Jitsi

Recent Commits

• bgrozev (16 Jun 26)

  test(connectivity): add P2P and TURN connectivity tests (#17497) * test(connectivity): add P2P and TURN connectivity tests * test: scope on-failure test skipping to the failing describe block

• Joe Landry (12 Jun 26)

  fix(mobile) clamp computed avatar sizes to positive values

• Boris Grozev (11 Jun 26)

  test(transcriptions): make jigasi transcription mode configurable The transcriptions spec always ran the non-async (jigasi-based) transcription case. Gate it behind a new (deprecated) jigasiTranscription expectation, matching how the async case is gated by asyncTranscription.

• Calin-Teodor (11 Jun 26)

  fix(polls): call useKeyboardVisible unconditionally

• Calinteodor (11 Jun 26)

  feat(carmode): fix mute icon visiblity related to android (#17485) * Fix carmode icon mute visibility issue, bump react native svg version and add script that cleans AGP CMake which was pointing to old cached files, thus making build fail.

• Jaya Allamsetty (10 Jun 26)

  chore(deps) lib-jitsi-meet@latest https://github.com/jitsi/lib-jitsi-meet/compare/v2162.0.0+341009ce...v2164.0.0+3df0d953

• Jaya Allamsetty (10 Jun 26)

  fix(ui): drop stale createRoot when its container is replaced

• Jaya Allamsetty (10 Jun 26)

  fix(ui): guard createRoot/isVisible against missing DOM containers

• damencho (09 Jun 26)

  test(wdio): treat worker killed mid-teardown as benign The onWorkerEnd handler already ignores the Firefox/grid post-test session-DELETE crash when the worker logs an explicit "WebDriverError ... timeout ... method DELETE" line. But the grid can also kill the worker mid-DELETE, truncating the log before that line is ever written, which fell through to a synthesized "Test runner crashed" broken result even though the suite ran to completion. Recognize that second variant in isPostTestSessionDeleteTimeout (afterSuite finished + after hook finished + a session DELETE was issued) and, in the benign branch, also write a passing allure entry so the spec stays visible in the report instead of vanishing when no reporter flushed.

• David Szabo (10 Jun 26)

  fix(time-timer): anchor elapsed to scheduled start, not join time The meeting timer must reflect the meeting's fixed schedule, identically for every participant at a given wall-clock moment — independent of when anyone (including the organizer) happens to join. Previously the calendar path clamped elapsed-since-scheduled-start to 0 at join (Math.max(0, now - start)), and the reducer clamped it again. A participant who joined N minutes before the scheduled start therefore had their timer anchored to their join moment instead of the schedule: a 30-min meeting joined 10 min early showed 10:00 elapsed at the real start and flipped to the red over-schedule state 10 min before the meeting actually ended. Stop clamping. elapsed-since-scheduled-start may now be negative (joined before the start) or exceed the duration (joined after the end); the reducer pins the absolute scheduled end from it and derives everything from that timestamp. An early joiner sees the full duration (00:00 elapsed) until the scheduled start arrives, then the counter climbs and lands on the limit exactly at the scheduled end. The iframe-API setMeetingTimer command accepts a negative elapsed for the same reason. Adds an e2e case for the early-join (negative elapsed) path.

• Calinteodor (10 Jun 26)

  feat(breakout-rooms): unify components into BreakoutRoom

• Boris Grozev (09 Jun 26)

  test(mod_filter_iq_rayo): add tests for header stripping and JvbRoomPassword

• damencho (08 Jun 26)

  fix: Cleans some rayo headers.

• Calin-Teodor (09 Jun 26)

  Revert "chore(ios/sdk): source proxy bridge from ExternalAPI" This reverts commit 7b48e723e06406ca0461a3b136f3cb3330b88d74.

• Calinteodor (09 Jun 26)

  ios: fixes (#17467) * Update rn-webrtc, fix screen broadcast, drop redundant conferenceLeft() dispatch on hangup and source proxy bridge from ExternalAPI.

