed an issue where converting a user to a bot via the command line tool (CLI) did not create an access token and could not be deleted.
  • Fixed an issue where archived channels displayed in System Console -> Channels page.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under TeamSettings:
    • Added LockTeammateNameDisplay to add support for System Administrators to control Teammate Name Display at the system level.
  • Under LdapSettings:
    • Added GuestFilter to be able to enter an AD/LDAP Filter to use when searching for external users who have Guest Access to Mattermost.
  • Under SamlSettings:
    • Added SignatureAlgorithm to be able to choose a signature algorithm used to sign the request.
    • Added CanonicalAlgorithm to be able to choose the canonicalization algorithm.
    • Added GuestAttribute to add support for entering the attribute in the SAML Assertion used to apply a guest role to users.
  • Under PluginSettings:
    • Added RequirePluginSignature to add support for requiring valid plugin signatures before starting managed or unmanaged plugins.
    • Added SignaturePublicKeyFiles to add support for specifying public keys to be trusted to validate plugin signatures in addition to the Mattermost plugin signing key built-into the server.
  • Under Push Notification Contents:
    • Added id_loaded to add an option for full message content being fetched from the server on receipt (Available in Enterprise Edition E20).
  • Under ServiceSettings:
    • Removed ExperimentalLdapGroupSync setting.

Open Source Components

  • Added @types/highlight in https://github.com/mattermost/mattermost-webapp.
  • Added @typescript-eslint/parser in https://github.com/mattermost/mattermost-webapp.
  • Added @react-native-community/cameraroll in https://github.com/mattermost/mattermost-mobile.
  • Added @sentry/react-native in https://github.com/mattermost/mattermost-mobile.
  • Added form-data in https://github.com/mattermost/mattermost-mobile.
  • Added react-native-fast-image in https://github.com/mattermost/mattermost-mobile.
  • Added react-navigation-stack in https://github.com/mattermost/mattermost-mobile.
  • Added redux-offline in https://github.com/mattermost/mattermost-mobile.

API Changes

  • Added POST handler for /plugins/marketplace to install marketplace plugins.
  • Added a search_archived API endpoint to be able to search archived channels.
  • Added a post_unread API endpoint to be able to set posts as unread.

Websocket Event Changes

  • Added marked post as unread Websocket Event.
  • Added guests deactivated Websocket Event.

Known Issues

  • Client-side performance issues seen while typing.
  • System Console left-hand side scrollbar may be too dark to see.
  • Menu help text for Do Not Disturb is truncated in English.
  • Inviting multiple users with valid/allowed and invalid emails causes the invites for the valid users not to be sent.
  • Option to invite users by email is displayed even if email invitations are disabled.
  • Option to mark posts as unread is unexpectedly available when viewing archived channels.
  • Users may need to reinstall and delete cache on Classic apps if launching and logging into the app get stuck.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Contributors

3mard, a8uhnf, aaronrothschild, abdusabri, aeomin, AGMETEOR, agnivade, akshaychhajed, ali-farooq0, allenlai18, alxsah, amyblais, andresoro, anindha, AninditaBasu, arjitc, asaadmahmood, ashishbhate, avasconcelos114, bradjcoughlin, brewsterbhg, bvineyar, cardoso, catalintomai, chapa, chetanyakan, chikei, chuttam, cinlloc, cjohannsen81, cometkim, comharris, cpanato, cpoile, cpurta, crspeller, deanwhillier, der-test, devinbinnie, DHaussermann, drekar, DSchalla, enahum, enolal826, ethervoid, etoaster, FlaviaBastos, fm2munsh, focusonmx, g3rv4, gabrieljackson, gigawhitlocks, goku321, gruceqq, grundleborg, gupsho, hahmadia, hanzei, harshilsharma63, hectorskypl, HilalNazli, hmhealey, icelander, ilgooz, imisshtml, iomodo, ishanray, ivanvc, jabshire, jasonblais, jaydeland, jespino, jfrerich, jgbaylon, jimiolaniyan, johnthompson365, joshuabezaleel, jozuenoon, justinegeffen, jwilander, kaakaa, kanozec, karlmarxlopez, Kaya_Zeren, kdenz, kosgrz, KuSh, larkox, last-partizan, Lena, levb, lieut-data, lindalumitchell, M-ZubairAhmed, m4ver1k, malaDev, manland, marianunez, MathewtheCoder, meilon, mgdelacroix, michaelschiffmm, mickmister, migbot, mkraft, mlongo4290, natalie-hub, nathanmkaya, niklabh, nrekretep, Pomyk, pqzx, pradeepmurugesan, promulo, PunitGr, r4zorgeek, RajatVaryani, reflog, rfoyard, rodcorsi, rvillablanca, SamWolfs, saneletm, saturninoabril, sbishel, scottleedavis, Sheshagiri, sij507, sphr, srkgupta, sstaszkiewicz-copperleaf, steevsachs, streamer45, stylianosrigas, sudheerDev, sunsingerus, svelle, thePanz, TonPC64, TQuock, uhlhosting, unlikelygeek, valentijnnieman, ventz, vinicio, wget, wiersgallak, wiggin77, Willyfrog, wlsf82, YuikoTakada

Release v5.17 - Quality Release

Mattermost v5.17.0 contains medium to high level security fixes. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Bug Fixes

  • Fixed an issue where saving an empty string on Marketplace URL reset the URL instead of showing an error.
  • Fixed an issue where the default permission was such that all users were allowed to invite a guest instead of only System Admins.
  • Fixed an issue where Guest users were shown in the list when adding new members to a channel.
  • Fixed an issue where attempting to configure uninstalled plugins got stuck at “Loading…” without timeout.
  • Fixed an issue where clicking “Search” icon in narrow-width mode caused right-hand side to appear along with loading indicator “…”.
  • Fixed an issue where @all notification was still sent to all users when using TAB to press Cancel on the notification prompt.
  • Fixed an issue where system messages could trigger mentions for username collisions.
  • Fixed an issue where code syntax was not rendering or highlighting as expected in markdown.
  • Fixed an issue where users were not able to attach a file from iPad using Safari.
  • Fixed an issue where /code was rendering HTML incorrectly.
  • Fixed an issue where clicking “Pinned” icon removed text in the search box.
  • Fixed an issue where Main Menu > Integrations > OAuth 2.0 Applications page user interface broke when shrinking the window to a small size.
  • Fixed an issue where no feedback was given on mobile view when the maximum post length had been exceeded.
  • Fixed an issue where dragging or dropping a folder did not scroll the user to the right-hand side text box to make the error more visible.
  • Fixed an issue on mobile browser view where the post menu was split in 2 and users were not able to scroll up to see “Add Reaction” option.
  • Fixed an issue where pressing and holding on teams and channels in the left-hand side opened the context menu on the Desktop App.
  • Fixed an issue where the user popover bled off screen when browser or Desktop App was set to full-screen mode.
  • Fixed an issue where clicking locally installed plugins without a URL opened a new tab to the same page.
  • Fixed an issue where interactive message buttons and menus were not vertically the same size.
  • Fixed an issue where the first element was selected by default in radio elements in interactive buttons.
  • Fixed an issue where search with quotation marks was not returning expected results.
  • Fixed an issue where bulk importer generated invalid passwords for the user object with a missing password key.
  • Fixed an issue where post metadata was returned for deleted posts.
  • Fixed an issue where users were not able to use api/v4/websocket with a trailing slash.
  • Fixed an issue with subpaths where in-app System Console links were missing in the /subpath and resulted in a 404 error.
  • Fixed an issue where Terms of Service and Privacy Policy in Main Menu > About Mattermost did not permanently link to Mattermost’s policies.

config.json

A setting option was added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added EnableLatex to add an option to enable/disable rendering of latex code.

Known Issues

  • Deactivating a user increases Monthly Active Users and Daily Active Users count by 1 in System Console > Site Statistics.
  • Negative search filter hypens and occasional random terms are highlighted in search results.
  • Hitting escape to close autocomplete also closes channel header modal.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Contributors

a-arias, A-Hilaly, a8uhnf, aaronrothschild, abadojack, abdusabri, abelharisov, aeomin, AGMETEOR, agnivade, agusl88, akantsevoi, akpark, akshaychhajed, aladhims, ali-farooq0, amyblais, ananichev, anchepiece, andresoro, anindha, aqche, arjitc, asaadmahmood, avasconcelos114, bensooraj, boonwj, bradjcoughlin, brewsterbhg, bryanculver, catalintomai, cedrickring, chahat-arora, chikei, ChrisDobby, chuttam, cinlloc, codevbus, comharris, cpanato, cpoile, crspeller, CSBatchelor, dailos2coders, DaKeiser, deanwhillier, dedifferentiator, der-test, devinbinnie, DHaussermann, dnguy078, drekar, DropNib, enahum, esethna, FlaviaBastos, gabrieljackson, gfelixc, gigawhitlocks, goku321, gruceqq, grundleborg, guigui64, gupsho, hahmadia, hanzei, hector2, hectorskypl, HelioStrike, heowc, hmhealey, hypnoglow, iDevoid, imavroukakis, imisshtml, iomodo, isacikgoz, italolelis, iwataka, jairojj, jasminexie, jasonblais, jatinjtg, JeewhanR, jesperhansen17, jespino, jfrerich, jkl5616, joebordes, johnthompson365, jordeguevara, jorgeruvalcaba, josephk96, JosephSamela, joshuabezaleel, jozuenoon, JtheBAB, justinegeffen, jwilander, kaakaa, karanrn, karlmarxlopez, kashifsoofi, Kaya_Zeren, kethinov, kgeorgiou, larkox, laurapareja, Lena, levb, lieut-data, lindalumitchell, LK4D4, lucianomagrao, Lumexralph, lurcio, malaDev, manland, marianunez, mauricio, MayMeow, mbluemer, meilon, Menelion, mgdelacroix, mhartenbower, mickmister, migbot, mistikel, mjthomp95, mkraft, mlongo4290, Mrigank11, Muscaw, Mycobee, nfriend, nicnicknicky, niklabh, njkevlani, octoquad, oksmelnik, pbitty, Pensu, phillipahereza, Phizzard, pikami, Pomyk, pqzx, pradeepmurugesan, ptisserand, pushkyn, raghuiamsingh, RajatVaryani, reflog, rfoyard, rodcorsi, rohanjulka19, rv404674, sahilsharma011, SamWolfs, sascha-andres, saturninoabril, sbishel, scottleedavis, sdesani, SezalAgrawal, shahbour, Sheshagiri, simonfrey, simross, sourabkumarkeshri, sowmiyamuthuraman, srkgupta, steevsachs, stefan-malcek, streamer45, stylianosrigas, sudheerDev, svelle, tgkouras, thekiiingbob, thePanz, ThiefMaster, tpaschalis, uhlhosting, Vaelor, valentijnnieman, vdepatla, VictorAvelar, wget, wiersgallak, willdot, Willyfrog, wyze, xrav3nz

Release v5.16 - Feature Release

  • v5.16.5, released 2020-01-08
  • v5.16.4, released 2019-12-18
  • v5.16.3, released 2019-11-06
    • (Accessibility) Fixed an issue where keyboard navigation within the right-hand side did not navigate in expected order. MM-19901
  • v5.16.2, released 2019-10-30
    • Fixed an issue where Permission Schemes was not working properly on an E10 license. MM-19556
    • Fixed an issue where switching to an unread channel sometimes got stuck at “Loading…”. MM-19091
  • v5.16.1, released 2019-10-24
    • Mattermost v5.16.1 contains a high level security fix. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.
    • (Accessibility) Fixed an issue where “Click here to jump to recent messages” was not accessible via keyboard. MM-19498
    • (Accessibility) Fixed an issue where post options were skipped when tabbing through a post in search results. MM-19497
    • (Accessibility) Fixed an issue where F6 did not allow navigating to the right-hand side when a thread wasn’t open. MM-18117
    • Fixed an issue where a change to the production Plugin Marketplace URL wasn’t backported to v5.16.0. MM-19516
  • v5.16.0, released 2019-10-16
    • Original 5.16.0 release

Mattermost v5.16.0 contains a low level security fix. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Compatibility

Removed and Deprecated Features

  • Support for Internet Explorer (IE11) was removed. Learn more in our forum post.

Breaking Changes

  • The Mattermost Desktop v4.3.0 release includes a change to how desktop notifications are sent from non-secure URLs (http://). Organizations using non-secure Mattermost Servers (http://) will need to update to Mattermost Server versions 5.16.0+, 5.15.1, 5.14.4 or 5.9.5 (ESR) to continue receiving desktop notifications when using Mattermost Desktop v4.3.0 or later.
  • When enabling Guest Accounts, all users who have the ability to invite users will be able to invite guests by default. System admins will need to remove this permission on each role via System Console > Permissions Schemes. In Mattermost Server version 5.17, the System admin will be the only role to automatically get the invite guest permission, however the fix will not be applicable in 5.16 due to database migration processes.

Highlights

Guest Accounts

  • Provides a controlled and secure method for users outside of an organization to collaborate with their organization without allowing the guest to access proprietary or confidential information.

Plugin Marketplace

  • The integrations marketplace is built into the product and gives system administrators the ability to discover and install Mattermost plugins that are compatible with the server version you are running.

Improved user management

  • System Administrators can view a user’s team memberships and add a user to additional teams from the System Console without having to be a member of the team.

Improvements

User Interface (UI)

  • Added support for showing TIF image thumbnail previews.
  • Added the ability to remove the custom branding image.
  • Added support for showing channel links as links in email notifications.
  • Added support for direct message permalinks.
  • Changed recent date separators to read Today/Yesterday.

Import/Export

  • Added support for including the Theme property on UserTeamMemberships in bulk exports.

Search

  • Added support for excluding results from search.

Notifications

  • Enabled account related emails when SendEmailNotifications is set to false.

Command Line Interface (CLI)

  • Added a integrity CLI command to verify database integrity.

Plugins

  • Added the ability for plugins to render custom embed views for posts.
  • Added support for including custom System Console components for plugins.
  • Added support for plugins to close the right-hand sidebar.

Integrations

  • Added support for introductory markdown paragraph in interactive dialogs.
  • Added a password type for interactive dialogs.
  • Added support for footer and footer_icon in attachments.
  • Added support for boolean elements in interactive dialogs.
  • Added support for a radio type in interactive dialogs.

Performance

  • Improved perceived performance of the emoji picker.
  • Improved post list performance by making thread comments be loaded only when needed.
  • Improved quick switcher experience to make the autocomplete feel more like a modal rather than a dropdown.

Administration

  • Added the ability for System Administrators to revoke all sessions from all users.
  • Added support for System Administrators to make public channels private and private channels public within the System Console > User Management > Channel Configuration page when Experimental Groups feature is enabled.
  • Added user Id information in the System Console > Users page.
  • Updated System Console plugin settings page to expose enable/disable setting.
  • Added ability for System Administrators to view a user’s team memberships and add users to additional teams within System Console > User Management > User Configuration.

Bug Fixes

  • Fixed an issue where user count did not update if a user automatically joined a channel.
  • Fixed an issue where using the channel autocomplete while editing posts caused the current channel to be unread.
  • Fixed an issue where users were unable to type in any other channel after leaving a draft post in preview mode in one channel and then switching to another channel.
  • Fixed an issue where a user didn’t see any unreads when rejoining a team if they were in a Direct Message channel when they left the last team.
  • Fixed an issue where some pre-packaged plugins showed as removable in the user interface.
  • Fixed an issue where clicking “Edit” of another sub-section in Account Settings appeared to save the setting that was currently being edited in an open sub-section in the same modal.
  • Fixed an issue where the System Console user menu did not show all inactive users.
  • Fixed an issue where a JS console error appeared when uploading an image from the right-hand side.
  • Fixed some bugs related to the new keyboard accessibility feature.
  • Fixed an issue where the /leave slash command was not working on direct message channels.
  • Fixed an issue where the quick channel switcher box opened behind the header attachment expansion.
  • Fixed an issue on mobile web view where emoji reaction modal was cut off when adding a second reaction via “+” icon.
  • Fixed an issue where the username was not shown in the left-hand side on mobile web view.
  • Fixed an issue where “Thumbs up” emoji did not get added to “Recently Used” section.
  • Fixed an issue where trailing white space was not ignored when saving a bot username.
  • Fixed an issue where enabling channel group constraints turned the admin site blank.
  • Fixed an issue where SQL connections closed prematurely for clusters.
  • Fixed an issue where absolute paths were not honoured in SAML certificates.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under PluginSettings:
    • Added EnableMarketplace (default to true) and MarketplaceUrl (default to https://marketplace.integrations.mattermost.com), to enable Plugin Marketplace feature.
  • Under GuestAccountsSettings:
    • Added Enable, AllowEmailAccounts, EnforceMultifactorAuthentication, and RestrictCreationToDomains, to enable Guest Accounts feature.
  • Changed SqlSettings.DataSource, ElasticsearchSettings.ConnectionUrl, and EmailSettings.SMTPServer to default to using localhost (instead of dockerhost).
  • Changed NativeAppSettings.AppDownloadLink to default to https://mattermost.com/download/#mattermostApps (instead of https://about.mattermost.com/downloads/).

Open Source Components

  • Added react-native-android-open-settings in https://github.com/mattermost/mattermost-mobile.
  • Added react-native-haptic-feedback in https://github.com/mattermost/mattermost-mobile.
  • Added DefinitelyTyped in https://github.com/mattermost/mattermost-webapp.
  • Added node-semver in https://github.com/mattermost/mattermost-webapp.
  • Added regenerator in https://github.com/mattermost/mattermost-webapp.
  • Added typescript in https://github.com/mattermost/mattermost-webapp.

API Changes

  • Added a new GET /plugins/marketplace API endpoint added to list marketplace plugins.
  • Added a new PUT /channels/:channel_id/privacy API endpoint to update the privacy of a channel.
  • Added a new POST /site_url/test to test API endpoint to test the configured site URL.
  • Added a new POST /teams/:team_id/invite-guests/email API endpoint to invite guest users by email.
  • Added new POST /users/:user_id/promote and POST /users/:user_id/demote API endpoints to promote and demote users to guest accounts.
  • Updated the PUT /channels/:channel_id/patch API endpoint to ensure that the requestor user has permission to see each channel member.
  • Updated the GET /channels/:channel_id/stats API endpoint to include the pinned post and guest counts.
  • PUT /roles/:role_id/patch API endpoint now ensures that guest account roles are not updatable without the required license and feature SKU.
  • Several OAuth API endpoints were removed.

Database Changes

  • Added a change to the Tokens table Extra column’s data type.

Known Issues

  • Saving an empty string on Plugin Marketplace URL resets the URL instead of showing an error.
  • Switching to an unread channel sometimes gets stuck at “Loading…”.
  • Attempting to configure uninstalled plugins get stuck at “Loading…” without timeout.
  • Enabling/disabling guest access in System Console fails.
  • Guest users are shown in the list when adding new members to a channel.
  • Negative search filter hypens and occasional random terms are highlighted in search results.
  • @all notification is still sent to all users when using TAB to press Cancel on the notification prompt.
  • System messages may trigger mentions for name collisions.
  • Hitting escape to close autocomplete also closes channel header modal.
  • Pressing and holding on teams and channels in the left-hand side opens the context menu on desktop apps.
  • Modifying config files causes compliance exports to run twice.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Release v5.15 - Quality Release

  • v5.15.5, released 2020-01-08
    • Fixed an issue where migrating accounts from email to SAML failed. MM-21472
  • v5.15.4, released 2019-12-18
  • v5.15.3, released 2019-11-06
    • (Accessibility) Fixed an issue where keyboard navigation within the right-hand side did not navigate in expected order. MM-19901
    • Fixed an issue where switching to an unread channel sometimes got stuck at “Loading…”. MM-19091
  • v5.15.2, released 2019-10-24
    • Mattermost v5.15.2 contains a high level security fix. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.
    • (Accessibility) Fixed an issue where “Click here to jump to recent messages” was not accessible via keyboard. MM-19498
    • (Accessibility) Fixed an issue where post options were skipped when tabbing through a post in search results. MM-19497
    • (Accessibility) Fixed an issue where F6 did not allow navigating to the right-hand side when a thread wasn’t open. MM-18117
  • v5.15.1, released 2019-10-11
    • Fixed an issue that will be introduced with a change in upcoming server v5.16 and desktop app v4.3 releases where desktop notifications will be broken as the desktop app will no longer be able to directly interact with the web app. MM-18819
    • Fixed an issue where server-side telemetry was not reporting back after 5.14 release. MM-18115
  • v5.15.0, released 2019-09-16
    • Original 5.15.0 release

Mattermost v5.15.0 contains low level security fixes. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Bug Fixes

  • Fixed an issue where an invalid locale caused a white screen.
  • Fixed an issue where rate limited posts failed to load threads.
  • Improved the group linking failure error message and logging to make it clear that the group id attribute is most likely misconfigured.
  • Fixed an issue where the right-hand side did not fetch messages on socket reconnect when a different channel was in center.
  • Fixed an issue where posting a message in an empty channel sometimes caused the channel to display a loading spinner.
  • Fixed an issue where deleting the last post in a channel caused the channel to only display a loading spinner.
  • Fixed an issue with an absence of unread badges on private channels on mobile apps.
  • Fixed an issue where at-sign was missing in front of usernames in push notifications.
  • Fixed some bugs related to the new keyboard accessibility feature.
  • Fixed an issue where the “@” sign was replaced with keyboard accessibility feature on Italian keyboard.
  • Fixed an issue where joining a new channel with few posts sometimes did not take the user to the bottom of the channel.
  • Fixed an issue where scroll pop sometimes occured with embedded Youtube links.
  • Fixed an issue with stuttery dropdowns in Safari.
  • Fixed an issue where clicking on a post would highlight it after returning to the tab/window.
  • Fixed an issue where SVG attachments bled over into subsequent posts.
  • Fixed an issue where long posts were overlapping in compact view.
  • Fixed an issue where the expand/collapse button in images were underlined.
  • Fixed an issue where incoming webhook URL was clickable and shown as a link on the desktop app.
  • Fixed an issue where the markdown helper text was missing on Edit Channel Header modal.
  • Fixed an issue on mobile view where Edit/Delete/More options were not displayed on the right-hand side after a message was posted.
  • Fixed an issue where the channel mute icon was displayed in the incorrect position when a channel was muted.
  • Fixed an issue where there was an extra menu divider on Town Square channel menu.
  • Fixed an issue on Firefox where post and comment boxes were expanding too early.
  • Fixed an issue where focus was not automatically set on text input box after selecting an emoji from the emoji picker.
  • Fixed an issue where channel changes were not updated for other users until refresh.
  • Fixed an issue where changes to Account Settings were being saved even when the user did not click the Save button.
  • Fixed an issue where some of the links in System Console opened the page on the same tab instead of opening it on a new browser/tab.
  • Fixed an issue where installing a plugin via URL failed if the download took longer then 30 seconds.
  • Fixed an issue where plugins did not get disabled when removing them.
  • Fixed an issue where plugin translation files were not updated on web-clients when plugins were upgraded.
  • Fixed an issue where bots could not be added to any team if server wide email domain restriction was enabled.
  • Fixed an issue where pagination broke when adding users to a team.
  • Fixed an issue where list of users were not paginated on warning modal for LDAP group sync team / channel removal.
  • Fixed an issue where enabling LDAP Trace prevented login.
  • Fixed an issue where Google User API Endpoint showed an outdated helper text.
  • Fixed an issue where a markdown image with an SVG briefly displayed for sender with EnableSVGs set to false.
  • Fixed an issue with an incorrect error message on Custom URL Schemes field.

