Always calculate state diff IDs in syncv3

seemingly fixes #779

.forgejo/actions/rust-toolchain/action.yml

@@ -19,20 +19,11 @@ outputs:
   rustc_version:
     description: The rustc version installed
     value: ${{ steps.rustc-version.outputs.version }}
-  rustup_version:
-    description: The rustup version installed
-    value: ${{ steps.rustup-version.outputs.version }}
 
 runs:
   using: composite
   steps:
-    - name: Check if rustup is already installed
-      shell: bash
-      id: rustup-version
-      run: |
-        echo "version=$(rustup --version)" >> $GITHUB_OUTPUT
     - name: Cache rustup toolchains
-      if: steps.rustup-version.outputs.version == ''
       uses: actions/cache@v3
       with:
         path: |
@@ -42,7 +33,6 @@ runs:
         # Requires repo to be cloned if toolchain is not specified
         key: ${{ runner.os }}-rustup-${{ inputs.toolchain || hashFiles('**/rust-toolchain.toml') }}
     - name: Install Rust toolchain
-      if: steps.rustup-version.outputs.version == ''
       shell: bash
       run: |
         if ! command -v rustup &> /dev/null ; then

.forgejo/workflows/release-image.yml

@@ -57,6 +57,7 @@ jobs:
 
   build-image:
     runs-on: dind
+    container: ghcr.io/catthehacker/ubuntu:act-latest
     needs: define-variables
     permissions:
       contents: read
@@ -180,14 +181,14 @@ jobs:
           file: "docker/Dockerfile"
           build-args: |
             GIT_COMMIT_HASH=${{ github.sha }})
-            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
+            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }})
             GIT_REMOTE_URL=${{github.event.repository.html_url }}
             GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
           platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
           annotations: ${{ steps.meta.outputs.annotations }}
           cache-from: type=gha
-          # cache-to: type=gha,mode=max
+          cache-to: type=gha,mode=max
           sbom: true
           outputs: type=image,"name=${{ needs.define-variables.outputs.images_list }}",push-by-digest=true,name-canonical=true,push=true
         env:
@@ -210,6 +211,7 @@ jobs:
 
   merge:
     runs-on: dind
+    container: ghcr.io/catthehacker/ubuntu:act-latest
     needs: [define-variables, build-image]
     steps:
       - name: Download digests

Cargo.lock

@@ -771,7 +771,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 dependencies = [
  "clap",
  "conduwuit_admin",
@@ -800,7 +800,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_admin"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 dependencies = [
  "clap",
  "conduwuit_api",
@@ -821,7 +821,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_api"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 dependencies = [
  "async-trait",
  "axum",
@@ -853,14 +853,14 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_build_metadata"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 dependencies = [
  "built 0.8.0",
 ]
 
 [[package]]
 name = "conduwuit_core"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 dependencies = [
  "argon2",
  "arrayvec",
@@ -919,7 +919,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_database"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 dependencies = [
  "async-channel",
  "conduwuit_core",
@@ -937,7 +937,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_macros"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 dependencies = [
  "itertools 0.14.0",
  "proc-macro2",
@@ -947,7 +947,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_router"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 dependencies = [
  "axum",
  "axum-client-ip",
@@ -981,7 +981,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_service"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 dependencies = [
  "async-trait",
  "base64 0.22.1",
@@ -1018,7 +1018,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_web"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 dependencies = [
  "askama",
  "axum",

Cargo.toml

@@ -21,7 +21,7 @@ license = "Apache-2.0"
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
 rust-version = "1.86.0"
-version = "0.5.0-rc.6"
+version = "0.5.0-rc.5"
 
 [workspace.metadata.crane]
 name = "conduwuit"

