Skip to content

Release history

Rocket.Chat releases

The Secure CommsOS™ for mission-critical operations

Back to tool Latest release

All releases

50 shown

No immediate action
8.3.5 Bug fix

Chat limits lock fix for bots

Open
No immediate action
8.2.5 Bug fix

Bypass chat limits for bots

Open
No immediate action
8.4.3 Bug fix

Bypass chat limits for bots

Open
Review required
7.10.12 Bug fix
Auth RBAC

Token cleanup + translation validation

Open
Review required
8.2.4 Bug fix
Auth

Token cleanup + validation

Open
Review required
8.3.4 Bug fix
Auth RBAC

Token cleanup on deactivation

Open
Review required
8.4.2 Bug fix
Auth RBAC

OAuth cleanup + presence fix + translate validation

Open
Upgrade now
7.10.11 Mixed
Auth

SAML disable + Slack fix

Open
Upgrade now
7.13.7 Security relevant
Auth

SAML security hotfix

Open
8.4.1 Security relevant
Security fixes
  • Disables SAML login when signature validation is misconfigured; see https://docs.rocket.chat/docs/security-fixes-and-updates
Notable features
  • Allows searching attribute values when assigning them to rooms
Full changelog

Engine versions

  • Node: 22.22.2
  • Deno: 2.3.1
  • MongoDB: 8.0
  • Apps-Engine: 1.62.0

Patch Changes

View release on GitHub
8.0.5 Security relevant
Security fixes
  • Disables SAML login when signature validation is misconfigured (Security Hotfix).
Full changelog

Engine versions

  • Node: 22.16.0
  • Deno: 1.43.5
  • MongoDB: 8.2
  • Apps-Engine: 1.59.1

Patch Changes

View release on GitHub
8.1.4 Security relevant
Security fixes
  • Disables SAML login when signature validation is improperly configured (Security Hotfix).
Full changelog

Engine versions

  • Node: 22.16.0
  • Deno: 1.43.5
  • MongoDB: 8.2
  • Apps-Engine: 1.59.2

Patch Changes

View release on GitHub
8.3.3 Security relevant
Security fixes
  • Disables SAML login when signature validation is configured without proper certificates — security hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)
Full changelog

Engine versions

  • Node: 22.16.0
  • Deno: 1.43.5
  • MongoDB: 8.0
  • Apps-Engine: 1.61.1

Patch Changes

View release on GitHub
8.2.3 Security relevant
Security fixes
  • Disables SAML login when signature validation is configured without proper certificates; security hotfix applied.
Full changelog

Engine versions

  • Node: 22.16.0
  • Deno: 1.43.5
  • MongoDB: 8.0
  • Apps-Engine: 1.60.1

Patch Changes

View release on GitHub
8.4.0 Breaking risk
⚠ Upgrade required
  • Cold Storage Archiving for Read Receipts is disabled by default; enable via Message → Read Receipts → Enable Read Receipts Cold Storage setting.
  • `skipTranspile` flag in webhook integrations is deprecated and will be removed in 9.0.0.
Security fixes
  • Security Hotfix applied per https://docs.rocket.chat/docs/security-fixes-and-updates
Notable features
  • Cold Storage Archiving for Read Receipts (configurable via Message → Read Receipts → Enable Read Receipts Cold Storage)
  • Auto-wrap selected text in composer with matching delimiters
  • Alternative text field added to image uploads for accessibility
Full changelog

Engine versions

  • Node: 22.16.0
  • Deno: 2.3.1
  • MongoDB: 8.0
  • Apps-Engine: 1.62.0

Minor Changes

  • (#40181) Adds file thumbnails with image preview to the message composer attachments

  • (#40141) Adds a new REST endpoint to accept or reject media calls without an active media session

  • (#39535) Adds externalIds field to livechat visitors for external platform identification.

  • (#40160) Adds a skipTranspile flag (default false) to webhook integrations. When set to true, the integration script is stored as-is without Babel transpilation — matching the 9.0.0 default where Babel is removed entirely. Admins can flip the flag per-integration to validate strict-mode compatibility before upgrading. The field is deprecated and will be removed in 9.0.0.

  • (#39495) Updates omnichannel routing so agents with offline status are always excluded from assignment. The Livechat_enabled_when_agent_idle setting now only affects agents with away status.

  • (#40093) Adds new API endpoints to load the user's current voice call state from the server

  • (#40096) Introduces redaction of potentially sensitive data in logs related to apps-engine

  • (#39989) Adds email search filter to users.list and users.info endpoints.

  • (#39845) Adds support for setting up Virtru as a PDP (Policy Decision Point) for ABAC.

  • (#38623 by @copilot-swe-agent) Introduces Cold Storage Archiving for Read Receipts to improve performance and scalability in large deployments.

    Enterprise workspaces can now archive older read receipts into a dedicated cold storage collection, reducing the size of the primary read receipts dataset and improving query performance in environments with high message volumes.

