A few days after Movim 0.25 Nagata here is a small bugfix release.

In this release you'll find a fix that prevented Firefox to Firefox audio-video calls to happen, a fix for a route parsing issue that was preventing articles to be attached properly in a new publication and a related one that was preventing articles to be shared to chat users.

One small improvement, the one-to-one chat list now includes preview of sent and received images and links.

That's all folks!

#movim #xmpp #bugfix #release

Only a few months after #Movim 0.24 here comes Movim 0.25 Nagata!

Let's have a look at all the new features and fixes that you can find in this exciting #release.

What's new?

Message files refactoring

The attached #message files metadata are now moved to the Movim SQL database, this allows way more flexibility to handle then including the upcoming work on the multi-files per message feature.

Along this change comes the support of thumbhash. The general idea is to build a small blurred version of the image that can be transferred and store inside the message metadata and then render it as a placeholder for the image before it gets downloaded.

Internal file upload proxy, bye bye CORS!

When you upload a file on Movim, it is not store in Movim itself but directly on your #XMPP server File Upload Service.

This feature, defined in XEP-0363: HTTP File Upload is pretty useful and widely implemented in the XMPP ecosystem. However XMPP web clients, such as Movim, have to deal with browser related limitations called #CORS (Cross-origin resource sharing) that needs some more configuration on the XMPP servers to allow upload files from domains that are not the same as the XMPP file #upload service one.

This new version comes with an internal file upload proxy, basically your file is first uploaded to a temporary script in Movim that then take care to upload it to your XMPP File Upload Service. This change makes all those configuration obsolete and greatly simplify the Movim deployment and configuration.

One small detail, please ensure that your PHP upload_max_filesize internal setting is large enough to handle the files that will be uploaded to the XMPP servers, somes are allowing up to a few hundreds megabytes for the maximum file sizes.

Automatic Nightmode 🌙

Movim is having a Nightmode toggle for a while already. A few internal changes is now allowing Movim to just follow your browser or operating system directives.

XEP-0410: MUC Self-Ping (Schrödinger's Chat)

As defined in the introduction of the XEP:

The Multi-User Chat (XEP-0045) [1] protocol was not designed to handle s2s interruptions or message loss well. Rather often, the restart of a server or a component causes a client to believe that it is still joined to a given chatroom, while the chatroom service does not know of this occupant.

Movim is now implementing the basic features of this XMPP extension and therefore automatically disconnect your from a chatroom if no activity was detected for a few minutes and if the ping doesn't come back positively. It was reported in the issue 1164.

Various other fixes

This version also fixes a few issues like a bug that prevented sometimes Movim to resynchronize the conversations history for one-to-one discussions, a SRV record certificate validation misconfiguration or a wrong priority of the XEP-0319: Last User Interaction over the XEP-0203: Delayed Delivery presences that were giving wrong information regarding your contact "last activity".

What's next?

This release should be the last one before some exciting huge set of features, with the support of the NLNet Fundation that will be integrated in Movim in the upcoming months. It seems that it should improve a few things regarding audio and video calls, stay tuned! 👀

Hope that you'll enjoy all those changes 😊

That's all folks!

A few days after the 0.24 announcement we are releasing a 0.24.1 that fixes a few small things.

bcrypt passwords and null characters

Movim was using the null character (\0) to concatenate some strings to create a hash. Some recent minor PHP #release forbid the presence of such character for this usage in #bcrypt.

This was documented and fixed in the ticket #1311.

Small interface fixes

An error in the Notification tab was preventing users to read the content of the comments that were done under their publications, a placeholder image was added to the Send To drawer if no Communities are currently subscribed and some small CSS padding were fixed to make the interface more consistent.

Enjoy !

Movim 0.24, codename Mueller is out. Let's dive in all the new exciting things that you can find in this new release!

What's new?

XEP-0386: Bind 2, XEP-0388: Extensible SASL Profile and XEP-0474: SASL SCRAM Downgrade Protection

Movim was definitely not the first one integrating those XMPP extensions but their implementation finally brings a much modern authentication stack to the project.

