Releases: ancsemi/Haven
Releases · ancsemi/Haven
Release list
v3.10.13
What's Changed
Added
- Role Management: "Members" button — assign or remove a role directly from the role detail panel. Opens a searchable member list showing who holds the role with Assign/Remove toggles per member.
- #5248: Client-side DM search — search runs locally against cached history for instant results, falls back to server for older messages.
Fixed
- Voice speaking indicator stops illuminating after a while in VC — the self-speaking highlight was driven by the server echoing
voice-speakingback. If the socket briefly lost itsvoice:channelroom membership, the echo never arrived and the indicator went permanently dark. Now driven directly by the local mic analyser — instant and reliable. - Desktop: hard page reload during screen sharing (~every 2 minutes) — screen sharing pushed memory above the 512 MB threshold, triggering a hard reload. Threshold raised to 1536 MB, soft-trim to 500 MB, cooldown extended to 5 minutes. Hard reload now skipped entirely when user is in voice or screen sharing.
- Voice: temp-voice channel deleted on brief disconnect — kicking users back to the welcome screen. An 8-second grace period now delays deletion; rejoining within the window cancels it. Intentional
voice-leavestill cleans up immediately. - Server
pingTimeoutraised 30 s → 60 s to prevent spurious disconnects during screen-share sessions. - Channel category collapse not persisting after server restart — localStorage key was case-sensitive and could mismatch between restarts. Key is now always lowercase.
- #5309: SVG attachments not rendering inline —
_isImageUrland the E2E matcher now accept.svg/image/svg+xmlwith a strict CSP to block script execution. - #5324: Images pasted into DM PiP sent as download attachments — raster images pasted in PiP now use the E2E-aware
_uploadImagepath. - #5325: Missing CSS for burn-after-read feature.
- PiP DM: slash commands now processed before sending (was sent as literal text).
- PiP DM message deletion now passes the correct channel code.
- Confirm modal sizing — non-resizable, tighter layout.
- Duplicate role button now uses the themed prompt modal instead of
window.prompt.
Full Changelog: https://github.com/ancsemi/Haven/blob/main/CHANGELOG.md
v3.10.12
What's new
Added
- #5280: Burn-after-read DMs (Signal-style click-to-reveal self-destructing messages)
- #5282: Orphan-DM watchdog -- auto-cleans up DM channels whose participants deleted their accounts, moves attachments to deleted-attachments/
- #5255: PTT recorder improvements (Haven Desktop) -- lone modifiers (just Alt/Ctrl/Shift) commit on keyup; extra mouse buttons (Mouse4/5) now bindable; hold/toggle mode select replaces the hardcoded toggle label
Fixed
- #5323: Large streaming sessions no longer trigger the auth rate limiter -- /validate and other token-check GETs that fire on every page load were consuming the 20-req/15min limit. The limiter now only applies to routes that actually accept passwords or 2FA codes (login, register, TOTP, change-password, etc.)
- #5307 / PR #5312: All delete confirmations now use the themed modal instead of the browser's native confirm() dialog. Channel delete previously chained two native popups; they're merged into one themed modal. Button label also auto-sets to Delete instead of Confirm when danger is true
- #5310 / #5308: DM uploads were only encrypted for images -- drag-and-drop, clipboard paste of non-image files, and DM PiP pastes now go through the E2E path
- #5311: Collapsed sub-channel tag rows now show an unread indicator
- Slash command autocomplete: pressing Enter now selects the active suggestion (only Tab worked before, so /commands sent as partial text in DMs)
- Server unread-dot not lighting up in desktop sidebar
- Thread replies no longer count toward channel unread badge
- Muting a channel now suppresses unread badge/dot
- Various DM mark-read race conditions and PiP fixes
- Win95 theme dark-sections, divider, and z-index fixes
3.10.7 through 3.10.11 highlights
- DM mark-read race condition fixed (debounce snapshot, immediate server emit)
- Win95 theme divider cleanup
- Desktop server-icon unread dots now survive renderer reloads
- Pin icon dot is now a read-receipt (only lights up for unread pins)
- DM PiP mark-read persists server-side
- Peer voice survives screen-share renegotiation; sharing icons appear immediately for others
Full details in CHANGELOG.md
v3.10.6
v3.10.6
Bug-fix release covering all server changes since v3.10.4 (v3.10.5 was rolled into this tag rather than published separately).
Win95 theme fixes (this release)
- Win95 "dark sections" bug — the welcome screen and right members panel could render near-black under the win95 theme while the explicitly-styled left sidebar and channel header still looked correct. Root cause was a stale inline CSS custom property (e.g.
--bg-primary) left on:rootfrom a priorcustom/rgbtheme session that wasn't cleared before the user landed on win95, so any surface relying onvar(--bg-primary)inherited the dark colour.theme-init.jsnow strips known custom-theme inline vars from:rooton load whenever the saved theme is notcustomorrgb, and the win95 stylesheet now explicitly paints body, message area, messages, welcome screen, members panel and sidebar sections with#bfbfbf !importantso even an exotic var leak can't paint them dark. - Softer Win95 message dividers (Amnibro feedback) — the per-row
#808080border between every consecutive line in a message group was distracting. The full-width row border-bottom is removed; dividers now appear only between message groups (the boundary between one author's burst and the next) as a subtle 1px#c8c8c8top-border with a small spacer.
Other fixes / improvements (this release)
- #5304: Multi-tier nested markdown lists — the message renderer's old flat regex coalesced any indented
-or1.line into a single top-level list. The renderer is now a small stack-based parser that tracks{ ordered, depth }and produces correctly nested<ul>/<ol>trees. 2 spaces (or 1 tab) per level; mixed-,*,+andN.markers at different depths are supported. - #5267: "Update Now" button in admin Update panel was silently inert under Docker — it now stays enabled regardless of install method. Click re-runs the update check, and for non-runnable methods (Docker, manual) the result modal renders the upgrade command in a code block with a Copy button (and a toast confirms when there's nothing to do).
- YouTube embeds now recognise live,
/v/andgaming.youtube.comURLs — previously only the canonicalwatch?v=andyoutu.be/forms produced a player; livestream links pasted from a phone share sheet now embed correctly. - #5230 docs: README now calls out the
HAVEN_DATA_DIRpitfall when running under systemd — services launched under systemd typically don't inherit the user's interactiveHAVEN_DATA_DIR, so Haven defaults to/root/.havenand silently "loses" your existing data. The Data Directory table now points at the unit-fileEnvironment=line as the supported way to make the variable visible to the service. - Donor list refreshed — added ColKlink and Brian "TGS" Gilliford. Thank you both!
Carried over from un-tagged 3.10.5 work
- #5301: Quick reaction picker and customize-quick-reactions panel were missing emoji name tooltips — both surfaces now show the emoji name on hover, with custom emojis showing their
:name:form. - #5297: Several slash commands still didn't work in DMs — the end-to-end DM client now mirrors the full server-side slash-command map, so
/disapprove,/brb,/afk,/flip,/roll,/hug,/wave,/bbs,/boobs,/buttetc. all behave the same as in normal channels. - #5299: DM attachment cleanup didn't fire when the other member of the DM deleted the message, or when the entire DM was deleted — server-side
delete-messagenow accepts the client-supplied attachment list for any DM (not just the original author), anddelete-dmnow scans every plaintext message for/uploads/...URLs (and accepts decrypted URLs from the client for E2E messages) before dropping the DM rows. - Themed confirm modal helper — message-action confirms (delete message, pin message, delete DM) now use the in-app
.modal-overlaystyling instead of the native browser/Electron popup, so they pick up your theme. - Nested-unread "look inside" indicator on category labels and on parent channels with sub-channels — when a section is expanded but contains an unread channel below the fold, a small accent-coloured dot appears on the parent header. The dot is intentionally distinct from the regular count bubble (which still appears when the section is collapsed).
- #5305 / screen-share: the streamer now sees the actual audio mode in use, instead of the requested mode that may not have been honoured.
Upgrade
- Docker:
docker compose pull && docker compose up -d - Bare metal / Node:
git pull && npm ci && pm2 restart haven(or your service manager equivalent) - Desktop client: updates ship via the Haven-Desktop CI on its own cadence; this release is server-side only.
Full changelog: CHANGELOG.md
v3.10.4
Fixed
- Self-DM ("Notes to self") sometimes wouldn't open the picture-in-picture panel — reported by SerChiz. The PiP would show a loading state forever (or appear not to open at all) in specific edge cases: when the same DM was already the user's active main channel, when the local end-to-end key cache was missing the user's own key for self-DMs, or when the partner key fetch silently stalled. The PiP now (a) renders message history regardless of which channel is currently focused, (b) seeds the partner key for self-DMs from the local E2E key directly without a server round-trip, and (c) replaces the "Loading…" placeholder with a friendly fallback after 6 seconds so the panel never appears stuck.