SECURITY.md

@@ -1,63 +0,0 @@
-# Security Policy for Continuwuity
-
-This document outlines the security policy for Continuwuity. Our goal is to maintain a secure platform for all users, and we take security matters seriously.
-
-## Supported Versions
-
-We provide security updates for the following versions of Continuwuity:
-
-| Version        | Supported        |
-| -------------- |:----------------:|
-| Latest release |        ✅        |
-| Main branch    |        ✅        |
-| Older releases |        ❌        |
-
-We may backport fixes to the previous release at our discretion, but we don't guarantee this.
-
-## Reporting a Vulnerability
-
-### Responsible Disclosure
-
-We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
-
-1. **Contact members of the team directly** over E2EE private message.
-   - [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
-   - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
-2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
-3. **Do not disclose the vulnerability publicly** until it has been addressed
-4. **Provide detailed information** about the vulnerability, including:
-   - A clear description of the issue
-   - Steps to reproduce
-   - Potential impact
-   - Any possible mitigations
-   - Version(s) affected, including specific commits if possible
-
-If you have any doubts about a potential security vulnerability, contact us via private channels first! We'd prefer that you bother us, instead of having a vulnerability disclosed without a fix.
-
-### What to Expect
-
-When you report a security vulnerability:
-
-1. **Acknowledgment**: We will acknowledge receipt of your report.
-2. **Assessment**: We will assess the vulnerability and determine its impact on our users
-3. **Updates**: We will provide updates on our progress in addressing the vulnerability, and may request you help test mitigations
-4. **Resolution**: Once resolved, we will notify you and discuss coordinated disclosure
-5. **Credit**: We will recognize your contribution (unless you prefer to remain anonymous)
-
-## Security Update Process
-
-When security vulnerabilities are identified:
-
-1. We will develop and test fixes in a private fork
-2. Security updates will be released as soon as possible
-3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible
-4. Critical security updates may be backported to the previous stable release
-
-## Additional Resources
-
-- [Matrix Security Disclosure Policy](https://matrix.org/security-disclosure-policy/)
-- [Continuwuity Documentation](https://continuwuity.org/introduction)
-
----
-
-This security policy was last updated on May 25, 2025.

docs/SUMMARY.md

@@ -20,4 +20,3 @@
   - [Testing](development/testing.md)
   - [Hot Reloading ("Live" Development)](development/hot_reload.md)
 - [Community (and Guidelines)](community.md)
-- [Security](security.md)

docs/security.md

@@ -1 +0,0 @@
-{{#include ../SECURITY.md}}

docs/static/announcements.json

@@ -4,10 +4,6 @@
         {
             "id": 1,
             "message": "Welcome to Continuwuity! Important announcements about the project will appear here."
-        },
-        {
-            "id": 2,
-            "message": "🎉 Continuwuity v0.5.0-rc.6 is now available! This release includes improved knock-restricted room handling, automatic support contact configuration, and a new HTML landing page. Check [the release notes for full details](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.0-rc.6) and upgrade instructions."
         }
     ]
-}
+}

docs/static/announcements.schema.json

@@ -3,7 +3,7 @@
     "$id": "https://continwuity.org/schema/announcements.schema.json",
     "type": "object",
     "properties": {
-      "announcements": {
+      "updates": {
         "type": "array",
         "items": {
           "type": "object",
@@ -16,10 +16,6 @@
             },
             "date": {
               "type": "string"
-            },
-            "mention_room": {
-              "type": "boolean",
-              "description": "Whether to mention the room (@room) when posting this announcement"
             }
           },
           "required": [
@@ -30,6 +26,6 @@
       }
     },
     "required": [
-      "announcements"
+      "updates"
     ]
   }

src/admin/debug/mod.rs

@@ -125,13 +125,13 @@ pub(super) enum DebugCommand {
 		reset: bool,
 	},
 
-	/// - Sign JSON blob
+	/// - Verify json signatures
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.
 	SignJson,
 
-	/// - Verify JSON signatures
+	/// - Verify json signatures
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.