Known Issues

  • JS console error may appear when uploading an image from the right-hand side.
  • Scroll pop may occur in channels with markdown images.
  • Trailing white space is not ignored when saving bot user name.
  • Clicking “Edit” of another sub-section in Account Settings appears to save the setting that is currently being edited in an open sub-section in the same modal.
  • Some pre-packaged plugins show as removable in the User Interface.
  • If ExperimentalStrictCSRFEnforcement is set to True, attempts to use /jira subscribe fail.
  • Users are unable to type in any other channel after leaving a draft post in preview mode in one channel and then switching to another channel.
  • User count in a channel does not update until after refresh if a user automatically joins a channel.
  • Scrolling upwards while loading more posts sometimes causes you to jump upwards on Firefox.
  • Modifying config files causes compliance exports to run twice.
  • Using channel autocomplete while editing post causes current channel to be unread.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Release v5.14 - Feature Release

  • v5.14.5, released 2019-10-24
  • v5.14.4, released 2019-10-11
    • Fixed an issue that will be introduced with a change in upcoming server v5.16 and desktop app v4.3 releases where desktop notifications will be broken as the desktop app will no longer be able to directly interact with the web app. MM-18819
    • Fixed an issue where server-side telemetry was not reporting back after 5.14 release. MM-18115
  • v5.14.3, released 2019-09-16
    • Fixed an issue where edited posts were not included in Compliance Export (Beta). MM-18522
  • v5.14.2, released 2019-08-30
    • Fixed an issue where Mattermost crashed when date-related search terms on: before: and after: were used in search. MM-18143
  • v5.14.1, released 2019-08-28
  • v5.14.0, released 2019-08-16
    • Original 5.14.0 release

Mattermost v5.14.0 contains a medium level security fix. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Compatibility

Removed and Deprecated Features

  • We are removing support for Internet Explorer (IE11) in Mattermost v5.16.0, which releases on October 16, 2019. Learn more in our forum post.

Breaking Changes

  • Webhooks are now only displayed if the user is the creator of the webhook or a system administrator.
  • With the update from Google+ to Google People, system admins need to ensure the GoogleSettings.Scope config.json setting is set to profile email and UserAPIEndpoint setting should be set to https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata per updated documentation.

IMPORTANT: If you upgrade from a release earlier than 5.13, please read the other Important Upgrade Notes.

Highlights

Keyboard navigation and screen reader improvements

  • New keyboard navigation improvements enable you to move between app regions—like the post list, channel sidebar, and header—using F6 on the Desktop App and CTRL-F6 on a web browser. You can also use TAB, arrow keys, and ENTER to interact with buttons, links, and other elements in Mattermost.
  • Screen readers are now much more compatible with Mattermost. Buttons, links, and app regions now have accurate readouts that enable visually impaired users to use Mattermost productively with screen readers.
  • Learn more

Bidirectional scrolling to land on oldest unread post

  • No more scrolling required to get to the oldest unread post. Now when the channel opens when there are unreads it opens at the new messages line, regardless of how many unreads exist since the last time the user viewed the channel.

Jira V2.1

  • Full list of features in v2.1: https://github.com/mattermost/mattermost-plugin-jira#jira-21-features.

System Console tools to manage LDAP Groups within Teams and Channels (EE)

  • New Team and Channel pages in the System Console allow administrators to easily manage teams and channels membership with LDAP Group Synchronization instead of using the CLI group commands released in v5.12.

Pre-packaged Plugins

  • Jenkins plugin for interacting with jobs and builds via slash commands in Mattermost.
  • Antivirus plugin for scanning files uploaded to Mattermost.
  • GitLab plugin for getting notifications in Mattermost about mentions, review requests and comments.

Improvements

User Interface (UI)

  • Added support for allowing + and . in System Console > Customization > Posts > Custom URL Schemes.
  • Added support for Range on files needed by Safari to view videos.
  • Added ability to add info cards to the right-hand side section.
  • Added support for rendering emojis in Message Attachment field titles.
  • Changed “About” section references to use the site name when it is configured in System Console > Custom Branding > Site Name.
  • Combined “Send messages on CTRL+ENTER” with code block setting.
  • Added ability to upload files on paste when file constructor is not supported (ie. in Edge or IE11).

Import/Export

  • Added the ability to import Slack corporate export files with direct messages, group messages and private channels.
  • Added support for exporting Global Relay to zip file.

Webhooks

  • EnableWebhookDebugging now logs the request id for additional context when debugging.
  • Added support for plugins to dismiss posts through the MessageWillBePosted hook. Dismissed posts no longer show up as a client-side error.
  • Added an optional “icon_emoji” field to incoming webhooks to use an emoji in place of the display picture when the webhook posts into Mattermost.

Integrations

  • Added support for interactive dialogs without elements, e.g. for confirmation dialogs.
  • Added support for relative links in interactive message buttons, simplifying plugin development.

Plugins

  • Added support for plugins to override right-hand sidebar.
  • Added support for plugins to trigger interactive dialogs programmatically, instead of only after a user action.

Bot Accounts

  • Added an identifier for compliance exports when a message is posted by a bot account.
  • Created a dedicated System Console page at /admin_console/integrations/bot_accounts to organize bot configuration options.

Command Line Interface (CLI)

  • Added support for converting bot accounts to user accounts with email/password login through the CLI.
  • Extended the config migrate command to handle SAML keys and certificates.
  • Updated CLI channel list and search commands to show if a channel is private.
  • Create CLI command “team modify” to modify team’s privacy setting.

Administration

  • Office365 SSO was promoted out of beta.
  • Removed maximum length from LinkMetadata value so that links can generate OpenGraph previews and be stored in the database.
  • The config.json file is now generated with build time using defaults in code and not in default.json.
  • Added new settings to have more control over BindAddress and AdvertiseAddress in the cluster server to allow users to configure properly in situations where the servers are communicating through another server using NAT.
  • implemented enhanced logging for CSRF warnings by adding the following information to each request: Remote Adddress, Path, User ID, Session ID.

Enterprise Edition (EE)

  • Added support for signing SAML requests, as required for Infosec approval.
  • Added support for configuring the interface used for cluster peer discovery in High Availability clusters.

Bug Fixes

  • Fixed an issue where pagination of group members was broken in LDAP Groups.
  • Fixed an issue where the options to leave a team was disabled for all teams and not just the primary team when a primary team was set.
  • Fixed an issue where bulk import got stuck when importing lines were missing the “type” entry.
  • Fixed an issue where titles for webhooks, commands and OAuth apps were no longer bolded in the System Console.
  • Fixed an issue where disabling email notifications also disabled email invites.
  • Fixed an issue where Admins were shown a warning of a user’s bot being deactivated even if they already were.
  • Fixed an issue where a bot profile image disappeared when saving bot details.
  • Fixed an issue where plus-sign was not visible on mobile browser view for reacting with a new emoji next to existing reactions.
  • Fixed an issue in the System Console where the UserID in User Activity Logs changed from email to UserID.
  • Fixed an issue where user got a notification to add a bot to a channel when mentioning it.
  • Fixed an issue where permanenently deleting a bot user didn’t remove it from the bots table.
  • Fixed an issue where a scroll pop was caused by large image dimensions in markdown.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ClusterSettings in config.json:
    • Added NetworkInterface to allow configuring devices to detect the IP in High Availability clusters.
    • Added BindAddress and AdvertiseAddress to add more control over bind and advertising address in a cluster server.
  • Under ComplianceSettings in config.json:
    • Added SignRequest to add support for signing SAML requests.
  • Under PluginSettings in config.json:
    • Added AllowInsecureDownloadUrl to allow servers to download and install a plugin from a remote url via the System Console.

Open Source Components

  • Added core-js in https://github.com/mattermost/mattermost-mobile/.
  • Added deepmerge in https://github.com/mattermost/mattermost-mobile/.
  • Removed react-native-bottom-sheet from https://github.com/mattermost/mattermost-mobile/.
  • Added react-hot-loader in https://github.com/mattermost/mattermost-webapp.
  • Removed @babel/polyfill from https://github.com/mattermost/mattermost-webapp.
  • Removed redux-persist-transform-filter from https://github.com/mattermost/mattermost-webapp.
  • Removed url-search-params-polyfill from https://github.com/mattermost/mattermost-webapp.
  • Removed whatwg-fetch from https://github.com/mattermost/mattermost-webapp.

API Changes

  • Migrated user API endpoint from Google+ API to People API.
  • Added api/v4/channels/group/search API endpoint to return the group channels whose members’ usernames match the search term.
  • Added /api/v4/channels/:channel_id/members_minus_group_members API endpoint to determine users who will be removed from a group-synchronized channel.
  • Added api/v4/posts/unread API endpoint to support landing on the last unread post.
  • Added api/v4/teams/:team_id/members_minux_group_members API endpoint to determine users who will be removed from a group-synchronized team.
  • Added api/v4/users/group_channels API endpoint to get an object containing a key per group channel id in the query and its value as a list of users members of that group channel.
  • Added api/v4/sessions/revoke/all API endpoint to add the ability to revoke sessions from all users.

Plugin API

  • Added GetBotIconImage, SetBotIconImage and DeleteBotIconImage API endpoints to control bot icon images.
  • Added api/v4/plugins/install_from_url API endpoint to allow server to download and install a plugin from a remote url.

Known Issues

  • Users are unable to type in any other channel after leaving a draft post in preview mode in one channel and then switching to another channel.
  • Google User API Endpoint shows outdated helper text.
  • Making a post in an empty channel sometimes causes the channel to display a loading spinner.
  • Deleting the last post in a channel causes the channel to only display a loading spinner.
  • Markdown helper text is missing on Edit Channel Header modal.
  • User count in a channel does not update until after refresh if a user automatically joins a channel.
  • Long posts might overlap in compact view.
  • Joining a new channel with few posts might not take the user to the bottom of the channel.
  • Missing messages can be caused if network fails on API calls.
  • Search help text popover may not display on narrow screen view.
  • Expand/collapse in image icons are underlined.
  • Messages may not load when opening a channel with multiple unread messages.
  • Scrolling upwards while loading more posts sometimes causes you to jump upwards on Firefox.
  • Post and comment boxes are expanding too early on Firefox.
  • Modifying config files causes compliance exports to run twice.
  • Using channel autocomplete while editing post causes current channel to be unread.
  • Scroll pop may occur with embedded Youtube links.
  • Clicking on a post will highlight it after returning to the tab/window.
  • Plugin translation files are not updated on web-client when plugins are upgraded.
  • Changes to Account Settings are being saved even when user does not clicks on Save button.
  • SVG attachments bleed over into subsequent posts.
  • Custom-Attributes plugin might crash.
  • Pagination breaks when adding users to a team.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Release v5.13 - Quality Release

Mattermost v5.13.0 contains low level security fixes. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

  • v5.13.3, released 2019-08-22
  • v5.13.2, released 2019-07-24
    • Fixed performance issues in channels with large message history due to a change made to posts query. MM-16936
    • Fixed an issue where some settings were not visible in the System Console. MM-17114
    • Fixed an issue where announcement banner overlapped content. MM-17115
    • Fixed an issue where the scroll position was not at the new message indicator on switching channels when there were 30-60 unread messages. MM-17078
  • v5.13.1, released 2019-07-19
    • Fixed an issue with Jira plugin where creating or attaching to Jira issues failed due to GDPR changes released by Atlassian. Affected Jira Cloud only, not Jira Server or Jira Data Center. MM-17060
    • Fixed an issue in server logs where messages related to OpenGraph API were unnecessarily reported as errors. MM-17043
    • Fixed an issue in the System Console without an Enterprise Edition license where Push Notification Contents setting was not available. MM-17008
  • v5.13.0, released 2019-07-16
    • Original 5.13.0 release

Compatibility

Removed and Deprecated Features

  • We are removing support for Internet Explorer (IE11) in Mattermost v5.16.0, which releases on October 16, 2019. Learn more in our forum post.
  • v4.10.0 as our current Extended Support Release (ESR) is coming to the end of its lifecycle. We will be implementing version v5.9.0 as a new ESR starting July 16, 2019. Learn more in our forum post.

Bug Fixes

  • Fixed an issue where changing the timezone setting to “Set automatically” did not work on the mobile app.
  • Fixed an issue where the channel introduction content sometimes disappeared on opening a channel.
  • Fixed an issue with missing messages.
  • Fixed an issue where disabling Join/Leave Messages and switching to a specific channel caused a white screen.
  • Fixed an issue where the SMTP server password was no longer concealed in the System Console.
  • Fixed an issue where Notifications and Plugins settings were missing in the System Console for restricted system administrators.
  • Fixed an issue where “Enable AD/LDAP Group Sync” was visible in experimental System Console settings section in Team Edition servers.
  • Fixed an issue where System Console > SMTP > Connection Security setting was missing in Team Edition servers.
  • Fixed an issue where “Allow Mobile upload/download Files” options in the System Console where not hidden in Team Edition servers.
  • Fixed an issue where channel links did not work inside brackets.
  • Fixed an issue where uploading a team icon image fired a JS console error and a blank image preview.
  • Fixed an issue on Safari where a user jumped to the top of the Direct Messages selection list every few seconds.
  • Fixed an issue where “Error populating syncables” was seen on login when LDAP groups tried to add a user to a team that was at its maximum number of users.
  • Fixed an issue where the slash command /rename was restricted to 22-character maximum channel name length.
  • Fixed an issue where Manage Members menu was visible even if a user did not have Manage Member permissions when viewing the Main Menu.
  • Fixed an issue where the “Set a Header” button in the channel introduction was not clickable.
  • Fixed an issue where Group Message and private channel icons in the sidebar were misaligned.
  • Fixed an issue where custom emojis sometimes overlapped in messages.
  • Fixed an issue where bot tags were misaligned in search results and in the “in:” modifier in the search bar autocomplete.
  • Fixed an issue where the post menu divider had a gap in mobile view.
  • Fixed an issue where the bottom of right-hand side was cut off in tablet view.
  • Fixed an issue where the channel dropdown menu user interface was broken in mobile view when Zoom plugin was enabled.
  • Fixed an issue where the Save button was hidden in the System Console when a banner was displayed at the top of the page.
  • Fixed an issue where users were not able to search for split parts of first/last names or for split characters such as _ with elasticsearch autocomplete enabled.
  • Fixed an issue where OAuth endpoints returned application/json content type for HTML redirects.
  • Fixed an issue where json responses were not returned for errors on oauth API endpoints, and a 500 error was returned instead of 4xx errors.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ElasticsearchSettings in config.json:
    • Added SkipTLSVerification to ignore certificate verification for Elasticsearch.

Open Source Components

  • Added moment-timezone in https://github.com/mattermost/mattermost-redux/.

Database Changes

  • plugins type entries in the Jobs table will be purged on upgrade. This job was incorrectly configured to run every minute, spamming the table with mostly useless records. All old records will be removed on upgrade, and the job will run daily instead.

Known Issues

  • Cannot leave any team when a default primary team is set.
  • Titles for webhooks, commands and OAuth apps are no longer bolded in the System Console.
  • Users can get logged out of server without a session expiry notification.
  • Desktop app hangs on opening emoji picker.
  • When a primary team is set, the options to leave a team is disabled for all teams, not just the primary team.
  • Plugin crashes the server when calling w.WriteHeader(0).
  • Bot account profile image disappears when saving bot details.
  • Custom emoji containing specified letters do not appear in emoji autocomplete, unless they start with the letters or have been returned in the autocomplete before.
  • Buttons inside ephemeral messages are not clickable / functional on the mobile app.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Release v5.12 - Feature Release

Mattermost v5.12.0 contains low to medium level security fixes. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

  • v5.12.6, released 2019-08-22
  • v5.12.5, released 2019-07-19
    • Fixed an issue with Jira plugin where creating or attaching to Jira issues failed due to GDPR changes released by Atlassian. Affected Jira Cloud only, not Jira Server or Jira Data Center. MM-17060
  • v5.12.4, released 2019-07-15
    • Fixed an issue with missing messages. MM-16921
  • v5.12.3, released 2019-07-09
    • Fixed an issue where setting the MM_SQLSETTINGS_DATASOURCEREPLICAS environment variable broke the server startup. MM-16719
  • v5.12.2, released 2019-07-03
  • v5.12.1, released 2019-06-28
    • Fixed an issue where messages were sometimes missing after reconnecting the network. MM-16423
    • Fixed an issue where the client sometimes crashed while viewing a direct message channel. MM-16480
    • Fixed an issue where Net Promoter Score (NPS) printed an error message in server logs when Error and Diagnostics Reporting was disabled. MM-16465
    • Fixed an issue where Net Promoter Score (NPS) telemetry reporting surveys were disabled if the setting had not been modified. MM-16554
  • v5.12.0, released 2019-06-16
    • Original 5.12.0 release

Breaking changes since last release

  • If your plugin uses the DeleteEphemeralMessage plugin API, update it to accept a postId string parameter. See documentation to learn more.
  • Image link and YouTube previews do not display unless System Console > Enable Link Previews is enabled. Please ensure that your Mattermost server is connected to the internet and has network access to the websites from which previews are expected to appear. Learn more here.
  • ExperimentalEnablePostMetadata setting was removed. Post metadata, including post dimensions, is now stored in the database to correct scroll position and eliminate scroll jumps as content loads in a channel.

IMPORTANT: If you upgrade from a release earlier than 5.11, please read the other Important Upgrade Notes.

Highlights

Infinite Scroll

  • Read messages more easily. Older posts are loaded automatically as you scroll up instead of having to click the “Load more messages” button at the top of the screen. This feature is not supported on Internet Explorer (IE11).

Bot Accounts

  • Users no longer have to rely on creating fake user accounts to act as bots for integrations. Instead, create a real bot account and use it to generate bot access tokens to interact with users and complete tasks.
  • Users can can also use these bots to post to any channel in the system, whether it’s a private team, private channel or a direct message channel.
  • For Enterprise deployments, bot accounts no longer count as an active user towards licensing subscriptions.
  • To learn more about bot accounts, see the documentation.

Jira Plugin 2.0

  • Enhanced existing plugin for a deep two-way integration between Jira and Mattermost.
  • Send notifications for Jira issue creation, issue updates and comments to Mattermost channels.
  • Users can also take quick actions in Mattermost, including creating Jira issues, attaching Mattermost messages to Jira issues, and transitioning issues via slash commands.
  • For a full feature set for 2.0, see https://github.com/mattermost/mattermost-plugin-jira#jira-20-features.

Pre-packaged Plugins

  • New pre-packaged plugins bundled with this Mattermost release include:
    • GitHub plugin for notifications, reminders and slash commands to stay up-to-date on issues and pull requests. Supports GitHub SaaS and Enterprise versions.
    • Autolink plugin to automatically hyperlink text, such as adding links to your issue tracker when someone posts an issue key or number.
    • Custom Attributes plugin to add custom attributes in the user profile popover.
    • Welcome Bot plugin to improve onboarding and HR processes by adding a Welcome Bot that helps add new team members to channels.
    • Amazon SNS CloudWatch plugin to send alert notifications from Amazon AWS CloudWatch to Mattermost channels via AWS SNS.

System Console Reorganization

  • Informational architecture restructure of the System Console to make a more logical flow to the settings and to provide a more cohesive experience for hiding features on the Mattermost Private Cloud product, where the system admin should not have access to change configurations that affect the environment directly.

Net Promoter Score (NPS)

  • We are gathering user feedback to help improve user experience and hear directly from our users. The feature can be disabled via System Console > Plugins > Net Promoter Score.

AD/LDAP Group Sync Removals (Enterprise Edition E20)

  • System Admins can manage the membership of private teams and channels with AD/LDAP groups, eliminating the need to individually add and remove members. Users in the groups are automatically removed from the team or channel when removed from an associated group.

User/Channel Search & Autocomplete in Elasticsearch (Enterprise Edition E20)

  • Added new settings in System Console > Elasticsearch to enable Elasticsearch for autocompletion queries. When enabled, Elasticsearch uses its indexed data for user/channel search queries and autocomplete queries.

Improvements

User Interface (UI)

  • Added an option to add a user to a channel from the profile popover.
  • Removed @ for full name display in push notifications.

Plugins

  • Added support for Markdown in plugin System Console help text fields.
  • Added support for plugins to override ephemeral posts.

Localization

  • Promoted Polish language to “official”.

Command Line Interface (CLI)

  • Added a command modify CLI command to modify slash commands.
  • Added a mattermost user convert --bot CLI command to convert user accounts to bot accounts.
  • Implemented a new command config migrate for migrating configuration to and from the database.
  • For AD/LDAP Group Sync, added the following CLI commands:
    • group team enable to add the ability to switch a team to be group-constrained.
    • group team disableto add the ability to disable group constraint on the specified team.
    • group team list to list the groups associated with a team.
    • group team status to show the group constraint status of the specified team.
    • group channel enable to add the ability to switch a channel to be group-constrained.
    • group channel disable to disable group constraint on the specified channel.
    • group channel list to list the groups associated with a channel.
    • group channel status to show the group constraint status of the specified channel.

Administration

  • Added support for running two Mattermost instances on the same domain using subpaths.
  • Added support for importing threads from Slack.

Bug Fixes

  • Fixed an issue where releasing a mouse click while the cursor was outside of the Rename Channel modal would close the modal.
  • Fixed an issue where a whitepage occured after uploading a plugin with an invalid settings_schema value.
  • Fixed an issue where the announcement banner overlapped channel content.
  • Fixed an issue where license expiration notice banner could not be dismissed prior to the license expiration date.
  • Fixed an issue where the channel switcher autocomplete didn’t function properly when autocompleting the name of a person who was the first person named in a group message channel.
  • Fixed an issue where inline images in markdown preview didn’t get expanded.
  • Fixed an issue where replies to the parent post were not left-aligned.
  • Fixed an issue where the timezone picker dropdown closed when trying to drag the scrollbar.
  • Fixed an issue where the ExperimentalPrimaryTeam config.json setting no longer hid the “Leave Team” option.
  • Fixed an issue where the setting position field for AD/LDAP sync in System Console did not block user from changing it in Account Settings.
  • Fixed an issue where scrolling was not working on iOS browser sign-up and sign-in pages.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under "PluginSettings": in config.json:
    • Added "EnableHealthCheck": true, to ensure all plugins are periodically monitored, and restarted or deactivated based on their health status.
  • Under "NotificationLogSettings": in config.json:
    • Added "EnableConsole": true, "ConsoleLevel": "DEBUG", "ConsoleJson": true, "EnableFile": true, "FileLevel": "INFO", "FileJson": true, and "FileLocation": "", to implement a structured logger to keep track of push notifications.
  • Under "ServiceSettings": in config.json:
    • Added "EnableBotAccountCreation": false to enable bot account creation.
    • Added "DisableBotsWhenOwnerIsDeactivated": true to disable bots automatically when the owner is deactivated.
    • Added "TrustedProxyIPHeader": [], to explicitly define which IP headers are trusted.

