mastodon/CHANGELOG.md
2024-07-04 16:46:35 +02:00

379 KiB

Changelog

All notable changes to this project will be documented in this file.

[4.2.10] - 2024-07-04

Security

  • Fix incorrect permission checking on multiple API endpoints (GHSA-58x8-3qxw-6hm7)
  • Fix incorrect authorship checking when processing some activities (CVE-2024-37903, GHSA-xjvf-fm67-4qc3)
  • Fix ongoing streaming sessions not being invalidated when application tokens get revoked (GHSA-vp5r-5pgw-jwqx)
  • Update dependencies

Added

  • Add yarn version specification to avoid confusion with Yarn 3 and Yarn 4

Changed

  • Change preview cards generation to skip unusually long URLs (oneiros)
  • Change search modifiers to be case-insensitive (Gargron)
  • Change STATSD_ADDR handling to emit a warning rather than crashing if the address is unreachable (timothyjrogers)
  • Change PWA start URL from /home to / (ClearlyClaire)

Removed

Fixed

  • Fix scheduled statuses scheduled in less than 5 minutes being immediately published (danielmbrasil)
  • Fix encoding detection for link cards (oneiros)
  • Fix /admin/accounts/:account_id/statuses/:id for edited posts with media attachments (ClearlyClaire)
  • Fix duplicate @context attribute in user archive export (ClearlyClaire)

[4.2.9] - 2024-05-30

Security

Added

  • Add rate-limit on OAuth application registration (ThisIsMissEm)
  • Add fallback redirection when getting a webfinger query WEB_DOMAIN@WEB_DOMAIN (ClearlyClaire)
  • Add digest attribute to Admin::DomainBlock entity in REST API (ThisIsMissEm)

Removed

  • Remove superfluous application-level caching in some controllers (ClearlyClaire)
  • Remove aggressive OAuth application vacuuming (ThisIsMissEm)

Fixed

  • Fix leaking Elasticsearch connections in Sidekiq processes (ClearlyClaire)
  • Fix language of remote posts not being recognized when using unusual casing (ClearlyClaire)
  • Fix off-by-one in tootctl media commands (ClearlyClaire)
  • Fix removal of allowed domains (in LIMITED_FEDERATION_MODE) not being recorded in the audit log (ThisIsMissEm)
  • Fix not being able to block a subdomain of an already-blocked domain through the API (ClearlyClaire)
  • Fix Idempotency-Key being ignored when scheduling a post (ClearlyClaire)
  • Fix crash when supplying the FFMPEG_BINARY environment variable (timothyjrogers)
  • Fix improper email address validation (ClearlyClaire)
  • Fix results/query in api/v1/featured_tags/suggestions (mjankowski)
  • Fix unblocking internationalized domain names under certain conditions (tribela)
  • Fix admin account created by mastodon:setup not being auto-approved (ClearlyClaire)
  • Fix reference to non-existent var in CLI maintenance command (mjankowski)

[4.2.8] - 2024-02-23

Added

  • Add hourly task to automatically require approval for new registrations in the absence of moderators (ClearlyClaire, ClearlyClaire) In order to prevent future abandoned Mastodon servers from being used for spam, harassment and other malicious activity, Mastodon will now automatically switch new user registrations to require moderator approval whenever they are left open and no activity (including non-moderation actions from apps) from any logged-in user with permission to access moderation reports has been detected in a full week. When this happens, users with the permission to change server settings will receive an email notification. This feature is disabled when EMAIL_DOMAIN_ALLOWLIST is used, and can also be disabled with DISABLE_AUTOMATIC_SWITCHING_TO_APPROVED_REGISTRATIONS=true.

Changed

  • Change registrations to be closed by default on new installations (ClearlyClaire) If you are running a server and never changed your registrations mode from the default, updating will automatically close your registrations. Simply re-enable them through the administration interface or using tootctl settings registrations open if you want to enable them again.

