Rocket.Chat — Collaboration product updates and releases, tracked on megachangelog.
Version 8.5.0 delivers significant security hardening with stricter access controls and token handling across multiple systems including OAuth, SAML, and file uploads. New features include a Drafts sidebar group, message list virtualization for performance, custom sound REST APIs, improved ABAC administration, and updated runtime to Node.js 22.22.3 and Meteor 3.4.1.
Updated core dependencies including Meteor, core-typings, and rest-typings. Updated engine versions including Node 22.22.3, Deno 2.3.1, MongoDB 8.0, and Apps-Engine 1.63.0-rc.0.
Release candidate 8.5.0-rc.5 includes updated dependencies and bumped Meteor version. Engine versions updated to Node 22.22.3, Deno 2.3.1, MongoDB 8.0, and Apps-Engine 1.63.0-rc.0.
Release candidate update with bumped Meteor version and updated core typings and REST typings packages. Includes Node 22.22.3, MongoDB 8.0, and Apps-Engine 1.63.0-rc.0.
Release candidate with engine version updates (Node 22.22.3, Deno 2.3.1, MongoDB 8.0) and a fix to the Chat Limits locking mechanism allowing bot agents to skip the lock since they aren't subject to chat limits.
Fixed the Chat Limits locking mechanism to allow bot agents to bypass the lock, since they are not subject to rate limits. Updated engine dependencies including Node 22.16.0 and MongoDB 8.0.
Bumped Meteor version and fixed the Chat Limits locking mechanism to allow bot agents to skip the lock since they are not subject to rate limits. Updated core and REST typings dependencies.
Patch release with dependency updates and a fix to the Chat Limits locking mechanism that now allows bot agents to skip the lock since they aren't subject to rate limits.
Release candidate 8.5.0-rc.2 includes updated Node 22.22.3, Deno 2.3.1, MongoDB 8.0, and Apps-Engine 1.63.0-rc.0 with bumped dependencies for core-typings and rest-typings.
Security and stability patch addressing OAuth token cleanup after user deactivation, login token cleanup for idle users, access validation for message translation endpoints, and visitor token exposure. Multiple internal dependencies updated.