Database Changes

  • SchemeGuest column added to the TeamMembers table.
  • SchemeGuest column added to the ChannelMembers table.
  • DefaultTeamGuestRole column added to the Schemes table, and set to an empty string.
  • DefaultChannelGuestRole column added to the Schemes table, and set to an empty string.

API Changes

RESTful API v4 Changes

  • Updated API to use gziphandler wrapper if server is configured to use gzip. This ensures that the Mattermost server can respond to REST API requests with compressed data (via gzip) to reduce the amount of bandwidth used.
  • LDAP Group Sync:
    • Added API endpoints getGroupsByChannel and GetGroupsByTeam to retrieve groups by team and by channel.
    • Added group_constrained API to both /users and /users/search endpoints to be able to limit users listed to those allowed by group-constraints.
    • Added the GetGroups API endpoint to retrieve lists of groups with searching, pagination, and member counts.
  • Disabled Team InviteID modification via Create/Update actions and moved it to a dedicated API endpoint.

Plugin API v4 Changes

  • Added KVCompareAndSet(key string, old []byte, new []byte) to Plugin API to add support for transactional semantics with KV Store in plugin framework.

Known Issues

  • Creating or attaching to Jira issues fails for Jira Cloud. This is resolved in v5.12.5.
  • Messages related to OpenGraph API are unnecessarily reported as errors in the server logs. This is resolved in v5.13.1.
  • Push Notification Contents setting is not available in the System Console in servers without an Enterprise Edition license. This is resolved in v5.13.1.
  • Channels with large message history may have performance issues. This is resolved in v5.13.2.
  • Site Configuration > Notifications > Email Notification Contents is missing from E10 servers. This is resolved in v5.13.2.
  • Changing announcement banner overlaps content. This is resolved in v5.13.2.
  • Scroll position is not at the new message indicator on switching channels with unreads between 30-60. This is resolved in v5.13.2.
  • Titles for webhooks, commands and OAuth apps are no longer bolded in the System Console.
  • Users can get logged out of server without a session expiry notification.
  • Desktop app hangs on opening emoji picker.
  • When a primary team is set, the options to leave a team is disabled for all teams, not just the primary team.
  • Plugin crashes the server when calling w.WriteHeader(0).
  • Bot account profile image disappears when saving bot details.
  • Custom emoji containing specified letters do not appear in emoji autocomplete, unless they start with the letters or have been returned in the autocomplete before.
  • Buttons inside ephemeral messages are not clickable / functional on the mobile app.
  • On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console UI. To fix, the System Admin should restart the server.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Release v5.11 - Quality Release

Mattermost v5.11.0 contains low level security fixes. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Breaking changes since last release

  • If your integration uses Update.Props == nil to clear Props, this will no longer work in 5.11+. Instead, use Update.Props == {} to clear properties. This change was made because Update.Props == nil unintentionally cleared all Props, such as the profile picture, instead of preserving them.

IMPORTANT: If you upgrade from a release earlier than 5.10, please read the other Important Upgrade Notes.

Bug Fixes

  • Fixed an issue where plugin settings link didn’t appear until refresh after uploading a plugin in the System Console.
  • Fixed an issue where System Console > Users bottom section of “user actions” menu was cut off for the last three users in the screen.
  • Fixed an issue where corners on image previews were squared instead of rounded.
  • Fixed an issue where the hover effect was missing on images.
  • Fixed an issue where a post action (via button or menu) reset the profile picture of the webhook post.
  • Fixed an issue where a flagged post containing only file attachments didn’t render in the sidebar until loaded in the centre.
  • Fixed an issue where some strings in channel settings weren’t localizable.
  • Fixed an issue where clicking “Open” downloaded an image instead of opening it.
  • Fixed an issue where an at-mention user autocomplete overlapped with the channel header when drafting a long message containing a file attachment.
  • Fixed an issue where the reply bar showed gaps between posts in compact view.
  • Fixed an issue where markdown preview of nested lists displayed differently from styling in posted message.
  • Fixed an issue where Safari suggested auto-corrections in the channel switcher.
  • Fixed an issue on Safari where the mention badge count didn’t update immediately.
  • Fixed an issue where the post action menu overlapped with posts on iOS/Safari on mobile view.
  • Fixed an issue where interactive dialog’s description text colour was difficult to see on dark themes.
  • Fixed an issue where delete permissions for custom emoji team admin role were not always granted.
  • Fixed an issue with a slight scroll pop on reaching loading indictor of search results.
  • Fixed an issue where adding a user to a channel that is in the unreads section caused the channel to become read in the user’s view.
  • Fixed an issue where the channel menu dropdown icon had an unnecessary tooltip.
  • Fixed an issue on LDAP Groups where adding a group to a team provided an unnecessary permission confirmation modal.
  • Fixed an issue on mobile view where clicking on the attachment icon didn’t bring up the dropdown menu.

Known Issues

  • Buttons inside ephemeral posts are not clickable / functional on the mobile app.
  • On a server using a subpath, the URL opens a blank page if the system admin changes the Site URL in the System Console UI. The system admin should restart the server to fix it.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Release v5.10 - Feature Release

Mattermost v5.10.0 contains medium to high level security fixes. Upgrading is highly recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

  • v5.10.2, released 2019-06-20
  • v5.10.1, released 2019-05-16
    • Fixed an issue on Internet Explorer (IE11) where the system console opened a blank page.
  • v5.10.0, released 2019-04-16
    • Original 5.10.0 release

Breaking changes since last release

  • SupportedTimezonesPath setting in config.json and changes to timezones in the UI based on the timezones.json file was removed. This was made to support storing configurations in the database.

IMPORTANT: If you upgrade from a release earlier than 5.9, please read the other Important Upgrade Notes.

Highlights

Interactive Ephemeral Messages

Configuration in Database

  • Added experimental support for storing config.json in the database, improving the system console experience on read-only filesystems. Storing the configuration in the database is optional, as the existing config.json remains fully supported.

Improvements

User Interface (UI)

  • Added ability to use “c” and “sh” for code block syntax highlighting.
  • Words that trigger mentions now supports Chinese.
  • Added support for rendering emojis and hyperlinks in message attachment titles.
  • Added support for showing the channel name in the message box.
  • Added support for markdown in plugin system console help text fields.
  • Added ability to convert Excel cells to markdown table when pasting in Mattermost.
  • Added ability to render emojis in interactive message buttons.

Plugins (Beta)

  • Created a plugin component to override file previews.
  • Added support for plugins to create link tooltips.
  • Added experimental support for plugins to use bot accounts.

Bulk Import/Export

  • Added User Preference fields in bulk export.
  • Added ability to include direct and group message channels and their posts in bulk export.
  • Added ability to include deactivated users in bulk import.

Command Line Tools (CLI)

  • Created CLI command command show to allow seeing detailed information of a slash command.
  • Created CLI command webhook show to allow seeing detailed information of a webhook.
  • Created CLI command team rename to allow renaming teams.
  • Created CLI command channel search to allow searching for channels.

Administration

  • Improved default session timeout behavour, including changing the default SessionLengthWebInDays from 30 to 180 days.
  • Added full text search to the system console panel to easily find options in the configuration.
  • (Advanced Permissions) Split managing emoji permissions into “create”, “delete own” and “delete others”.
  • (Advanced Permissions) Added List_Public_Teams, Join_Public_Teams, List_Private_Teams and Join_Private_Teams permissions.
  • Added support for LDAP groups search.
  • Added a setting to the system console to change the minimum length of hashtags.
  • Added support for setting Reply-To header in outbound Mattermost emails.
  • Added support for invalidating all email invitations from the system console.

Bug Fixes

  • Fixed an issue where enterprise features became immediately unavailable when the enterprise license expired with a 15 day grace period.
  • Fixed an issue where an at-mention for username that starts with “all” did not highlight their entire username.
  • Fixed an issue where the migrate_auth command did not work with valid license file.
  • Fixed an issue where post metadata was requested if link previews were disabled.
  • Fixed an issue where a channel did not get removed from the unreads section if the user navigated out of it via a permalink.
  • Fixed an issue where a link from Access Control Groups to Group Filter on AD/LDAP did not work for subpath Site URL.
  • Fixed an issue where expired channels appeared in “My Channels” section of channel switcher if using the Automatically Close Direct Messages setting.
  • Fixed an issue where the text box reverted to default size after a user returned from the Integrations page.
  • Fixed an issue where the profile popover wasn’t allowed to close itself when opened through an at-mention.
  • Fixed an issue where filtering by first name with Korean characters no longer worked for at-mentions.
  • Fixed an issue where the Remove MFA option was visible for all users when Enforce MFA was enabled.

Compatibility

Deprecated Features

  • Deprecated configurable timezones.json in favour of the existing hard-coded list built into the server.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under "ExperimentalSettings": in config.json:
    • Added "RestrictSystemAdmin": false, to optionally constrain even system admins from changing critical settings.
  • Under "ServiceSettings": in config.json:
    • Added "MinimumHashtagLength": 3, to add the ability to change the minimum length of hashtags.

RESTful API Changes

  • Added GetUsers API method to add the ability to list users.
  • Added POST /bots to create a bot accounts.
  • Added PUT /bots/{bot_user_id} to partially update a bot by providing only the fields you want to update.
  • Added GET /bots/{bot_user_id} to get a bot specified by its bot id.
  • Added GET /bots to get a page of a list of bots.
  • Added POST /bots/{bot_user_id}/disable to disable a bot.
  • Added POST /bots/{bot_user_id}/enable to enable a bot.
  • Added POST /bots/{bot_user_id}/assign/{user_id} to assign a bot to the specified user.

Plugin API Changes

  • Added the SearchPostsInTeam method to add the ability to search posts in a team.
  • Added GetTeamMembersForUser and GetChannelMembersForUser to add the ability to get team and channel members for a specific user.
  • Added GetBundleInfo() string method to add the ability to store assets elsewhere.
  • Added CreateBot(bot *model.Bot) (*model.Bot, *model.AppError) to create the given bot and corresponding user.
  • Added PatchBot(botUserId string, botPatch *model.BotPatch) (*model.Bot, *model.AppError) to apply the given patch to the bot and corresponding user.
  • Added GetBot(botUserId string, includeDeleted bool) (*model.Bot, *model.AppError) to return the given bot.
  • Added GetBots(options *model.BotGetOptions) ([]*model.Bot, *model.AppError) to return the requested page of bots.
  • Added UpdateBotActive(botUserId string, active bool) (*model.Bot, *model.AppError) to mark a bot as active or inactive, along with its corresponding user.
  • Added PermanentDeleteBot(botUserId string) *model.AppError to permanently delete a bot and its corresponding user.

Database Changes

  • Granted the following permissions for the System Admin, in preparation for an upcoming bot accounts feature:
    • PERMISSION_CREATE_BOT
    • PERMISSION_READ_BOTS
    • PERMISSION_READ_OTHERS_BOTS
    • PERMISSION_MANAGE_BOTS
    • PERMISSION_MANAGE_OTHERS_BOTS
  • Bots table was added.

Known Issues

  • Attachments menu on mobile view is partly cut off on the right-hand side.
  • Clicking on the attachment icon doesn’t bring up the dropdown menu on mobile browser.
  • Content for ephemeral messages is not displayed on mobile apps.
  • When login is done through SAML, text in Account Settings > General > Email is misaligned.
  • On a server using a subpath, the URL opens a blank page if the system admin changes the Site URL in the System Console UI. The system admin should restart the server to fix it.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.

Release v5.9 - ESR

Mattermost v5.9.0 contains low to medium level security fixes. Upgrading is highly recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Breaking Changes since last release

  • If DisableLegacyMfa setting in config.json is set to true and multi-factor authentication is enabled, ensure your users have upgraded to mobile app version 1.17 or later. Otherwise, users who have MFA enabled may not be able to log in successfully. See Important Upgrade Notes for more details.
  • The public IP of the Mattermost application server is considered a reserved IP for additional security hardening in the context of untrusted external requests such as Open Graph metadata, webhooks or slash commands. See Important Upgrade Notes for more details.

IMPORTANT: If you upgrade from another release than 5.8, please read the Important Upgrade Notes.

Bug Fixes

  • Fixed an issue where emoji reactions did not appear on posts right away.
  • Fixed an issue where the emoji Recently Used cleared entirely after logging out and back in.
  • Fixed an issue where emoji not included in our list of text-based emoji were not rendered as jumboemoji.
  • Fixed an issue where the default server/client locales got reverted to en on server startup.
  • Fixed an issue where email notification setting in the webapp was out of sync with the mobile apps.
  • Fixed an issue where a broken image displayed on login page if custom branding was enabled but no image had been uploaded.
  • Fixed an issue where at-channel, at-all, at-here followed by a period were not highlighted as mentions.
  • Fixed an issue where the Mattermost icon was pixelated in bookmark rendering on Google Chrome.
  • Fixed an issue where System Console > Users page had broken user interface on narrow screens.
  • Fixed an issue where at-channel notification showed incorrect number of timezones.
  • Fixed an issue where leading whitespace with emoji affected emoji size so that they didn’t render as jumboemoji.
  • Fixed an issue where the System Console graphs did not load smoothly.
  • Fixed an issue with inconsistent formatting in page header on System Console > Notifications > Mobile Push.
  • Fixed an issue where invite tokens with a 48-hour expiry expired after 24 hours.
  • Fixed an issue where a blank screen appeared when opening a group message channel from “More” modal using Enter key.
  • Fixed an issue where Zoom plugin caused link metadata code to print warnings in the System Console.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Enable Image Proxy setting is now false by default. See Important Upgrade Notes for more details.
  • Under "ServiceSettings" in config.json:
    • Added "DisableLegacyMFA": false, to keep the legacy checkMfa endpoint enabled to support mobile versions 1.16 and earlier. See Important Upgrade Notes for more details.

Known Issues

  • On a server using a subpath, the URL opens a blank page if the system admin changes the Site URL in the System Console UI. The system admin should restart the server to fix it.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v5.8 - Feature Release

Mattermost v5.8.0 contains low to high level security fixes. Upgrading is highly recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Breaking Changes since last release

  • The local image proxy has been added, and images displayed within the client are now affected by the AllowUntrustedInternalConnections setting. See documentation for more details if you have trouble loading images.

IMPORTANT: If you upgrade from another release than 5.7, please read the Important Upgrade Notes.

Highlights

Added support for LDAP Group Sync

  • Lets admins set default team and channel membership based on LDAP groups. See more details in the documentation.

Added multi-factor authentication support to Team Edition

Enhanced image performance

  • Improved performance for images by adding support for image proxy servers, which are now integrated into the server and switched on by default.
  • Note that this may cause problems loading images from within your local network due to security settings. See here for more information.

Improvements

User Interface (UI)

  • Improved sorting of emoji in the emoji autocomplete and emoji picker search results.
  • Added support for emoji picker for mobile web view.

Notifications

  • Added a channel notification setting to disable at-channel mentions.

Administration

  • Added the ability to search users by role in System Console > Users.
  • Added a CLI command to modify an outgoing webhook.
  • Added a CLI command to restore a team.

Performance

  • Added network connectivity improvements where the server no longer allows clients to auto-retry posts and to cause posts to appear twice.

Slash Commands

  • Added support for sending a message to a different channel than where the slash command was issued from.
  • Added an option to send a message beginning with a “/” from the right-hand side.

Plugins

  • Added server support for updating a plugin instead of having to remove and install them as two separate actions.

Attachments

  • Optimized file attachment memory usage where possible.

Bug Fixes

  • Fixed an issue where “[user] is typing …” was not removed when a message was composed and sent very quickly.
  • Fixed an issue where an announcement banner displayed when the banner was enabled but the text field was blank.
  • Fixed an issue where a language was not set if selected in Account Settings.
  • Fixed an issue where removing rows from Send Email Invite modal didn’t remove them immediately.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under "ServiceSettings" in config.json:
    • Added "ExperimentalLdapGroupSync": false, to add support for experimental LDAP Group Sync feature.
  • Under "LdapSettings" in config.json:
    • Added "GroupFilter": "", "GroupDisplayNameAttribute": "" and "GroupIdAttribute": "", to add the ability to configure group display name and unique identifier.
  • Under "ImageProxySettings": in config.json:
    • Added "Enable": true,, "ImageProxyType": "local",, "RemoteImageProxyURL": "", and "RemoteImageProxyOptions": "", to allow integrating image proxy into the server and switching it on by default.
  • Under "ExperimentalSettings": in config.json:
    • Added "LinkMetadataTimeoutMilliseconds": 5000 and "DisablePostMetadata": false, to enable post metadata by default.

API Changes

RESTful API v4 Changes

  • Added SearchTeams to plugin API to add the ability to search teams.
  • Added GetTeamStats to plugin API to add the ability to get team statistics.
  • Added /api/v4/posts/ids/reactions API endpoint to get the bulk reactions for posts.
  • Added UpdateUserActive to plugin API to allow updating user’s status as active or inactive.
  • Add GetFile to plugin to add the ability to get files.

Known Issues

  • On a server using a subpath, the URL opens a blank page if the system admin changes the Site URL in the System Console UI. The system admin should restart the server to fix it.
  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v5.7 - Quality Release

Mattermost v5.7.0 contains low to medium level security fixes. Upgrading is highly recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

Bug Fixes

  • Fixed an issue where push notification to clear unread messages badge from another client was not being forwarded. There are cases on the mobile app where the badge could still linger - see MM-13722 for more details.
  • Fixed a SQL syntax error when a non-existent channelId was attempted to be viewed.
  • Fixed an issue where OpenGraph and Post Metadata cache were purged on any config change with the image proxy enabled.
  • Added a check for percent value on file upload progress to prevent the app from crashing.
  • Fixed an issue where multi-line announcement banner text did not expand its background.
  • Fixed an issue where channel modal text and icons were misaligned if only one channel type was available.
  • Fixed an issue where every channel switch triggered a fetch for users in all Group Message channels for the user.
  • Fixed an issue where the user was not redirected to sign up page to create first account on fresh install.
  • Fixed an issue where scrollbar appeared in team sidebar when a user was a member of too many teams.
  • Fixed an issue where wide images posted by a webhook could be cut off on the right-hand side.
  • Fixed an issue where leaving a team showed a 403 error in the console.
  • Fixed an issue where Code Theme did not save unless other colours were changed.
  • Fixed an issue where Webapp only showed a star or mention count for active team.
  • Fixed an issue where Web mobile view was missing the mute option in the channel menu.
  • Fixed an issue where the “participant is typing” appeared a few seconds after a message was posted.
  • Fixed an issue where a profile popover got cut off on the right-hand side if it included an admin badge and a long username.

Known Issues

  • Custom Terms of Service returns on refresh after clicking to agree.
  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v5.6 - Feature Release

  • v5.6.5, released 2019-02-16
  • v5.6.4, released 2019-02-01
  • v5.6.3, released 2019-01-16
  • v5.6.2, released 2018-12-22
    • Fixed JIRA plugin not sending messages back to Mattermost channels.
  • v5.6.1, released 2018-12-20
    • Fixed an issue where a user is not redirected to the account creation page on a fresh Mattermost server install.
    • Fixed an issue where file uploads crashed the webapp for some users.
    • Fixed slow channel switching load times, where every channel switch fetched users from all group message channels.
    • Fixed JIRA plugin not working due to a rename of the JIRA plugin directory structure.
  • v5.6.0, released 2018-12-16
    • Original 5.6.0 release

Breaking Changes since the last release

  • Replaced WebRTC prototype with other video and audio calling solutions. Learn more here.
  • Removed support for IE11 Mobile View due to low usage and instability in order to invest that effort in maintaining a high quality experience on other more used browsers. End users on IE11 will thus have an increased minimum screen size.
  • If EnablePublicChannelsMaterialization setting in config.json is set to false, an offline migration prior to upgrade may be required to synchronize the materialized table for public channels to increase channel search performance in the channel switcher (CTRL/CMD+K), channel autocomplete (~) and elsewhere in the UI. See Important Upgrade Notes for more details.

IMPORTANT: If you upgrade from another release than 5.5, please read the Important Upgrade Notes.

Highlights

Interactive Dialogs

  • Added support for interactive dialogs to more easily collect structured information from users to perform an action or submit a request via an integration. Learn more here

Languages

  • Added support for Ukrainian language, bringing the number of supported languages to 16.
  • Romanian language promoted out of beta.

Command Line Interface (CLI)

  • Added new CLI commands to improve admin productivity, including:
    • command create to create a custom slash command for a specified team.
    • command delete to delete a slash command.
    • command move to move a slash command to a different team.
    • command list to list all commands on specified teams or all teams by default.
    • config get to retrieve the value of a config setting by its name in dot notation.
    • config set to set the value of a config setting by its name in dot notation.
    • config show to print the current Mattermost configuration in an easy to read format.
    • team archive to archive teams based on name.
    • team search to search for teams based on name.
    • webhook create-incoming to create incoming webhook within specific channel.
    • webhook create-outgoing to create outgoing webhook within specific channel.
    • webhook delete to delete a webhook.
    • webhook list to list all webhooks for a team or across the server.
    • webhook modify-incoming to modify existing incoming webhook by changing its title, description, channel or icon url.

Improvements

User Interface

  • Added ability to remove profile pictures in Account Settings.
  • Added a new loading bar that shows progress on file uploads.
  • Added a new badge to the profile popover that indicates if a user is a System Admin.
  • Added new channel sidebar reorganization options for the ExperimentalGroupUnreadChannels config.json setting, such as the ability to sort channels by recent messages.
  • Added an option to be able to clear search results.

Notifications

  • Enabled push notifications by default on new Mattermost installs, via an encrypted TPNS (test push notification service).
  • Added a channel notification setting to disable @-channel @-here @-all notifications in specific channels.

Performance

  • Increased performance for returning user autocomplete results.

Plugins

  • Added a “min_server_version” field to plugin.json manifest, which enables built-in control for preventing loading plugins that are not compatible with the Mattermost server version.
  • Added ability for plugins to add channel header tooltips.
  • Stopped hashing plugin keys on write to more effectively enumerate the keys stored by a plugin.
  • Removed support for automatically unmarshalling a plugin’s server configuration.

Bulk Import/Export

  • Added custom emoji and emoji reactions to bulk export tool.
  • Added favorite channels to bulk export tool.
  • Added user and channel notification preferences to bulk export tool.
  • Added the ability to specify an email batching interval for bulk import.

Slash Commands

  • Added support for multiple responses from a slash command.
  • Added an option to send a message when an invalid slash command is entered.