Fixed

  • Fix processing of remote ActivityPub actors making use of Link objects as Image url (ClearlyClaire)
  • Fix link verifications when page size exceeds 1MB (ClearlyClaire)

[4.2.7] - 2024-02-16

Fixed

  • Fix OmniAuth tests and edge cases in error handling (ClearlyClaire, ClearlyClaire)
  • Fix new installs by upgrading to the latest release of the nsa gem, instead of a no longer existing commit (mjankowski)

Security

[4.2.6] - 2024-02-14

Security

  • Update the sidekiq-unique-jobs dependency (see GHSA-cmh9-rx85-xj38) In addition, we have disabled the web interface for sidekiq-unique-jobs out of caution. If you need it, you can re-enable it by setting ENABLE_SIDEKIQ_UNIQUE_JOBS_UI=true. If you only need to clear all locks, you can now use bundle exec rake sidekiq_unique_jobs:delete_all_locks.
  • Update the nokogiri dependency (see GHSA-xc9x-jj77-9p9j)
  • Disable administrative Doorkeeper routes (ThisIsMissEm)
  • Fix ongoing streaming sessions not being invalidated when applications get deleted in some cases (GHSA-7w3c-p9j8-mq3x) In some rare cases, the streaming server was not notified of access tokens revocation on application deletion.
  • Change external authentication behavior to never reattach a new identity to an existing user by default (GHSA-vm39-j3vx-pch3) Up until now, Mastodon has allowed new identities from external authentication providers to attach to an existing local user based on their verified e-mail address. This allowed upgrading users from a database-stored password to an external authentication provider, or move from one authentication provider to another. However, this behavior may be unexpected, and means that when multiple authentication providers are configured, the overall security would be that of the least secure authentication provider. For these reasons, this behavior is now locked under the ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH environment variable. In addition, regardless of this environment variable, Mastodon will refuse to attach two identities from the same authentication provider to the same account.

[4.2.5] - 2024-02-01

Security

[4.2.4] - 2024-01-24

Fixed

  • Fix error when processing remote files with unusually long names (ClearlyClaire)
  • Fix processing of compacted single-item JSON-LD collections (ClearlyClaire)
  • Retry 401 errors on replies fetching (ShadowJonathan)
  • Fix RecordNotUnique errors in LinkCrawlWorker (tribela)
  • Fix Mastodon not correctly processing HTTP Signatures with query strings (ClearlyClaire, ClearlyClaire)
  • Fix potential redirection loop of streaming endpoint (ClearlyClaire)
  • Fix streaming API redirection ignoring the port of streaming_api_base_url (ClearlyClaire)
  • Fix error when processing link preview with an array as inLanguage (ClearlyClaire)
  • Fix unsupported time zone or locale preventing sign-up (Gargron)
  • Fix "Hide these posts from home" list setting not refreshing when switching lists (brianholley)
  • Fix missing background behind dismissable banner in web UI (Gargron)
  • Fix line wrapping of language selection button with long locale codes (gunchleoc, ClearlyClaire)
  • Fix Undo Announce activity not being sent to non-follower authors (MitarashiDango)
  • Fix N+1s because of association preloaders not actually getting called (ClearlyClaire)
  • Fix empty column explainer getting cropped under certain conditions (ClearlyClaire)
  • Fix LinkCrawlWorker error when encountering empty OEmbed response (ClearlyClaire)
  • Fix call to inefficient delete_matched cache method in domain blocks (ClearlyClaire)

Security

  • Add rate-limit of TOTP authentication attempts at controller level (ClearlyClaire)

[4.2.3] - 2023-12-05

Fixed

  • Fix dependency on json-canonicalization version that has been made unavailable since last release

[4.2.2] - 2023-12-04

Changed

  • Change dismissed banners to be stored server-side (ClearlyClaire)
  • Change GIF max matrix size error to explicitly mention GIF files (ClearlyClaire)
  • Change Follow activities delivery to bypass availability check (ShadowJonathan)
  • Change single-column navigation notice to be displayed outside of the logo container (renchap, renchap)
  • Change Content-Security-Policy to be tighter on media paths (ClearlyClaire)
  • Change post language code to include country code when relevant (gunchleoc, ClearlyClaire)