Bind 2 and Extensible SASL Profile greatly simplifies the authentication flow allowing Movim to connect (and reconnect) even faster, don't worry the older method is still there and will allow you to connect on #XMPP servers that don't support yet this new mechanism.

SASL SCRAM Downgrade Protection is a small security layer that sits on top of SASL (the authentication framework used by XMPP) to prevent channel-binding downgrades attack during the handshakes methods. It starts to be enforced by several servers nowadays such as ejabberd.

We would like to thank fabiang that did an awesome work on the #PHP #SASL library to add the SCRAM Downgrade Protection to it and allow a proper integration of the feature in Movim. Thanks!

Complete page navigation loading refactoring

You may not have seen it but a big #refactoring work was done under the hood to greatly simplify the navigation system in Movim.

This allows you to have a working and reliable "back-button" experience across the user interface. It is actually especially noticeable on mobile where the back button is used a lot to switch between the different UI elements (drawers, pages, sliders...).

This refactoring also fixed a few important bugs regarding the user interface internal events that were creating weird behaviors. For example, in some cases, when you were loading several time the same page in a row, the same event was attached several time to some buttons creating an mess when clicking on it.

And finally the browser - server connection (that relies on a Websocket) was also refactored and simplified fixing numerous connectivity bugs that we had until now.

Changes when publishing an article

The post publication form was slightly reorganized. The post privacy toggle was more clearly defined and another one, to disable comments and likes, was added next to it.

Interface improvements

Since its big rewrite in 2014 Movim relies on the Google #Material Design system. This version continue the integration of Material 3 with the redesign of the search and chat boxes as well as small forms and buttons details.

A new placeholder was also added when starting a new chat allowing you to quickly add the user to your contact list or block him.

Other fixes and improvements

A few #OMEMO bugs were also fixed, especially the bug #1261 that was preventing Movim users to decrypt their own messages in chatrooms.

We also fixed an annoying video-conferencing bug (#1274) that was preventing Movim to accept some specific audio and video calls. This allows Movim to process calls properly coming from #SIP bridges and to connect with SIP clients like Linphone !

We would like to especially thanks toastal for his several contributions to the project including internal image size picture management, a big refactoring of the internal language management system and some more minor interface and performances fixes.

What's next?

This version prepared the last important bricks required to introduce the early steps of the big audio and video-conferencing refactoring, especially with all the navigation and interface internal events management that was done the past few releases.

We will tell you more about it soon, stay tuned!

In the meantime, please share the good news around you and don't forget to update your server if you're an admin!

That's all folks!

Movim 0.23, codename Kojima is finally out.

This version brings a lot of fixes, refactoring and a few new exciting features, lets have a look!

What's new?

Improved message bubbles and navigation

A big refactoring of the chat message bubbles internal structure and display was done. This fixes a few old issues regarding the dates separation and their status (received, read, encrypted..).

The messages statuses are now also displayed for the non-textual messages (pictures and audio) and the message menu can be triggered when previewing its attached picture.

XEP-0191: Blocking Command

Movim had its own internal system to allow its users to block specific accounts. While keeping exactly the same flows and behaviors the blocked list is now relying on the XEP-0191 that allows to synchronize on the XMPP account level. The incoming messages are also now directly blocked on the XMPP server and not in Movim anymore.

Messages history retrieval via MAM

Message Archive Management, or MAM is one of the core XMPP XEP that allows clients to retrieve and manage messages from the XMPP server archives.

Movim had a quite basic implementation of MAM until now, the 0.23 allows users to scroll-back any discussions (one to one and chatrooms) and progressively retrieve the complete chat history. The messages are then cached in the Movim database to ensure good performances.

UI improvements and other small features

Kojima is bringing a complete new pack of icons and a few related UI changes to integrate them properly during the navigation and in some specific user flows.