Administration

  • Added mobile support for Custom Terms of Service (Beta)
  • Removed System Console > Plugins (Beta) > Configuration page and moved enabling plugins setting to the Plugins (Beta) > Management page.
  • Introduced mlog/human package to consume and reformat structured logging with a human readable output.

Enterprise Edition (E20)

  • Data Retention promoted out of beta.

Bug Fixes

  • Fixed an issue where pinned post list refreshed when a user posted a new message.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under "ServiceSettings" in config.json:
    • Added "TLSMinVer": "1.2", "TLSStrictTransport": false, "TLSStrictTransportMaxAge": 63072000 and "TLSOverwriteCiphers": [], to configure TLS connection when not using a reverse proxy such as NGINX.
  • Under "ExperimentalSettings" in config.json:
    • Added "EnablePostMetadata": false, to disable post metadata from being loaded.

API Changes

RESTful API v4 Changes

  • Added GET /channels/{channel_id}/timezones to get a list of timezones for the users who are in the specified channel.
  • Added page and per_page properties to POST /teams/{team_id}/posts/search call for Elasticsearch paging.
  • Added DELETE /users/{user_id}/image to remove a user’s profile picture.
  • Added DELETE /brand/image to remove a custom branding image.
  • Added POST /actions/dialogs/open and POST /actions/dialogs/submit to open and submit requests via interactive dialogs.

Plugin API Changes

  • Changed GetTeamMembers(teamId string, offset, limit int) to GetTeamMembers(teamId string, page, perPage int) to be clearer and consistent with other APIs
  • Changed GetPublicChannelsForTeam(teamId string, offset, limit int) to GetPublicChannelsForTeam(teamId string, page, perPage int) to be clearer and more consistent with other APIs
  • Added the following plugin API methods. For more information on each method, see the server plugin reference.
    • GetChannelsForTeamForUser
    • GetChannelMembers
    • GetChannelMembersByIds
    • GetChannelStats
    • GetEmoji
    • GetEmojiByName
    • GetEmojiImage
    • GetEmojiList
    • GetPluginConfig
    • SavePluginConfig
    • GetPostsAfter
    • GetPostsBefore
    • GetPostsSince
    • GetPostsForChannel
    • GetPostThread
    • GetProfileImage
    • SetProfileImage
    • GetTeamsForUser
    • GetTeamsUnreadForUser
    • GetTeamIcon
    • SetTeamIcon
    • RemoveTeamIcon
    • GetUsersByUsernames
    • GetUsersInChannel
    • GetUsersInChannelByStatus
    • GetUsersInTeam
    • CreateDirectChannel
    • SearchChannels
    • SearchUsers
    • GetFileLink
    • UploadFile
    • SetProfileImage
    • KVSetWithExpiry
    • KVDeleteAll
    • KVList

Database Changes

  • Added ExpireAt column to the PluginKeyValueStore table.
  • Migrated user’s accepted terms of service data into a new table called UserTermsOfService.
  • Removed idx_users_email_lower, idx_users_username_lower, idx_users_nickname_lower, idx_users_firstname_lower and idx_users_lastname_lower indexes.

Known Issues

  • Login does not work when Custom Terms of Service is enabled and MFA is enforced.
  • Custom Terms of Service returns on refresh after clicking to agree.
  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v5.5 - Quality Release

Bug Fixes

  • Fixed an issue where clicking the two arrows to expand/collapse an image didn’t work after posting an image.
  • Fixed an issue where switching authentication methods from email/password to SAML (OKTA and OneLogin) showed session expiry message instead of a success message.
  • Fixed an issue where message drafts occasionally posted to the channel even though user did not take any action to post it.
  • Fixed an issue with Autoresponder feature where the reply message did not get inserted consistently.
  • Fixed an issue where bolded channel names rendered over top of unbolded channel names in desktop.
  • Fixed an issue where config.ServiceSettings.SiteURL could contain a trailing slash.
  • Fixed a caching issue with archiving/unarchiving channels through API.
  • Fixed UX issues when trying to edit pending posts from reply thread.
  • Fixed an issue where “Enable Post Formatting” did not actually require page refresh.
  • Fixed an issue where User AuthService Export value of “” could be incompatible for importer.
  • Fixed an issue where search results that did not match case were not highlighted when returning hashtags in search results.
  • Fixed issues with indentation on the right-hand side in desktop app compact view.
  • Fixed an issue where the post header for bot messages was cutting off username before using available horizontal space.
  • Fixed an issue where “undefined” was briefly shown on refresh with combined system messages.
  • Fixed an issue where profile popover was cut-off at right-hand side root post.
  • Fixed UX issues for some plugins that displayed a blank page when clicking on the “Settings” link from “Management” page in System Console.
  • Fixed an issue where uploading a plugin resulted in a JS error and a blank page.
  • Fixed an issue where some team icons did not fill bounding box on MacOS.
  • Fixed an issue where there was no hover effect on emoji reactions.
  • Fixed an issue where a permanent announcement banner pushed the bottom of a channel sidebar off screen.
  • Fixed an issue where cancelling a change to channel notifications settings appeared to save the change.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v5.4 - Feature Release

Release date: 2018-10-16

Breaking Changes since the last release

  • Mattermost mobile app version 1.13+ is required. File uploads will fail on earlier mobile app versions.
  • In certain upgrade scenarios the new Allow Team Administrators to edit others posts setting under General then Users and Teams may be set to True while the Mattermost default in 5.1 and earlier and with new 5.4+ installations is False.

IMPORTANT: If you upgrade from another release than 5.3, please read the Important Upgrade Notes.

Highlights

Basic Export Tool

  • Created a basic exporter tool to extract objects from Mattermost for allowing to merge two servers.

Improvements

Web User Interface (UI)

  • Added a draft indicator in the channel sidebar and channel switcher for channels with unsent messages.
  • Added support for jumboemojis.
  • Added support for searching in direct message and group message channels using the “in:” modifier.
  • Last viewed channel on logout is restored on next session.
  • Added support for consecutive messages in the right-hand side.
  • Added tooltips to post info overlay buttons.
  • Added a feature to post a code block on CTRL + ENTER.
  • Expanded post text box area when composing long posts.
  • Updated the pinned post list when it’s open and the channel is switched so that the pinned post list updates to show the other channel’s pinned posts.
  • Download of common file types is not forced when viewing a public link.

Command Line Interface (CLI)

  • Added a new Command Line Interface for removing all users from a channel.

Performance

  • Improved channel switcher performance.

Integrations

  • Added interactive menus to message attachments.
  • Added a autotranslation plugin.
  • Added a button to copy the information from webhooks/slash commands such as the url and token.
  • Added “Commented on…” text for files and message attachment type posts.
  • Updated incoming and outgoing webhook description to 500 characters.
  • Added hook ID to webhook requests in server logs.
  • Plugins without a server or webapp component now fail to be activated.

Notifications

  • Desktop notifications now follow teammate name display setting.
  • Added a mute/unmute option to channel dropdown menu.
  • Added a mute icon to mobile view.
  • Added support for notifying users when desktop/browser sessions expire.

Autocomplete and Focus

  • With “Send messages on CTRL+ENTER = ON”, channel and user autocomplete now work.
  • Cursor is now autofocused on edit box before the modal fully loads.
  • Channel autocomplete closes after two consecutive tildes used for strikethrough formatting.
  • If a user begins typing and the cursor is not in an input box, the cursor is automatically put into the center channel text input box.

Administration

  • Moved hiding join/leave messages to Team Edition.
  • Added edit_others_posts as a permission setting for Team Edition.
  • Added account setting option to hide channel switcher button in the sidebar.

Compliance

  • Added changes for E20 custom service terms.
  • Team membership can be restricted based on email domains.

Bug Fixes

  • Fixed an issue where logging in with LDAP account with MFA enabled resulted in “Error trying to authenticate MFA token” error when “Enable sign-in with username” was set to false.
  • Fixed an issue where log-in page flashed briefly during process of verifying an updated email address.
  • Fixed an issue where “”GET /api/v4/redirect_location” responses got stuck when “EnableLinkPreviews” was set to “false”.
  • Fixed an issue where Account Settings teammate name display setting changed when System Console teammate name display setting was changed.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Enterprise Edition:

  • Under “SqlSettings”: in config.json:
    • Added "EnablePublicChannelsMaterialization": true, to increase channel search performance in the channel switcher (CTRL/CMD+K), channel autocomplete (~) and elsewhere in the UI.

API Changes

Plugin API Changes

  • Added slash commands with GET crush query parameters on configured endpoint URL to avoid parameters specified by both the user and Mattermost from being duplicated.
  • Added a GetServerVersion() string method to the plugin API to return the current server version.

Database Changes

  • Description column was added to the OutgoingWebhooks table.
  • Description column was added to the IncomingWebhooks table.
  • AcceptedServiceTermsId column was added to the Users table.
  • PublicChannels table was added.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v5.3 - Feature Release

Mattermost v5.3.0 contains a high level security fix. Upgrading is highly recommended. Details will be posted on our security updates page 14 days after release as per the Mattermost Responsible Disclosure Policy.

  • v5.3.1, released 2018-09-19
    • Fixed an issue where HTML elements such as links did not display correctly for non-English languages.
  • v5.3.0, released 2018-09-16
    • Original 5.3.0 release

Breaking Changes since the last release

  • Those servers with Elasticsearch enabled will notice that hashtag search is case-sensitive.

IMPORTANT: If you upgrade from another release than 5.2, please read the Important Upgrade Notes.

Highlights

Search Date Filters

  • Search for messages before, on, or after a specified date.

IdAttribute Setting for SAML

  • Added a new IdAttribute setting for SAML, which allows SAML users to change their email address without losing their account.

Improvements

Web User Interface (UI)

  • Added ability to set username and profile picture in Outgoing Webhooks setup page.
  • Added “Deactivate Account” option under Account Settings > Advanced.
  • Added member count for the More Direct Messages list.
  • Expanded shortened (e.g. bitly) links for previewable content such as images and YouTube links.

Performance

  • Improved channel switcher performance by adding a short delay after the last character has been typed before querying the server for new autocomplete results.

Integrations

  • Added support for interactive message buttons to, for instance, delete or edit the post after clicking on a message button.

Administration

  • Created a telemetry event for when telemetry is turned off from the System Console.
  • Added support for attachments in Direct Message channels to the bulk import tool.

Bug Fixes

  • Fixed an issue where closing an archived channel did not redirect users to the last viewed channel.
  • Fixed an issue where users were able to react to existing emojis in an archived channel.
  • Fixed an issue where clicking “+” twice to add a public or private channel added a recently archived channel back to the left-hand side.
  • Fixed an issue where channel autocomplete appeared to include all public channels, including deleted channels and channels one has never joined.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Enterprise Edition:

  • Under “SamlSettings”: in config.json:
    • Added "EnableSyncWithLdapIncludeAuth": false, to override the SAML ID attribute with the AD/LDAP ID attribute if configured, or override the SAML Email attribute with the AD/LDAP Email attribute if SAML ID attribute is not present. See documentation to learn more.
    • Added "IdAttribute": "", to set the attribute in the SAML Assertion that will be used to bind users from SAML to users in Mattermost.

API Changes

Plugin API Changes (Release Candidate)

  • Added postId as a property for PostDropDownMenuComponent and as a parameter for the PostDropDownMenuAction function to improve the ability to add options to the post “…” action menu.
  • Added FileInfo and file []byte to retrieve File Info for a specific fileId and to ensure the file is read for a specific path.
  • Added GetLDAPUserAttributes, which matches the functionality of the ldapextras built-in plugin that was removed in Mattermst v5.2.

Known Issues

  • When “Enable sign-in with username” is set to false, logging in with LDAP account with MFA enabled results in “Error trying to authenticate MFA token” error.
  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v5.2 - Feature Release

  • v5.2.2, released 2018-09-16
  • v5.2.1, released 2018-08-23
    • Disabled the ability to search archived channels by default, given multiple issues were raised after v5.2.0 was released. The feature can be enabled in v5.2.1 via ExperimentalViewArchivedChannels setting.
  • v5.2.0, released 2018-08-16
    • Original 5.2.0 release

Security Update

Breaking Changes since the last release

  • Those servers upgrading from v4.1 - v4.4 directly to v5.2 or later and have JIRA enabled will need to re-enable the JIRA plugin after an upgrade.

IMPORTANT: If you upgrade from another release than 5.1, please read the Important Upgrade Notes.

Highlights

Embed Mattermost in Other Apps (Beta)

  • Added support for extensions, which allow you to embed Mattermost in other apps and websites via OAuth 2.0.
  • A sample extension for Chrome is here.

Plugins

  • Added support to add/delete and enable/disable plugins via the CLI.
  • See our demo plugin that demonstrates the capabilities of a Mattermost plugin. For a starting point to write a Mattermost plugin, see our sample plugin.
  • Breaking changes to the plugins framework introduced. To migrate your existing plugins to be compatible with Mattermost 5.2 and later, see our migration guide.

Searching Archived Channels

  • Added ability to search for archived channel content on desktop and mobile clients.

Romanian Language

  • Added support for Romanian language.

Improvements

Web User Interface (UI)

  • Added experimental custom default channels.
  • Added link to profile pop-over from names in Join/Leave messages.
  • Added support for webhook message attachments to trigger mentions.
  • Stripped markdown formatting characters from desktop notifications and “Commented on…” text.
  • Added ability to bulk import emoji.
  • Added support for file attachments in bulk import.

Plugins (All Beta)

  • New antivirus plugin to scan for viruses before uploading a file to Mattermost. Supports ClamAV anti-virus software across browser, Desktop Apps and the Mobile Apps.
  • New GitHub plugin to subscribe to notifications, and to keep track of unread GitHub messages and open pull requests requiring your attention.
  • Zoom plugin now has one option to start a meeting rather than three separate ones to simplify the user experience.

Server Plugins: Release Candidate

  • A release candidate (RC) is released for server plugins. Stable release is expected in v5.3 or v5.4.
  • Added various API methods for plugins to provide the same capabilities as the REST API.
  • Added support to intercept file uploads before the file is uploaded to a Mattermost server.
  • Added support for plugins to respond after a user joins/leaves a channel or a team, or creates a new channel.
  • Added support for plugins to respond prior to or after a user logs in to a Mattermost server.
  • Added support for plugins to update user status. Sample use case is setting a user’s status to Do Not Disturb based on Google Calendar events.
  • Added CSRF tokens that are attached to users sessions. The tokens can be enforced as an alternative to XHR checks in the plugin request system.
  • Added session token to context for ServeHTTP hook.

Webapp Plugins: Beta

  • Upcoming Mattermost UI redesign may cause breaking changes to webapp plugins. Hence, webapp plugins remain as beta in v5.2.
  • Added support to override […] post menu, and paperclip icon for file uploads.
  • Added support for multiple plugins to add components at the same integration points instead of only allowing one plugin to do so.
  • Removed ability to fully override profile popover. Instead, multiple plugins can now add to the profile popover via multiple integration points.
  • For an up-to-date list of pluggable UI components, see this list in our demo plugin.

Administration

  • In the compliance export status table, in System Console > Compliance > Compliance Export, added a number of exported records to Details column.
  • Added support for cross-origin resource sharing.

Command Line Interface (CLI)

  • Enhanced log output from Permanent Delete CLI command to delete FileInfos for a user’s posts.
  • Addded channel renaming to CLI.

Enterprise Edition

  • Added the Global Relay Export CLI command.
  • Added support to search plugin contents.

Bug Fixes

  • Fixed an issue where the “Switch Channel” shortcut (⌘K) didn’t work on dvorak layout on Mac.
  • Fixed an issue where the Custom Integrations section in the System Console was blank after role changes.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under “ServiceSettings”: in config.json:
    • Added "CorsExposedHeaders": "", to add a whitelist of headers that will be accessible to the requester.
    • Added "CorsAllowCredentials": false, to allow requests that pass validation to include the Access-Control-Allow-Credentials header.
    • Added "CorsDebug": false, to print messages to the logs to help when developing an integration that uses CORS.
  • Under “TeamSettings” in config.json:
    • Added "ViewArchivedChannels": true, to allow users to share permalinks and search for content of channels that have been archived.
    • Added "ExperimentalDefaultChannels": "", to allow choosing the default channels every user is added to automatically after joining a new team.

API Changes

RESTful API v4 Changes

  • deleteReaction API was added to send the correct value for post.HasReactions.
  • Support for add/delete and enable/disable plugins via CLI was added.
  • File download API was improved to stream files instead of loading them entirely into memory.

Websocket Changes

  • Support for add/delete and enable/disable plugins via CLI was added.

Database Changes

  • Two new columns were added in the OutgoingWebhooks table, “Username” and “IconURL”.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v5.1 - Feature Release

Security Update

Breaking Changes since the last release

  • mattermost export CLI command is renamed to mattermost export schedule. Make sure to update your scripts if you use this command.

IMPORTANT: If you upgrade from another release than 5.0, please read the Important Upgrade Notes.

Highlights

Gfycat integration

  • Added easy access to sharing GIFs without leaving the Mattermost interface. System Admins can enable this feature in System Console > Customization > GIF.

Auto-linking plugin (Beta)

  • Messages can now be formatted into Markdown links automatically before they are saved to the Mattermost database. See autolink plugin repository to learn more.

Support Mattermost on a subpath

  • Added support for hosting Mattermost at any route (e.g., https://www.example.com/mattermost) with newly added subpath support.

CSV Compliance Export (Enterprise Edition E20)

  • Extended compliance export feature with CSV format. See documentation to learn more.

Improvements

Web User Interface

  • Added highlighting for Elasticsearch results.
  • Renamed “Delete Channel” to “Archive Channel”. Channels can be unarchived from the commandline.
  • Added Channel Purpose as a searchable field in the “More Channels” menu.

Administration

  • Added the ability to reset user emails in System Console > Users.
  • Server restart is no longer required to run the job server for the first time.

Command Line Interface (CLI)

  • Made the permissions reset CLI command able to reset all custom-role related data.
  • When permanent delete user CLI command is used, all files uploaded by the user are now deleted as well.
  • export CLI command was updated to support scheduling exports via export schedule, and to export files in Actiance XML and CSV formats.
  • Running the CLI outside of the bin directory is now less error prone.

Enterprise Edition E20

  • Added experimental support for certificate-based authentication (CBA) to identify a user or a device before granting access to Mattermost. See documentation to learn more.

Bug Fixes

  • Fixed an issue where users could not reply to push notifications on iOS.
  • Fixed an issue with an incorrect system message after converting a public channel to private.
  • Fixed an issue with being unable to add emoji reactions after expanding the message details sidebar.
  • Fixed an issue where rate limiting settings could not be edited in the System Console, and weren’t displayed in the User Interface if configured via config.json.
  • Fixed an issue where deleted users shown as “Someone” in the Favorite Channels section could not be removed.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under “ExperimentalSettings:” in config.json:
    • Added "ClientSideCertEnable": false,, to enable client-side certification for your Mattermost server.
    • Added "ClientSideCertCheck": "secondary", to control whether email and password are required following client-side certification.
  • Under “ServiceSettings:” in config.json:
    • Added "ExperimentalLimitClientConfig": false, to limit the number of config settings sent to users prior to login. Supported on mobile apps v1.10 and later.
    • Added "EnableGifPicker": false,, "GfycatApiKey": 2_KtH_W5, and "GfycatApiSecret": 3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof, to enable a built-in GIF integration with Gfycat.
    • Added "EnableEmailInvitations": false, to disable email invitations on the system.
  • Under “SqlSettings:” in config.json:
    • Added "ConnMaxLifetimeMilliseconds": 3600000,, to configure the maximum lifetime for a connection to the database.

API Changes

RESTful API v4 Changes

  • A new matches field was added to POST teams/{team_id}/posts/search to return a list of matched terms within the post. This field will only be populated on servers running version v5.1 or greater with Elasticsearch enabled.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v5.0 - Feature Release

Breaking Changes since the last release

  • All API v3 endpoints have been removed. See documentation to learn more about how to migrate your integrations to API v4. Ticket #8708.
  • platform binary has been renamed to mattermost for a clearer install and upgrade experience. You should point your systemd service file at the new mattermost binary. All command line tools, including the bulk loading tool and developer tools, have also been renamed from platform to mattermost. Ticket #9985.
  • A Mattermost user setting to configure desktop notification duration in Account Settings > Notifications > Desktop Notifications has been removed.
  • Slash commands configured to receive a GET request now have the payload encoded in the query string instead of receiving it in the body of the request, consistent with standard HTTP requests. Although unlikely, this could break custom slash commands that use GET requests incorrectly. Ticket #10201.
  • A new config.json setting to whitelist types of protocols for auto-linking has been added. Ticket #9547.
  • A new config.json setting to disable the permanent APIv4 delete team parameter has been added. The setting is off by default for all new and existing installs, except those deployed on GitLab Omnibus. A System Administrator can enable the API v4 endpoint from the config.json file. Ticket #9916.
  • An unused ExtraUpdateAt field has been removed from the channel model. Ticket #9739.

IMPORTANT: If you upgrade from another release than 4.10, please read the Important Upgrade Notes.

Highlights

Plugin Intercept

  • Adds support for plugins to intercept posts prior to saving them into the database.
  • Supports use cases such as auto-detecting and censoring restricted words, and auto-linking phrases. Read our forum post to learn more.

Permissions Schemes

  • System Scheme now sets the default permissions inherited system-wide by System Admins, Team Admins, Channel Admins and everyone else.
  • Added new Team Schemes to override the default permissions in specific teams for Team Admins, Channel Admins and all other team members.

Increased Character Limit on Posts

  • Increased character limit to 16,383 on new deployments to allow posting long messages and to allow better Markdown formatting, including tables.
  • For existing deployments, read how to migrate your system to support the increased character limit.

Combined Join/Leave Messages

  • System messages related to joining, leaving, adding and removing people from channels and teams are combined into a single message to save space in channels.

Improvements

Web User Interface

  • Added a feature to collapse image upload using a collapse icon or using the /collapse command.
  • Added a whitelist for valid types of links when autolinking.
  • Updated the styling of default team icons.

Performance

  • Fixed update_status cluster event being sent thousands of times on restart of app servers.

Integrations

  • Slash commands configured to receive a GET request now have the payload encoded in the query string instead of receiving it in the body of the request.
  • Added ability for webhooks to actually be locked to a channel.

Notifications

  • Updated email notification subject line and contents for Group Messages.
  • Updated the styling of push notifications.

System Console

  • Added a System Console setting to disable the preview mode banner when email notifications are disabled.

Administration

  • Added Password Requirements and Customer Branding to Team Edition.
  • Moved Themes per team to Team Edition.

Enterprise Edition

  • Added LoginIdAttribute to allow LDAP users to change their login ID without losing their account.

Bug Fixes

  • Fixed an issue where EnableUserCreation was set to false when not included in config.json.
  • Fixed an issue where a public channel made private did not disappear automatically from clients not part of the channel.
  • Fixed an issue where team icon did not get automatically saved when removed.
  • Fixed an issue where Town Square channel disappeared from channel list for a non-admin users when “ExperimentalTownSquareIsReadOnly” config.json was set to true in config.json.

