Rocket.Chat SIX, our proudest version yet, is here! Scalable, secure, sovereign, seamless.
With a long list of security patches, platform enhancements and new capabilities, we simply can't wait for you to take it for a spin!
The future of work is hybrid, digital, and collaborative. To keep pace with the evolution of workspace collaboration, businesses must follow suit. As we delve into the future of digital collaboration, it becomes clear that data sovereignty, security and interoperability are where we're headed. Organizations now understand the importance of being in complete control — owning their conversations, ensuring compliance and data security and having the flexibility to fit their technology of choice into their existing business ecosystem, today and into the future.
6.0 is our big leap into that future!
The team has worked relentlessly to deliver our most scalable and secure version yet. From microservices, two-factor authentication and (finally) the much requested dark mode for accessibility and improved message composer all the way to our MS Teams Bridge, a better and simplified WhatsApp for Business service and further improvements to our Matrix Federation; there is a lot to unpack.
We've organized everything you need to know about this major release into 6 areas. Go ahead and explore!
Enterprise Security & Compliance
Rocket.Chat releases patches for vulnerabilities with every new version. We are dedicated to ensuring all instances of Rocket.Chat that are exposed to customers or that host customer data are held to the highest security standards
Fortify your security by regularly patching vulnerabilities, and managing the devices linked to your workspace. With our device management capabilities, you can uncover potential security threats and mitigate the anomaly by terminating suspicious sessions.
Introduce an additional layer of security with two-factor authentication and the ability to audit every conversation. In addition to auditing messages, you can enable secure communication across your enterprise by creating new roles for users and assigning appropriate permissions as you see fit.
Ensure sensitive data is not misused or accessed by unauthorized users in a workspace by deploying data loss prevention policies that define, and detect sensitive data. Not just that, you can define the action that needs to be taken when such data is being shared.
Rocket.Chat 6.0 Security Updates
We’re releasing important security fixes in Rocket.Chat 6.0 and strongly recommend that all Rocket.Chat instances are upgraded to this version immediately.
We release patches for vulnerabilities every month and include different types of improvements with each new version. Please refer to our handbook to know more about our vulnerability management process. To guarantee that you are receiving the latest security fixes, it’s highly recommended to always update to the latest version. For a step-by-step guide on how to update, please refer to our technical documentation.
As we follow the market standard, we’re using a methodology called CVSS 3.0 to classify the severity of our vulnerabilities, in some cases, we make small adjustments in this classification to adapt to our context. For example, as a security-driven communication platform, every vulnerability that easily compromises the privacy of our customers is extremely important and is always treated as critical.
When we release a new patch we attach an identification to this vulnerability that can be used by our users to detect and understand a specific vulnerability, and the name of this identification is Common Vulnerabilities and Exposures (CVE). Check out our list of CVEs. Usually, this list of CVE is used by security teams inside companies to detect vulnerabilities related to some specific versions of products that are implemented in their environment.
The sections below provide details for security vulnerabilities fixed as part of Rocket.Chat 6.0.
Table of vulnerabilities
Improve security in your organization by creating custom user roles
Role-based access control (RBAC) is an access control method in which permissions are assigned to the users based on their responsibilities within the organization. In Rocket.Chat, a Role is defined as a set of permissions that are given to users. User roles enable you to allocate different access privileges to different users since most actions a user can perform require a particular permission. Rocket.Chat already comes with a set of default roles that can be edited, and gives you the ability to create new roles for users and assign appropriate permissions, as you see fit. As the workspace admin, you can customize what your users can do and see. Rocket.Chat has a vast and customizable permissions system of 180+ role permissions that you can add or remove. Here are some benefits of configuring custom roles and granting the necessary levels of access to employees to perform their job:
Minimize the occurrence of insider threats by deploying role-based access controls.
Decrease the risk of data breaches and data leakage by restricting access to sensitive information.
Comply with regulatory and statutory requirements for confidentiality, integrity, availability, and privacy. This is becoming more important in the light of general data protection laws and industry-specific regulations.