The Tenor integration was fixed and upgraded to the v2.0 of their API allow you to send and receive again funny GIFs while chatting!

On the other hand the Twitter integration was completely dropped regarding their recent political changes and API limitation. Bye bye Elon!

Progressive Web App integration

As you may have noticed, Movim is a Progressive Web App! This means that you don't need a specific store to get it, you can can directly install it from you prefered browser (Chrome, Firefox, Safari..) and your operating system will take care of building a "native" application out of it.

A few small improvement were added in the 0.23 allowing an even better integration. Movim is now aware of your system network connectivity and automatically disconnect and reconnect/refresh when you get back online, very practical when you're using it on your phone is an area where the network is not that great.

What's next?

This version is a stepping stone before jumping into the big project that will occupy me the whole rest of the year.

The next version(s) will bring a complete refactoring and redesign of the audio-video calls as well as the suport of multi-participants calls. I will work closely with a few other XMPP clients and server teams to ensure that the integration is properly standardized and fully compatible.

I'll give you some more information about that soon.

In the meantime, enjoy the new release!

That's all folks :)

Hi everyone!

I'm happy to announce that #Movim 0.22.3 has been released. In this small #release, among some bug fixes you will find:

XEP-0425: Message Moderation

Movim is now supporting message moderation in chatrooms. This will allow admins to moderate bad messages in a few clicks.

Movim is also now handling moderated and removed messages coming from bridged accounts. Deleted messages on Telegram bridged using Slidge will be properly handled and removed in Movim accordingly.

Improved avatars

Some small cleanup were done regarding avatar display. Newly uploaded avatars are now 512x512px !

Fixes fixes fixes

A dumb mistake, that was preventing likes and comments to be published under articles has been fixed as well as a Docker related issue that was preventing to serve some files properly.

Enjoy!

Hi everyone!

Another small bugfix #release. Lets have a look!

New design for the navigation bars

This version introduce a new design for the navigation bars, both on desktop and mobile. Nothing big but it should gives some more feedback when navigating between the different Movim zones.

Avatars refresh fixes

Several bugs around the avatars refresh were also fixed. #Movim now properly check if the #avatar is not already in cache before trying to refresh it again.

The avatar refresh queries are also now spread in time using a super simple scheduler. This helps lowering the network (and I/O) load when logging in.

Some avatars placeholders were also not displayed in some chatrooms, this version fix this small issue.

Chatroom administration panel

The previous version introduced a refactor that broke the #chatroom administration panel access. Its now fixed ☺️

join.movim.eu fixes

Not directly related with this release, but join.movim.eu was also updated to support the newest Movim versions. If you are a server admin, do not hesitate to register your instance there ☺️

That's all folks!

A small #release but with a couple of performances improvements and bug fixes.

Confidentiality settings 🔒

The configuration page was reorganized and all the confidentiality setting are now grouped in one unique section.

Linked to that, if you choose to keep your profile private, Movim is now completely disabling your public page, blog and links to your profile.

Fixes

RatchetPHP

Movim is relying on Ratchet to manage its Websockets. We moved to the fork maintained by Plesk that upgrated and is now maintaining the project. See the related ticket. This upgrade fixes the related code Warnings under PHP 8.2 as well.

Bookmarks 2 🔖

0.22 brought a refactor of the internal XMPP Pubsub related code. This change broke the #Bookmarks management. This version fixes it.

Video-conferencing fixes 📹

Movim has now some basic support of MSID in SDP (what does it means ?). This basically fixes video-conferencing between #Movim and Conversations.

Performances improvements 🚀

Maybe one of the most noticeable changes of this release are the two database related fixes that are bringing important #performances boosts (under certain conditions):

• Some large chatrooms, with plenty of messages, were taking many seconds to load. This was caused by Movim trying to find the current room subject in the #database before displaying the room panel. The related query was rewritten to reduce considerably its execution time.
• The unread messages counter database query, that was known to be one of the slowest part of Movim, was also rewritten to divide by 2 its execution time. On top of that a new index was added to boost even more its performances. This should greatly improve the chat conversations and page load time on large accounts.

