Skip to content

Release Notes 25.10 LTS

Info

ESS Pro 25.10.0 is the start of the 25.10 LTS series. If you are coming from the immediately prior LTS series, upgrading to 25.10 LTS wil get you all the changes that happened on mainline up to 25.10.

ESS Pro LTS 25.10.7 (2026-02-05)

Fixed

  • Synapse As Tenants: Extra secrets label must be plural.

ESS Pro LTS 25.10.6 (2026-01-22)

Changed

  • Don't configure a bug reporting URL in Element Web by default.

    This is prevent unexpected data leaks. Element strongly recommends configuring the bug reporting URL when encountering issues in Element Web. An example of how this can be done can be found in charts/matrix-stack/ci/fragments/element-web-bugreports.yaml.

  • Adjust generated file copyright headers for 2026.

Fixed

  • Fix the Synapse S3 local media-cleanup script not correctly templating the S3 endpoint URL.

  • Synapse: Fix an issue with the federation reader rust worker causing federation issues.

ESS Pro LTS 25.10.5 (2025-12-19)

Security

  • Follow-up release for the critical update addressing ELEMENTSEC-2025-1670.

    The previous release (25.10.4) contained an issue affecting one of the new code paths. Due to existing fallback behaviour, the issue was effectively mitigated at runtime and did not result in operational breakage other than errors in the logs, but it was nonetheless incorrect behaviour. This follow-up release corrects that issue.

    For users already running 25.10.4, this release is not security-sensitive.

    Users who have not yet upgraded are strongly advised to apply this update as soon as possible, as it includes the fix for ELEMENTSEC-2025-1670.

ESS Pro LTS 25.10.4 (2025-12-19)

Security

  • Fix critical security issue tracked as ELEMENTSEC-2025-1670.

    This release is a critical security update to address an issue affecting all versions of ESS Community and ESS Pro. ESS Classic and other Synapse-based deployments are not affected.

    The issue only has an impact when federation APIs are exposed to an untrusted network. Deployments that are not currently federating, or that only federate in a closed, trusted federation, are not impacted. These deployments should not enable public federation without first applying this update.

    We advise you to apply the update as quickly as possible.

ESS Pro LTS 25.10.3 (2025-12-12)

Added

  • When deploying Synapse As Tenant, it is not necessary any more to set the kube-identifier labels on external secrets. Requires synapse-shards chart 0.6.0.

Changed

  • Unify management of StatefulSet.spec along with Deployment.spec.

  • Upgrade TI-Messenger Sidecar to v1.12.0.

    Highlights:

    • Configure the set of allowed acr and amr claims in the ID TOKEN returned by a Sectoral IdP. Defaults to the list provided in the TI-Messenger ePA Sektoral IdP spec: https://gemspec.gematik.de/docs/gemSpec/gemSpec_IDP_Sek/gemSpec_IDP_Sek_V3.2.0/#A_23129-04

Fixed

  • Ensure spec.replicas is correctly absent when HorizontalPodAutoscalers are in use.

  • Ensure spec.replicas is present when HorizontalPodAutoscaler are requested but not possible in the cluster.

  • Ensure any externally provided password for chart created users has leading & trailing whitespace removed.

ESS Pro LTS 25.10.2 (2025-11-14)

Changed

  • Upgrade Element Web to v1.12.3a.

    Highlights:

    • Fix Element Call widget not working inside Element Web Pro
    • Fix sort order in space hierarchy.
    • New Room list: don't display message preview of thread.

    Full Changelogs:

ESS Pro LTS 25.10.1 (2025-11-06)

Changed

  • Re-add the chart's icon.

  • Upgrade the Synapse Pro Federation Reader to not log all event ids in some situations.

  • Update Element Web's default bug report URL to use the dedicated subdomain for bug reporting.

Fixed

  • Fix an issue where the chart could not be deployed against clusters returning an experimental build.