With the launch of 6.0, only Enterprise Edition users will have the ability to create custom roles, as we head down the path of offering enterprise-grade security features for businesses that operate at scale. That said, Community Edition users will still be able to retain previously created custom roles. After updating to 6.0, Community Edition workspaces can neither create new custom roles nor edit the existing ones. They can, however, delete the roles if needed. The experience remains unchanged for existing Enterprise Edition users — you will continue to have the ability to create unlimited custom roles to enforce granular security in your workspace.
For more details on the scope of user roles and creating custom roles, read our technical documentation on Permissions.
Introducing an additional layer of security with two-factor authentication for your cloud portal
Two-factor authentication (TFA) decreases the likelihood of your Rocket.Chat account being compromised. Rocket.Chat provides an extra layer of protection for workspace users by requiring them to provide two forms of authentication before accessing their accounts. This makes it harder for cybercriminals to gain access to sensitive information, thereby reducing the risk of security breaches.
Having a second form of identification greatly decreases the chance of a hacker gaining access to your workspace. TFA implementation for cloud portal allows employees to safely access corporate information from any device without putting the data at risk.
This layer of authentication verifies the user identity and improves the overall account security. Rocket.Chat provides TFA as a user-level option, which means each user will configure their TFA by receiving time-based one-time password (TOTP) via SMS or Google Authenticator, in addition to their login credentials.
To know more about configuring two-factor authentication for cloud portal, please refer to our user guide.
Ensure messaging compliance by auditing every conversation
Rocket.Chat allows authorized users to audit messages and read conversations in a workspace. Workspace admins can gain better visibility by auditing every conversation within the Rocket.Chat workspace. The audit panel allows you to search for a specific message(s) in channels, rooms, and direct messages, so admins and auditors can keep tabs on the sensitive information that’s shared within and outside your organization. You can now take it up a notch by exporting the audited conversations.
In 6.0, we are empowering the workspace admins and auditors to export the audited conversations for filing audit reports and supporting an audit process, present the findings to the leadership team, gather insights to craft upcoming plans and devise appropriate strategies, and save them for future references. This will help admins prevent accidental changes, carry out root cause analysis and prevent malicious actions. In instances where you must provide information to regulatory or compliance auditors to prove that user activities and communications are scoped, the ability to export audited conversations will come handy. You will find an export button on the top-right of the audit panel that will allow you to export the audited conversation as PDF. Not just messages, we are also introducing the ability to audit attachments. With the objective of providing a better user experience, we have also resolved bugs and fixed a few inconsistencies in our user interface.
If you would like to better understand our auditing capabilities, please read our technical documentation on Message Auditing.
Rocket.Chat achieves Department of Defense Iron Bank Security Certification
Rocket.Chat is now verified as secure for use under the United States Department of Defense’s Platform One DevSecOps initiative. This initiative enables developers to access a central binary repository of secure, Iron Bank-certified resources that have been hardened to the DoD’s specifications, and our containerized application is now a part of the DoD ‘app store’ of approved hardened containers — which means we meet the stringent security specifications aimed to protect DoD systems.
Iron Bank, also known as DoD Centralized Artifacts Repository (DCAR), is a central repository of digitally-signed and hardened binary container images, including both Free and Open-Source Software (FOSS) and Commercial off-the-shelf software (COTS). To be considered for inclusion into Iron Bank, container images must meet rigorous DoD software security standards.
With pre-approved, containerized, supported products like Rocket.Chat, Platform One maintains the Iron Bank centralized repository of capabilities that can be quickly, easily, and securely downloaded and deployed, thereby fast-tracking a security process that can take months. This is a significant milestone for Rocket.Chat that will benefit our current and prospective customers in the U.S. federal government, as well those as in other public- and private-sector areas.
App purchases made seamless with the upgraded Connectivity Services
Rocket.Chat Connectivity Services gives you access to connect your self-hosted workplace to the Rocket.Chat cloud. Connecting your workspace to the cloud gives you access to interact with our Apps Marketplace.
Previously, cloud purchases were tied to the cloud account making it a cumbersome process to purchase or install new apps when the admin forgets the password. But, gone are the days when admins could purchase or install apps only using the credentials of the cloud account.
With 6.0, apps can be purchased or installed in the Rocket.Chat workspace using any admin-level credentials. Once the admin identity is verified, they can go ahead and make cloud purchases. For insights into how to purchase apps using admin-level credentials, refer to our Connectivity Services documentation.
