Rocket.Chat
COLLAB
Velocity5.0
Open-source team communication platform
Rocket.Chat grinds through 8.5/8.6 release candidates with security and federation work underneath
enterprise-securityabacauthenticationfederationrelease-candidates
◆Current state
Rocket.Chat's feed is a stream of 8.5.x and 8.6.x release candidates, most of which are routine meteor version bumps and dependency updates. The substance sits in the .rc.0 cuts, where the real minor changes land: a unified presence engine foundation, attribute-based access control (ABAC) work, and an OAuth security overhaul.
◆Where it's heading
Two themes dominate the meaningful entries: enterprise access control (ABAC with a pluggable attribute store, new admin permissions) and authentication hardening (phishing-resistant MFA, server-side OAuth). Alongside that, federation reliability is being patched. This is a platform deepening its enterprise and self-hosted security posture rather than chasing new user-facing features.
◆Prediction
Expect 8.6.0 to ship the unified presence engine and Virtru-backed ABAC out of RC, with continued federation sync fixes following the message-sync repair work flagged in 8.6.0-rc.1.
◆Recent moves
- 16h agoView source ↗
8.6.0-rc.3
- 6d ago
8.6.0-rc.2
A meteor version bump and dependency updates only. One of the many maintenance RC cuts between substantive releases.
View source ↗ - 7d ago
8.6.0-rc.1
Two real fixes land here: an SSRF-validation bypass so incoming integrations can reach internal hosts, and a federation fix preventing edited/deleted messages in federated rooms from breaking cross-server sync. Part of the ongoing federation reliability push, though it doesn't repair already-affected rooms.
View source ↗ - 12d ago
8.6.0-rc.0
The 8.6 feature cut: a backend foundation for a unified presence engine with priority-based status claims, plus the option to use Virtru as the ABAC attribute store. Both extend Rocket.Chat's enterprise access-control surface rather than its chat UX.
View source ↗ - 22d ago
- 23d ago