src/api/client/membership.rs

@@ -2162,109 +2162,6 @@ async fn knock_room_by_id_helper(
 		}
 	}
 
-	// For knock_restricted rooms, check if the user meets the restricted conditions
-	// If they do, attempt to join instead of knock
-	// This is not mentioned in the spec, but should be allowable (we're allowed to
-	// auto-join invites to knocked rooms)
-	let join_rule = services.rooms.state_accessor.get_join_rules(room_id).await;
-	if let JoinRule::KnockRestricted(restricted) = &join_rule {
-		let restriction_rooms: Vec<_> = restricted
-			.allow
-			.iter()
-			.filter_map(|a| match a {
-				| AllowRule::RoomMembership(r) => Some(&r.room_id),
-				| _ => None,
-			})
-			.collect();
-
-		// Check if the user is in any of the allowed rooms
-		let mut user_meets_restrictions = false;
-		for restriction_room_id in &restriction_rooms {
-			if services
-				.rooms
-				.state_cache
-				.is_joined(sender_user, restriction_room_id)
-				.await
-			{
-				user_meets_restrictions = true;
-				break;
-			}
-		}
-
-		// If the user meets the restrictions, try joining instead
-		if user_meets_restrictions {
-			debug_info!(
-				"{sender_user} meets the restricted criteria in knock_restricted room \
-				 {room_id}, attempting to join instead of knock"
-			);
-			// For this case, we need to drop the state lock and get a new one in
-			// join_room_by_id_helper We need to release the lock here and let
-			// join_room_by_id_helper acquire it again
-			drop(state_lock);
-			match join_room_by_id_helper(
-				services,
-				sender_user,
-				room_id,
-				reason.clone(),
-				servers,
-				None,
-				&None,
-			)
-			.await
-			{
-				| Ok(_) => return Ok(knock_room::v3::Response::new(room_id.to_owned())),
-				| Err(e) => {
-					debug_warn!(
-						"Failed to convert knock to join for {sender_user} in {room_id}: {e:?}"
-					);
-					// Get a new state lock for the remaining knock logic
-					let new_state_lock = services.rooms.state.mutex.lock(room_id).await;
-
-					let server_in_room = services
-						.rooms
-						.state_cache
-						.server_in_room(services.globals.server_name(), room_id)
-						.await;
-
-					let local_knock = server_in_room
-						|| servers.is_empty()
-						|| (servers.len() == 1 && services.globals.server_is_ours(&servers[0]));
-
-					if local_knock {
-						knock_room_helper_local(
-							services,
-							sender_user,
-							room_id,
-							reason,
-							servers,
-							new_state_lock,
-						)
-						.boxed()
-						.await?;
-					} else {
-						knock_room_helper_remote(
-							services,
-							sender_user,
-							room_id,
-							reason,
-							servers,
-							new_state_lock,
-						)
-						.boxed()
-						.await?;
-					}
-
-					return Ok(knock_room::v3::Response::new(room_id.to_owned()));
-				},
-			}
-		}
-	} else if !matches!(join_rule, JoinRule::Knock | JoinRule::KnockRestricted(_)) {
-		debug_warn!(
-			"{sender_user} attempted to knock on room {room_id} but its join rule is \
-			 {join_rule:?}, not knock or knock_restricted"
-		);
-	}
-
 	let server_in_room = services
 		.rooms
 		.state_cache
@@ -2312,12 +2209,6 @@ async fn knock_room_helper_local(
 		return Err!(Request(Forbidden("This room does not support knocking.")));
 	}
 
-	// Verify that this room has a valid knock or knock_restricted join rule
-	let join_rule = services.rooms.state_accessor.get_join_rules(room_id).await;
-	if !matches!(join_rule, JoinRule::Knock | JoinRule::KnockRestricted(_)) {
-		return Err!(Request(Forbidden("This room's join rule does not allow knocking.")));
-	}
-
 	let content = RoomMemberEventContent {
 		displayname: services.users.displayname(sender_user).await.ok(),
 		avatar_url: services.users.avatar_url(sender_user).await.ok(),

src/build_metadata/build.rs

@@ -79,12 +79,12 @@ fn main() {
 
 	// --- Rerun Triggers ---
 	// TODO: The git rerun triggers seem to always run
-	// // Rerun if the git HEAD changes
-	// println!("cargo:rerun-if-changed=.git/HEAD");
-	// // Rerun if the ref pointed to by HEAD changes (e.g., new commit on branch)
-	// if let Some(ref_path) = run_git_command(&["symbolic-ref", "--quiet", "HEAD"])
-	// { 	println!("cargo:rerun-if-changed=.git/{ref_path}");
-	// }
+	// Rerun if the git HEAD changes
+	println!("cargo:rerun-if-changed=.git/HEAD");
+	// Rerun if the ref pointed to by HEAD changes (e.g., new commit on branch)
+	if let Some(ref_path) = run_git_command(&["symbolic-ref", "--quiet", "HEAD"]) {
+		println!("cargo:rerun-if-changed=.git/{ref_path}");
+	}
 