High Scalability Architecture
Flexible and scalable operation is the holy grail of modern enterprises. Unfortunately, a myriad of collaboration tools has led many users to feel a sense of collaboration paradox — the more tools you use for collaboration, the less connected you are. A lack of scalable collaboration solutions within the workplace leads to conversation fragmentation, which is conversations happening across a multitude of applications that aren’t integrated.
Rocket.Chat is a reliable, flexible, and scalable communications platform that meets the needs of small, medium and enterprise organizations. In 6.0, we provide features that are needed to power scalable collaboration in enterprises. We are introducing the ability to create multiple departments for increased agent productivity, download unlimited apps from our rich repertoire of workspace apps, develop and deploy unlimited custom integrations in your workspace, and so much more to support enterprises that operate at scale. Besides, you can scale your environment either with microservices or by deploying multiple instances of Rocket.Chat to maintain the performance of Rocket.Chat.
Improve workflow efficiency with unlimited custom app integrations
Rocket.Chat has a rich repertoire of apps that boost productivity, keep work connected and make workspace collaboration easier. With the ability to connect with apps you love and use everyday, you can reduce context switching by streamlining communication and collaboration. In addition to the built-in library of enterprise apps, Rocket.Chat also empowers your in-house development team with the ability to build custom app integrations using our robust Apps Engine framework to amplify the power of Rocket.Chat. Not just that, you can leverage our webhooks for limitless integrations that allow external applications to integrate with everyday tools into Rocket.Chat — thereby, saving users from the hassle of juggling tools.
Enterprise Edition users can download unlimited workspace apps from Rocket.Chat Marketplace and develop as many private apps they want, and deploy it in their workspace. Rocket.Chat offers these enterprise apps at no extra cost as a part of the Enterprise Edition bundle. The admins can enable this in the workspace depending on the requirement.
From 6.0 onwards, Community Edition users can download up to 5 free and paid workspace apps from Rocket.Chat Marketplace. They can develop up to 3 private apps and deploy it in their workspaces to extend the Rocket.Chat functionality. If you are a Community Edition user, and have more than 5 workspace apps and/or 3 private apps, you can keep them as is. However, you will not be able to install new apps any further.
Supporting multiple Omnichannel Queues for better agent productivity
Customer Service operations often have multiple topics to handle regarding users’ tickets. The ability to filter and route each ticket to the proper department or queue brings better agent productivity, customer experience, and security results. With multiple Omnichannel Queues, your response and resolution SLAs are faster, with strengthened quality. Besides, having messages getting only to the ones who should have access to their content is an important step in ensuring data security.
With 6.0, multiple Omnichannel Queues fully becomes an Enterprise-only feature as we understand this is an essential functionality for scaling organizations. However, valuing the satisfaction and loyalty to our early adopters, Community Workspaces where this feature was enabled in the past will not lose access to their current number of departments, even after updating to version 6.0.
Microservices and multiple instance scaling for better performance
Organizations face the need to create scalable applications in an agile way that impacts new forms of production and business organization. The traditional monolithic architecture no longer meets the needs of scalability and rapid development.
As the number of concurrent users grows in your workspace, you may begin to experience some system latency and therefore, it’s important to monitor your system performance in order to determine if additional resources are needed. To maintain the performance, our Enterprise Edition users can scale their Rocket.Chat environment either with microservices or by deploying multiple instances of Rocket.Chat.
While the monolithic architecture provides the foundation for smaller organizations, the microservices architecture delivers a more efficient and scalable architecture to support enterprises that operate at scale. Rocket.Chat's microservices architecture allows for greater scalability, flexibility, resilience, and fault tolerance functioning of your workspace. This makes it possible for your workspace to manage large volumes of users and adapt to changing business needs. For multi-workspace deployment, contact our support.
Enhanced Team Productivity
Empower teams to get their best work done with capabilities that make their day-to-day work easier and more productive. Stay atop critical conversations and tickets with the help of priority indicators for each conversation. Audit conversations with the ability to convert chat history into PDFs, experience an intuitive means of adding users, sending messages, and get read receipts for time-sensitive messages.
