Bridges

10 posts tagged with "Bridges" (See all Category)

Atom Feed

Cleaning up Libera.Chat aliases

14.12.2023 16:00 — Bridges Thib

The Matrix.org Foundation has taken down the bridge with the Libera Chat network. This only prevented messages from making it across the bridges, for Matrix users to appear on the IRC side, and for new IRC users to appear on the Matrix side.

As part of our work to remove the bridge leftovers, we have removed the ghosts in Matrix rooms and demoted the Libera Chat appservice user. We will now remove the aliases from the rooms, and strongly encourage you to make sure you update the links to your Matrix room if they relied on a matrix.to link that contains :libera.chat

Continue reading…

Shutting down the Matrix bridge to Libera Chat

28.11.2023 00:00 — Bridges Josh Simmons

Today we are sorry to announce that we are not able to bring the Libera Chat bridge back online. We have already begun working through clean up tasks, such as clearing ghosts, and expect to be done by December 22. If you see any bridge artifacts left past that point, please let us know.

If you are one of those who have relied on the bridge in the past, you may be asking: what now? You do have options.

People who need a bridge for their community can run their own: the matrix-appservice-irc software is still maintained. Only its Libera Chat instance, which was configured to persist connections across restarts, is being shut down. Please be mindful of the network, and read Libera Chat’s recommendations and their Matrix FAQ when doing so.

Continue reading…

Libera.Chat bridge temporarily unavailable.

04.08.2023 22:30 — Bridges Neil

Following a series of stability issues, the Libera.Chat team has requested that the Matrix <> Libera.Chat bridge be disabled until we can resolve the stability issues.

From 14:00 UTC on Saturday 5th August the bridge will be unavailable. We will be working to get the bridge back up as soon as we can, however, given the severity of the situation we do not expect immediate resolution.

We send our sincere apologies to anyone caught up in this decision and unable to reach folks on the Libera side.

We’ll get you back as soon as we can.

Disclosure: Bridges security issues

04.08.2023 10:30 — Bridges Integrations Team

Hi folks. As previously mentioned on Monday, we’re now disclosing the vulnerabilities patched for the IRC, Slack and Hookshot bridges. If you have not already done so, please ensure you are running the patched versions.

Today we are disclosing the 3 vulnerabilities.

matrix-appservice-bridge doesn't verify the sub parameter of an openId token exchange (CVE-2023-38691)

GHSA-vc7j-h8xg-fv5x / CVE-2023-38691

The POST /v1/exchange_openid endpoint did not check that the servername part of the sub parameter (containing the user's claimed MXID) is the same as the servername we are talking to. This could allow a malicious actor to spin up a server on any given domain, respond with a sub parameter according to the user they want to act as and use the resulting token to perform provisioning requests.

This is now patched so that the server part of the sub / user ID is checked against the server used to make the request.

Discovered and reported by a community member.

IRC command injection via admin commands containing newlines (CVE-2023-38690)

GHSA-3pmj-jqqp-2mj3 / CVE-2023-38690

When the IRC bridge attempted to parse an admin command from a Matrix user, it would only split arguments by a literal space. For example, sending “!join #matrix\nfoobar” would treat the channel name as “#matrix\nfoobar”. This could then be exploited to inject any IRC command into the bridge to be run. Since the !join command first joins via the bridge bot user, it could be used to execute commands as the bridge bot.

This is now patched so that both the command handler is more strict about its arguments, as well as channel names being explicitly validated when provided by users.

Discovered and reported by Val Lorentz.

Events can be crafted to leak parts of targeted messages from other bridged rooms (CVE-2023-38700)

GHSA-c7hh-3v6c-fj4q / CVE-2023-38700

The IRC bridge caches recent timeline messages in memory, so that when a reply is seen for a message it doesn’t need to request the event content from the homeserver. However the room ID was not validated when accessing this cache, so a malicious actor could craft a reply event in another room referencing any event ID (so long as it was still in the bridge cache) to trick the bridge into posting the message content into a bridged reply.

Discovered and reported by Val Lorentz.

If you have further questions, please reach out on security@matrix.org

Bridges Security Update

31.07.2023 11:40 — Bridges Integrations Team

Today we are announcing security updates for several of our bridges.

In addition we have released matrix-appservice-bridge 9.0.1 (and backported to 8.1.2) which patches GHSA-vc7j-h8xg-fv5x.

All mentioned bridges are affected by a vulnerability in the provisioning interfaces of these bridges. If you are unable to upgrade, please disable provisioning for now (which should be documented in the relevant bridge sample config).

Continue reading…

Postponing the Libera.Chat deportalling

28.07.2023 14:00 — Bridges Thib

We have recently announced that we will be honouring Libera Chat’s request to turn off portalled rooms on the Libera.Chat bridge maintained by the Matrix.org Foundation. The changes were originally scheduled to be effective on 31st July. In the meantime, we posted instructions for people to turn their portalled rooms into plumbed ones so the bridge keeps working for them.

Some stability issues on the bridge have prevented people from turning their portalled rooms into plumbed ones. We have been actively working on resolving those issues since the first reports and the situation is gradually improving. However, at this point, we do not believe the plumbed mode can be considered sufficiently stable yet.