    This feature is disabled by default and can be enabled through the new setting:

    Message → Read Receipts → Enable Read Receipts Cold Storage

    This feature is especially recommended for deployments with high message throughput and long data retention requirements, where reducing the size of hot collections significantly improves overall system responsiveness.

  • (#39393 by @copilot-swe-agent) Added auto-wrap selected text in composer with matching delimiters

  • (#40075) Adds alternative text field to image uploads to improve accessibility

Patch Changes

  • Bump @rocket.chat/meteor version.

  • Bump @rocket.chat/meteor version.

  • Bump @rocket.chat/meteor version.

  • (#40058) Fixed UI becoming unresponsive after clicking "See on Engagement Dashboard" from the workspace info card, which required a manual page refresh to recover.

  • (#39741) Fixes empty notifications sent when a voice call ends

  • (#40095) LDAP sync now action now syncs user's abac attributes too.

  • (#39246) Fixes an issue where messages appeared as unread even when all active users had read them. Read receipts now correctly ignore deactivated users.

  • (#40125) Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)

  • (#40051) Fixes user status indicator to show disabled state when presence broadcast is turned off

  • (#40061) Fixes a bug that could remove all of a user's subscriptions when the user was re-added to a room while still banned.

  • (#40053) Fixes Slack messages being incorrectly saved on import

  • (#38994) Adds SAML redirect validation by matching request parameters and configured IdP SLO

  • (#39986) Fixes an issue where the outlook calendar action isn't being reactive based on the setting

  • (#39868) Fixes app actions ignoring role filters and i18n translation

  • (#40078) Fixes "Reply in direct message" action not being shown when user has permission to create DMs but no existing conversation exists.

  • (#40169) Moves keyboard shortcuts from the contextual bar into a modal accessible from the user menu, and adds a hotkey to open it.

  • (#39883) Fixes the issue of the lacking MessageUpdater not being available to apps during runtime

  • (#40114) Fixes a bug preventing users to join a room after being banned and unbanned.

  • (#39823) Fixes an issue where the apps-engine updateStatusText method isn't updating the app user status text properly

  • (#39892) Fixes an issue where the expanded thread view was overlapping the navbar

  • (#40113) Fixes inability to use custom sounds pagination action buttons when the amount exceeds the specified limit

  • (#39985) Adds error feedback when clicking on a mentioned room you don't have access to

  • (#40175) Fixes an issue where the Omnichannel routing system ignored the Livechat_accept_chats_with_no_agents setting. Now, offline agents are correctly considered for assignment when the setting allows it.

  • Updated dependencies [53e32c7df1bf40598d65d170fd50c55f752f2951, 53e32c7df1bf40598d65d170fd50c55f752f2951, 543b6c8cbde0d084a3a923acf4845b68db80206a, 43642220a5cc8124ecc6f3956150c42c5b390c90, 2632182e429d337325fe3b1e28ea52ab12d99591, 21cd54f87de5837fe6c999a44bd15be34b9fe905, 278b84f78360e53792a2e5d7620615039a0e15e9, 95a82f72dd45fc51d54bb1beed295315facf9109, 12c44d2db65af9f90c741da621164f5738fc19f5, 24b3671fe61b8b09c6a1b5dc6401b503b3fb92a0, 5cff1f41d388b036c77a8f774f233b1921e9066e, 9713af36f5c0d673f2d2093015f322341706bab0, 53e32c7df1bf40598d65d170fd50c55f752f2951, 53e32c7df1bf40598d65d170fd50c55f752f2951, f3fa3ee2f2e53b777de9abd466f1b76a1ec1b96c, 32f67f20fbcfdab051c7d2f99d8a7a3d18ebf474, e792aba7f56f1b2ece62951087591819995a1446, f3649b22edfe6497ec2d7f3d7b8ec655466ad4a6, c544b805d1c03f8eae9d061cd48838206207a7c9, 4e99ff6c1a99ac569cf444f9de9b5fe5ac3262b2, 8c0e16ca29b393cfa50b425520db48ba5a74f678, 95a82f72dd45fc51d54bb1beed295315facf9109, 9f38b54c671ba3f0583c0d248a2afe09652fcdf4, f4dfb8ddc2049692371aeb084110b5768151b5df, 2356c889ed82507e1dd1208fab6d4ab186701fef]:
View release on GitHub
8.3.1 Mixed

Updates Node to 22.16.0, Deno to 1.43.5, MongoDB to 8.0, and Apps-Engine to 1.61.0. Fixes a bug where re-adding a banned user to a room could remove all their subscriptions. Includes numerous dependency updates across core services, UI kits, and typings.