Fixed

  • Fix upper border radius of onboarding columns (ClearlyClaire)
  • Fix incoming status creation date not being restricted to standard ISO8601 (ClearlyClaire, ClearlyClaire)
  • Fix some posts from threads received out-of-order sometimes not being inserted into timelines (ClearlyClaire)
  • Fix posts from force-sensitized accounts being able to trend (ClearlyClaire)
  • Fix error when trying to delete already-deleted file with OpenStack Swift (ClearlyClaire)
  • Fix batch attachment deletion when using OpenStack Swift (ClearlyClaire)
  • Fix processing LDSigned activities from actors with unknown public keys (ClearlyClaire)
  • Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (ClearlyClaire)
  • Fix report processing notice not mentioning the report number when performing a custom action (ClearlyClaire)
  • Fix handling of inLanguage attribute in preview card processing (ClearlyClaire)
  • Fix own posts being removed from home timeline when unfollowing a used hashtag (kmycode)
  • Fix some link anchors being recognized as hashtags (ClearlyClaire, ClearlyClaire)
  • Fix format-dependent redirects being cached regardless of requested format (ClearlyClaire)

[4.2.1] - 2023-10-10

Added

  • Add redirection on /deck URLs for logged-out users (ClearlyClaire)
  • Add support for v4.2.0 migrations to tootctl maintenance fix-duplicates (ClearlyClaire)

Changed

  • Change some worker lock TTLs to be shorter-lived (ClearlyClaire)
  • Change user archive export allowed period from 7 days to 6 days (suddjian)

Fixed

  • Fix duplicate reports being sent when reporting some remote posts (ClearlyClaire)
  • Fix clicking on already-opened thread post scrolling to the top of the thread (ClearlyClaire, ClearlyClaire, ClearlyClaire)
  • Fix some remote posts getting truncated (ClearlyClaire)
  • Fix some cases of infinite scroll code trying to fetch inaccessible posts in a loop (ClearlyClaire)
  • Fix Vary headers not being set on some redirects (ClearlyClaire)
  • Fix mentions being matched in some URL query strings (mjankowski)
  • Fix unexpected linebreak in version string in the Web UI (vmstan)
  • Fix double scroll bars in some columns in advanced interface (ClearlyClaire)
  • Fix boosts of local users being filtered in account timelines (ClearlyClaire)
  • Fix multiple instances of the trend refresh scheduler sometimes running at once (ClearlyClaire)
  • Fix importer returning negative row estimates (jgillich)
  • Fix incorrectly keeping outdated update notices absent from the API endpoint (ClearlyClaire)
  • Fix import progress not updating on certain failures (ClearlyClaire)
  • Fix websocket connections being incorrectly decremented twice on errors (ThisIsMissEm)
  • Fix explore prompt appearing because of posts being received out of order (ClearlyClaire)
  • Fix explore prompt sometimes showing up when the home TL is loading (ClearlyClaire)
  • Fix link handling of mentions in user profiles when logged out (ClearlyClaire)
  • Fix filtering audit log for entries about disabling 2FA (ClearlyClaire)
  • Fix notification toasts not respecting reduce-motion (c960657)
  • Fix retention dashboard not displaying correct month (vmstan)
  • Fix tIME chunk not being properly removed from PNG uploads (TheEssem)
  • Fix division by zero in video in bitrate computation code (ClearlyClaire)
  • Fix inefficient queries in “Follows and followers” as well as several admin pages (ClearlyClaire, ClearlyClaire)
  • Fix ActiveRecord using two connection pools when no replica is defined (ClearlyClaire)
  • Fix the search documentation URL in system checks (renchap)

[4.2.0] - 2023-09-21

The following changelog entries focus on changes visible to users, administrators, client developers or federated software developers, but there has also been a lot of code modernization, refactoring, and tooling work, in particular by @danielmbrasil, @mjankowski, @nschonni, @renchap, and @takayamaki.