• David Szabo (08 Jun 26)

  feat(time-timer): meeting pace timer in the conference info bar (#17468) * feat(time-timer): add optional meeting-pace timer in the info bar Adds an optional meeting-pace timer to the conference info bar: a pill showing the meeting name, scheduled duration, elapsed time, and a countdown disk that fills as the meeting progresses, changing colour to signal where you are relative to the scheduled end. Off by default (config.timeTimer.enabled), so existing deployments are unaffected. Source-agnostic by design: The timer core renders from two numbers — duration and elapsed (seconds since the scheduled start) — and knows nothing about where they come from. Deployers supply them through existing per-meeting channels: * configOverwrite.timeTimer — for iframe-API embedders (verified path). * native calendar-sync — opening a meeting from Jitsi's Google/Microsoft calendar list feeds the event's duration + start into the same core, with no embedder. elapsed (not remaining) is the single source of truth, so a participant who joins after the scheduled end lands directly in the correct over-schedule state instead of the timer disabling itself. Visual states: * running — blue disk filling, blue digits * warning — final 5 min: amber disk + digits; the bar briefly auto-expands to draw attention, then auto-hides * expired — past the scheduled end: red disk + pink digits; bar auto-expands once; a "Timer ended" sticky notification with a live over-schedule counter; red inset border on the conference grid * overrun lap 2+ — solid red disk with a continuous CSS conic sweep (base red -> deep wine at the leading edge) conveying ongoing motion * collapsed — when the toolbar hides, the pill morphs into a 36x28 disk-only chip Implementation: * New react/features/time-timer/ feature (actionTypes / actions / reducer / middleware / functions / constants + components/web/{TimeTimerPill,disk}), registered via the standard Reducer/Middleware registries. * Replaces the default subject + conference-timer info-bar widgets only when enabled; otherwise the standard bar is unchanged. * Disk is SVG; the lap-2 overrun sweep uses a CSS conic-gradient overlay. * Two i18n keys added (timeTimer.endedTitle, timeTimer.endedOver). Known limitations (deliberately scoped out): * The timer is per-participant — keyed to the calendar event that participant joined through, not a shared room clock. Two events reusing one link show each group their own slot's timer (correct by design); ad-hoc joiners see the standard bar. * A participant who stays across two back-to-back events on the same link keeps the timer of the event they originally joined through (no time-based rollover). They still get the "Timer ended" notification and can rejoin via the next event's entry. Rollover is a possible future enhancement. * feat(time-timer): control via iframe API; don't start without a duration Addresses review feedback: - Require a real duration. On CONFERENCE_JOINED the timer no longer falls back to an arbitrary default when timeTimer.enabled is set but no duration is known. `enabled` alone is not enough — it starts only when a duration comes from a calendar event or the embedder-provided `defaultDuration`, so we never show a meaningless countdown. - Add an iframe API `setMeetingTimer` command so embedded / JaaS deployments (which don't use calendar sync) can push duration and elapsed at runtime. A positive duration starts/updates the timer; a missing/non-positive duration clears it. Calendar sync remains as an additional, optional source feeding the same source-agnostic core. * refactor(time-timer): enable by default, drop config duration options Per review: - Enabled by default. The timer renders nothing until a duration is known, so defaulting it on lets calendar/iframe-API deployments see it with no extra config. `timeTimer: { enabled: false }` opts out. - Drop `defaultDuration` and `defaultElapsed`. They don't make sense in the majority of cases — duration comes from a calendar event or the `setMeetingTimer` iframe API command, both of which also carry the elapsed/start information. `enabled` is now the only config key. * refactor(time-timer): centralize enabled/expired checks in feature utils Addresses review comments: - Add `isTimeTimerEnabled(state)` (enabled by default — only an explicit `enabled === false` turns it off) as the single source of truth for the enabled rule. Use it in the middleware, the pill, and the conference info bar instead of three separate inline reads. - Fix the enabled check in the pill and the info bar: they used a truthy read of `timeTimer.enabled`, which hid the timer when the value was undefined — i.e. the on-by-default case. They now follow the same rule via the utility. - Add `isTimeTimerExpiredUnacknowledged(state)` and use it in place of the inline `expired && !acknowledged` read in Conference.tsx. - Add `time-timer` to the documented `conferenceInfo.alwaysVisible` default in config.js to match the in-code default. * fix(time-timer): address review — regression, stale state, drift, conventions Critical: - The info-bar gate hid the meeting subject + conference timer on every default deployment: it keyed on isTimeTimerEnabled() (true by default) while the pill renders nothing until a timer runs, so the replaced labels vanished with nothing in their place. Gate on enabled AND running instead. Bugs: - Reset timer state on CONFERENCE_LEFT (via stopTimeTimer) so a rejoin no longer inherits a frozen / expired pill from the previous meeting. - STOP_TIME_TIMER now clears expired/acknowledged and hides the ended notification, so the red border + notification don't outlive the timer. - setMeetingTimer ignores commands when the feature is disabled, so an embedder can't drive a timeTimer:{enabled:false} deployment into the running / expired state. - Tick is now timestamp-based: state stores the scheduled end and the reducer recomputes remaining/over from Date.now() each tick, so a throttled background tab can't accumulate drift. - Calendar duration is keyed to the room and only applied when the joined room matches, so a duration from a meeting opened-but-not-joined can't leak into a different meeting. Also parse the ISO date strings correctly (the previous `as any[]` masked a string-vs-number bug). Conventions / perf: - Register the reducer in reducers.web.ts (not a middleware side-effect). - Rename middleware.ts -> middleware.web.ts and disk.tsx -> Disk.tsx. - Rename SET_CALENDAR_DURATION -> SET_TIME_TIMER_CALENDAR_DURATION and add JSDoc to the action types. - Reuse getLocalizedDurationFormatter for the overrun time so the notification and pill agree (1:15:03, not 75:03). - Drop the dead DEFAULT_DURATION_SECONDS; seed state with 0. - Add logger.ts. - Draw the overrun conic-gradient via an inline style instead of makeStyles, so it no longer generates a new CSS class every second. * refactor(time-timer): connected notification description + e2e spec Two follow-ups from review: - The timer-ended notification's live overrun counter no longer re-fires showNotification every second. The description is now a small connected component (TimeTimerEndedDescription) that subscribes to overSeconds, so only that text node re-renders; the notification is posted exactly once per timer via a _notifyExpiredOnce guard. This keeps the middleware free of React-element construction. The guard fires for both the live end-crossing and a timer that starts already expired (late joiner / embedder pushing an overrun timer). - Add an e2e spec for the setMeetingTimer iframe API command covering: no pill until a duration is pushed, pill appears on push, expired state (red border + ended notification), clear, and the command being a no-op when timeTimer.enabled is false. Adds a data-testid to the pill for the spec to target. * fix(time-timer): match calendar room name case-insensitively Room names are normalised to lowercase, but a calendar URL may preserve the original casing; comparing them as-is could silently drop the duration for a legitimate calendar meeting. Lower-case both sides.

