Rocket.Chat logo

Rocket.Chat

Open-source team communication and collaboration platform

Alternative to: Slack, Microsoft Teams, Discord


About Versions (100)

8.3.0-rc.0

2026-03-20

Engine versions

  • Node: 22.16.0
  • Deno: 1.43.5
  • MongoDB: 8.0
  • Apps-Engine: 1.61.0-rc.0

Minor Changes

  • (#39750) Adds support to name changes on federated rooms

  • (#39268) refactor(ui-kit): Remove UiKit deprecations

  • (#38978 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat autotranslate translateMessage API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation

  • (#37922) Introduces native screen sharing for internal voice calls. This feature is currently in beta and can be disabled through admin settings.

  • (#39225 by @sezallagwal) Add OpenAPI support for the chat.followMessage and chat.unfollowMessage API endpoints by migrating to a modern chained route definition syntax and utilizing AJV schemas for body and response validation.

  • (#39227 by @sezallagwal) Add OpenAPI support for the chat.starMessage and chat.unStarMessage API endpoints by migrating to a modern chained route definition syntax and utilizing AJV schemas for body and response validation.

  • (#38957 by @Verifieddanny) Migrated rooms.leave endpoint to new OpenAPI pattern with AJV validation

  • (#38549 by @Rohitgiri02) migrated rooms.delete endpoint to new OpenAPI pattern with AJV validation

  • (#39094 by @ahmed-n-abdeltwab) Adds OpenAPI support for the Rocket.Chat e2e.updateGroupKey endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.

  • (#36402 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat users.getAvatarSuggestion API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.

  • (#38881 by @smirk-dev) adds instances.get API endpoint to new chained pattern with response schemas

  • (#38883 by @smirk-dev) Migrates ldap.testConnection and ldap.testSearch REST API endpoints from legacy addRoute pattern to the new chained .post() API pattern with typed response schemas and AJV body validation (replacing Meteor check()).

  • (#38882 by @smirk-dev) Migrates presence.getConnections and presence.enableBroadcast REST API endpoints from legacy addRoute pattern to the new chained .get()/.post() API pattern with typed response schemas.

  • (#38610) Fixes Custom Sounds Contextualbar state and refresh behavior

  • (#36779 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat e2e.fetchMyKeys endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.

  • (#39425) Adds support for multiple files in message composer, improving file upload experience

  • (#36916 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat custom-user-status.list API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation

  • (#39219 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat e2e endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.

  • (#38610) Adds new custom-sounds.getOne REST endpoint to retrieve a single custom sound by _id and updates client to consume it.

Patch Changes

  • (#39492) Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)

  • (#39010) Fixes an authorization issue that allowed users to confirm uploads from other users

  • (#39092) Fixes main channel scroll position changing when jumping to a thread message from search

  • (#38531) Fixes a cross-resource access issue that allowed users to retrieve emojis from the Custom Sounds endpoint and sounds from the Custom Emojis endpoint when using the FileSystem storage mode.

  • (#39752) Fixes an issue on Federation where all domains ending with the pattern where being allowed to communicate, the feature is meant to work with a list, url by url

  • (#38662 by @TheRazorbill) Fixes wrong i18n key in RegisterWorkspace confirmation step so the text is translated instead of showing a missing key.

  • (#38983 by @copilot-swe-agent) Fixes incoming webhook messages ignoring literal \n escape sequences, and fixes the MarkdownText document variant not rendering newlines as line breaks.

  • (#39087) Fixes race condition causing duplicate open livechat rooms per visitor token.

  • (#39460) Fixes inconsistent username formatting causing ‘@@username’ for federated users

  • (#38989) chore(eslint): Upgrades ESLint and its configuration

  • (#39541) Fixes an issue when forwarding messages to a password-protected room.

  • (#39003) Fix marking a message as sent before the request finishes

  • (#36786 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat e2e.getUsersOfRoomWithoutKey endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.

  • (#38932) Fixes version update banner showing outdated versions after server upgrade.

  • (#39461) Deprecates Anonymous write. Feature will be removed in version 9.0.0.

  • (#39545) Fixes the intermittent behavior where the “New messages” indicator appears incorrectly after the user sends a message

  • (#39753) Fixes an issue where emails were not saved for users logging in via the GitHub OAuth provider.

  • (#39491) Fixes calendar events modifying the wrong status property when attempting to sync busy status.