Added

Changed

  • Change hashtags to be displayed separately when they are the last line of a post (renchap, renchap, renchap)
  • Change reblogs to be excluded from "Posts and replies" tab in web UI (Gargron)
  • Change interaction modal in web interface (Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire, mgmn, tribela, ClearlyClaire, ClearlyClaire)
  • Change design of link previews in web UI (Gargron, ClearlyClaire, Gargron, Gargron, Gargron, Gargron, c960657)
  • Change "direct message" nomenclature to "private mention" in web UI (Gargron)
  • Change translation feature to cover Content Warnings, poll options and media descriptions (c960657, S-H-GAMELINKS, c960657, ClearlyClaire)
  • Change account search to match by text when opted-in (jsgoldstein, Gargron)
  • Change import feature to be clearer, less error-prone and more reliable (ClearlyClaire, mgmn)
  • Change local and federated timelines to be tabs of a single “Live feeds” column (ClearlyClaire, Gargron, mgmn, Plastikmensch, ClearlyClaire)
  • Change user archive export to be faster and more reliable, and export .zip archives instead of .tar.gz ones (ClearlyClaire, TheEssem)
  • Change mastodon-streaming systemd unit files to be templated (e-nomem)
  • Change statsd integration to disable sidekiq metrics by default (mjankowski, mjankowski, ClearlyClaire) This deprecates statsd support and disables the sidekiq integration unless STATSD_SIDEKIQ is set to true. This is because the nsa gem is unmaintained, and its sidekiq integration is known to add very significant overhead. Later versions of Mastodon will have other ways to get the same metrics.
  • Change replica support to native Rails adapter (krainboltgreene, Gargron, Gargron, Gargron, Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire) This is a breaking change, dropping makara support, and requiring you to update your database configuration if you are using replicas. To tell Mastodon to use a read replica, you can either set the REPLICA_DB_NAME environment variable (along with REPLICA_DB_USER, REPLICA_DB_PASS, REPLICA_DB_HOST, and REPLICA_DB_PORT, if they differ from the primary database), or the REPLICA_DATABASE_URL environment variable if your configuration is based on DATABASE_URL.
  • Change DCT method used for JPEG encoding to float (electroCutie)
  • Change from node-redis to ioredis for streaming (gmemstr)
  • Change private statuses index to index without crutches (ClearlyClaire)
  • Change video compression parameters (Gargron, Gargron, Gargron, Gargron)
  • Change admin e-mail notification settings to be their own settings group (ClearlyClaire)
  • Change opacity of the delete icon in the search field to be more visible (AntoninDelFabbro)
  • Change Account Search to prioritize username over display name (jsgoldstein)
  • Change follow recommendation materialized view to be faster in most cases (renchap, ClearlyClaire)
  • Change robots.txt to block GPTBot (Foritus)
  • Change header of hashtag timelines in web UI (Gargron, ClearlyClaire)
  • Change streaming /metrics to include additional metrics (ThisIsMissEm, ThisIsMissEm)
  • Change indexing frequency from 5 minutes to 1 minute, add locks to schedulers (Gargron)
  • Change column link to add a better keyboard focus indicator (teeerevor)
  • Change poll form element colors to fit with the rest of the ui (teeerevor, teeerevor, ClearlyClaire)
  • Change 'favourite' to 'favorite' for American English (marekr, gunchleoc, nabijaczleweli)
  • Change ActivityStreams representation of suspended accounts to not use a blank name (ClearlyClaire)
  • Change focus UI for keyboard only input (teeerevor, Gargron, Gargron)
  • Change thread view to scroll to the selected post rather than the post being replied to (ClearlyClaire)
  • Change links in multi-column mode so tabs are open in single-column mode (Signez, Signez, ClearlyClaire, Signez, Signez)
  • Change searching with # to include account index (jsgoldstein)
  • Change label and design of sensitive and unavailable media in web UI (Gargron, Gargron, Gargron)
  • Change button colors to increase hover/focus contrast and consistency (teeerevor, Gargron)
  • Change dropdown icon above compose form from ellipsis to bars in web UI (Gargron)
  • Change header backgrounds to use fewer different colors in web UI (Gargron)
  • Change files to be deleted in batches instead of one-by-one (Gargron, S-H-GAMELINKS, ClearlyClaire)
  • Change emoji picker icon (iparr)
  • Change edit profile page (Gargron, c960657)
  • Change "bot" label to "automated" (Gargron)
  • Change design of dropdowns in web UI (Gargron)
  • Change wording of “Content cache retention period” setting to highlight destructive implications (ClearlyClaire)
  • Change autolinking to allow carets in URL search params (renchap)
  • Change share action from being in action bar to being in dropdown in web UI (Gargron)
  • Change sessions to be ordered from most-recent to least-recently updated (frankieroberto)
  • Change vacuum scheduler to also delete expired tokens and unused application records (ClearlyClaire, ClearlyClaire)
  • Change "Sign in" to "Login" (Gargron)
  • Change domain suspensions to also be checked before trying to fetch unknown remote resources (ClearlyClaire)
  • Change media components to use aspect-ratio rather than compute height themselves (ClearlyClaire, ClearlyClaire, ClearlyClaire)
  • Change logo version in header based on screen size in web UI (Gargron)
  • Change label from "For you" to "People" on explore screen in web UI (Gargron)
  • Change logged-out WebUI HTML pages to be cached for a few seconds (ClearlyClaire)
  • Change unauthenticated responses to be cached in REST API (Gargron, ClearlyClaire, ClearlyClaire)
  • Change HTTP caching logic (Gargron, ClearlyClaire)
  • Change hashtags and mentions in bios to open in-app in web UI (Gargron)
  • Change styling of the recommended accounts to allow bio to be more visible (chike00)
  • Change account search in moderation interface to allow searching by username including the leading @ (HeitorMC)
  • Change all components to use the same error page in web UI (Gargron)
  • Change search pop-out in web UI (Gargron)
  • Change user settings to be stored in a more optimal way (Gargron, c960657, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron, Gargron, ClearlyClaire, jsgoldstein, ClearlyClaire, ClearlyClaire)
  • Change media upload limits and remove client-side resizing (Gargron)
  • Change design of account rows in web UI (Gargron, Gargron, Gargron, ClearlyClaire)
  • Change log-out to use Single Logout when using external log-in through OIDC (CSDUMMI)
  • Change sidekiq-bulk's batch size from 10,000 to 1,000 jobs in one Redis call (ClearlyClaire)
  • Change translation to only be offered for supported languages (c960657, c960657) This adds the /api/v1/instance/translation_languages REST API endpoint that returns an object with the supported translation language pairs in the form:
    {
      "fr": ["en", "de"]
    }
    