- DM picture-in-picture didn't actively clear unread for the DM open in the panel — new messages arriving for the active PiP DM now mark the DM as read (and clear its unread badge) instead of bumping the unread count, so the badge no longer sticks while you're already reading the conversation.
v3.10.3
This release rolls up everything from 3.10.1, 3.10.2, and 3.10.3 (the in-between versions were CHANGELOG entries only and were never tagged separately).
3.10.3
Added
#channelautocomplete in the message composer (matches the existing@and:emoji:autocompletes; underscore-aware insertion).
Fixed
- DM picture-in-picture panel hidden behind the chat input action bar (raised z-index).
- Inviting a user to a channel showed a red error toast on success; now a green success toast.
- DM E2E attachments left orphaned on disk after deleting the message.
- Server admins couldn't toggle auto-backup settings from the UI (the
update-server-settingallow-list was missing theauto_backup_*keys). - Mobile: sidebar stayed open after tapping a DM in the list.
- Mobile: modal expand/close buttons drifted out of alignment on small screens.
- Voice: self-talking highlight didn't survive a left-sidebar re-render.
- Voice: reverted the always-on local talk highlight regression from 3.10.2; now an opt-in Debug toggle, default off.
- Settings: Force SDR (sRGB) toggle was visible in the web client; it's desktop-only and now lives in the Debug section.
3.10.2
Added
- Pinned-message indicator on the channel header pin button: shows a small accent-colored dot when the active channel has at least one pinned message. Updates live as messages are pinned/unpinned.
Fixed
- Server settings categories missing for non-admin server managers: users with the
manage_serverpermission were missing every category in Settings → Admin because the nav was looking for a stale element.manage_servernow reveals the full set of server-management categories (branding, members, whitelist, invite, cleanup, backup, limits, tunnel, bots, import, mod mode). - Inconsistent ordering between a message and its attachment when both share the same
created_attimestamp. Message queries now usem.idas a stable secondary sort key. - Desktop crash on launch when a saved server's hostname stopped resolving (also fixed in Haven Desktop 1.4.2).
3.10.1
Added
@everyoneand@herementions: typing them now produces a real highlighted mention that pings every member of the channel (subject tomention_everyone). Both options also appear in the@-autocomplete dropdown when you have permission. Senders without permission have the trigger silently neutralized server-side.#channel-nameautolinks:#general(or any channel name) inside a message becomes a clickable channel link. Names matched case-insensitively against channels you can see.- Duplicate Role button in the role editor: clones a role's level, color, icon, and permissions. Auto-assign and channel-access linkage are intentionally not copied.
Fixed
- Voice chat: occasional one-way audio when joining an existing call. ICE candidates that arrived before the remote SDP description was set were being silently dropped. Candidates are now buffered per-peer and flushed after
setRemoteDescription. - DM picture-in-picture: first-message vs reply indentation mismatch. Every line in the PiP now aligns identically.
- DM picture-in-picture: clicking an emoji in the reaction picker did nothing.
add-reaction/remove-reactionwere resolving the channel from the main pane's socket state. The lookup now uses the message's actual channel. - Threads: web users seeing
X repliesbut no messages, and the reply box discarding sends. Same root cause:get-thread-messagesandsend-thread-messagenow resolve the channel from the parent message instead of stale socket state. - Desktop: server restart kicked users back to Host or Join (also fixed in Haven Desktop 1.4.1, transient retries with exponential back-off).
v3.10.0
Added
- Drag-and-drop server reordering in the sidebar — remote Haven servers in the left rail can now be reordered by dragging, just like channels. The new order persists locally and syncs across your devices via the same encrypted bundle the sidebar already uses.
- \View Audit Log\ permission — the audit log is no longer admin-only. Any role with the new \View Audit Log\ permission can open Settings → Admin → Audit Log and read the record (no other admin powers required).
Fixed
- Tag category headers in the Organize modal didn't actually reorder when dropped — the per-tag sort dropdown inside each header was swallowing drag events on some browsers, so dragging looked like it worked but nothing moved. Switched to event delegation on the list container so dragover/drop fire reliably.
v3.8.0
What's new in v3.8.0
Added
- DM Picture-in-Picture panel — DMs can now be opened in a floating PiP panel with full-fidelity message rendering (markdown tables, images, reactions, reply context), E2E message decryption, thread-parent context, and a channel picker for switching conversations without leaving the current view.
- Backup option to include or exclude DMs — the backup export now includes a toggle to opt DMs in or out of the backup. (#5277)
- Configurable purge-on-ban — admins can choose whether banning a member also purges their messages, and customize the placeholder text shown in place of purged messages. (#5279)
- Server name and icon in browser tab — the document title and favicon now reflect the currently active server name and icon. (#5284)
Fixed
- DM PiP E2E messages showing raw ciphertext — encrypted DM messages in the PiP panel now decrypt correctly.