Compatibility

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under "ServiceSettings": in config.json:
    • Added "EnableAPITeamDeletion": false, to disable the permanent APIv4 delete team parameter.
    • Added "ExperimentalEnableHardenedMode": false to enable a hardened mode for Mattermost that makes user experience trade-offs in the interest of security.
  • Under "EmailSettings": in config.json:
    • Added "EnablePreviewModeBanner": true, to allow Preview Mode banner to be displayed so users are aware that email notifications are disabled.
  • Under "ClusterSettings": in config.json:
    • Added "MaxIdleConns": 100, to add the maximum number of idle connections held open from one server to all others in the cluster.
    • Added "MaxIdleConnsPerHost": 128, to add the maximum number of idle connections held open from one server to another server in the cluster.
    • Added "IdleConnTimeoutMilliseconds": 90000 to add the number of milliseconds to leave an idle connection open between servers in the cluster.
  • Under "TeamSettings": in config.json:
    • Added "ExperimentalHideTownSquareinLHS": false, to hide Town Square in the left-hand sidebar if there are no unread messages in the channel.
  • Under "DisplaySettings": in config.json:
    • Added "CustomUrlSchemes": [],, to add a list of URL schemes that are used for autolinking in message text.
  • Under "LdapSettings": in config.json:
    • Added "LoginIdAttribute": "", to add an attribute in the AD/LDAP server used to log in to Mattermost.

API Changes

  • All APIv3 endpoints were removed.
  • Improved file upload API to stream files instead of loading them entirely into memory.
  • SAML login endpoints were moved out of API package.
  • context.go was moved out of Api4 and into web.
  • api4/handlers.go was created to create the API handlers using the Context and Handler from web.
  • web/handlers.go was added to define the Handler struct, the base ServeHTTP function and a single web handler.

WebSocket Changes

  • Ping/pong and reconnection handling were added to Go WebSocket client.
  • Support was added for WebSocket custom dialer.
  • channel_converted WebSocket event was added, which is published team-wide whenever a channel is converted from public to private.

Known Issues

  • Image proxy cannot be saved in the System Console UI. Configure the settings in your config.json file instead.
  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v4.10 - ESR

Highlights

Convert Public Channels to Private

  • Team and System Admins can now convert a channel to private from the user interface. System Admins can also convert channels back to public via the commandline.

Performance Improvements

  • Decreased loading time by up to 90% for users with lots of direct and group message channels.

Environment Variables Support in GitLab Omnibus

  • Simplified Mattermost administration by supporting environment variables in GitLab Omnibus. See documentation to learn more.

Improvements

Web User Interface

  • Removed support for transparent team icons to support any sidebar theme colors and added the ability to remove team icons.
  • Added an experimental setting that users can use to set a custom message that will be automatically sent in response to Direct Messages.
  • Added a loading animation for “Add Members” channel invite modal.
  • Made SHIFT+UP switch keyboard focus to right-hand side if it’s already open to the current thread.
  • Removed an unnecessary WebRTC end user setting to avoid user errors and confusion.
  • Added an on-hover effect for image link previews.

Plugins

  • Added better plugin error handling and reporting.

Slash Commands

  • Added /invite slash command to invite users to a channel.
  • Improved slash command error message when payload has invalid JSON.

Administration

  • Added structured logging to more easily review server logs.
  • Users’ client no longer refreshes after changing a System Console or config.json setting.

Command Line Interface (CLI)

  • Added /platform team list command to list all teams on the server..

Enterprise Edition E20

Bug Fixes

  • Fixed an issue where focus with CTRL/CMD+SHIFT+L was always set to the right-hand side when reply thread was open.
  • Fixed an issue where a user added to a channel wasn’t immediately removed from other users’ “Add Members” dialog.
  • Fixed an issue where ‘Copy Link’ context menu option was partially hidden when right-clicking a team in team sidebar.
  • Fixed an issue where a user could not log in to Mattermost when their login id (“authdata”) failed to migrate properly during migration from LDAP to SAML.
  • Fixed an issue where plugin configuration was not saved in the System Console.
  • Removed duplicate indexes accidentally created on the Channels, Emoji and OAuthAccessData tables.

Compatibility

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under "TeamSettings" in config.json:
    • Added "ExperimentalEnableAutomaticReplies": false, to allow users to set a custom message that will be automatically sent in response to Direct Messages.
  • Under "LogSettings" in config.json:
    • Removed FileFormat and added "FileJson": true, and "ConsoleJson": true, to allow logged events to be written as a machine readable JSON format instead of the be printed as plain text.

API Changes

RESTful API v4 Changes
  • Support was added to RESTful API for sending ephemeral messages to users.
  • An APIv4 endpoint of POST /channels/{channel_id}/convert was added to convert a channel from public to private and to restrict this setting to team_admin.
  • An APIv4 endpoint of DELETE /teams/{team_id}/image was added to remove team icon and restrict it to team_admin.

Database Changes

Users Table:

  • Migrates SAML AuthData to lowercase via "UPDATE Users SET AuthData=LOWER(AuthData) WHERE AuthService = 'saml'" query.

Channels Table:

  • Removed duplicate Name_2 index.

Emoji Table:

  • Removed duplicate Name_2 index.

OAuthAccessData Table:

  • Removed duplicate ClientId_2 index.

Upcoming Deprecated Features in Mattermost v5.0

The following deprecations are planned for the Mattermost v5.0 release, which is scheduled for summer/2018. This list is subject to change prior to the release.

  1. All API v3 endpoints will be removed. See documentation to learn more about how to migrate your integrations to API v4. Ticket #8708.
  2. platform binary will be renamed to mattermost for a clearer install and upgrade experience. All command line tools, including the bulk loading tool and developer tools, will also be renamed from platform to mattermost. Ticket #9985.
  3. A Mattermost user setting to configure desktop notification duration in Account Settings > Notifications > Desktop Notifications will be removed.
  4. Slash commands configured to receive a GET request will have the payload being encoded in the query string instead of receiving it in the body of the request, consistent with standard HTTP requests. Although unlikely, this could break custom slash commands that use GET requests incorrectly. Ticket #10201.
  5. A new config.json setting to whitelist types of protocols for auto-linking will be added. Ticket #9547.
  6. A new config.json setting to disable the permanent APIv4 delete team parameter will be added. The setting will be off by default for all new and existing installs, except those deployed on GitLab Omnibus. A System Administrator can enable the API v4 endpoint from the config.json file. Ticket #9916.
  7. An unused ExtraUpdateAt field will be removed from the channel model. Ticket #9739.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Numbered lists can sometimes extend beyond the normal post area.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v4.9 - Feature Release

  • v4.9.4, released 2018-06-04
  • v4.9.3, released 2018-05-15
    • Fixed an issue where plugin configuration got corrupted upon saving the configuration via the System Console.
  • v4.9.2, released 2018-05-04
    • Fixed an issue with permissions migration when AllowEditPost was set to “Always”.
  • v4.9.1, released 2018-04-27
    • Fixed an issue where System Console permissions settings displayed a false error when running High Availability mode.
    • Fixed a race condition on loading roles in the System Console.
    • Reverted a change causing significant performance degradation when loading posts.
    • Fixed a performance issue causing significant initial load time for the Desktop application.
  • v4.9.0, released 2018-04-16
    • Original 4.9.0 release

Highlights

Channel Mute

  • Added a /mute command, meaning that when a channel is muted, desktop, push and email notifications are not sent for the channel.
  • Channel Mute is also accessible via Channel Notification Preferences.
  • A muted channel gets sorted at the bottom of the left-hand sidebar section.

Teammate Name Display Setting

  • Added the setting for rendering of at-mentions by the teammate name display back to the Account Settings.

Team Icons

  • Added support for team icons in the team sidebar.

Global Relay (Beta) (Enterprise Edition E20 Add-On)

  • Added export support for Global Relay as a compliance solution. Learn more here.

Improvements

Web User Interface

  • Users can now set their timezone in Account Settings > Timezone.
  • Cursor now returns to the reply thread input box after deleting a reply on the right-hand sidebar.

Performance

  • Decreased channel load time by optimizing database queries used to fetch threads and parent posts in a channel.
  • Decreased load time of large channels with 5,000+ messages by up to 90% by optimizing many client functions related to rendering posts and threads.
  • Changing properties other than Site URL in /general/logging section will now require a server restart before taking effect.

Plugins (Beta)

  • Plugins now have more flexibility to format text, emojis and Markdown.
  • Added support for plugins to add actions to the sidebar dropdowns.

Administration

  • Added support for AWS Identity and Access Management (IAM) roles for Amazon S3 file storage.
  • Added a “Test Connection” button to test Amazon S3 connection.

Enterprise Edition

  • When ExperimentalTownSquareIsReadOnly is set to true, non-admins can no longer react to messages, pin messages or update channel information.
  • Added cache invalidation totals to Performance Monitoring.

Bug Fixes

  • Fixed server log 404 error messages “We couldn’t get the emoji” for numeric emojis.
  • Fixed an issue where cursor jumped to end of line when trying to edit text in the middle of search bar.
  • Fixed an issue where a download link opened images in a new tab instead of downloading them.
  • Fixed an issue where Direct Message channel with yourself did not show up in channel switcher.
  • Fixed an issue where deleting one username from “add member to a channel” field deleted all names.
  • Fixed an issue where View/Manage members should have been sorted by username, not online status.
  • Fixed an issue where a non-system-admin should not see Is Trusted option on OAuth 2.0 integrations.
  • Fixed an issue with being unable to click on pinned post, channel members, and so on with keyboard focus on search box.
  • Fixed an issue where Mattermost only imported first user during Slack import.
  • Fixed an issue where cleared search term reappeared after closing RHS.
  • Fixed an issue where a thumbnail appeared larger than expected in center channel when posting an image while the right hand side was open.
  • Fixed an issue with adding users to channels when the usernames contained periods.
  • Fixed an issue with a JavaScript error when using CMD/CTRL-K keyboard shortcut to change channels.
  • Fixed an issue with not being able to get past second page of /admin_console/users.
  • Fixed an issue where ALT+UP/DOWN caused error in console and then stopped working.

Compatibility

Removed and Deprecated Features

  • To improve the production use of Mattermost with Docker, the docker image is now running a as non-root user and listening on port 8000. Please read the upgrade instructions for important changes to existing installations.
  • Several configuration settings have been migrated to roles in the database and changing their config.json values no longer takes effect. These permissions can still be modified by their respective System Console settings as before. The affected config.json settings are:
    • RestrictPublicChannelManagement
    • RestrictPrivateChannelManagement
    • RestrictPublicChannelCreation
    • RestrictPrivateChannelCreation
    • RestrictPublicChannelDeletion
    • RestrictPrivateChannelDeletion
    • RestrictPrivateChannelManageMembers
    • EnableTeamCreation
    • EnableOnlyAdminIntegrations
    • RestrictPostDelete
    • AllowEditPost
    • RestrictTeamInvite
    • RestrictCustomEmojiCreation

For a list of past and upcoming deprecated features, see our website.

Upcoming Deprecated Features in Mattermost v5.0

The following deprecations are planned for the Mattermost v5.0 release, which is scheduled for summer/2018. This list is subject to change prior to the release.

  1. All API v3 endpoints will be removed. See documentation to learn more about how to migrate your integrations to API v4. Ticket #8708.
  2. platform binary will be renamed to mattermost for a clearer install and upgrade experience. All command line tools, including the bulk loading tool and developer tools, will also be renamed from platform to mattermost. Ticket #9985.
  3. A new config.json setting to whitelist types of protocols for auto-linking will be added. Ticket #9547.
  4. A new config.json setting to disable the permanent APIv4 delete team parameter will be added. The setting will be off by default for all new and existing installs, except those deployed on GitLab Omnibus. A System Administrator can enable the API v4 endpoint from the config.json file. Ticket #9916.
  5. An unused ExtraUpdateAt field will be removed from the channel model. Ticket #9739.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under MessageExportSettings in config.json:
    • Added "CustomerType": "A9", to allow selecting the type of Global Relay customer account the user’s organization has.
    • Added "EmailAddress": "", to allow selecting the email address the user’s Global Relay server monitors for incoming compliance exports.
  • Under "SamlSettings" in config.json:
    • Added "ScopingIDPProviderId": "", to allow an authenticated user to skip the initial login page of their federated Azure AD server, and only require a password to log in.
    • Added "ScopingIDPName": "", to add the name associated with a user’s Scoping Identity Provider ID.
  • Under DisplaySettings" in config.json:
    • Added "ExperimentalTimezone": false, to allow selecting the timezone used for timestamps in the user interface and email notifications.

API Changes

  • It is required that any new integrations use API v4 endpoints. For more details, and for a complete list of available endpoints, see https://api.mattermost.com/.
  • All API v3 endpoints have been deprecated and are scheduled for removal in Mattermost v5.0.

Database Changes

Users Table:

  • Added Timezone column.

Teams Table:

  • Added LastTeamIconUpdate column.

Channels Table:

  • Removed idx_channels_displayname index.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Numbered lists can sometimes extend beyond the normal post area.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v4.8 - Feature Release

Security Update

Highlights

Enhanced compatibility with CloudFront

  • Added support for configuring CloudFront to host Mattermost’s static assets.
  • Allows for improved caching performance and shorter load times for those members of your team geographically distributed throughout the world.

SAML Migration Command (Enterprise Edition E20)

  • Added a CLI command to easily migrate users to SAML.

Improvements

Web User Interface

  • Added a web app build hash to About Mattermost dialog to tell what version of the web app is being used.
  • Switched search bar to a button in tablet view, to increase how much space is available in the channel header.

Performance

  • Reduced load times by optimizing database queries and WebSocket events destined for a single user.
  • Created an iOS endpoint that enables users to upload files larger than 20MB.
  • Improved caching of getRootPosts call.

508 Compliance

  • Added alt attribute to profile pictures.

Integrations

  • Updated incoming webhooks to accept multipart/form-data content type such as that supplied by curl -F.

Notifications

  • A system message is now posted when a channel is moved between teams by the CLI command.

Authentication

  • Reduced OAuth SSO login errors by falling back to a constructed URL if Site URL is blank.

System Console

  • Removed plugin upload setting from System Console UI and prevented switching the setting from the API.
  • Added paging to system console log viewer and set default value of per_paging for logs to 1000.

Bug Fixes

  • Fixed an issue where sidebar unreads text setting was ignored in custom theme.
  • Fixed an issue where emoji picker had an empty line at the bottom of the list.
  • Fixed an issue with Markdown help wrapping on a second line in Edit Message dialog.
  • Fixed an issue where after leaving last team the “Logout” link did nothing.
  • Fixed an issue where focus was sometimes wrong on delete post modal.
  • Fixed an issue where the bulk import tool didn’t force Town Square membership.
  • Fixed duplicate calls of the “view” request when switching channels.
  • Fixed an issue where channel name was included in push notifications if someone posted only files with Push Notification Contents set to not include channel name.
  • Fixed an issue where attempting to preview an attached document failed to finish “loading” if the file extension didn’t match the actual file type.
  • Fixed an issue where focus was not set to input box after replying to a message in Classic Mobile App.
  • Fixed an issue where a username such as “user.name” gets a highlight only on “name” when @-icon is clicked.
  • Fixed an issue where the “More Unreads Above” indicator didn’t always work.
  • Fixed an issue where IE11 posted placeholder from hidden textbox.
  • Fixed an issue where last channel was not remembered after refresh when switching teams.
  • Fixed an issue with no auto-focusing into input text when attaching a file in Classic Mobile App.
  • Fixed an issue with not being able to type with composed characters (e.g. CJK) in View Team Members modal and channel switcher.
  • Fixed an issue where insecure images were loaded by sending client before proxying.
  • Fixed an issue with sandboxing support for CentOS and Bosh.
  • Fixed an issue where JIRA plugin posts were not properly truncated.
  • Fixed an issue where tall/wide emojis appeared stretched in emoji picker.
  • Fixed an issue where web app could not be built if not in a git repository.
  • Fixed an issue where jumping to a search result did not always load the context posts.
  • Fixed an issue where edit box changed size on switching to markdown preview in some languages.

Compatibility

Removed and Deprecated Features

  • All API v3 endpoints have been deprecated and are scheduled for removal in Mattermost v5.0.
  • An unused ExtraUpdateAt field will be removed from the channel model in Mattermost v5.0.
  • As Mattermost moves to a role-based permissions system in v4.9, a number of configuration settings will be migrated to roles in the database and changing their config.json values will no longer take effect. These permissions can still be modified by their respective System Console settings. The config.json settings to be migrated are:
    • RestrictPublicChannelManagement
    • RestrictPrivateChannelManagement
    • RestrictPublicChannelCreation
    • RestrictPrivateChannelCreation
    • RestrictPublicChannelDeletion
    • RestrictPrivateChannelDeletion
    • RestrictPrivateChannelManageMembers
    • EnableTeamCreation
    • EnableOnlyAdminIntegrations
    • RestrictPostDelete
    • AllowEditPost
    • RestrictTeamInvite
    • RestrictCustomEmojiCreation

For a list of past and upcoming deprecated features, see our website.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added AllowCookiesForSubdomains, to ensure that the domain parameter is set for cookies, which allows the browser to send the cookies to subdomains as well.
    • Added WebsocketURL, which allows the server to instruct clients where they should try to connect WebSockets to.
    • Changed EnableAPIV3 setting to false for new installs, as all API v3 endpoints have been deprecated and are scheduled for removal in Mattermost v5.0.

API Changes

  • It is required that any new integrations use API v4 endpoints. For more details, and for a complete list of available endpoints, see https://api.mattermost.com/.
  • All API v3 endpoints have been deprecated and are scheduled for removal in Mattermost v5.0.

RESTful API v4 Changes

  • Updated POST /files to support requests with only the channel_id and filename defined as query parameters with the contents of a single file in the body of the request.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • Numbered lists can sometimes extend beyond the normal post area.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.

Release v4.7 - Feature Release

  • v4.7.4, released 2018-04-09
  • v4.7.3, released 2018-03-09
  • v4.7.2, released 2018-02-23
    • Fixed an issue where message attachments didn’t render emojis.
    • Fixed an issue where channels with a name 26 characters long were inaccessible with a 404 error.
    • Fixed “We couldn’t get the emoji” server log messages.
    • Fixed an issue with being unable to switch to direct or group message channels via CTRL/CMD+K channel switcher or via “msg/groupmsg” slash commands.
    • Fixed an issue where clicking on “Send Message” from a user’s profile popover redirected to Town Square instead of the user’s direct message channel.
    • Fixed an issue where links to direct and group message channels opened in a new tab.
  • v4.7.1, released 2018-02-20
    • Fixed an issue with compliance export outputs, resulting in Failed to update ChannelMemberHistory table error messages in the log when a user joins or leaves a channel. Issue updates posted here.
  • v4.7.0, released 2018-02-16
    • Original 4.7.0 release

Security Update

Highlights

Client-Side Performance

  • Added user-based rate limiting, in addition to rate limiting API access by IP address.
  • Decreased page load time by loading custom emojis asynchronously rather than all on first page load.
  • Optimized channel autocomplete (~) query by returning client-side results immediately.
  • Decreased the size of most image assets by more than 25% by running pngquant to remove unnecessary metadata from PNGs.

Image Proxy Support

  • Image proxy servers increase performance through a layer of caching, and provide custom options to resize images.
  • Three new configuration keys, ImageProxyType, ImageProxyURL, ImageProxyOptions, ensure that posts served to the client will have their markdown modified such that all images are loaded through a proxy.

Updated Image Thumbnails

  • Updated the appearance of image thumbnails, so that single thumbnails will now expand to a larger preview without clicking the image to open the preview window.

Experimental Setting for Unreads Sidebar Section

  • Added an experimental setting to group unread channels in the channel sidebar. The setting must first be enabled by the System Admin, by replacing disabled with either default_off or default_on in config.json.

Improvements

Web User Interface

  • Added a status icon in the channel member list and sorted it by user status.
  • Added ability to preview images found in link previews.
  • Added a Copy Link option for sidebar channels in the Desktop App.
  • Added focus on the text box after hitting “Edit” on Account Settings options.
  • Improved formatting of quotes in the channel header.
  • Added a date separator for search results.
  • Channel names are now sorted correctly in the left-hand-side by taking non-alphabetical characters into consideration (e.g. brackets, hash sign, etc.)

Integrations

  • Added username and profile picture to incoming webhook set up pages.
  • Added support for Slack attachments in outgoing webhook responses.

Emoji Picker

  • Added the ability to navigate emoji picker with the keyboard.
  • Added paging and search of custom emojis to webapp emoji picker.

Channels

  • Users are directed to the last channel they viewed in a team when switching to that team.
  • Changed URLs of Direct Messages to use the form of https://servername.com/messages/@username, letting users open a direct message with each other via URL.

Notifications

  • Added a system message when a team is changed from public to private.

Plugins (Beta)

  • Zoom plugin now supports on-premise Zoom servers.

Enterprise Edition

  • Increased max length of User.Position field to 128 characters to meet LDAP max length.
  • Increased OAuth state parameter limit. Some systems may send a state longer than 128 characters.

Bug Fixes

  • Fixed an issue where OAuth account creation error page was unformatted.
  • Fixed tab and alt-tab keyboard navigation for links on sign-in page.
  • Fixed an issue where plugin slash commands didn’t override username or icon.
  • Fixed an issue where pagination for team members modal showed a next button when there are no more users to show.
  • Fixed an issue where at-channel in /header should not trigger confirmation modal.
  • Fixed an issue where auto-generated SAML Service provider login URL had two slashes instead of one.
  • Fixed an issue where no unread mention appeared on non-mobile platform after receiving push notification.
  • Fixed an issue where the text box was hidden by the keyboard when replying to a post in mobile view.
  • Fixed username autocomplete not working with mixed cases.
  • Fixed not being able to type Korean quickly in some dialogs.
  • Fixed an issue where notification preference settings didn’t respect case sensitivity for mention highlighting.
  • Fixed where, after an ephemeral message, couldn’t use +:emoji: to react to the previous message.
  • Fixed Mattermost not loading on Firefox if the media.peerconnection.enabled setting in Firefox is set to false.
  • Fixed login screen sometimes flashing before Mattermost server loads.
  • Fixed an issue where bot messages from the Zoom plugin ignored the Zoom API URL field for on-prem Zoom servers.
  • Disabled pull-to-refresh feature on Android (Chrome) to prevent unwanted page refresh.
  • Fixed an issue where clicking Save in Rename Channel modal without changes did nothing.
  • Fixed emoji picker search being case-sensitive.
  • Fixed timestamp not being clickable in desktop mobile view.
  • Fixed an issue where deleting a team via the API broke the web user interface.