Organize queue management with Conversation Priority Indicators
Citizens, patients, students, or clients in general, usually have multiple service levels for ticket/case escalation. The nature and severity of each case determine how the conversation will be prioritized and properly addressed. Conversation Priority Indicator is an enhanced functionality for Enterprise users that aims to positively impact customer service metrics such as response and resolution SLAs and enable better agent experience in terms of managing chat queues. This is a very simple but highly effective feature: it offers a visual component that provides visibility into case prioritization criteria, displaying the priority indicator icon for each conversation. The Rocket.Chat’s legacy "priorities" feature will be kept by the name "SLA policies" for the few workspaces still using it. The newest feature will go by the name "Priorities".
And more! This brand-new feature will benefit more than just the agents. The Priority Indicator will also be available in the "Current Chats" panel. Managers can then quickly react to any substandard response time rates, ensuring that cases are handled and resolved properly.
An intuitive experience for adding users
At Rocket.Chat, we follow a user-centered approach to design because our objective is to usher users in the right direction and make tasks as easy and frictionless as possible for them. As a result, we have made UX changes in 6.0 to improve the experience of adding users to the Rocket.Chat workspace.
One of the methods of adding users to Rocket.Chat is through email invites. Once the admin provides the email addresses of the users to be added, they will receive an email invitation to set up their accounts in Rocket.Chat. However, for the user to receive this invitation, Simple Mail Transfer Protocol (SMTP) needs to be enabled.
With the improved UX of adding users through email invites, we will communicate this prerequisite to the administrator upfront to eliminate any confusion around the invites being sent to users and elucidate that the administrator needs to set up the SMTP emailing server to start sending user invites.
To know more about how to manage users in Rocket.Chat workspace, refer to our technical documentation.
Get read receipts for time-sensitive messages
Some messages are critical and time-sensitive in nature, thereby warranting an indication that the message has been delivered and read. For example, receiving mission-critical alerts from air traffic controllers, communicating life and death information about patients in hospitals, addressing business-critical messages that determine a company’s uptime, and so on.
In such scenarios where proof of delivery is required and critical, read receipts indicate that the message has been delivered and assimilated by the recipient. With 6.0, we empower our Enterprise Edition users with the ability to enable read receipts for every conversation, so you can see when a message has been opened and read by the recipient.
To learn more about read receipts, please read our technical document.
Audit conversations with Expanded Transcript Exports
This enhancement is aimed at enabling agents and admins to convert chat history into downloadable PDFs. As simple as it sounds. The main purpose is to cover security-centered organizations' needs as they deal with sensitive information and transactions, so they must have the ability to make conversations auditable.
This represents a fine enhancement in Rocket.Chat’s Enterprise Edition. In the past, live agents could send the chat transcription to end users once a conversation ended. However, chats were sent via email and only end users could see them, with no option for live agents or managers to download the chat history on their side.
The experience of sending the transcription by email to the end user is kept and has been enriched with the possibility for agents or admins to export and save the conversation as PDFs. A role-based mechanism will give the organizations the flexibility to determine which roles have access to this feature.
A straightforward and user-friendly message composer
We have improved our message composer in which all the options for messaging are much more accessible and self-explanatory. This makes it easier for users to send messages by reducing the cognitive load of choosing from hidden options. In the brand-new message composer, it’s a piece of cake to format the message, start an audio or video call, add attachments, or create a new discussion. To better understand the ins and outs of messaging in Rocket.Chat, read our technical document on Messages.
Rocket.Chat Marketplace now displayed for all users
The marketplace is where you get a bird’s-eye view of all the apps that are available and what apps are enabled in the workspace. With 6.0, we are facilitating a means for all the end users to gain visibility into the entire library of apps that are available, so they can explore more about the possible integrations that will be helpful.
With this information, users can decide on what apps they need to boost productivity and improve efficiency. With the right integrations, users will be empowered to streamline workflows and get more work done. While it’s true that users can raise a request for the desired app to be installed, only administrators can install and enable the app within the workspace. The administrator can review the request and take a call on approving the app request.
For more information on how to enable apps in a workspace, and handle app requests, read our technical documentation on Rocket.Chat Marketplace.