Continue reading…

Making Sure The Libera.Chat Bridge Keeps Working

07.07.2023 18:45 — Bridges Thib

Libera Chat recently announced their decision to opt-out of portalled rooms from the Libera.Chat bridge instance hosted by the Matrix.org Foundation (a decision we regret but respect). This means that for the bridge to keep working, all of your portalled rooms need to be turned into plumbed rooms before July 31st. All of this might be a bit obscure, so let’s walk together through these concepts and give you the tools to make sure the bridge keeps working for you.

Continue reading…

Deportalling from Libera Chat

04.07.2023 16:00 — Bridges Neil Johnson

On Monday 3rd July, the Libera.Chat IRC network shared that they would no longer accept portalled rooms over the Matrix.org <> Libera.Chat bridge. This change will come into effect between 25th July and 31st July.

We respect the decision but also recognise that this will be disruptive for matrix.org users accessing IRC over the bridge.

Practically speaking, if you currently use matrix.org as a bouncer into Libera.Chat this will no longer be possible unless the admin of every room you inhabit is willing to reconfigure the room for plumbing.

This post explains the situation as seen from the matrix.org side, what it means for matrix.org users and what to do next.

Continue reading…

Old Gitter bridge end of life (2021-04-21) - to be replaced with native bridge

15.04.2021 00:00 — Bridges Bridge Team

Next week on Wednesday (2021-04-21), the old Gitter bridge (identified as @gitterbot:matrix.org) will be shut down and any plumbed rooms (bridged connections) remaining will no longer bridge. To replace this, we've already migrated all of the portal rooms and many of the plumbed rooms in preparation so most users will not need to take any further actions. The remaining rooms with the old Gitter bridge are unfortunately not possible to migrate and for those communities a clean break will be needed. The new native Gitter bridge is here to replace this!

Gitter is bridged natively to Matrix on the gitter.im homeserver and all of the public rooms are available there. The new native Gitter bridge has many advantages over the old bridge and is being actively developed to ensure parity and delivers:

  • Ability to join public Gitter rooms from Matrix via #<community>_<room>:gitter.im
  • Native feeling virtual users on both sides of the bridge so messages appear from the author itself
  • Bridging edits, replies (mapped to threads on Gitter), deletes, file transfers
  • Full support for markdown, emoji and mentions
  • Soon to be direct message (DM) support!

If you still need your existing Matrix room for a public community plumbed to Gitter, we’re happy to help community admins with the setup of a manual plumb. Send an email to support@gitter.im with the details! Self-service plumbing will be coming in future (meanwhile, please keep it to public community rooms only, if you must!)

We hope that this notice helps make the transition a little smoother and avoid any disruptions 🙇

If you have any questions about the migration path or the new bridge, you can always chat with us in #gitter:matrix.org.

Happy chatting everyone!

matrix-appservice-slack bridge 1.0 is here!

03.10.2019 00:00 — General Half-Shot

Hello Matrix enthusiasts! Yesterday we released matrix-appservice-slack 1.0. This marks a major milestone in bridge development for the Matrix.org team, being our first bridge to ever reach 1.0. The decision to release this version came after we decided that the bridge had gained enough features and reached a point of stability where it could be deployed in the wild with minimal risk.

For those not in the know, the Slack bridge is Node.JS based, and bridges slack channels & users into Matrix seamlessly. And for those wondering, yes it works with Mattermost too (since their API is compatible with Slack)! In previous versions only a limited subset of features were supported, making heavy usage of Slack’s webhook API. As of 1.0, the bridge now makes use of the newer Slack Events/RTM API which gives us all we need for a richer bridging experience. Everything from edits and reactions to typing notifications is supported in the 1.0 release.

Finally for those who are self hosting, we are pleased to offer the ability to "puppet" your Slack account using the bridge. Puppeting is the process in which the bridge will send messages as if you were sending them from the Slack client directly, when you talk using your Matrix account. This opens the door to seamless bridging and direct messaging support.

For those wishing to bridge their whole workspace across, picard exists as a tool to manage large scale Slack bridge deployments. This tool is provided by Cadair and SolarDrew

Slack Screenshot Threading & Reactions!

The bridge has undergone some pretty serious code surgery as well. The whole codebase has been rewritten in TypeScript to take advantage of type checking and generic types. The bridge is currently based upon the matrix-appservice-bridge library. The datastore interface now supports PostgreSQL, which allows for administrators to inspect and edit the database while the bridge is running, as well as offering helpful performance boost over the NeDB datastore format that was used previously. Finally, the codebase has proper Unit and Integration Tests to ensure new changes will not cause any regressions in behaviour. In short, now is an excellent time to get involved and hack on the bridge. There is already a crafted list of easy issues for new and experienced bridge devs.

Grafana memory usage graph Memory usage of the bridge comparison

Grafana CPU usage graph CPU usage of the bridge comparison

In terms of how many users matrix.org is currently serving at the moment, we present to you some figures:

  • 2562 bridged rooms
  • 764 teams connected to the bridge
  • 103711 events have passed through the bridge since the launch of 0.3.2

Of course, our work doesn’t stop at 1.0. The plan for the immediate future of the bridge is to continue adding support for other event types coming from Matrix and Slack to create an ever richer experience. Obvious features are things like topic changes, and syncing membership across the bridge. In the long term future we would also like to add community support to the bridge, so whole Slack workspaces can be bridged across with a single click.

That’s all from me, and I would like to say a massive thank you to Cadair and Ben for both their code and review work on the project and as always, thank you to the community for using the bridge and reporting issues. 🙂

Useful links: