Workflow

Heisenbridge

Latest version: v1.15.0

Safety actively analyzes 681775 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 6

1.15.0

Authenticated media

Matrix v1.11 [deprecated](https://matrix.org/blog/2024/06/26/sunsetting-unauthenticated-media/) the old way of downloading media without authentication, which Heisenbridge was relying on when bridging media. This release adds a proxy into the bridge which allows unauthenticated access to media that has been sent over the bridge. Support for old way of bridging media has also been removed completely, which means a Matrix v1.11 compatible homeserver is required (Synapse v1.111 or higher, matrix-media-repo v1.3.5 or higher, Conduit/Dendrite not yet available).

To set it up, configure your reverse proxy to pass `/_heisenbridge/media/*` to heisenbridge, then set `heisenbridge` -> `media_url` in the registration file with the public URL that the reverse proxy handles. Optionally, you can run another heisenbridge instance with the `--media-proxy` flag to have it in a separate process. When doing so, point the reverse proxy at that second process, not the main process.

The path that heisenbridge emits can also be configured using the `heisenbridge` -> `media_path` option (defaults to `/_heisenbridge/media/{server}/{media_id}/{checksum}{filename}`). However, it does not change the path where heisenbridge listens, so you must rewrite paths in your reverse proxy if using that option.

The unauthenticated links generated by Heisenbridge will have a checksum to prevent accessing media that hasn't been sent over the bridge. By default, the checksum uses the `hs_token` as the HMAC secret. Optionally, you can set `heisenbridge` -> `media_key` in the registration to use a custom key.

Other changes

* Filter out empty user IDs in `status` command (Christoph-D in https://github.com/hifi/heisenbridge/pull/286)
* Added setting to insert username prefix on all lines of a multi-line message (russss in https://github.com/hifi/heisenbridge/pull/276)
* Added note to help that shell escaping may be required for some commands (hades in https://github.com/hifi/heisenbridge/pull/271)
* Added option to disable reactions (9p4 in https://github.com/hifi/heisenbridge/pull/275)

1.14.6

1.14.5

1.14.4

1.14.3

- Accept elliptic curve keys in the CERTFP command (thanks viiru-)
- Include ! in the mode list, fixes weird modes breaking nicks (thanks gsora)
- Add support for away-notify cap, fixes crashes for unexpected AWAY commands
- Bump Mautrix max version to v0.20.x
- Drop Python 3.8 support (because of Mautrix)

1.14.2

Page 1 of 6

Links

Releases

Has known vulnerabilities

Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.