• Rajeesh KV (06 Jun 26)

  feat(speaker-stats) Allow selecting & copying participant names from Participant Status list - Jitsi css by default sets all fields except input & text-area as not user selectable. - Allow to select and copy speaker/participants names from the Participant Stats list. This serves as a simple 'attendance register' for moderators.

• Christoph Settgast (08 Jun 26)

  lang: update German translation (#17478)

• Jaya Allamsetty (04 Jun 26)

  test(virtual-background): gate mute/unmute tests on actual V2 effect ready signal

• Boris Grozev (04 Jun 26)

  feat(subtitles): add transcription.translationEnabled config flag

• damencho (04 Jun 26)

  test: Adds a filmstrip visibility test for 1:1 calls on mobile browsers.

• damencho (04 Jun 26)

  fix: Drops 'filmstrip' from toolbarButtons.

• damencho (04 Jun 26)

  fix: Hides remote video in 1:1 when toolbar is visible.

• damencho (04 Jun 26)

  fix: Drops auto-hiding filmstrip under certain threshold.

• bgrozev (04 Jun 26)

  chore: Only run prosody test action on pushes to master. (#17464)

• Harshit Singh Parihar (03 Jun 26)

  fix(toolbox): limit tile-overlap check to the bottom row checkToolboxOverlap iterated with Math.max(noOfTilesToCheck, tiles.length), so the loop ran up to tiles.length-1 times regardless of noOfTilesToCheck. In multi-row tile view it checked nearly every tile instead of the intended last DEFAULT_MAX_COLUMNS-1, and when fewer tiles than noOfTilesToCheck existed it produced negative indices (harmlessly swallowed by optional chaining, but wasteful). Bound the loop with Math.min and iterate i <= limit so exactly the intended trailing tiles are checked. Also type the querySelectorAll result as HTMLSpanElement.

• Calin-Teodor (03 Jun 26)

  chore(ios/sdk): remove bridge references

• Jaya Allamsetty (03 Jun 26)

  test(virtual-background): add mute/unmute coverage for V2 effect lifecycle

• Jaya Allamsetty (03 Jun 26)

  fix(virtual-background): keep V2 processor alive across mute/unmute

• bgrozev (03 Jun 26)