And finally, some pictures, avatars and icons are now loaded lazily. This means that your phone or browser will not load them before they are actively displayed on your screen. This greatly reduce the server load and page display time.

Enjoy

Only a few months after Movim 0.21 - Whipple we are releasing Movim 0.22, codename Kowal.

This version was more focused on stabilization, cleanup and refactoring but also introduces a couple of new exciting features. It requires PHP8.1+ to work properly.

Let's dive in!

Blog privacy toggle

Already introduced in a previous blog post this new feature allow you to change your blog privacy level between "public" and "subscribers only".

Global OMEMO toggle

After some feedback from the community a global #OMEMO toggle was introduced in the settings. OMEMO is therefore disabled by default from this version.

This decision is especially linked with the current encryption implementation that relies on libsignal-protocol-javascript that is deprecated by their authors. The performances of this library are not that great, especially on mobile devices, which caused lots of accessibility issues for some Movim newcomers.

For now, no serious alternative are available, if you know one do not hesitate to tell us about it.

Fixes and improvement around audio-video calls

Several small tickets (#1212, #1213, #1214) linked to the the audio-video call integration and compatibility with other clients were fixed.

Missed and refused call events are also now tracked properly and displayed in your contacts conversations.

Cleaner URLs

The ? was (finally) removed in front of all the URLs! While being way cleaner it also fixes some issues when #Movim URLs were shared around, especially on some other social-networks. Don't worry about retro-compatibility, existing URLs are redirected to the new format.

Rewrite of the XEP-0077: In-Band Registration related code

Movim is supporting XEP-0077 for close than 10 years now and this code was never really refactored since then. All the #XMPP code, and related user flow, were cleaned and upgraded to the latest Movim standard, fixing a few issues in the meantime!

New Chat bubble design and interaction

Kowal introduce a totally new way of interacting with the chat bubbles.

While keeping the small actions icons on desktop it is now possible to simply click (or tap) on the bubbles to open a sub-menu which presents all the actions available.

This menu allows you to react, retract, reply and copy the message content in one click/tap. Easy!

Under the hood... or not

An important refactoring was done to simplify and factorize redundant items in the UI. This brought some big code cleanup, both on the front part (what is taking care of what you see) of Movim but also in the core and XMPP layers. The code was modernized and ported to PHP8.1+ in many places as well.

Several Pubsub related issues were fixed improving the compatibility with existing XMPP servers such as Prosody or ejabberd (see the related ticket). Movim now detect Pubsub nodes misconfiguration and reconfigure them properly to respect the privacy and settings specified in all the Pubsub related implemented XEPs that it supports.

This refactoring also brought some small UI improvements such as a new design for the contact status bubbles and a totally new way to handle Contacts and Communities avatars. We are strongly advising you to configure the Picture Proxy Cache on your Web Server when upgrading to greatly improve the page load time.

Two important security fixes

CVE-2023-2848 fixes a security issues that allows under certain circumstances to open a #Websocket to Movim from a different domain. It was fixed in this commit.

CVE-2023-2849 is not directly linked with Movim itself but the related server configuration.

When the domain that host upload files is the same as where Movim is hosted it is possible to upload a malicious Javascript file and execute it in the Movim sandbox. The attack surface is really minimal but we advise you to ensure that such case cannot happen on your instance. To do so you can use different domains between the two services or force the browser to handle all the uploaded files as attachments and not inline elements using a simple HTTP header:

    add_header Content-Disposition attachment;

What's next?

The multi-part audio and video-conference feature that was planned for the 0.22 is pushed back to the 0.23. The amount of work planned for that is quite big, therefore it was more relevant to move all the code cleanup and refactoring plans in Kowal and have this milestone before jumping into this new exciting feature set !

As always, if you find issues or want to share some feedback you have on the project, you can find how to contact us on our official website and our Github.

That's all folks!