View release on GitHub
8.3.0 Mixed
⚠ Upgrade required
  • Deprecation: 'Anonymous write' feature will be removed in version 9.0.0.
Breaking changes
  • AJV validator split: Numeric and boolean values sent as strings in POST/PUT/PATCH bodies will now be rejected instead of being silently coerced.
Security fixes
  • Security Hotfix
  • Fixed an authorization issue that allowed users to confirm uploads from other users
  • Fixed cross-resource access issue allowing retrieval of emojis from Custom Sounds and sounds from Custom Emojis in FileSystem storage mode
Notable features
  • Native screen sharing for internal voice calls (currently in beta)
  • Support for multiple files in the message composer
  • Ban management in rooms via UI and slash commands
View release on GitHub
7.13.5 Security relevant
Security fixes
  • Security hotfix - refer to https://docs.rocket.chat/docs/security-fixes-and-updates
Notable features
  • Fixed third-party login functionality
View release on GitHub
8.0.3 Security relevant
Security fixes
  • Security hotfix - refer to https://docs.rocket.chat/docs/security-fixes-and-updates
View release on GitHub
8.2.1 Security relevant
Security fixes
  • SSRF validation fix in OAuth endpoints preventing internal endpoint access during auth
Notable features
  • Fixed SSRF validation for OAuth endpoints
View release on GitHub
8.1.2 Security relevant
Security fixes
  • Security hotfix - refer to https://docs.rocket.chat/docs/security-fixes-and-updates
View release on GitHub
8.0.2 Security relevant
Breaking changes
  • MongoDB 8.0 required (versions 5.0, 6.0, 7.0 no longer supported)
Security fixes
  • Security hotfix
View release on GitHub
8.2.0 Breaking risk
Breaking changes
  • MongoDB minimum version requirement raised to 8.0
Security fixes
  • SSRF protection with internal IP blocking and DNS rebinding protection
  • Prevents sensitive field exposure in users.updateOwnBasicInfo
  • Enforces 2FA and account status checks in Enterprise DDP Streamer login
Notable features
  • SSRF protection with internal IP blocking and DNS rebinding defense
  • Federation restricted to verified email users matching configured domain
  • Apps-Engine supports multiple file uploads with new delete endpoint
View release on GitHub
8.1.0 New feature
Security fixes
  • Default password policy
  • Prevented credential exposure in logs
Notable features
  • Default password policy enforcement
  • Real-time presence-based voice updates
  • Voice call direct message shortcuts
View release on GitHub
7.8.6 Maintenance

Maintenance patch updating dependencies to ensure stability and compatibility across platform modules.

View release on GitHub
7.9.8 Maintenance

Updated core engine versions to Node 22.16.0, Deno 1.43.5, and MongoDB 5.0, 6.0, or 7.0. Bumped @rocket.chat/meteor and numerous dependencies including @rocket.chat/core-typings, @rocket.chat/rest-typings, @rocket.chat/apps, and @rocket.chat/ui-client.

View release on GitHub
7.10.7 Maintenance

Patch release with dependency updates across core services, utilities, and UI components.

View release on GitHub
7.11.4 Maintenance

Routine dependency updates across internal packages to maintain compatibility and stability

View release on GitHub
7.12.4 Maintenance

Maintenance patch with dependency updates to ensure platform stability and compatibility with current runtime versions.

View release on GitHub
7.13.3 Maintenance

Internal dependencies updated to maintain compatibility and stability across modules. Supports Node 22.16.0, Deno 1.43.5, and MongoDB 5-8.

View release on GitHub
8.0.1 Mixed

Updated engine versions for Node, Deno, MongoDB, and Apps-Engine. Fixed a startup error caused by the deprecated DEBUG_DISABLE_USER_AUDIT flag and updated numerous dependencies including @rocket.chat/meteor, core-typings, rest-typings, abac, federation-matrix, license, media-calls, omnichannel-services, pdf-worker, presence, api-client, apps, core-services, cron, fuselage-ui-kit, gazzodown, http-router, message-types, model-typings, ui-avatar, ui-client, ui-contexts, ui-voip, web-ui-registration, models, server-cloud-communication, network-broker, omni-core-ee, ui-theming, ui-video-conf, instance-status, and omni-core.

View release on GitHub
8.0.0 Breaking risk
⚠ Upgrade required
  • Workspaces must upgrade to MongoDB 8.2 before moving to Rocket.Chat v8.0.0.
  • A full database backup is strongly recommended before upgrading.
  • Administrators are expected to rely on the official Prometheus and Grafana monitoring stack for observability.
Breaking changes
  • Support for MongoDB 5.0 and 6.0 has been discontinued; workspaces must upgrade to MongoDB 8.2 before moving to v8.0.0.
  • Removal of Streamhub, database watchers, Tokenpass OAuth, Mobex, and VoxTelesys SMS integrations.
  • Removal of second-layer transport encryption and built-in logging tools.
Security fixes
  • Patched a security issue to prevent message content from being written to logs at debug level.
  • Added security requirements for token creation via /v1/users.createToken.
Notable features
  • Attribute-Based Access Control (ABAC) for private channels and teams.
  • Rocket.Chat Federation beta with built-in Matrix support.
  • Voice calling moved to general availability with a new call history page.
View release on GitHub
7.9.7 Security relevant
⚠ Upgrade required
  • Updated engine versions: Node 22.16.0, Deno 1.43.5, Apps-Engine 1.54.0
  • Supported MongoDB versions: 5.0, 6.0, 7.0
Security fixes
  • Security Hotfix
View release on GitHub

Beta — feedback welcome: [email protected]