  tests(prosody): add a few more, fix minor input validation issues (#17452) * test(prosody) Add Test Placement Guidelines to readme. * fix(prosody-tests): Fix mod_token_affiliation interop with lobby_autostart and token_lobby_bypass. * test(prosody): add tests for mod_muc_wait_for_host Add integration tests covering the lobby gate, host detection, room.has_host caching, host-arrives-after-lobby scenario, and auto-owner affiliation. Add a dedicated MUC component (conference-waitforhost.localhost) and load persistent_lobby on the main VirtualHost to support the tests. Also replace the module's vague header comment with a precise description. * test(prosody): add integration tests for mod_filesharing_component - Register filesharing.localhost component in prosody.cfg.lua - Add sendFileSharingAdd/Remove/Raw helpers to xmpp_client.js - Cover add broadcast, remove broadcast, late-joiner file list, auth (feature gate, non-occupant, missing room param, forbidden), anti-spoof, and invalid payload edge cases * test(prosody): add integration tests for mod_muc_cleanup_backend_services Add 7 integration tests covering the destroy-timer lifecycle: - room destroyed when only jibri remains after last regular user leaves - room destroyed when only transcriber remains - timer not started when a second regular user is still present - timer cancelled when a regular user joins before it fires - timer not started when jibri is the one leaving - timer not started when an admin (focus) leaves - timer not started when breakout_rooms_active is set Infrastructure additions: - recorder.localhost VirtualHost (internal_hashed) with pre-created recorder and transcriber accounts so their JIDs satisfy is_jibri() and is_transcriber() prefix checks - recorder.localhost added to muc_access_whitelist to bypass token_verification - muc_cleanup_backend_services loaded on conference.localhost with services_empty_meeting_timeout = 1 so tests complete quickly - joinWithJibri / joinWithTranscriber helpers in xmpp_client.js - connectJibri / connectTranscriber on test context - POST /rooms/breakout-rooms-active endpoint in mod_test_observer_http to set room._data.breakout_rooms_active without relying on prosodyctl shell (where the prosody global is unavailable) - setBreakoutRoomsActive() JS helper in test_observer.js * test(prosody): add regression tests for nil-deref and input-validation bugs Tests added for findings from input validation review: - mod_filter_iq_jibri: session survives Jibri IQ to non-existent room (nil room crash) - mod_muc_auth_ban: non-JSON 200 from access manager fails open without crashing - mod_muc_meeting_id: transcriber session survives empty transcript array and missing participant field - mod_presence_identity: session survives JWT context.user keys with XML-special characters - mod_system_chat_message: non-occupant JID in connectionJIDs returns 200, no crash - mod_auth_token: documents latent Lua pattern injection bug (requires enableDomainVerification=true) Infrastructure: add sendJsonGroupchat() helper (fire-and-forget JSON groupchat) and non_json mock mode to the access-manager test stub. * fix(prosody): skip invalid XML tag names in update_presence_identity JWT context.user keys with XML-special characters (e.g. '<', '>') were passed directly to stanza:tag(), crashing LuaXML. Skip any key that does not match the valid XML name pattern. * test(room_metadata): add allow-moderation hook interop tests Tests for the jitsi-metadata-allow-moderation hook implemented in mod_filter_iq_rayo, covering: - non-moderator with transcription feature can set recording fields - moderator without features allowed via fallback path - transcription=false denies both non-moderators and moderators - transcription feature does not grant access to unrelated keys - extra fields in recording payload are sanitized/stripped - recording with only unrecognized fields falls through to default moderator check * test(muc_limit_messages): fix stale race-condition comments mod_muc_limit_messages already uses hook priority -1 on message/bare and message/full; mod_filter_messages uses the default (0). Higher priority fires first in Prosody so the ordering is deterministic — not a race. Update the comment blocks and test name accordingly, and fix the prosody.cfg.lua comment that incorrectly attributed the ordering to module load order. * test(prosody): align module load order with production config Same-priority hooks fire in module insertion order (FIFO). Reorder modules_enabled in both conference.localhost and VirtualHost localhost to match the order used in the prod conference.8x8.vc config, so hook execution order in tests reflects production behaviour. Key changes on conference.localhost: - token_verification moved to pos 2 (was 6); gate check now runs before muc_meeting_id and muc_password_whitelist as in prod - muc_meeting_id moved to pos 7 (was 3); after gate checks - muc_displayname moved after filter_messages (was before) Key changes on VirtualHost localhost: - filter_iq_rayo before filter_iq_jibri (matches prod; moot since rayo has explicit priority 1, but ordering is now consistent) - muc_lobby_rooms and jiconop moved up; system_chat_message moved down * fix(prosody): guard against nil decode in cacheKeysUrl key refresh cjson_safe.decode() returns nil on invalid JSON; passing nil to pairs() crashes the async runner. Add 'or {}' so bad responses are silently skipped and the retry timer fires normally. * fix(token): guard regex room claim match with pcall to prevent Lua crash An invalid Lua pattern in the JWT `room` claim (e.g. unbalanced parenthesis) with `context.room.regex: true` caused `string:match()` to raise a runtime error in `verify_room()`, crashing the session. Wrap the call in `pcall` and return a clean `invalid-regex` error instead. Add tests covering both the auth-time (no crash on connect) and join-time (clean rejection) behaviour. * fix(prosody): guard jwk_to_pem against missing n/e fields Return nil early if jwk.n or jwk.e is absent. Previously a nil field caused a crash in base64url_decode ("attempt to index a nil value"), enabling a DoS via a malformed JWK key server response. Add busted tests covering both missing-field cases. * fix(prosody): guard against nil room and occupant in mod_filter_iq_jibri get_room_from_jid returns nil when the target room does not exist. The subsequent room:get_occupant_by_real_jid call would crash the hook. Return item-not-found to the sender instead. Similarly, guard occupant.role — a sender not present in the room is treated as non-moderator so the feature check can proceed normally. Add a regression test that asserts an item-not-found error reply is returned for a Jibri IQ targeting a non-existent room. * fix(prosody): guard json.decode result against nil in mod_muc_auth_ban cjson.safe returns nil on invalid JSON instead of throwing. Without a nil check, a non-JSON 200 response from the access manager crashes the HTTP callback with 'attempt to index a nil value'. Add nil guard on r and add a test that catches the crash via Prosody log inspection. * fix(prosody): guard against empty transcript array and missing participant in mod_muc_meeting_id * test(prosody): update stale comment in mod_presence_identity_spec * fix(prosody): use cjson.safe for app_data decoding in mod_jibri_session * fix(prosody): guard against missing stats element and nil occupant in mod_muc_jigasi_invite * fix(prosody): import get_room_by_name_and_subdomain locally in mod_measure_message_count * fix(tests/prosody): Don't short curcuit when busted tests fail