8.0.0
Summary
Breaking changes
This release introduces a wide set of breaking changes focused on removing deprecated, end-of-life, and legacy functionality. Support for MongoDB 5.0 and 6.0 has been discontinued, and workspaces must upgrade to MongoDB 8.2 before moving to Rocket.Chat v8.0.0, with a full backup strongly recommended. Several services, settings, and integrations have been removed, including Streamhub, database watchers, Tokenpass OAuth, Mobex and VoxTelesys SMS integrations, second-layer transport encryption, built-in logging tools, legacy Game Center and WebRTC Livechat calls, Off-the-Record messaging, Omnichannel Voice and Current Chats, and the old FreeSwitch-based VoIP architecture. Twilio is now the only supported SMS provider, and admins are expected to rely on the official Prometheus and Grafana monitoring stack for observability. On the API side, the /v1/users.createToken and /v1/e2e.updateGroupKey endpoints have been undeprecated, with added security requirements for token creation. Overall, this release cleans up long-standing deprecated features and shifts workspaces toward modern, supported alternatives, with full details available in the Deprecated and phasing out features documentation.
What's new
This release introduces several notable improvements across access control, federation, voice, and core usability. Attribute-Based Access Control (ABAC) is now available for private channels and teams, giving administrators more precise control by defining access rules based on user attributes rather than relying only on static roles. Rocket.Chat Federation enters beta with built-in Matrix support, enabling secure communication with other Rocket.Chat and Matrix-compatible servers without external homeservers, while offering clearer visibility and simpler configuration. Voice calling has been enhanced with a new call history page and has officially moved out of beta to general availability. Features previously in preview, including quick reactions, timestamp parsing, a resizable contextual bar, and enhanced navigation, are now enabled by default. The release also improves safety in workspace management by reordering buttons in the “Unique ID change detected” modal to reduce the risk of accidental new workspace creation.
Bug fixes
This release includes a broad set of bug fixes that improve reliability, security, and day-to-day usability across the platform. Navigation and startup issues were resolved in Global Search, channel routing after login, embedded iframe usage, and multi-select inputs in rooms. Several authentication and identity fixes address third-party login reliability, repeated 2FA prompts after password changes, and multiple SAML issues, including role precedence, role assignment failures, and support for both role names and IDs. Omnichannel behavior was corrected in multiple areas, ensuring tag visibility respects configuration, agent chat limits are enforced in microservice deployments, and call handling works correctly with Drachtio and WebRTC. Additional fixes include proper device session handling on logout, reliable saving of custom user statuses, and clearer requirements for message attachment fields in messaging and webhook APIs. Finally, a security issue was patched to prevent message content from being written to logs at debug level, reducing the risk of unintended data exposure.
For further details, check out the release notes.
Engine versions
- Node:
22.16.0 - Deno:
1.43.5 - MongoDB:
8.2 - Apps-Engine:
1.59.0
Major Changes
-
(#36829) Removes the deprecated sendConfirmationEmail method
-
(#37460) Removes deprecated
livechat:removeUnitmethod -
(#36836) Removes the deprecated livechat:getTagsList method
Removes the deprecated livechat:getUnitsFromUser method
Removes the deprecated livechat:getFirstRoomMessage method
Removes the deprecated livechat:getDepartmentForwardRestrictions method
-
(#37672) Removes deprecated VoIP permissions
-
(#36941) Makes Voice Calls enabled by default when available
-
(#37672) Removes deprecated VoIP from Omnichannel
-
(#37461) Removes deprecated
livechat:saveUnitmethod
Minor Changes
-
(#36570) REST endpoint
/v1/users.createTokenis not deprecated anymore. It now requires asecretparameter to generate a token for a user. This change is part of the effort to enhance security by ensuring that tokens are generated with an additional layer of validation. Thesecretparameter is validated against a new environment variableCREATE_TOKENS_FOR_USERS_SECRET. -
(#37719) Adds a new method to the Apps-Engine that allows apps to retrieve multiple rooms from database
-
(#37659) Changes the position of the buttons in Unique ID change detected modal in order to highlight configuration update instead of new workspace
-
(#37233) Validates attachment fields to require
titleandvalueproperties on APIschat.postMessageandchat.sendMessage. -
(#37224) Enhance user's deactivated state handling to correctly distinguish between pending and deactivated users.
-
(#37091) Adds Attribute Based Access Control (ABAC) for private channels & private teams.
Patch Changes
-
(#37663 by @lucas-a-pelegrino) Removes the deprecated meteor method:
livechat:saveTag -
(#37688 by @lucas-a-pelegrino) Adds deprecation warning for
livechat:removeMonitorand new endpoint replacing it;livechat/monitor.remove -
(#37690 by @lucas-a-pelegrino) Adds a deprecation warning for
livechat:saveBusinessHourand new endpoint replacing it;livechat/business-hours.save -
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
(#37612) Adds invitation request support to rooms