Compatibility

Removed and Deprecated Features

  • All API v3 endpoints have been deprecated, and scheduled for removal in Mattermost v5.0.
  • The mentionKeys prop in post type plugins is now removed to fix case sensitive mention highlighting. Plugins can retrieve the mentionKeys prop from the store as needed.
  • The permanent query parameter of the DELETE /teams/{team_id} APIv4 endpoint is not removed as previously announced, given customer and community feedback.
  • As Mattermost moves to a role based permissions system in v4.8, a number of configuration settings will be migrated to roles in the database, and changing their config.json values will no longer take effect. These permissions can still be modified by their respective System Console settings. The config.json settings to be migrated are:
    • RestrictPublicChannelManagement
    • RestrictPrivateChannelManagement
    • RestrictPublicChannelCreation
    • RestrictPrivateChannelCreation
    • RestrictPublicChannelDeletion
    • RestrictPrivateChannelDeletion
    • RestrictPrivateChannelManageMembers
    • EnableTeamCreation
    • EnableOnlyAdminIntegrations
    • RestrictPostDelete
    • AllowEditPost
    • RestrictTeamInvite

For a list of past and upcoming deprecated features, see our website.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added "ImageProxyType": "", "ImageProxyOptions": "", and "ImageProxyURL": "" to ensure posts served to the client will have their markdown modified such that all images are loaded through a proxy.
    • Added "ExperimentalGroupUnreadChannels": disabled to show an unread channel section in the webapp sidebar. The setting must first be enabled by the System Admin, by replacing disabled with either default_off or default_on.
    • Added "ExperimentalEnableDefaultChannelLeaveJoinMessages": true that allows disabling of leave/join messages in the default channel, usually Town Square.
  • Under RateLimitingSettings in config.json:
    • Added "VaryByUser": false, a user-based rate limiting, to rate limit on token and on userID.

API Changes

  • It is required that any new integrations use API v4 endpoints. For more details, and for a complete list of available endpoints, see https://api.mattermost.com/.
  • All API v3 endpoints have been deprecated, and scheduled for removal in Mattermost v5.0.

RESTful API v4 Changes

  • Added GetChannelByName and GetTeamByName to auto lowercase team and channel names in API requests. This ensures that the channel name is automatically lowercased for endpoints taking team or channel names as URL parameters.
  • Added POST /emoji/search, GET /emojis/name/{emoji_name}, and GET /emoji/autocomplete to add consistency with user search/autocomplete endpoints. These API endpoints ensure that the benefits of GET for important performance related actions such as autocompleting are included.
  • Added /users/tokens/search to allow System Admin to be able to find, manage and revoke personal access tokens as needed. This endpoint gets all tokens for all users if one has the manage_system permission.

WebSocket Event Changes

  • Added delete_team web socket event to notify client whenever a team is deleted (e.g. via API call).

Database Changes

Users Table:

  • Increased size of Position field from 35 to 128 characters.

OAuthAuthData Table:

  • Increased size of State field from 128 to 1024 characters.

ChannelMemberHistory Table:

  • Removed Email column.
  • Removed Username column.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.
  • Numbered lists can sometimes extend beyond the normal post area.
  • Slack import through the CLI fails if email notifications are enabled.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • [WARN] plugin sandboxing is not supported. plugins will run with the same access level as the server log message is created when sandboxing isn’t enabled for plugins. If you don’t use plugins, you can ignore this message. If you have plugins enabled, learn how to enable sandboxing.

Release v4.6 - Feature Release

  • v4.6.3, release date 2018-04-09
  • v4.6.2, release date 2018-02-23
  • v4.6.1, release date 2018-01-30
    • Fixed an issue where Let’s Encrypt certificates were broken on Mattermost servers. The cache will be deleted upon upgrade so your certificate will be immediately renewed. Moreover, port 80 must be forwarded through a firewall, with Forward80To443 config.json setting set to true, to complete the Let’s Encrypt certification.
  • v4.6.0, released 2018-01-16
    • Original 4.6.0 release

Highlights

Client-Side Performance

  • Decreased channel switching time up to 45% by reducing post mounting time.
  • Decreased up to 85% of the memory retained following a channel switch by fixing memory leaks of the post_time.jsx component.
  • Decreased size of the most used icons and logos by 70-80% by running pngquant to remove unnecessary metadata from PNGs.

Improvements

Web User Interface

  • Added a loading indicator while pinned posts and flagged posts lists are loading.
  • Added a loading indicator to MFA sign in button.
  • Added a tooltip for the ‘+’ button when adding emoji reactions.
  • Channel switcher (CTRL/CMD+K) now filters by usernames, full names and nicknames.
  • Channel links are now rendered in the channel header.
  • File names are now shown in attachment previews.

Plugins (Beta)

  • Plugins now support slash commands.

Notifications

  • Updated default notification settings for new accounts to provide a better onboarding experience. Each of these can be configured in Account Settings. In particular, the updated default settings include:
    • Desktop notifications only sent for mentions and direct messages.
    • Mobile push notifications only sent when the user is away or offline, not when online.
    • Mentions of the user’s first name doesn’t trigger mentions.

508 Compliance

  • Default language is now declared in HTML for Mattermost webpages.
  • Position of status indicators and reply icons updated when no CSS is rendered.
  • Use programmatically identifiable headings for team and channel name.

Administration

  • Incoming webhook display name is now included in the post.Props field for better auditing.
  • System Admins can now reset their own password from the System Console users list.

Bug Fixes

  • Username updates are now immediately visible across all browser tabs.
  • Server logs no longer contain info messages about initializing plugins when plugins are disabled.
  • Fixed Mattermost not loading on Firefox v52.
  • Fixed issues with user at-mention autocomplete when using Tab multiple times.
  • Fixed an issue where typing an emoji reaction didn’t add it to recently used emojis list.
  • OAuth and SAML users can now be deactivated from the Mattermost System Console, assuming they are also deactivated in the SSO provider.
  • Fixed email address validation for Microsoft Outlook formatted email addresses.
  • Fixed an issue where posts sometimes didn’t send on iOS Classic app.
  • Team name can no longer be edited to be only one character long.
  • Editing a message to remove all text no longer deletes the message if it contains a file attachment.
  • Fixed an issue where searching for a channel using the second or third word in the name didn’t work.
  • Other users no longer see deleted GIF previews in reply threads.
  • Fixed an issue where channels with Japanese or Cyrillic characters couldn’t be created.
  • Fixed timestamp minute display for Zoom plugins.
  • Fixed an issue where page would load infinitely when trying to join a team with maximum capacity.
  • Fixed an issue where channel notification preferences reverted to defaults after updating preferences in one of the channels.

Compatibility

Removed and Deprecated Features

  • All API v3 endpoints are now deprecated, and scheduled for removal in Mattermost v5.0.
  • The permanent query parameter of the DELETE /teams/{team_id} APIv4 endpoint for permanently deleting a team is scheduled for removal in Mattermost v4.7.

For a list of past and upcoming deprecated features, see our website.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added "EnableTutorial": true to control whether tutorial is shown to end users after account creation. This setting is experimental and may be replaced or removed in a future release.
  • Under TeamSettings in config.json:
    • Added "ExperimentalPrimaryTeam": "" to set the primary team of the server. This setting is experimental and may be replaced or removed in a future release.
  • Under EmailSettings in config.json:
    • Added "LoginButtonColor": "", "LoginButtonBorderColor": "" and "LoginButtonTextColor": "" to set the style of the email login button for white labelling purposes.

Additional Changes to Enterprise Edition:

  • Under LdapSettings in config.json:
    • Added "LoginButtonColor": "", "LoginButtonBorderColor": "" and "LoginButtonTextColor": "" to set the style of the LDAP login button for white labelling purposes.
  • Under SamlSettings in config.json:
    • Added "LoginButtonColor": "", "LoginButtonBorderColor": "" and "LoginButtonTextColor": "" to set the style of the SAML login button for white labelling purposes.

API Changes

  • It is required that any new integrations use API v4 endpoints. For more details, and for a complete list of available endpoints, see https://api.mattermost.com/.
  • All API v3 endpoints are now deprecated, and scheduled for removal in Mattermost v5.0.
  • The permanent query parameter of the DELETE /teams/{team_id} APIv4 endpoint for permanently deleting a team is scheduled for removal in Mattermost v4.7.

RESTful API v4 Changes

  • Added /users/{user_id}/auth to update a user’s authentication method. This can be used to change them to/from LDAP authentication, for example.

Plugin API Changes (Beta)

  • Added RegisterCommand to register a custom slash command. When the command is triggered, your plugin can fulfil it via the ExecuteCommand hook.
  • Added UnregisterCommand to unregister a command previously registered via RegisterCommand.
  • Added GetChannelMember to get a channel membership for a user.

Plugin Hook Changes (Beta)

  • Added ExecuteCommand hook to execute a command that was previously registered via the RegisterCommand plugin API.

Database Changes

IncomingWebhooks Table:

  • Renamed PostUsername column to Username.
  • Renamed PostIconURL column to IconURL.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • Channel scroll position flickers while images and link previews load.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.
  • Numbered lists can sometimes extend beyond the normal post area.
  • Slack import through the CLI fails if email notifications are enabled.
  • Letters are skipped in a few dialogs when using Korean keyboard in IE11.
  • Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
  • Deleting a team via the API breaks the user interface.
  • Bot messages from the Zoom plugin ignore the Zoom API URL field for on-prem Zoom servers.

Release v4.5 - Feature Release

  • v4.5.2, release date 2018-02-23
  • v4.5.1, released 2018-01-16
    • Fixed an issue where Mattermost wouldn’t load on certain versions of Firefox, including v52-54 and v57 in private mode.
  • v4.5.0, released 2017-12-16
    • Original 4.5.0 release

Highlights

Zoom Plugin (Beta)

  • Zoom video calling and screensharing plugin. Learn more here.
  • Manage plugins from the System Console > Plugins (Beta) section.

Actiance Support (Beta) (Enterprise Edition E20 Add-On)

  • Compliance export support for Actiance as a compliance solution. Learn more here.
  • Access compliance export from the System Console > Advanced > Compliance Export (Beta).

Improvements

Web User Interface

  • CTRL/CMD + / now toggles the keyboard shortcuts dialog.
  • Link previews now appear in the right-hand side in comment threads.
  • Timestamp permalinks now open in the current view on desktop and browser.
  • Pinned posts are now sorted newest to oldest.
  • Updated markdown to better handle non-Latin characters in URLs.
  • Added WebRTC call icon to desktop mobile view header.
  • Added a ‘+’ sign to quickly add emoji reactions to a post.
  • Added support for different emoji skintones.
  • Added inline playback for GIF attachments.

Integrations

  • Added an option for an outgoing webhook to reply to the posted message as a comment.
  • JIRA plugin is now bundled as a pre-packaged plugin manageable from the System Console > Plugins > Management.
  • Added support for mentions with <@userid>, <!channel>, <!all> and <!here> in webhook posts.
  • Personal access tokens can now be temporarily deactivated in the Account Settings.

Channels

  • Direct Message channels with deactivated users are now hidden in the sidebar and can be reopened from the More… Direct Messages list.
  • You can now open a direct message channel with yourself.

Notifications

  • Removed unnecessary log messages posted when pending email notifications are deleted because a user comes online before the batch is sent.
  • Desktop notification icon has been updated on Edge browsers.

Keyboard Shortcuts

  • Added a /groupmsg command to start a new group message channel.
  • Added CTRL+SHIFT+L to set focus to the message input box.

System Console

  • Added a confirm modal to the Data Retention settings page.
  • Added settings pages for uploading and managing plugins in the System Console > Plugins (Beta) section.
  • Added the ability to revoke a user’s sessions from the System Console.

Bug Fixes

  • Closing a direct or group message channel no longer purges channel preferences.
  • Users no longer get a blank page after hitting “x” on a deleted message in permalink view.
  • Fixed an issue where AmazonS3Region defaults to us-east-1 regardless of the value input.
  • Channel links render as expected when linking to a channel that the current user does not belong to.
  • Uppercase letter is no longer required for a password if the password requirement is set to at least 5 characters and a number.
  • Profile image updates are now visible in other active clients and the right-hand side after the change.
  • Plugins can no longer be uploaded if they have the same plugin ID.
  • Creating a channel with a name including a reserved word no longer breaks the user interface.
  • Fixed the AD/LDAP Test Connection button.
  • Fixed an issue causing invalid or expired session server logs.
  • Removed a duplicate error message on the login page after a password reset.
  • Fixed an issue where the OAuth ClientID and Secret values were missing after setup.
  • Emoji picker now works when the right-hand side is expanded.
  • Error messages in the System Console user list no longer breaks the user interface.
  • Fixed an issue where only System Admins could edit OAuth apps even if integration creation was not restricted to admins.
  • Fixed an issue where “New messages v” bubble didn’t always clear in a fresh direct message channel.
  • Fixed channel preferences not restoring after closing and reopening a direct or group message channel.

Compatibility

Removed and Deprecated Features

  • All APIv3 endpoints are scheduled for removal on January 16, 2018.

For a list of past and upcoming deprecated features, see our website.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added "EnablePreviewFeatures": true to hide the Advanced > Preview re-release features section from Account Settings.
    • Added "CloseUnusedDirectMessages": false to hide inactive direct message channels from the sidebar.
    • Added "ExperimentalEnableAuthenticationTransfer": true to set whether users can change authentication methods.
  • Under EmailSettings in config.json:
    • Added "UseChannelInEmailNotifications": false to set whether email notifications contain the channel name in the subject line.
  • Under PluginSettings in config.json:
    • Added "ClientDirectory": "./client/plugins" to set the location of client plugins.

Additional Changes to Enterprise Edition:

  • Added MessageExportSettings in config.json:
    • Added "EnableExport": false to enable message export.
    • Added "DailyRunTime": "01:00" to set the time for the daily export job.
    • Added "ExportFromTimestamp": 0 to set the timestamp for which posts to include in the message export.
    • Added "FileLocation": "export" to set the message export location.
    • Added "BatchSize": 10000 to set how many new posts are batched together to a compliance export file.

API v4 Changes

  • It is recommended that any new integrations use API v4 endpoints. For more details, and for a complete list of available endpoints, see https://api.mattermost.com/.
  • All API v3 endpoints are scheduled for removal on January 16, 2018.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Team sidebar doesn’t always show unreads from other teams on first load.
  • Team sidebar on desktop app does not update when channels have been read on mobile.
  • System Admin cannot reset their own password via the System Console.
  • Channel scroll position flickers while images and link previews load.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.
  • Profile pictures and usernames don’t immediately update across tabs or in the right-hand side comment threads.
  • Numbered lists can sometimes extend beyond the normal post area.
  • Typing an emoji reaction does not add it to recently used emojis.
  • Server logs contain messages about initializing plugins even when plugins are disabled.

Contributors

/mattermost-webapp

/mattermost-plugin-zoom

/mattermost-server

/mattermost-mobile

/docs

/mattermost-docker

/mattermost-load-test

/mattermost-redux

/mattermost-developer-documentation

/mattermost-plugin-jira

/mattermost-webrtc

/desktop

/mattermost-kubernetes

/mattermost-selenium

/mattermost-api-reference

/mattermost-ios-classic

/mattermost-developer-kit

/mattermost-build

/marked

Release v4.4.5 - Feature Release

  • v4.4.5, release date 2017-12-11
  • v4.4.4, release date 2017-12-06
    • Added a config.json setting, ClientDirectory, to set the directory to write web app plugins to. Added to better support plugins in GitLab Omnibus.
  • v4.4.3, released 2017-12-05
  • v4.4.2, released 2017-11-23
    • Fixed an issue where AD/LDAP accounts get deactivated following an AD/LDAP sync if their email address between the AD/LDAP server and Mattermost don’t match case.
    • Fixed synchronization of SAML accounts with AD/LDAP.
    • Fixed AD/LDAP “Test Connection” button in the System Console not working when AD/LDAP login is disabled.
    • Fixed system messages not being translated into user’s language set in Account Settings > Display > Language.
    • Fixed system messages about channel header updates sometimes being incorrectly formatted.
  • v4.4.1, released 2017-11-16
    • Fixed an upgrade issue where an alternative config file location via --config flag is ignored.
  • v4.4.0, released 2017-11-16
    • Original 4.4.0 release

Highlights

Plugins (Beta)

  • Beta release of Mattermost plugins, which allow admins to more easily integrate with third-party systems, extend functionality and customize the user interface of your Mattermost server. See documentation to learn more.

Do Not Disturb Status

  • Added “Do Not Disturb” status to temporarily turn off all desktop and mobile push notifications.

Support SAML sync via AD/LDAP (Enterprise Edition E20)

  • Added support for periodically synchronizing SAML user attributes, including user deactivation and removal, from AD/LDAP. See documentation to learn more.

Improvements

Web User Interface

  • Added an experimental feature to hide direct and group message channels after 7 days with no new messages. To enable it set CloseUnusedDirectMessages in config.json to true.
  • Moved website previews out of beta, configurable in Account Settings > Display. Enable link previews in the System Console.
  • Made it easier to add a user to channel if mentioned user is not already a channel member.
  • Added “Edit Account Settings” link to the bottom of your own profile popover to more easily edit your settings.
  • URL address for internal links such as when hovering over the flag icon, is now hidden for better user experience.
  • URL addresses for channels on the left-hand sidebar are now hidden on the desktop app.
  • Added a loading spinner to Account Settings dialog after clicking the “Save” button.
  • Added full date tooltip to post timestamps in right-hand sidebar and search results.
  • Added “@” in front of the username field in user lists.

Performance

  • Reduced load times by optimizing database queries and adding composite indexes for the Posts table.
  • Prevented sessions from being stuck in cache by clearing the session cache if permission is denied.
  • Improved Elasticsearch bulk indexing query performance.

Emoji Picker

  • Added emoji picker to the Edit Message dialog.
  • Removed categorization when searching for emojis in the emoji picker.

Integrations

  • Added the ability to edit OAuth 2.0 applications.
  • Added improvements for interactive message buttons, such as displaying your username in ephemeral messages triggered by the message buttons.

Slash Commands

  • Added /remove and /kick slash commands to remove a user from the channel.

WebRTC Video and Audio Calls (Beta)

  • When you have multiple browser tabs open and receive a video call, the ringtone stops in all tabs when you accept the call.
  • Multiple STUN and TURN servers are now supported.

System Console

  • Added a setting to disable channel wide (@-channel, @-all) mention confirmation in channels with more than five members.
  • Admin now receives a prompt when leaving a System Console page with unsaved changes.

Elasticsearch (Enterprise Edition E20)

  • Added support for batched live indexing for Elasticsearch.
  • Added a configurable timeout for Elasticsearch requests.
  • Added a table to Elasticsearch System Console page to monitor indexing jobs.
  • Elasticsearch connection is now asynchronous so that a broken Elasticsearch server cannot block the startup of the Mattermost server.

Bug Fixes

  • Fixed mobile push notification settings not saving in the System Console.
  • Fixes to channel link (~) autocomplete, such as not being able to autocomplete ‘Town Square’.
  • Fixed an issue where System Console was sometimes temporarily accessible after demoting a user to a member.
  • Fixed failure to switch from email to SAML sign-in method if the user’s email address has a plus sign.
  • Fixed “More Channels” modal not showing the correct the page number when displaying search results.
  • Fixed an incorrect error message when trying to add a user to a direct or group message channel via the APIs.
  • Fixed an issue where downloading a file containing spaces didn’t preserve the name.
  • Fixed thumbnail image for .m4r file types.
  • Fixed an issue where search in Manage Members dialog didn’t update results when there were no matches.
  • Fixed an issue where in: autocomplete for text search didn’t display results after a hyphen in some servers.
  • Fixed a missing “No results” screen for Elasticsearch text search.
  • Fixed channel member count not updating until refresh when a user is added or removed.
  • Fixed timestamp links on desktop app opening permalink view in a new app window.
  • Fixed an error caused by creating a new direct message channel via the channel switcher (CTRL/CMD+K).
  • Fixed SVG thumbnails not showing a preview.
  • Fixed team sidebar showing unreads for deleted channels.
  • Fixed a missing indicator when a message is pending but not yet sent.
  • Fixed emoji autocomplete appearing when typing an emoticon like :-D.
  • Fixed emoji names matching usernames triggering mentions.
  • Fixed incorrect order of recent mentions when a hashtag is a word that triggers mentions.
  • Fixed webhook message attachments longer than 8000 characters failing to post by truncating them, or splitting to multiple posts if the message has multiple attachments.
  • Fixed /msg command arbitrarily switching teams.
  • Fixed mentions not appearing linked in message drafts when in preview mode.
  • Fixed an issue where an existing account could change their email address to one not in the restricted domain list.
  • Fixed emoji reactions being added to system messages when using the +:emoji: command.
  • Fixed an issue where message retention policy didn’t work in Postgres databases if there were emoji reactions to delete.

Compatibility

Composite database indexes were added to the Posts table. This may lead to longer upgrade times for servers with more than 1 million messages.

Moreover, LDAP sync now depends on email. If you have AD/LDAP login enabled, make sure all users on your AD/LDAP server have an email address or that their account is deactivated in Mattermost.

Removed and Deprecated Features

  • All APIv3 endpoints are scheduled for removal on January 16, 2018.

For a list of past and upcoming deprecated features, see our website.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added "CloseUnusedDirectMessages": false to set whether users have the option to automatically close direct and group message channels older than 7 days.
  • Under TeamSettings in config.json:
    • Added "EnableConfirmNotificationsToChannel": true to set whether a confirmation is shown for channel wide (@-channel, @-all) mentions in channels with more than five members.
  • Under PluginSettings in config.json:
    • Added "Enable": true to set whether plugins are enabled on the server.
    • Added "EnableUploads": false to set whether manual plugin uploads are enabled on the server. Disabling will keep existing plugins, including pre-packaged Mattermost plugins, installed on the server.
    • Added "Directory": "./plugins" to specify the directory of where plugins are stored.
    • Added "Plugins": {} to list installed plugins on the Mattermost server.
    • Added "PluginStates": {} to set whether an installed plugin is active or inactive on the Mattermost server.

Additional Changes to Enterprise Edition:

  • Under SamlSettings in config.json:
    • Added EnableSync: false to set whether AD/LDAP synchronization is enabled.
  • Under LdapSettings in config.json:
    • Added EnableSyncWithLdap: false to set whether SAML user attributes, including deactivation, are periodically synchronized from AD/LDAP.
  • Under ElasticsearchSettings in config.json:
    • Added "LiveIndexingBatchSize": 1 to set how many new posts are batched together before they are added to the Elasticsearch index.
    • Added "RequestTimeoutSeconds": 30 to set the timeout in seconds for Elasticseaerch calls.
    • Added "BulkIndexingTimeWindowSeconds": 3600 to set the maximum time window for a batch of posts being indexed by the Bulk Indexer.

Database Changes

Posts Table:

  • Added a composite index for ChannelId, DeleteAt, CreateAt
  • Added a composite index for ChannelId, UpdateAt

UserAccessTokens Table:

  • Added IsActive column

API v4 Changes

  • It is recommended that any new integrations use API v4 endpoints. For more details, and for a complete list of available endpoints, see https://api.mattermost.com/.
  • All API v3 endpoints are scheduled for removal on January 16, 2018.