Interoperable & Extensible
Gone are the days when you resorted to email or synchronous communication to collaborate with external parties. Rocket.Chat leverages Matrix protocol to let users collaborate with external partners, customers, vendors, and agencies seamlessly regardless of the tool they use — thereby, breaking down the communication silos and improving business efficiency. Matrix protocol is an open standard for interoperable, decentralized, and real-time communication that facilitates unified communications. We are introducing new Federation features in 6.0, as we head down the path of interoperability.
Rocket.Chat integrates with 50+ industry-leading apps that enhance your workflows and processes. Leverage our native integrations to eliminate context switching and boost your team productivity by unifying conversations, projects, and tools. Build custom integrations easily to add more functionality to the system. Swiftly develop and deploy apps using our open APIs to cater to specific business needs, without risking the ongoing operations.
Introducing greater flexibility and control over roles and permissions for Federated rooms
We launched support for Matrix Federation in Rocket.Chat 5.0 to enable organizations to collaborate securely and seamlessly with external parties irrespective of the platform they use within the Matrix network. It breaks down the communication silos and empowers users to have reliable and secure communication beyond company borders, which fosters productivity and efficiency.
As we continue to enhance our Federation capabilities, we are introducing new functionalities in Rocket.Chat 6.0 that will provide more flexibility and control over federation-related events for the workspace administrators. Here’s what you can expect:
Admins can now define user roles and permissions in federated rooms
And, we are introducing the support for Matrix Parser
For further information on the Federation features we support, read our technical documentation on Rocket.Chat Federation.
A new and easier way to integrate with WhatsApp Business
Released in 2022, WhatsApp Cloud is an API solution hosted by Meta, eliminating the need for a third-party service (brokers). The app is now available at no extra cost for all Enterprise customers in the Omnichannel bundle; the only additional fees are the Meta conversation-based charges. This means that Enterprise workspaces no longer need to pay for an app fee nor a fee for each registered WhatsApp number.
This solution is a perfect fit for organizations seeking to scale, as the faster message throughput (from 80 messages per second on a single connection to up to 500 messages per second on demand) offers better support for larger operations as the cost is not influenced by how many agents you have.
Our third-party-based solution, WhatsApp 360 dialog, will still be available for Community Workspaces, Enterprise Workspaces with active contracts, and even workspaces that would rather stick with the current version. Please read our documentation for more details on this.
Focus on what matters, while Zaps do the work for you!
We run through numerous repetitive processes daily — most of which are time-consuming and costly. It is essential to automate these recurring processes to reduce the volume of work and save time. Zapier lets you connect applications to transfer data and automate the workflow between the apps, without having to code. To do this, you need to create ‘Zaps’. Zaps connect the applications you’d like to integrate, and are made of two elements — triggers and actions. While triggers set the Zap in motion, actions perform the desired event automatically.
The app is available for download in our Marketplace for Enterprise users. You can integrate Rocket.Chat with 5000+ apps using Zapier, including Jira, WhatsApp, Twitter, Google Workspace suite of apps, and many more. Automate your everyday workflows using Zapier and Rocket.Chat to focus on what matters most. Once the zap is created, Zapier regularly checks your trigger for new data and automatically performs the action for you. It automatically transfers the information between Rocket.Chat and your everyday apps, so you never have to worry about information falling through the cracks.
Whatever application you use, you can automate your process with a Zap to save time and boost your efficiency. Automated workflows can work as long as you need them to – you only have to set them up once. And if you change software platforms, you can create a new Zap and still track your information.
To know more about how to configure Zapier app in your workspace, refer to the Zapier technical documentation.
Developer collaboration now made easy by bringing GitHub into Rocket.Chat
GitHub is where everyday work happens for developers. But with all the strategic and tactical conversations happening in Rocket.Chat, developers might lose sight of the big picture if they can’t bring their daily work to where conversations happen and where decisions are being made. Even for the rest of the organization, it can be challenging to communicate with the development teams because of limited visibility and misaligned priorities.
To enhance the development workflow, it is important to centralize conversations and unify developer collaboration at every stage of the development process. This will make the jobs exponentially easier and help developers be more productive.
This app is available for download in our Marketplace for Community and Enterprise users. Bring GitHub into Rocket.Chat, so you can:
Stay atop all that’s happening in your GitHub repository to get a quick overview of what’s going on. This information is sent as messages in Rocket.Chat with links to the events on GitHub for greater visibility and context.