    (where fr is a supported source language and en and de or supported output language when translating a fr string)
  • Change compose form checkbox to native input with appearance: none (ClearlyClaire)
  • Change posts' clickable area to be larger (c960657)
  • Change followed_by link to location=all if account is local on /admin/accounts/:id page (tribela)

Removed

  • Remove support for Node.js 14 (renchap)
  • Remove support for Ruby 2.7 (nschonni)
  • Remove clustering from streaming API (ThisIsMissEm)
  • Remove anonymous access to the streaming API (ClearlyClaire)
  • Remove obfuscation of reply count in web UI (Gargron)
  • Remove kmr from language selection, as it was a duplicate for ku (gunchleoc, ClearlyClaire)
  • Remove 16:9 cropping from web UI (Gargron)
  • Remove back button from bookmarks, favourites and lists screens in web UI (Gargron)
  • Remove display name input from sign-up form (Gargron)
  • Remove tai locale (c960657)
  • Remove empty Kushubian (csb) local files (nschonni)
  • Remove Permissions-Policy header from all responses (Gargron)

Fixed

  • Fix filters not being applying in the explore page (ClearlyClaire)
  • Fix being unable to load past a full page of filtered posts in Home timeline (ClearlyClaire)
  • Fix log-in flow when involving both OAuth and external authentication (CSDUMMI)
  • Fix broken links in account gallery (c960657)
  • Fix migration handler not updating lists (ClearlyClaire)
  • Fix crash when viewing a moderation appeal and the moderator account has been deleted (xrobau)
  • Fix error in Web UI when server rules cannot be fetched (ClearlyClaire)
  • Fix paragraph margins resulting in irregular read-more cut-off in web UI (Gargron)
  • Fix notification permissions being requested immediately after login (ClearlyClaire)
  • Fix performances of profile directory (ClearlyClaire, ClearlyClaire)
  • Fix mute button and volume slider feeling disconnected in web UI (Gargron, ClearlyClaire)
  • Fix “Scoped order is ignored, it's forced to be batch order.” warnings (ClearlyClaire)
  • Fix blocked domain appearing in account feeds (ClearlyClaire)
  • Fix invalid Content-Type header for WebP images (c960657)
  • Fix minor inefficiencies in tootctl search deploy (ClearlyClaire)
  • Fix filter form in profiles directory overflowing instead of wrapping (arbolitoloco1)
  • Fix sign up steps progress layout in right-to-left locales (ClearlyClaire)
  • Fix bug with “favorited by” and “reblogged by“ view on posts only showing up to 40 items (timothyjrogers, timothyjrogers)
  • Fix bad search type heuristic (Gargron)
  • Fix not being able to negate prefix clauses in search (Gargron)
  • Fix timeout on invalid set of exclusionary parameters in /api/v1/timelines/public (danielmbrasil)
  • Fix adding column with default value taking longer on Postgres >= 11 (Gargron)
  • Fix light theme select option for hashtags (teeerevor)
  • Fix AVIF attachments (c960657)
  • Fix incorrect URL normalization when fetching remote resources (c960657, c960657)
  • Fix being unable to filter posts for individual Chinese languages (gunchleoc)
  • Fix preview card sometimes linking to 4xx error pages (c960657)
  • Fix emoji picker button scrolling with textarea content in single-column view (ClearlyClaire)
  • Fix missing border on error screen in light theme in web UI (Gargron)
  • Fix UI overlap with the loupe icon in the Explore Tab (gol-cha)
  • Fix unexpected redirection to /explore after sign-in (ClearlyClaire)
  • Fix /api/v1/statuses/:id/unfavourite and /api/v1/statuses/:id/unreblog returning non-updated counts (c960657)
  • Fix clicking the “Back” button sometimes leading out of Mastodon (c960657, CSFlorin, S-H-GAMELINKS, ClearlyClaire)
  • Fix processing of null ActivityPub activities (tribela)
  • Fix hashtag posts not being removed from home feed on hashtag unfollow (ClearlyClaire)
  • Fix for "follows you" indicator in light web UI not readable (vmstan)
  • Fix incorrect line break between icon and number of reposts & favourites (edent)