Added routes (API v4)

  • POST at /users/token/enable
    • Re-enables a personal access token that was previously disabled.
  • POST at /users/token/disable
    • Disables a personal access token and deletes any sessions that uses the token. The token can be re-enabled using /users/tokens/enable.
  • POST at /users/{user_id}/sessions/revoke/all
    • Revokes all user sessions from the provided user id and session id strings.
  • POST at /plugins
    • Uploads a plugin in a compressed .tar.gz.
  • GET at /plugins
    • Gets a list of active and inactive plugins.
  • DELETE at /plugins/{plugin_id}
    • Removes a previously uploaded plugin.
  • POST at /plugins/{plugin_id}/activate
    • Activates an installed plugin.
  • POST at /plugins/{plugin_id}/deactivate
    • Deactivates an active plugin.
  • GET at /plugins/webapp
    • Gets a list of plugin manifests for active plugins with webapp components.

Modified routes (API v4)

  • POST at /logs
    • Unauthenticated users can now log ERROR or DEBUG messages when ServiceSettings.EnableDeveloper is set to true.

Websocket Event Changes

Added:

  • user_role_updated that occurs when a user role is updated.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Scrollbar is sometimes not visible in the left-hand sidebar after switching teams.
  • Certain code block labels don’t appear while scrolling on iOS mobile web.
  • Deleted message doesn’t clear unreads or unread mentions.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Channel links to channels that the current user does not belong to may not render correctly.
  • Team sidebar doesn’t always show unreads from other teams on first load.
  • Uppercase letter is required for a password if the password requirement is set to at least 5 characters and a number.
  • System Admin cannot reset their own password via the System Console.
  • Channel scroll position flickers while images and link previews load.
  • Closing a direct or group message channel, then re-opening later, doesn’t restore channel preferences.
  • CTRL/CMD+U shortcut to upload a file doesn’t work on Firefox.
  • Website previews are not displayed for comments on threads.
  • User gets a blank page after hitting “x” on a deleted message in permalink view.
  • Profile pictures don’t immediately update across tabs or in the right-hand side comment threads.

Release v4.3.4 - Feature Release

  • v4.3.4, release date 2017-12-11
  • v4.3.3, released 2017-12-05
  • v4.3.2, released 2017-11-10
    • Fixed an issue where after creating a new direct message channel via channel switcher (CTRL/CMD+K), all messages fail to post until a page refresh.
  • v4.3.1, released 2017-10-20
    • Fixed an upgrade issue where the database schema would appear to be out of date and throw a log warning.
    • Fixed the Idle Timeout setting in config.json by changing the setting title from SessionIdleTimeout to SessionIdleTimeoutInMinutes.
    • Fixed a regression where slash commands were not functional in Direct or Group Messages.
    • Mattermost v4.3.1 contains a low severity security fix. Upgrading is highly recommended. Details will be posted on our security updates page 14 days after release as per the Mattermost Responsible Disclosure Policy.
  • v4.3.0, released 2017-10-16
    • Original 4.3.0 release

Security Update

Highlights

Data Retention Beta (Enterprise Edition E20)

  • Automatically delete old messages and file uploads through custom data retention policies.

Languages

  • Promoted Italian and Turkish out of beta to release-quality translations.

Improvements

Web User Interface

  • Clicking on “More Unreads” bubble on channel sidebar now scrolls you to the next unread channel.
  • Added status indicators to direct message channel header.

Search

  • Improved user search that supports two character full names and usernames.

Integrations

  • Ephemeral slash command responses now support attachements without text.
  • Added CLI command to move custom slash commands between teams.

Notifications

  • Updating the channel header with channel-wide mentions no longer triggers notifications.

Performance

  • Improved initial load of the emoji picker, now supporting thousands of custom emojis including GIFs.

Enterprise Edition

  • Added tables in System Console for AD/LDAP sync, Elasticsearch and Data Retention to track the success of scheduled jobs.
  • Added an idle timeout setting to automatically log out users who are inactive for a specified amount of time.
  • Elasticsearch can now be used on a shared Elasticsearch cluster.
  • Added metrics for monitoring Elasticsearch system health and usage.

Bug Fixes

  • Fixed an issue where closing brackets were ignored in URL links.
  • Fixed Leave Team icon size and inconsistent channel header icon hover effects on IE11 mobile view.
  • Fixed an issue where right side menu disappeared after viewing search results on IE11 mobile view.
  • Fixed other minor UI issues on IE11 desktop view.
  • Fixed an issue where system and ephemeral messages could be flagged.
  • Error text in Edit modal no longer overlaps with help text.
  • Integration message attachments without pretext no longer overlap with username in Compact view.
  • Fixed channel member list being sorted by username instead of teammate name display.
  • “Password updated successfully” bar is now displayed after resetting password.
  • Fixed a broken UI for an expired email verification link.
  • Fixed integration message attachments not always rendering in comment threads.
  • Fixed an issue where “Add Members” dialog would sometimes break.
  • Slash command responses now handle charset and boundary sets correctly.
  • Deactivated users are no longer counted in the Town Square member count.
  • iOS push notifications are now consistently cleared from the homescreen if all mentions are read on another device.
  • Webhooks no longer continue sending to the original channel if the target channel is changed.
  • Emails containing symbols now render correctly when switching to email authentication from other methods.
  • Attempting to open an invalid public file link no longer displays an unformatted error page.
  • Interactive message action buttons no longer disappear after updating the message.
  • Ticket links posted by the built-in JIRA plug-in are now correct if the JIRA URL has a custom context path.
  • Error message is now displayed in the System Console if the localization available languages does not include the default client language.
  • Fixed a race condition where bulk import sometimes fails to get team member when importing users.
  • Closing the channel switcher on mobile no longer sets focus to the text box.
  • Fixed an issue where the wrong channel name might appear in the right-hand side pinned post list.
  • Fixed team sidebar now always showing unreads from other teams on first load.

Compatibility

Removed and Deprecated Features

  • All APIv3 endpoints are scheduled for removal on January 16, 2018.

For a list of past and upcoming deprecated features, see our website.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added "SessionIdleTimeoutInMinutes": 0 to specify how long to wait before logging out inactive users.
  • Under ElasticsearchSettings in config.json:
    • Added "IndexPrefix": "" to allow Elasticsearch to be used on a shared Elasticseearch cluster.
  • Under DataRetentionSettings in config.json:
    • Added "EnableMessageDeletion": false to enable message deletion.
    • Added "EnableFileDeletion": false to enable file deletion.
    • Added "MessageRetentionDays": 365 to set how long Mattermost keeps messages in channels and direct messages.
    • Added "FileRetentionDays": 365 to set how long Mattermost keeps file uploads in channels and direct messages.
    • Added "DeletionJobStartTime": "02:00" to specify when to start the data retention job.

API v4 Changes

  • It is recommended that any new integrations use APIv4 endpoints. For more details, and for a complete list of available endpoints, see https://api.mattermost.com/.
  • All APIv3 endpoints are scheduled for removal on January 16, 2018.

Added routes (API v4)

  • PUT at /oauth/apps/{app_id}
    • Update an OAuth 2.0 client application.
  • GET at /data_retention/policy
    • Gets the current data retention policy details from the server, including what data should be purged and the cutoff times for each data type that should be purged.

Modified routes (API v4)

  • POST at /channels/members/{user_id}/view
    • Response includes last_viewed_at_times for Mattermost server 4.3 and newer.

Known Issues

  • Google login fails on the Classic mobile apps.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • Scrollbar is sometimes not visible in the left-hand sidebar after switching teams.
  • Certain code block labels don’t appear while scrolling on iOS mobile web.
  • Deleted message doesn’t clear unreads or unread mentions.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Channel links to channels that the current user does not belong to may not render correctly.
  • Missing an indication if a message is pending but not yet sent.
  • Recent mention results are not sorted correctly if hashtags is included in “words that trigger mentions”.
  • SVG thumbnails don’t preview in the posted thumbnail.
  • Emojis names matching usernames can trigger mentions.
  • Integration message attachment fails to post if attachment length exceeds 7900 characters.
  • Uppercase letter is required for a password if the password requirement is set to at least 5 characters and a number.
  • Message retention policy may not work in Postgres databases if there are emoji reactions to delete.

Release v4.2.2 - Feature Release

Security Update

Highlights

Interactive Message Buttons

  • Added message buttons to support user interactions with posts made by incoming webhooks and custom slash commands.

Mobile Support for AppConfig

  • iOS and Android mobile apps now support Enterprise Mobility Management (EMM) solutions through integration with App Config. See documentation to learn more.

Improvements

Web User Interface

  • Redesigned the channel member list.
  • Redesigned the message input box.
  • Redesigned the keyboard shortcuts dialog (CTRL/CMD+/).
  • Added a loading indicator when selecting a team on team selection page.
  • Added an on hover effect for team icons in the team sidebar, and the channel name and favorite button in channel header.
  • Added an active state for the channel member icon in channel header.
  • Added a “+” icon next to the Direct Messages header on channel sidebar to open a new direct or group message.
  • Added a tooltip for Main Menu next to user profile picture.
  • Mouse cursor now changes to a “hand selector” when hovering over the paperclip icon to upload a file.

Mobile View

  • Made hover effects consistent across all header icons.
  • Removed transparency of the […] menu in the right-hand sidebar.
  • Reduced opacity in channel info dialog.
  • Updated background color of search bar.

Integrations

  • Added support for Slack-compatible delayed slash commands through the response_url parameter.
  • Improved handling of content-types for integrations.

Notifications

  • Added support for plain text version of email notifications.
  • Added “Joined the channel” system message for the person who created the channel.

Administration

  • Added a CLI command platform channel move to move a channel to another team.
  • CLI command platform team delete now lets you delete teams with no channels.

Enterprise Edition

  • Removed the “Delete Channel” option for private channels, if you’re the last channel member and policy setting restricts channel deletion to admins only.
  • In multi-node cluster environment, scheduled tasks such as LDAP sync will only happen on a single node through leader election for increased performance.
  • Added direct message channels to compliance exports.
  • Added a CLI command platform channel modify to convert a public channel to private, and vice versa.
  • Elasticsearch indexes over a certain age can be aggregated as part of the daily scheduled job.

Bug Fixes

  • Fixed permalinks not always loading in the channel.
  • Fixed an issue where a System Admin couldn’t scroll to the bottom of the System Console sidebar in Firefox.
  • Flag icon and the “x” icon to close website previews now properly aligned for replies in compact view.
  • Fixed expand/collapse arrows not being visible for YouTube videos when image links are expanded by default.
  • Fixed an issue where reacting to a post in the right-hand sidebar via emoji picker didn’t add the emoji to “Recently Used” section.
  • Pressing the ESC key no longer clears search box contents.
  • Fixed an issue where turning off email batching in the System Console resulted in no email notification option selected in Account Settings.
  • Fixed an issue where a user wasn’t able to scroll down in message preview mode when using Markdown headings.
  • Fixed an issue on Safari browsers where file thumbnails were sometimes blank.
  • Fixed an issue where quotes weren’t working inside URL links.
  • Fixed an error when the language set in Account Settings > Display was removed from available languages in System Console > Localization.
  • Fixed out-of-channel mentions for usernames with dashes and periods.
  • Fixed an issue where a missing config setting sometimes caused server panic.
  • Jumping to a group message channel from a flagged message list now adds the channel to the channel list.
  • Character limits are no enforced when renaming a channel via /rename.
  • Fixed channel header icons when WebRTC call is on-going.
  • Fixed webhook message attachments not appearing in search results or flagged messages list.
  • Timestamp on deleted, ephemeral, or pending posts is no longer a permalink, causing a blank page.
  • Fixed focus issues on iPad Classic app.
  • Fixed an issue where changing other user’s profile image as a System Admin via the API didn’t work.
  • Fixed mention notifications firing for mentions inside triple backticks.
  • Collapse and expand arrows no longer shown for image links when no image is available.
  • A single collapsed link preview now stays collapsed after page refresh.
  • With email batching enabled, if there is activity in Mattermost before email batch is sent, the email notification is not sent.
  • Fixed an issue where copying and pasting SVG files into message draft never finish uploading.
  • Autocomplete is no longer cut on the channel header modal.
  • Fixed email notifications settings appearing saved despite cancelling the change.
  • Notification confirmation message no longer appears when sending channel wide @-all and @-channel mentions in code blocks.

Compatibility

Breaking Changes

1 - Mattermost now handles multiple content types for integrations, including plaintext content type. If your integration suddenly prints the JSON payload data instead of rendering the generated message, make sure your integration is returning the application/json content-type to retain previous behavior.

2 - By default, user-supplied URLs such as those used for Open Graph metadata, webhooks, or slash commands will no longer be allowed to connect to reserved IP addresses including loopback or link-local addresses used for internal networks.

This change may cause private integrations to break in testing environments, which may point to a URL such as http://127.0.0.1:1021/my-command.

If you point private integrations to such URLs, you may whitelist such domains, IP addresses, or CIDR notations via the AllowedUntrustedInternalConnections config setting in your local environment. Although not recommended, you may also whitelist the addresses in your production environments. See documentation to learn more.

Push notification, OAuth 2.0 and WebRTC server URLs are trusted and not affected by this setting.

3 - Uploaded file attachments are now grouped by day and stored in /data/<date-of-upload-as-YYYYMMDD>/teams/... of your file storage system.

4 - Mattermost /platform repo has been separated to /mattermost-webapp and /mattermost-server. This may affect you if you have a private fork of the /platform repo. More details here.

Removed and Deprecated Features

  • All APIv3 endpoints are scheduled for removal on January 16, 2018.

For a list of past and upcoming deprecated features, see our website.

config.json

The following settings were unintentionally added to config.json and are removed in Mattermost 4.2.

  • Under SupportSettings in config.json:
    • "AdministratorsGuideLink": "https://about.mattermost.com/administrators-guide/"
    • "TroubleshootingForumLink": "https://about.mattermost.com/troubleshooting-forum/"
    • "CommercialSupportLink": "https://about.mattermost.com/commercial-support/"

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added AllowedUntrustedInternalConnections": "" to specify domains, IP address or CIDR notations for internal connections. Used in testing environments when developing integrations locally on a development machine. Not recommended for use in production.
  • Under TeamSettings in config.json:
    • Added EnableXToLeaveChannelsFromLHS: false to set if a user can leave a channel by clicking “X” next to a channel in the channel sidebar. This setting is Beta and may be replaced or removed in a future release.
  • Under FileSettings in config.json:
    • Added AmazonS3Trace: false to enable additional debugging for Amazon S3.

Additional Changes to Enterprise Edition:

  • Under ElasticsearchSettings in config.json:
    • Added AggregatePostsAfterDays": "" to specify the age at which indexes will be aggregated as part of the daily scheduled job
    • Added PostsAggregatorJobStartTime": "" to specify the start time of the daily scheduled aggregator job.
  • Under TeamSettings in config.json:
    • Added ExperimentalTownSquareIsReadOnly: false to set if Town Square is a read-only channel. Applies to all teams in the Mattermost server. This setting is Beta and may be replaced or removed in a future release.
  • Added ThemeSettings in config.json. These settings are Beta and may be replaced or removed in a future release.
    • Added "EnableThemeSelection": true to set whether end users can change their Mattermost theme.
    • Added "DefaultTheme": "default" to set default theme for new users.
    • Added "AllowCustomThemes": true to set whether end users can set a custom theme.
    • Added "AllowedThemes": [] to list which built-in Mattermost themes are available to users.

API v4 Changes

  • It is recommended that any new integrations use APIv4 endpoints. For more details, and for a complete list of available endpoints, see https://api.mattermost.com/.
  • All APIv3 endpoints are scheduled for removal on January 16, 2018.

Added routes (API v4)

  • POST at /posts/{post_id}/actions/{action_id}
    • To perform a post action, which allows users to interact with integrations through messages.

Known Issues

  • Google login fails on the Classic mobile apps.
  • Clicking on a channel during the tutorial makes the tutorial disappear.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • First load of the emoji picker is slow on low-speed connections or on deployments with hundreds of custom emoji.
  • Scrollbar is sometimes not visible in the left-hand sidebar after switching teams.
  • Certain code block labels don’t appear while scrolling on iOS mobile web.
  • Deleted message doesn’t clear unreads or unread mentions.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
  • Searching with Elasticsearch enabled may not always highlight the searched terms.
  • Channel links to channels that the current user does not belong to may not render correctly.
  • Pinned posts list header sometimes shows an incorrect channel name.
  • Missing an indication if a message is pending but not yet sent.
  • Searching for users with one or two-letter names doesn’t work.

Release v4.1.2 - Feature Release

Security Update

Highlights

JIRA App

  • Built-in JIRA integration that can post to multiple channels using a single webhook. See documentation

Personal Access Tokens

  • Enables easier and more flexible integrations by authenticating against the REST API. See documentation

Updated iOS and Android Apps

  • v1.1 of the Native iOS and Android Apps are released with support for search, group messaging, viewing emoji reactions and improved performance on poor connections.

Elasticsearch Beta (Enterprise Edition E20)

  • Connect your Elasticsearch server to Mattermost, then build and manage your post index via the System Console interface.
  • Elasticsearch is a distributed, RESTful search engine supporting highly efficient database searches in a cluster environment.

Improvements

Web User Interface

  • Ephemeral messages now note that they are “(Only visible to you)” .
  • Navigating to an invalid team invite link will now redirect to an error page.
  • Cropping of image thumbnails now looks the same before and after posting.
  • Clicking on @mentions will now open the contact card for the user.
  • User lists now display full name and nickname.
  • Added over 500 new emoji.
  • Searching on slow connections now shows a loading spinner in the right-hand side.
  • Added a close button next to link previews.
  • Ephemeral messages will now always appear as parent posts.
  • Added […] menu to search results, pinned posts and flagged posts lists.
  • Clicking the username in a profile popover inserts the username to the message box.

Notifications

  • Added an option to Push Notification Contents to send no channel name or message text
  • Updated the default email frequency to 15 minutes if email batching is enabled by the System Admin.
  • Users are now prompted from Account Settings to set Edge notification sounds in their browser settings.
  • Updated the desktop notification text for incoming webhooks to more accurately reflect the payload.

Files

  • File uploads in a single message are ordered based on time of upload. When multiple files are selected, files are ordered in alphabetical order based on file name.

Administration

  • No longer require a refresh after a user is promoted to a Team Admin.
  • Announcement banner now supports URLs.
  • Bulk importer now supports user preferences, including favorite channels, flagged posts and notification preferences.
  • Changed username to be the default name display setting in the System Console.
  • Channel member list now follows the Teammate name display configuration setting.
  • Added more debugging info to server logs for failed OAuth requests.
  • Added a new System Console push notification content setting to only display sender name.
  • Added support for unauthenticated, but encrypted SMTP connection.

Integrations

  • Null values are now ignored in webhook attachments.
  • Outgoing webhooks can now fire if the post contains only an attachment.
  • Added /code built-in slash command to create a code block.
  • Added /purpose built-in slash command to set the channel purpose.
  • Added /rename built-in slash command to rename the channel.
  • Added /leave built-in slash command to leave a channel.

Enterprise Edition E20

  • Added a System Console setting to disable file uploads and downloads on mobile.
  • Added a new Email Notification Content setting to specify the amount of detail sent in email notification.
  • Added support for server-side encryption of files in Amazon S3, using Amazon S3-managed keys.

Bug Fixes

  • Fixed incorrectly rotated image thumbnails that were uploaded from mobile devices.
  • Adding or removing reactions from a post with an image preview no longer causes the preview to expand or collapse.
  • JavaScript error no longer thrown when file upload fails due to network interruption.
  • Error messages in Account Setting fields no longer stack.
  • Fixed Slack Import of non-ascii channel names.
  • Changing the search term in the More Direct Messages member list now resets the search.
  • Help text for the Channel Switcher (CTRL/CMD+K) is now shown on small desktop windows, and removed on mobile.
  • Keyboard shortcut for Account Settings (CTR/CMD+SHIFT+A) now toggles.
  • Fixed the Preview button in the text input box and message edit modal.
  • Fixed a JavaScript error when switching teams while uploading a file.
  • CLI tool to delete all users no longer requires a user argument.
  • CLI tool now deletes webhooks and slash commands when deleting teams and channels.
  • Custom slash commands no longer throw an error if used in a Direct Message channel.
  • System Console now reads and honors the Amazon S3 Region setting.
  • Fixed whitespace and trimming on code blocks and empty table cells.
  • Disabled the “Create Account” button after the first click so the system does not attempt to create the account twice.
  • More Channels modal no longer stops paging after the first two pages.
  • Editing channel names now correctly limits character count to 22.
  • Fixed broken links on the System Console > Mobile Push page.
  • /away and /offline ephemeral messages can no longer contain extra text posted with the slash command.
  • Fixed teams being sometimes incorrectly marked unread across tabs.
  • Fixed JavaScript error thrown when viewing a channel containing an invalid emoji reaction.
  • Periods after URLs are no longer added to the link.
  • Recent emoji in emoji picker no longer shows deleted custom emoji.
  • Fixed image thumbnails and previews on IE11.
  • Fixed message attachments in incoming webhooks and slash commands not always truncating properly.
  • Non-admins can now view their previously created integrations.

Compatibility

Removed and deprecated features

  • All APIv3 endpoints are scheduled for removal on January 16, 2018.

For a list of past and upcoming deprecated features, see our website.

config.json

The following settings were unintentionally added to config.json and will be removed in Mattermost 4.2, released on September 16th.

  • Under SupportSettings in config.json:
    • "AdministratorsGuideLink": "https://about.mattermost.com/administrators-guide/"
    • "TroubleshootingForumLink": "https://about.mattermost.com/troubleshooting-forum/"
    • "CommercialSupportLink": "https://about.mattermost.com/commercial-support/"

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • "EnableUserAccessTokens": false to enable personal access tokens for integrations to authenticate against the REST API
  • Under EmailSettings in config.json:
    • Added "EnableSMTPAuth": false to support SMTP servers requiring no authentication
    • Added "EmailNotificationContentType": "full" to specify the amount of detail sent in email notification contents

Additional Changes to Enterprise Edition:

  • Under FileSettings in config.json:
    • Added "AmazonS3SSE": false to enable server-side encryption for files in Amazon S3.
    • Added "EnableMobileUpload": true to enable file uploads on mobile devices
    • Added "EnableMobileDownload": true to enable file downloads on mobile devices
  • Under JobSettings in config.json:
    • Added "RunJobs": true to enable running jobs on the jobs server
    • Added "RunScheduler": true to enable scheduling jobs on the job server
  • Under ElasticsearchSettings in config.json:
    • Added "ConnectionUrl": "http://dockerhost:9200" to set the URL of the Elasticsearch server
    • Added "Username": "" to specify the username to access the Elasticsearch server
    • Added "Password": "" to specify the password to access the Elasticsearch server
    • Added "EnableIndexing": false to enable Elasticsearch indexing
    • Added "EnableSearching": false to enable searching using Elasticsearch
    • Added "Sniff": true to enable sniffing on the Elasticsearch server
    • Added "PostIndexReplicas": 1 to specify how many replicas to use for each post index
    • Added "PostIndexShards": 1 to specify how many shards to use for each post index

Database Changes

UserAccessToken Table:

  • Added table

JobStatuses Table:

  • Removed table

Jobs Table:

  • Added table

Users Table:

  • Modified Roles column maximum size from 64 to 256 characters

API v4 Changes

  • Mattermost 4.0 has a stable release of API v4 endpoints. It is recommended that any new integrations use the v4 endpoints. For more details, and for a complete list of available endpoints, see https://api.mattermost.com/.
  • All APIv3 endpoints are scheduled for removal on January 16, 2018.