Subscribe to repositories and receive notifications in Rocket.Chat to never miss an important event such as reviewing the open issues and pull requests that need your attention.
Expedite the development process by facilitating developer collaboration within Rocket.Chat so you don’t have to continuously juggle tools to get work done.
Empower reviewers to review and merge open pull requests directly from Rocket.Chat by embedding the code editor and highlighting the code changes.
Raise issues at the click of a button by using issue templates without having to go through a complicated, multi-step process.
Get a bird’s-eye view of all the open issues and delegate them directly from Rocket.Chat.
Enable developers to search for specific resources and share them within your Rocket.Chat workspace for enhanced collaboration.
For a step-by-step guide on how to integrate Rocket.Chat with GitHub, please read our document about GitHub integration.
Facilitate cross-platform messaging with MS Teams Bridge app
The collaboration industry is one of the most fragmented industries in B2B because 91% of businesses use at least two platforms within their organization for internal communication. This leads to workplace silos and disjointed user experiences. We, at Rocket.Chat, believe in delivering openness and interoperability for our customers to build an open collaboration ecosystem instead of a ‘walled garden’ one.
Cross-platform messaging has long been a blue-sky requirement for enterprises. It is a great way to reach your customers and engage with them on platforms they already use. When you want to connect with someone who doesn’t use the same platform as you, you either switch to the platform they use or resort to sending an email. While forcing users to migrate from one platform to another is counterproductive on one hand, email communication, on the other hand, is not real-time and the response rate might be slow.
Thanks to cross-platform messaging, you can now chat with anyone using Microsoft Teams, without having to leave Rocket.Chat or migrate to Teams. You can search for Microsoft Teams users from within Rocket.Chat, and start collaborating with them at the click of a button. This integration supports:
Rich interactions that include DMs, emojis, embedded graphics, links, and files
Messaging options such as editing and deleting
Creating discussions and group chat
Customizable & Embeddable
Create customized and secure chat experiences on your website and mobile apps without compromising on data security and privacy. Drive branded chat experiences with endless customization options such as white labeling and full customization of your homepage. Rocket.Chat strives to make collaboration more accessible and user-friendly for the visually impaired. Our support for color themes — light and dark modes — increases the accessibility for the visually impaired, thereby empowering every user to collaborate seamlessly, connect and share ideas.
Making Rocket.Chat accessible for the visually impaired with dark mode
Collaboration tools are meant to keep the workplace connected. When every user is empowered to collaborate seamlessly, connect and share ideas, they are more productive, efficient and happier. In a collaboration tool, accessibility is of the essence for visually impaired users. Taking the user-centered approach to design is a must-have to overcome the shortcomings of an inaccessible tool.
Rocket.Chat strives to make collaboration more accessible and user-friendly for the visually impaired. With 6.0, we support an important capability that increases the accessibility for the visually impaired — color themes. We support the light mode and dark mode. This is a feature you can toggle between and choose from, depending on what appeals to the user.
Dark mode could be especially beneficial for users with low vision and light sensitivity. That said, every user is different when it comes to determining their technology preferences and we are cognizant of this fact. We empower users to control settings as much as possible, thereby creating their own version of the tool suitable for their individual needs. So, we give the user control and make it easy to opt out of dark or light mode.
Premium Support & Professional Services
From designing the architecture to setting you up for success, our technology experts will provide hands-on services to meet your unique needs. Choose your cloud hosting plan for increased performance, high uptime and availability, access easy-to-scale server resources, and exclusive DevOps support. Have access to a global team of Rocket.Chat technology experts focused on providing consulting and hands-on services to assist your business needs. No matter how complex your implementation is, our professional services team is around to help. Unlock web support portal and get help from experts.
Introducing new cloud hosting options for greater flexibility
We are thrilled to announce the launch of our new cloud hosting options, designed to give you more flexibility and choice when it comes to hosting your Rocket.Chat workspace. With our new Standard, Premium, and Dedicated Private Cloud options, you can now choose the hosting solution that best fits your needs, budget, and technical expertise.
Here's a brief overview of our new cloud hosting options: