From 0baab558ed34def4f5924f59b337701aa7350210 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Commaille?=
 <76261501+zecakeh@users.noreply.github.com>
Date: Tue, 5 May 2026 01:05:38 +0200
Subject: [PATCH] Replace outdated statement that messages are not encrypted
 (#2371)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
---
 changelogs/client_server/newsfragments/2371.clarification | 1 +
 content/client-server-api/modules/instant_messaging.md    | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/client_server/newsfragments/2371.clarification

diff --git a/changelogs/client_server/newsfragments/2371.clarification b/changelogs/client_server/newsfragments/2371.clarification
new file mode 100644
index 00000000..47f74b60
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2371.clarification
@@ -0,0 +1 @@
+Clarify that room messages can be encrypted.
diff --git a/content/client-server-api/modules/instant_messaging.md b/content/client-server-api/modules/instant_messaging.md
index a64baa25..b6066ecf 100644
--- a/content/client-server-api/modules/instant_messaging.md
+++ b/content/client-server-api/modules/instant_messaging.md
@@ -454,8 +454,7 @@ status code of 400.
 
 #### Security considerations
 
-Messages sent using this module are not encrypted, although end to end
-encryption is in development (see [E2E module](#end-to-end-encryption)).
+Messages sent using this module MAY be encrypted, see [End-to-End Encryption](#end-to-end-encryption).
 
 Clients should sanitise **all displayed keys** for unsafe HTML to
 prevent Cross-Site Scripting (XSS) attacks. This includes room names and