Added routes (API v4) See api.mattermost.com for more details:

  • GET at api/v4/jobs
  • POST at api/v4/jobs
  • GET at api/v4/jobs/{job_id:[A-Za-z0-9]+}
  • POST at api/v4/jobs/{job_id:[A-Za-z0-9]+}/cancel
  • GET at api/v4/jobs/type/{job_type:[A-Za-z0-9_-]+}
  • POST at api/v4/elasticsearch/purge_indexes
  • POST at api/v4/users/{user_id:[A-Za-z0-9]+}/tokens
  • GET at api/v4/users/{user_id:[A-Za-z0-9]+}/tokens
  • GET at api/v4/users/{user_id:[A-Za-z0-9]+}/tokens/{token_id:[A-Za-z0-9]+}
  • POST at api/v4/users/{user_id:[A-Za-z0-9]+}/tokens/revoke

Known Issues

  • Google login fails on the Classic mobile apps.
  • Clicking on a channel during the tutorial makes the tutorial disappear.
  • User can receive a video call from another browser tab while already on a call.
  • Jump link in search results does not always jump to display the expected post.
  • First load of the emoji picker is slow on low-speed connections or on deployments with hundreds of custom emoji.
  • Scrollbar is sometimes not visible in the left-hand sidebar after switching teams.
  • Certain code block labels don’t appear while scrolling on iOS mobile web.
  • A public channel doesn’t always show up in another browser tab or client until after refresh.
  • Deleted message doesn’t clear unreads or unread mentions.
  • Changing the search term in the More Direct Messages modal doesn’t reset the page.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms
  • Searching with Elasticsearch enabled may not always highlight the searched terms
  • Channels links to channels that the current user does not belong to may not render correctly

Contributors

Many thanks to all our contributors. In alphabetical order:

/mattermost-server

/docs

/mattermost-mobile

/mattermost-push-proxy

/mattermost-redux

/mattermost-api-reference

/mattermost-kubernetes

/mattermost-docker

/mattermost-load-test

/mattermost-bot-sample-golang

Release v4.0.5 - Feature Release

  • v4.0.5, released 2017-09-16
  • v4.0.4, released 2017-08-18
    • Mattermost v4.0.4 contains multiple security fixes ranging from low to high severity. Upgrading is highly recommended. Details will be posted on our security updates page 14 days after release as per the Mattermost Responsible Disclosure Policy.
    • Fixed issue when using single-sign-on with GitLab where using a non-English language option in System Console > Localization sometimes resulted in a login failure.
  • v4.0.3, released 2017-08-10
    • Fixed issue with AmazonS3Region config setting being ignored in Minio file storage setup.
    • Fixed issue when using high availability mode in Enteprise Edition E20 where the bind address wasn’t set correctly for the hashicorp memberlist.
  • v4.0.2, released 2017-07-31
    • Fixed issue when using single-sign-on with GitLab (and in Enterprise Edition with SAML, Office365 and G Suite), where using a non-English language option in Account Settings resulted in a login failure.
    • Fixed issue with custom slash commands not working in direct message channels.
    • Fixed issue with GitLab and SAML single sign-on in Mattermost mobile apps redirecting to a browser page.
  • v4.0.1, released 2017-07-18
    • Fixed issue where pinning or un-pinning messages didn’t work if AllowTimeLimit config setting is set to Never.
    • Fixed issue where uploading or removing the Service Provider Public Certificate file in System Console > SAML refreshed the page, losing all unchanged settings.
    • Fixed deactivated users appearing in channel member, team member and direct message lists.
    • Fixed PDF previews not loading.
  • v4.0.0, released 2017-07-16
    • Original 4.0.0 release

Security Update

Highlights

Native iOS and Android Apps

Updated Web User Interface

  • Updated the appearance of channel header and channel sidebar in the web user interface.
  • Updated the default theme, “Mattermost”. To try it, go to Account Settings > Display > Theme.

Emoji Picker

  • The emoji picker offers quick access to emoji when composing messages or adding reactions.
  • Promoted from Beta, and enabled to all users by default.

Languages

  • Added Italian translations to the user interface.

API v4 (Stable Release)

  • Mattermost webapp moved to API v4 endpoints, which allow for more powerful integrations and server interaction.
  • API v3 endpoints are supported until January 16, 2018. To learn more about migrating to APIv4 endpoints, see https://api.mattermost.com/.

High Availability (Enterprise Edition E20)

  • Mattermost servers are dynamically added and removed based on discovery and their cluster name using the hashicorp memberlist.
  • Added support for experimental gossip protocol, where the server will attempt to communicate via the gossip protocol over the gossip port.

Improvements

Web User Interface

  • Adjusted post spacing to be consistent across Markdown formatting, replies and consecutive posts.
  • On hover colour for pin and channel member icons now consistent with flag and recent mentions icons.
  • Emojis are now vertically aligned in post view.
  • Channel name, header and purpose now update in real time for all users.
  • For reply threads in the center channel, the “Commented on” phrase now respects the teammate name display config setting.
  • Code block language tag is no longer selectable making it easier to copy the code.
  • Aligned the search box with right-hand side reply thread.
  • New user profile pictures now update for other users upon refresh.
  • Improved rendering of @mention highlighting in message view.

Mobile Web

  • Added “Create Team” and “Leave Team” options to the Main Menu.
  • Updated the look of Account Settings pages on mobile.
  • User profile popover no longer gets cropped in the center channel on iOS browser.
  • Link preview image now resizes correctly on iOS browser.

Notifications

  • Unread messages and mentions now sync across browser tabs and devices.
  • Improved desktop notifications for webhook attachments.

Emoji Picker & Custom Emoji

  • Newly created custom emoji immediately display to all users without requiring a refresh.
  • Improved position of the emoji picker near the top of the channel or the right-hand side comment thread.

Keyboard Shortcuts

  • CTRL+SHIFT+K shortcut now toggles the Direct Message dialog open and closed.
  • SHIFT+UP now opens a reply thread for the most recent message posted by a user, skipping system messages.

Slash Commands

  • Added the following built-in slash commands:
    • /header command to set the channel header.
    • /help command to open the Mattermost help page in a new browser tab.
    • /open command to switch or join a channel.
    • /search command to search text in messages.
    • /settings command to open the Account Settings dialog.
  • /invite_people slash command is now disabled when account creation is set to false.
  • If a message starts with a / but fails to send (either due to timeout or invalid command), the message is put back to the input box.

Bulk Import Tool

Authentication

  • User creation via OAuth (GitLab/Google/Office365) properly restricted to accepted domains, if specified.
  • Invite New Member dialog validates email addresses against accepted domains, if set.

New URL Routes

  • Added the ability to Direct Message by email or username with the following new routes for Direct Message channels:
    • .../teamname/messages/@username
    • .../teamname/messages/email
    • .../teamname/messages/user_id (redirects to ...teamname/messages/@username)
    • .../teamname/messages/id1_id2 (redirects to ...teamname/messages/@username)
  • Also added a new route for Group Message channels:
    • .../teamname/messages/generated_id

Enterprise Edition

  • When a SAML user uses a non-supported locale, the language now defaults to English, preventing login issues.

Bug Fixes

  • Emoji picker now closes in Firefox when clicking outside of it.
  • […] menu no longer disappears in the comment thread when hovering over another post.
  • New direct messages received while in no teams do not show as unread after rejoining a team.
  • Fixed JavaScript errors when receiving messages when not belonging to a team.
  • An empty push notification no longer sent for messages only containing file attachments.
  • Custom emoji search results no longer filter by creator’s first and last name.
  • /expand and /collapse slash commands now properly collapse images in website link previews.
  • Group Message channels that are favorited can now be closed.
  • Deactivated users now properly listed in Direct and Group Message channels in the left-hand sidebar.
  • Fixed search in team and channel Manage Members dialog.
  • File upload cancelled if you click “x” on thumbnail while file is uploading in your message draft.
  • Status no longer appears offline after joining a new team.
  • An empty push notification is no longer sent for messages only containing file attachments.
  • Center channel maintains scroll position when new messages are received in the channel.
  • Deleting the focused post in permalink view now sends user to normal channel view.
  • Max Users per Team setting in System Console > Users and Teams no longer includes inactive users.

Compatibility

Breaking Changes

  • If you are using NGINX as a proxy for the Mattermost Server, replace the location /api/v3/users/websocket { line with location ~ /api/v[0-9]+/(users/)?websocket$ { in the /etc/nginx/sites-available/mattermost NGINX configuration file. See documentation to learn more.
  • If you are upgrading a High Availability Cluster: When upgrading from 3.10 or earlier to 4.0 or later, you must manually add new items to the ClusterSettings section of your existing config.json. For more information about this, see the Upgrading to Version 4.0 and Later section of :doc:../deployment/cluster.
  • Microsoft Edge v39 and earlier (EdgeHTML v14 and earlier) has an issue that may case errors during account creation, login and if MFA is enforced. We recommend upgrading to Edge v40 (or EdgeHTML v15).

Removed and deprecated features

  • System Console settings in Files > Images removed. This includes:
    • Image preview height and width
    • Profile picture height and width
    • Image thumbnail height and width
  • Font setting in Account Settings > Display removed.
  • Account Settings option Display > Teammate Name Display moved to the System Console.
  • All APIv3 endpoints are scheduled for removal on January 16, 2018.

For a list of past and upcoming deprecated features, see our website.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added "EnableEmojiPicker": true to control whether emoji picker is enabled on the server. Enabling the emoji picker with a large number of custom emoji may slow down performance.
    • Added "EnableChannelViewedMessages": true to control whether channel_viewed WebSocket event is sent, which syncs unreads across clients and devices. Setting to false can lead to higher performance in large deployments.
    • Added "EnableAPIv3": true to control whether version 3 endpoints of the REST API are allowed on the server. If the setting is disabled, integrations that rely on API v3 will fail and can then be identified for migration to API v4.
  • Under TeamSettings in config.json:
    • Added "TeammateNameDisplay": "username" to set how to display users’ names in posts and the Direct Messages list. Deployments with LDAP or SAML enabled will have this set to full_name by default for better experience.
  • Under FileSettings in config.json:
    • Removed System Console settings in Files > Images, including:
      • "ThumbnailWidth": 120
      • "ThumbnailHeight": 100
      • "PreviewWidth": 1024
      • "PreviewHeight": 0
      • "ProfileWidth": 128
      • "ProfileHeight": 128
  • Under SqlSettings in config.json:
    • Modified "QueryTimeout": 30 to also support query timeouts on PostgreSQL, in addition to MySQL.

Additional Changes to Enterprise Edition:

  • Under ClusterSettings in config.json:
    • Added "ClusterName": "" to set the cluster to join by name. Only nodes with the same cluster name will join together. This is to support Blue-Green deployments or staging pointing to the same database.
    • Added "OverrideHostname": "" to override the hostname of this server with this property. It is not recommended to override the Hostname unless needed.
    • Added "UseIpAddress": true to control whether the cluster attempts to communicate using the IP Address.
    • Added "UseExperimentalGossip": false to control whether the server attempts to communicate via the gossip protocol over the gossip port.
    • Added "ReadOnlyConfig": true to control whether changes made to settings in the System Console are ignored. When running in production it is recommended to set this value to true.
    • Added "GossipPort": 8074 to set the port used for the gossip protocol. Both UDP and TCP should be allowed on this port.
    • Added "StreamingPort": 8075 to set the port used for streaming data between servers.
    • Removed "InterNodeListenAddress": ":8075" as this setting is no longer used.
    • Removed "InterNodeUrls": [] as this setting is no longer used.

API v4 Changes

  • Mattermost 4.0 has a stable release of API v4 endpoints. It is recommended that any new integrations use the v4 endpoints. For more details, and for a complete list of available endpoints, see https://api.mattermost.com/.
  • All APIv3 endpoints are scheduled for removal on January 16, 2018.

Added routes (API v4)

  • GET at /teams/invite/{invite_id}
    • To retrieve information about a team (including the name and id) corresponding to an invite_id.

Modified routes (API v4)

  • DELETE at /teams/{team_id}
    • Added an optional query parameter, permanent, to permanently delete a team for compliance reasons.
  • GET at /users
    • Added the sort query parameter to add basic sorting when selecting users on a team.
  • GET at /emoji
    • Added paging to the /emoji call for increased performance.
  • POST at /teams/{team_id}/import
    • Updated to return a JSON body with the import results under a results JSON field to allow more data to be returned in the future without breaking changes.

Websocket Event Changes

Added:

  • channel_updated that occurs each time channel information is updated (such as name or header), so that the changes are propagated across clients.
  • channel_viewed that occurs each time you view a channel, propagating the event to all clients and devices and syncing unreads.

Known Issues

  • Google login fails on the Classic mobile apps.
  • Edge overlays desktop notification sound and system notification sound.
  • Clicking on a channel during the tutorial makes the tutorial disappear.
  • User can receive a video call from another browser tab while already on a call.
  • Search autocomplete picker is broken on Classic Android app.
  • Jump link in search results does not always jump to display the expected post.
  • First load of the emoji picker is slow on low-speed connections or on deployments with hundreds of custom emoji.
  • Scrollbar is sometimes not visible in the left-hand sidebar after switching teams.
  • Certain code block labels don’t appear while scrolling on iOS mobile web.
  • Outgoing webhooks do not fire when posts have no text content.
  • A public channel doesn’t always show up in another browser tab or client until after refresh.
  • Null values in Slack attachments cause a 500 error for incoming webhooks.
  • Keyboard shortcut CTRL/CMD+SHIFT+A does not close Account Settings.
  • Deleted message doesn’t clear unreads or unread mentions.
  • Changing the search term in the More Direct Messages modal doesn’t reset the page.
  • Status may sometimes get stuck as away or offline in High Availability mode with IP Hash turned off.
  • Cannot delete or edit parent posts in right-hand side reply threads.
  • Empty cells in Markdown tables render incorrectly.
  • platform user deleteall CLI command expects a user as an argument.

Release v3.10.3

  • v3.10.3, released 2017-08-18
    • Mattermost v3.10.3 contains multiple security fixes ranging from low to high severity. Upgrading is highly recommended. Details will be posted on our security updates page 14 days after release as per the Mattermost Responsible Disclosure Policy.
    • Fixed issue when using single-sign-on with GitLab where using a non-English language option in System Console > Localization sometimes resulted in a login failure.
  • v3.10.2, released 2017-07-18
  • v3.10.1, released 2017-07-16
  • v3.10.0, released 2017-06-16
    • Original 3.10 release

Highlights

Languages

  • Added Turkish translations for the user interface.

New and Improved Keyboard Shortcuts

  • Redesigned the channel switcher (CTRL/CMD+K) for increased productivity.
  • Browse direct and group message channels (CTRL/CMD+SHIFT+K) and reply to the most recent message (SHIFT+UP) with new shortcuts.

Improvements

Web User Interface

  • Enter key now confirms deletion on the screens to delete a custom emoji and delete a channel.
  • Team and channel URLs now replace accented characters with their ASCII equivalents.
  • Recent mentions and flagged posts icons in the header are now highlighted when they are active in the right-hand sidebar.
  • Empty rows are now ignored in the Send Email Invite modal.
  • Enter key now confirms leaving a team from the Leave Team modal.
  • Profile popover now opens when clicking a username in mobile browser view.
  • /join now allows switching to a private channel to which the user has access.
  • Improved the formatting of Mattermost content when copying and pasting to other apps.
  • Added the ability for users to view and modify their online status from their profile picture in the header.
  • /loadtest command changed to /test.
  • Ephemeral messages are removed from the right-hand sidebar after it is reopened.
  • Added a markdown preview option to the message editing modal.
  • Status indicators are now shown in the Direct Messages list.

Notifications

  • Added “@here” to the list of channel-wide mentions in Account Settings.
  • Added a reminder when your Mattermost window is refreshed if a status override slash command is used to set yourself as /away or /offline.
  • Users will see a confirmation dialog when attempting to use @all or @channel in a channel with over 5 users.
  • Messages for others being added to a channel no longer trigger channels to be unread.

Administration

  • Added CLI tool for permanently deleting channels.
  • Channel Admins can now delete user’s messages within their channel if permitted in the System Console.
  • Errors are now logged when failing to load config through the command line.
  • Reduced unnecessary database reads and writes when bulk importing users.

System Console

  • System Console main dropdown menu now has links to the Admin Guide, Troubleshooting Forum, Commercial Support Page and the About Mattermost dialog.
  • Added the ability to enable Legacy Signature (AWS Signature V2) with S3 compatible servers.

Authentication

  • Added a redirect to the appropriate team, channel or post if navigating to a Mattermost URL when logged out.
  • Clicking a team invite link now joins the team in all active sessions.

Performance

  • Upgraded GORP to support connection timeouts on MySQL and missing database columns on MySQL and Postgres.

Integrations

  • Posts from webhooks that are greater than 4000 characters are now broken into multiple posts.

Enterprise Edition

  • Added an announcement banner visible to all end users to make maintenance announcements across the system.

Bug Fixes

  • Dragging and dropping a file onto the left-hand sidebar no longer navigates away from Mattermost to open the file in the browser.
  • Textbox will no longer overlap the center pane message area as it expands when typing.
  • Fixed an issue where statuses could get stuck online after quitting the desktop app or closing the browser window in some cases.
  • Profile pictures uploaded on mobile are now rotated in their correct orientation.
  • The System Console help text for Minimum Password Length no longer dynamically updates as the input is changed.
  • Fixed an issue where the autocomplete list may appear underneath a modal overlay.
  • Updated error text when uploading a profile picture that is in an unsupported image format.
  • Joined channels no longer appear in the “More…” channels list.
  • Wide markdown images no longer cause horizontal scrolling in the center pane.
  • Fixed theme styling for button active states.
  • Fixed an issue where channels sometimes did not appear read if the channel was in focus when a new message was received.
  • Fixed an issue where the autocomplete list would not close after using a slash command.
  • Removed the system warning message that appears if mentioning a user that is not a member of a group message.
  • Fixed an issue where wide embedded images produce horizontal scroll.
  • Fixed a Javascript error that would occur when opening the System Console > SAML page.
  • Removed the Channel Admin user interface in Team Edition since the policy restrictions are only available in Enterprise Edition.
  • Adding a reaction to an ephemeral message no longer throws a Javascript error.
  • Fixed an issue where clicking autocomplete suggestions would not populate the search box with the appropriate text.
  • Fixed an issue where the System Console users list ignored the search term after selecting a team from the filter.
  • Channel header messages no longer appear cut-off if using a slash.
  • Corrected the formatting of the “Edited” indicator in the right-hand sidebar.
  • Fixed the positioning of the pin icon and channel header on Edge.

Compatibility

Removed and deprecated features

  • System Console settings in Files > Images scheduled for removal in July 2017 release. This includes:
    • Image preview height and width
    • Profile picture height and width
    • Image thumbnail height and width
  • Font setting in Account Settings > Display scheduled for removal in July 2017 release.
  • Account Settings options for Display > Display Font and Display > Teammate Name Display are scheduled for removal in July 2017 release.
  • All APIv3 endpoints are scheduled for removal six months after APIv4 is stable.

For a list of past and upcoming deprecated features, see our website.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Team Edition and Enterprise Edition:

  • Under ServiceSettings in config.json:
    • Added "GoroutineHealthThreshold": -1, to set a threshold for number of goroutines.
  • Under SqlSettings in config.json:
    • Added "QueryTimeout": 30 to set the number of seconds to wait for a response from the database after opening a connection and sending the query.
  • Under FileSettings in config.json:
    • Added "AmazonS3SignV2": false to enable Legacy Signature (AWS Signature V2) with S3 compatible servers.

Additional Changes to Enterprise Edition:

  • Under AnnoucementSettings in config.json:
    • Added "EnableBanner": false, to enable an announcement banner visible for all users.
    • Added "BannerText": "", to specify the text shown in the banner.
    • Added "BannerColor": "#f2a93b", to set the banner background color.
    • Added "BannerTextColor": "#333333", to set the banner text color.
    • Added "AllowBannerDismissal": true to set whether the banner can be dismissed by users.

API Changes

  • Mattermost 3.10 has a release candidate of APIv4 endpoints. To see the complete list of available endpoints, see https://api.mattermost.com/v4/.
  • All APIv3 endpoints are scheduled for removal six months after APIv4 is stable.

Modified routes (APIv4)

  • /system/ping updated to return 500 Internal Server Error with {"status": "unhealthy"} in the response body when GoroutineHealthThreshold is set in config.json and the number of goroutines on the server exceeds that threshold. If the number of goroutines is below the threshold or GoroutineHealthThreshold is not set in config.json, 200 OK is returned with no response body.

Known Issues

  • Google login fails on the mobile apps.
  • Edge overlays desktop notification sound and system notification sound.
  • Status appears offline briefly after joining a new team.
  • User popover can get cropped in the center channel on iOS.
  • Clicking on a channel during the tutorial makes the tutorial disappear.
  • Custom emoji search results filter by the creator’s first/last name in addition to the emoji name.
  • Reactions are displayed on messages deleted by other users.
  • User can receive a video call from another browser tab while already on a call.
  • Search autocomplete picker is broken on Android.
  • Jump link in search results does not always jump to display the expected post.
  • First load of the emoji picker is slow on low-speed connections.
  • Emoji picker for reactions doesn’t always position correctly.
  • Scrollbar is sometimes not visible in the left-hand sidebar after switching teams.
  • New direct messages received while in no teams do not show as unread after joining a team.
  • User is not logged out immediately when logging self out from Active Sessions list.
  • Certain code block labels don’t appear while scrolling on iOS mobile web.
  • CTRL+SHIFT+K doesn’t toggle modal open and closed.
  • Deactivated users do not appear in the Direct Message and Group Message sidebar channel list.
  • Outgoing webhooks do not fire when posts have no text content.

Contributors

Many thanks to all our contributors. In alphabetical order:

/mattermost-server

/docs

/mattermost-api-reference

/mattermost-redux

/mattermost-mobile

/desktop

/mattermost-docker

/android

/mattermost-selenium

/gorp

/ios

/mattermost-kubernetes

Release v3.9.2

Security Update

Highlights

Languages

  • Added Polish translations for the user interface.

Redux

  • Mattermost Webapp moved over to Redux for increased performance and more stable infrustructure.

APIv4 Release Candidate

  • Mattermost HTTP REST APIs moved to v4 endpoints allowing for more powerful integrations and server interaction.
  • To learn more about the available APIv4 endpoints, see our documentation.
  • APIv3 endpoints are supported until six months after the stable release of APIv4 endpoints in Q3 of 2017.

Improvements

Web User Interface