 	println!("cargo:rerun-if-env-changed=GIT_COMMIT_HASH");
 	println!("cargo:rerun-if-env-changed=GIT_COMMIT_HASH_SHORT");

src/core/config/check.rs

@@ -219,15 +219,6 @@ pub fn check(config: &Config) -> Result {
 		));
 	}
 
-	// Check if support contact information is configured
-	if config.well_known.support_email.is_none() && config.well_known.support_mxid.is_none() {
-		warn!(
-			"No support contact information (support_email or support_mxid) is configured in \
-			 the well_known section. Users in the admin room will be automatically listed as \
-			 support contacts in the /.well-known/matrix/support endpoint."
-		);
-	}
-
 	if config
 		.url_preview_domain_contains_allowlist
 		.contains(&"*".to_owned())

src/core/matrix/state_res/event_auth.rs

@@ -638,7 +638,7 @@ fn valid_membership_change(
 				warn!(?target_user_membership_event_id, "Banned user can't join");
 				false
 			} else if (join_rules == JoinRule::Invite
-                    || room_version.allow_knocking && (join_rules == JoinRule::Knock || matches!(join_rules, JoinRule::KnockRestricted(_))))
+                    || room_version.allow_knocking && join_rules == JoinRule::Knock)
                 // If the join_rule is invite then allow if membership state is invite or join
                     && (target_user_current_membership == MembershipState::Join
                         || target_user_current_membership == MembershipState::Invite)

src/core/mod.rs

@@ -21,10 +21,7 @@ pub use ::toml;
 pub use ::tracing;
 pub use config::Config;
 pub use error::Error;
-pub use info::{
-	rustc_flags_capture, version,
-	version::{name, version},
-};
+pub use info::{rustc_flags_capture, version, version::version};
 pub use matrix::{Event, EventTypeExt, PduCount, PduEvent, PduId, RoomVersion, pdu, state_res};
 pub use server::Server;
 pub use utils::{ctor, dtor, implement, result, result::Result};

src/main/clap.rs

@@ -15,7 +15,7 @@ use conduwuit_core::{
 #[clap(
 	about,
 	long_about = None,
-	name = conduwuit_core::name(),
+	name = "conduwuit",
 	version = conduwuit_core::version(),
 )]
 pub(crate) struct Args {

src/service/announcements/mod.rs

@@ -20,7 +20,7 @@ use std::{sync::Arc, time::Duration};
 use async_trait::async_trait;
 use conduwuit::{Result, Server, debug, info, warn};
 use database::{Deserialized, Map};
-use ruma::events::{Mentions, room::message::RoomMessageEventContent};
+use ruma::events::room::message::RoomMessageEventContent;
 use serde::Deserialize;
 use tokio::{
 	sync::Notify,
@@ -53,8 +53,6 @@ struct CheckForAnnouncementsResponseEntry {
 	id: u64,
 	date: Option<String>,
 	message: String,
-	#[serde(default, skip_serializing_if = "bool::not")]
-	mention_room: bool,
 }
 
 const CHECK_FOR_ANNOUNCEMENTS_URL: &str =
@@ -141,20 +139,19 @@ impl Service {
 		} else {
 			info!("[announcements] {:#}", announcement.message);
 		}
-		let mut message = RoomMessageEventContent::text_markdown(format!(
-			"### New announcement{}\n\n{}",
-			announcement
-				.date
-				.as_ref()
-				.map_or_else(String::new, |date| format!(" - `{date}`")),
-			announcement.message
-		));
 
-		if announcement.mention_room {
-			message = message.add_mentions(Mentions::with_room_mention());
-		}
-
-		self.services.admin.send_message(message).await.ok();
+		self.services
+			.admin
+			.send_message(RoomMessageEventContent::text_markdown(format!(
+				"### New announcement{}\n\n{}",
+				announcement
+					.date
+					.as_ref()
+					.map_or_else(String::new, |date| format!(" - `{date}`")),
+				announcement.message
+			)))
+			.await
+			.ok();
 	}
 
 	#[inline]