- Thread mention notifications not loading — bumped module cache versions so mention pills in thread notification toasts resolve correctly.
- Message input auto-focusing on touch devices — the message input no longer grabs focus automatically on touch/mobile, preventing the on-screen keyboard from popping up unexpectedly. (#5285)
- Phantom channel unread count from thread replies — thread reply messages were being counted as channel unreads, causing stuck badges. The unread count, latest-id, and mark-read queries now all exclude thread replies.
- Phantom desktop taskbar badge with no in-app indicator — background server views could trigger the taskbar badge for servers with no visible sidebar icon. The badge now only fires when at least one open view can surface that server's unreads. (#5269)
- Auto-backup admin endpoints returning 404 — the auto-backup and update routes were registered after the catch-all 404 handler. Moved the catch-all to the very end so all admin endpoints resolve. (#5268)
- Server unread-dot not lighting up in the desktop sidebar — URL normalization mismatch prevented the dot from matching. Both sides are now normalized before comparing.
- Channel marked as read while its server view is in the background — background servers now correctly accrue unreads instead of auto-clearing them.
- Random @text\ rendering as a real mention — only login/display names that actually belong to a channel member get the mention pill. (#5273)
- First-load mentions showing login names instead of display names — the message list now refreshes once members arrive so display names appear on first render. (#5273)
- Members modal channel counts inflated by DMs and stale rows — the count now filters to non-DM, active channels only.
- Empty temporary voice channels lingering after everyone left — added a 60-second safety-net sweep that prunes empty temp voice channels.
v3.7.0
What's new
Added
- Scheduled auto-backups — configure automatic server backups on a schedule (daily, weekly, etc.) from the Admin panel. (#5268)
- In-app update check — Haven now checks for new releases and shows a banner in the Admin panel when an update is available. (#5267)
- Add all server members to channel — channel creation now has an option to add all existing server members at once. (#5271)
- @mentions for usernames with spaces — display names and usernames with spaces can now be @mentioned correctly. (#5273)
- Desktop → web client server list bootstrap — the web client now inherits the server list from Haven Desktop on first load.
Fixed
- Mention display-name dedup — server-side deduplication prevents duplicate display names in mention autocomplete; autocomplete inserts the login name when a display name differs. (#5273)
- Server unread dot desktop-only — the unread indicator dot is now only shown in the Desktop app. (#5269)
- Mobile responsive layout — fixed several layout regressions on mobile viewports. (#5272, #5274)
v3.6.0
What's new
Added
- Channel and message deep links — right-click any channel or DM to copy a shareable deep link. The message toolbar gains a copy-link button that jumps directly to the message after navigating. Links survive login via sessionStorage handoff.
- Admin remote backup and restore — the Admin settings tab now includes a Backup section with configurable export checkboxes (channels/roles, users, server settings, messages, uploaded files) and a restore upload field. Restore stages the data and exits so a supervisor (Docker, systemd, installer service) restarts Haven; the previous DB and uploads are preserved as .pre-restore\ copies for one cycle.
Fixed
- Server icon URL cache-busting — server icon URLs are now cache-busted to bypass stale entries left over from before cross-origin support was added. (#5240)
- Server list subpath URL preservation — subpath-based server URLs (e.g. \https://host/community\) are now correctly preserved during normalization instead of being stripped to the origin.
- SSO consent validate timeout — tightened the SSO validate request to 4 seconds (watchdog at 5s) with fallback to the cached profile, preventing consent screens from getting stuck when validation is slow.
Security
- Cross-Origin-Resource-Policy and Vary headers — image and health endpoints now return \Cross-Origin-Resource-Policy: cross-origin\ and \Vary: Origin\ to support cross-server icon loading without CORS errors.
Haven v3.5.0
Haven v3.5.0
Added
- Threaded replies with a dedicated side panel, thread previews, and live thread metadata.
- Thread panel PiP mode and resize support for multitasking.
- Message toolbar customization: icon style (monochrome/emoji), visible slots, and action ordering.
Fixed
- SSO consent/auth flow reliability with better status handling, timeouts, and profile handoff.
- Invite query persistence through auth redirects so vanity links carry through login/register.
- Thread replies are excluded from main channel history queries to avoid duplicate timeline rendering.
- Cache-busting version query injection reliability for static assets.
Changed
- Added thread schema support (
messages.thread_id) with indexing and socket handlers. - SSO auth response now includes display name metadata and tighter origin/CORS handling.