Rocket.Chat 8.4: Your security posture holds, regardless of the context

‍

Whether the context is physical, your operator is in the field, away from a workstation, on a mobile device, or organizational, a clearance lapses, someone rotates off a program, a PERSEC hold goes into effect, Rocket.Chat responds to that context in real time. 

Introducing two key capabilities in v8.4 that extend this standard further.

Voice Calling, now on mobile

Voice calling is now available on the Rocket.Chat mobile app.

Rocket.Chat runs on NIPRNet, SIPRNet, and JWICS, and deploys air-gapped, on-prem, with no external egress. Every call runs through the same sovereign, auditable infrastructure as the rest of your workspace. Voice calling on mobile works across any network configuration. 

That matters because operations don't happen only at fixed workstations. Field personnel, forward-deployed teams, and operators on government-issued mobile devices in disconnected or degraded environments need voice that stays inside the approved platform. 

Every alternative, a carrier call, a consumer app, waiting for a workstation (which doesn’t exist in most of the forward-deployed teams), is a protocol failure waiting to be written up. 

What’s supported on mobile: 

• Intra-workspace calling to make and receive voice calls between users in your workspace, directly from the mobile app.
• Call controls such as transfer, hold, mute, and unmute without leaving the call
• In-chat call details that include a summary automatically posted to the DM where it happened. It captures who initiated the call, the total duration, and the final outcome, whether the call was completed, transferred, unanswered, or failed. You can tap the call info button for a full breakdown.
• Configurable ringing to customize ringing behavior for voice calls within the app

Global call history and integrated screen sharing, both available on desktop and web, will soon be supported on mobile as well.

ABAC with Virtru's Policy Decision Point (PDP) 

Rocket.Chat evaluates and enforces channel access based on real-time identity attributes sourced from your Identity Provider (IdP). 

With 8.4, that expands to support an external PDP. Virtru can now serve as the decision authority that determines who belongs in a channel.

Virtru's PDP, sourced from your IdP, evaluates every access request against current attributes. Rocket.Chat enforces that decision. 

Access is no longer set once and left alone. It is continuously re-evaluated against live identity.

This is important because when someone's clearance lapses, your IdP knows immediately. But your collaboration channel does not. It knows what it was told when membership was last configured, and it stays that way until someone files a ticket and an admin acts on it. 

In high-tempo environments, that ticket takes days. That window is the access risk, and it is exactly what Zero Trust mandates require you to eliminate.

Here’s how the integration closes that window:

• Your IdP holds the authoritative attributes: clearance level, program assignment, compartment access, PERSEC status.
• Virtru's PDP reads from your IdP and evaluates every access request against current attributes. Rocket.Chat enforces the decision at the channel level.
• At a configurable sync interval, down to the minute, every ABAC-managed private room and private team is re-evaluated against the live PDP.
• Users who no longer satisfy the policy are removed automatically.
• Attempts to manually add a non-compliant user are blocked at enforcement, regardless of who is making the add.

Three things that should matter to you:

• Rocket.Chat never stores your users' attribute data. Virtru makes the access decision. Your communications platform is not a second identity database.
• Users with no assigned attributes have no access by default. The system always fails closed, never open.‍
• Every access decision is logged with full context. When EO 14028 or M-22-09 requires evidence that collaboration channel access is continuously governed, that log is your answer.

This integration is available as a public preview, open for deployment and ready for evaluation in your environment. 

If you're on an earlier version, talk to your Rocket.Chat rep about upgrading to v8.4. 

Bug fixes

This release includes a number of fixes to improve overall stability, performance, and user experience. For a complete list of resolved issues in Rocket.Chat v8.4, check out the official release notes.

How to update your workspace to the latest Rocket.Chat version?

SaaS workspaces

The release happens automatically on our cloud, so no further action is required from your side. However, remember that updating instances might take a few weeks, so don't hesitate to contact our support team if you need to update your version sooner. 

Self-managed workspaces

Depending on the installation mode, you might need to update your server manually. Check out the documentation for instructions.