  • (#39054) Fixes a mismatch in the room icons on the sidebar items, ABAC Managed rooms were not displaying the correct icon

  • (#38760 by @Khizarshah01) Limits Outgoing webhook maximum response size to 10mb.

  • (#39612) Fixes the download of attachments with non-unicode names on E2EE rooms

  • (#36882 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat push.test API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.

  • (#39718) Fixes an issue where, sometimes, updatedAt was not being set during the subscription creation

  • (#39557) Fixes main team channels being able to be converted into public or private with only the create-team-channel or create-team-group (the correct permission for main teams are create-c and create-p)

  • (#39559 by @copilot-swe-agent) Splits the single AJV validator instance into two: ajv (coerceTypes: false) for request body validation and ajvQuery (coerceTypes: true) for query parameter validation.

    Why this matters: Previously, a single AJV instance with coerceTypes: true was used everywhere. This silently accepted values with wrong types — for example, sending { "rid": 12345 } (number) where a string was expected would pass validation because 12345 was coerced to "12345". With this change, body validation is now strict: the server will reject payloads with incorrect types instead of silently coercing them.

    What may break for API consumers:

    • Numeric values sent as strings in POST/PUT/PATCH bodies (e.g., { "count": "10" } instead of { "count": 10 }) will now be rejected. Ensure JSON bodies use proper types.
    • Boolean values sent as strings in bodies (e.g., { "readThreads": "true" } instead of { "readThreads": true }) will now be rejected.
    • null values where a string is expected (e.g., { "name": null } for a type: 'string' field without nullable: true) will no longer be coerced to "".

    No change for query parameters: GET query params (e.g., ?count=10&offset=0) continue to be coerced via ajvQuery, since HTTP query strings are always strings.

  • (#39250) Fixes inquiries.take not failing when attempting to take a chat while over chat limits

  • (#38852) Fixes an issue where Production flag was not being respected when initializing Push Notifications configuration

  • (#39363 by @gauravsingh001-cyber) Fixes “Join” button on Outlook Calendar bubbling click event, also opening the calendar event details.

  • (#38944 by @Khizarshah01) Limits Omnichannel webhook maximum response size to 10mb.

  • (#39678) Adds support for ban management in federated rooms, enabling authorized users to ban and unban members via UI and slash commands.

  • (#38954) Fixes reactivity of Custom Sounds and Custom Emojis storage settings

  • (#35995 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat rooms.favorite APIs endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.

  • (#39505) Fixes ssrf validation for oauth endpoints, which allows internal endpoints to be used during the auth flow.

  • (#36523 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat emoji-custom.create API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.

  • (#36953 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat commands.get API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.

  • (#38974 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat dm.close/im.close API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.

  • Updated dependencies [602b20a8c570b895eb296ecfe39c9b7fcb12fabd, e2068892bf1ffc88b15ab71ad743cf84e5d31ed5, e65b1764aad1ece3d770599e2ba0e216f41457cf, 6b80941a610085bac643d6958f6efa7c018f4bdf, d1bf2cc675e80403659d388a1fbbdc6f73889dad, 02b1e6e6a184850d21e335077ca30382a1c7a66b, 9a70095296dbf516b0113a9a65e09f25137b2eaf, cd2fc208d351032c0b729755af4886665dca08b6, 87f9262af4a543d52642a54e1ef546d509a79e23, a4e3c1635d55ec4ce04cbde741426770e43581fb, 652ff8cfe26b9068a776c39132c0eb5440702894, 539659af22bc19880eda047dfc0b152472ccb65c, b1b1d6ccd81c90d231a7e594f834965c6e5f4fae, 1741a20dd86c353755becfc706cd9ad63df09cfa, 5518503736b72674753e711ba4089d177ab988a5, a4341ec67d1f0413f30bbabfd292d1b0a41728b2, 40253146de8d8f83737e71b0ade7c67e0c295a28, 85c0ac7d8c7a5b7b89ef58f4a42b18467a8e2dd4, 803b8075514de54c9ff34ba0c9aa3ee5fc3bbe61, 1361a1f4f1e3c0cc3f2a191cef8eccc12a714cde, c217b0bde182e5f76dbe1892d9b37d61ffab71db, 2a2701098536b32143003be8d267891978c708c9, 78e37dc3deae4ff05f5e33f9134c7094fd6c1330, 37acece030bc9f39bdaa86ab0130eb818332033e, 43d0cfc6a70e8a31d5f3d24162216dae6b07efdd, d8baf395181b70fef9ce448eb509f65b66049615, ddc0ed34b03072362d166f1160104a9332b362e8, d83a1a9753464ee916845b3c88757bbcf76884a5, eae3fb3136bd0b48294c050a71b0a36d05ca02b0, 4c2e444216efd514ab406fe8e9cd127ef971d566, 722df6f60bc86c51b204e28a39acb3dc8710bdeb, 78b3fe3ef20e3a545b84551ba3f85cb40e862ba7, 98a6c58a38c053c60db2b4d53a9df0e94fecf0ba, 29b453e1def8092a8d78c28736e2bfb24229717b, 39f2e87e1caa6842e69155f033205cfdc4767b9e, c117492ad90d291a361eedc929506f557495caf7, 7c7324184589a15bf3e67b4f0c1cc222f8d48db3]:
    • @rocket.chat/model-typings@2.1.2-rc.0
    • @rocket.chat/models@2.1.2-rc.0
    • @rocket.chat/federation-matrix@0.1.0-rc.0
    • @rocket.chat/message-parser@0.31.35-rc.0
    • @rocket.chat/fuselage-ui-kit@29.0.0-rc.0
    • @rocket.chat/ui-kit@1.0.0-rc.0
    • @rocket.chat/apps-engine@1.61.0-rc.0
    • @rocket.chat/rest-typings@8.3.0-rc.0
    • @rocket.chat/i18n@2.2.0-rc.0
    • @rocket.chat/ui-voip@19.0.0-rc.0
    • @rocket.chat/server-cloud-communication@0.0.3-rc.0
    • @rocket.chat/omnichannel-services@0.3.50-rc.0
    • @rocket.chat/web-ui-registration@29.0.0-rc.0
    • @rocket.chat/network-broker@0.2.32-rc.0
    • @rocket.chat/password-policies@0.1.1-rc.0
    • @rocket.chat/omni-core-ee@0.0.18-rc.0
    • @rocket.chat/instance-status@0.1.53-rc.0
    • @rocket.chat/media-signaling@0.2.0-rc.0
    • @rocket.chat/patch-injection@0.0.2-rc.0
    • @rocket.chat/media-calls@0.3.0-rc.0
    • @rocket.chat/pdf-worker@0.3.32-rc.0
    • @rocket.chat/account-utils@0.0.3-rc.0
    • @rocket.chat/core-services@0.13.2-rc.0
    • @rocket.chat/message-types@0.1.1-rc.0
    • @rocket.chat/mongo-adapter@0.0.3-rc.0
    • @rocket.chat/ui-video-conf@29.0.0-rc.0
    • @rocket.chat/cas-validate@0.0.4-rc.0
    • @rocket.chat/core-typings@8.3.0-rc.0
    • @rocket.chat/server-fetch@0.1.2-rc.0
    • @rocket.chat/presence@0.2.53-rc.0
    • @rocket.chat/http-router@7.9.20-rc.0
    • @rocket.chat/poplib@0.0.3-rc.0
    • @rocket.chat/ui-composer@0.6.0-rc.0
    • @rocket.chat/ui-contexts@29.0.0-rc.0
    • @rocket.chat/license@1.1.13-rc.0
    • @rocket.chat/api-client@0.2.53-rc.0
    • @rocket.chat/log-format@0.0.3-rc.0
    • @rocket.chat/gazzodown@29.0.0-rc.0
    • @rocket.chat/omni-core@0.0.18-rc.0
    • @rocket.chat/ui-avatar@25.0.0-rc.0
    • @rocket.chat/ui-client@29.0.0-rc.0
    • @rocket.chat/abac@0.1.6-rc.0
    • @rocket.chat/favicon@0.0.5-rc.0
    • @rocket.chat/tracing@0.0.2-rc.0
    • @rocket.chat/agenda@0.1.1-rc.0
    • @rocket.chat/base64@1.0.14-rc.0
    • @rocket.chat/logger@1.0.1-rc.0
    • @rocket.chat/random@1.2.3-rc.0
    • @rocket.chat/sha256@1.0.13-rc.0
    • @rocket.chat/tools@0.2.5-rc.0
    • @rocket.chat/apps@0.6.6-rc.0
    • @rocket.chat/cron@0.1.53-rc.0
    • @rocket.chat/jwt@0.2.1-rc.0