  • Fix sounds not being loaded from assets host (Signez)
  • Fix buttons showing inconsistent styles (teeerevor, ClearlyClaire, ClearlyClaire, ClearlyClaire)
  • Fix trend calculation working on too many items at a time (Gargron)
  • Fix dropdowns being disabled for logged out users in web UI (Gargron, ClearlyClaire)
  • Fix explore page being inaccessible when opted-out of trends in web UI (Gargron)
  • Fix re-activated accounts possibly getting deleted by AccountDeletionWorker (ClearlyClaire)
  • Fix /api/v2/search not working with following query param (danielmbrasil)
  • Fix inefficient query when requesting a new confirmation email from a logged-in account (ClearlyClaire)
  • Fix unnecessary concurrent calls to /api/*/instance in web UI (mgmn)
  • Fix resolving local URL for remote content (ClearlyClaire)
  • Fix search not being easily findable on smaller screens in web UI (Gargron, ClearlyClaire)
  • Fix j/k keyboard shortcuts on some status lists (ClearlyClaire)
  • Fix missing validation on default_privacy setting (ClearlyClaire)
  • Fix incorrect pagination headers in /api/v2/admin/accounts (danielmbrasil)
  • Fix non-interactive upload container being given a button role and tabIndex (ClearlyClaire)
  • Fix always redirecting to onboarding in web UI (Gargron)
  • Fix inconsistent use of middle dot (·) instead of bullet (•) to separate items (j-f1)
  • Fix spacing of middle dots in the detailed status meta section (j-f1)
  • Fix prev/next buttons color in media viewer (renchap)
  • Fix email addresses not being properly updated in tootctl maintenance fix-duplicates (mjankowski)
  • Fix unicode surrogate pairs sometimes being broken in page title (eai04191)
  • Fix various inefficient queries against account domains (ClearlyClaire)
  • Fix video player offering to expand in a lightbox when it's in an iframe (ClearlyClaire)
  • Fix post embed previews (ClearlyClaire)
  • Fix inadequate error handling in several API controllers when given invalid parameters (danielmbrasil, danielmbrasil, danielmbrasil, danielmbrasil, danielmbrasil, danielmbrasil)
  • Fix uncaught ActiveRecord::StatementInvalid in Mastodon::IpBlocksCLI (danielmbrasil)
  • Fix various edge cases with local moves (ClearlyClaire)
  • Fix tootctl accounts cull crashing when encountering a domain resolving to a private address (ClearlyClaire)
  • Fix tootctl accounts approve --number N not aproving the N earliest registrations (danielmbrasil)
  • Fix being unable to clear media description when editing posts (c960657)
  • Fix unavailable translations not falling back to English (mgmn)
  • Fix anonymous visitors getting a session cookie on first visit (ClearlyClaire, ClearlyClaire, ClearlyClaire)
  • Fix cutting off first letter of hashtag links sometimes in web UI (Gargron)
  • Fix crash in tootctl accounts create --reattach --force (ClearlyClaire, danielmbrasil)
  • Fix characters being emojified even when using Variation Selector 15 (text) (ClearlyClaire, ClearlyClaire)
  • Fix uncaught ActiveRecord::StatementInvalid exception in Mastodon::AccountsCLI#approve (danielmbrasil)
  • Fix email confirmation skip option in tootctl accounts modify USERNAME --email EMAIL --confirm (danielmbrasil)
  • Fix tooltip for dates without time (c960657)
  • Fix missing loading spinner and loading more on scroll in Private Mentions column (c960657)
  • Fix account header image missing from /settings/profile on narrow screens (c960657)
  • Fix height of announcements not being updated when using reduced animations (c960657)
  • Fix inconsistent radius in advanced interface drawer (thislight)
  • Fix loading more trending posts on scroll in the advanced interface (OmmyZhang)
  • Fix poll ending notification for edited polls (c960657)
  • Fix max width of media in /about and /privacy-policy (mgmn)
  • Fix streaming API not being usable without DATABASE_URL (Gargron)
  • Fix external authentication not running onboarding code for new users (ClearlyClaire)

[4.1.8] - 2023-09-19

Fixed

  • Fix post edits not being forwarded as expected (ClearlyClaire)
  • Fix moderator rights inconsistencies (ClearlyClaire)
  • Fix crash when encountering invalid URL (ClearlyClaire)
  • Fix cached posts including stale stats (ClearlyClaire)
  • Fix uploading of video files for which ffprobe reports 0/0 average framerate (NicolaiSoeborg)
  • Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (yufushiro)

Security

[4.1.7] - 2023-09-05

Changed

  • Change remote report processing to accept reports with long comments, but truncate them (ThisIsMissEm)

Fixed

  • Fix blocking subdomains of an already-blocked domain (ClearlyClaire)
  • Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (danielmbrasil)
  • Fix inefficiencies in PlainTextFormatter (ClearlyClaire)

[4.1.6] - 2023-07-31

Fixed

[4.1.5] - 2023-07-21

Added

  • Add check preventing Sidekiq workers from running with Makara configured (ClearlyClaire)

Changed

  • Change request timeout handling to use a longer deadline (ClearlyClaire)

Fixed

  • Fix moderation interface for remote instances with a .zip TLD (ClearlyClaire)
  • Fix remote accounts being possibly persisted to database with incomplete protocol values (ClearlyClaire)
  • Fix trending publishers table not rendering correctly on narrow screens (vmstan)

Security

[4.1.4] - 2023-07-07

Fixed

  • Fix branding:generate_app_icons failing because of disallowed ICO coder (ClearlyClaire)
  • Fix crash in admin interface when viewing a remote user with verified links (ClearlyClaire)
  • Fix processing of media files with unusual names (ClearlyClaire)

[4.1.3] - 2023-07-06

Added

  • Add fallback redirection when getting a webfinger query LOCAL_DOMAIN@LOCAL_DOMAIN (ClearlyClaire)

Changed

  • Change OpenGraph-based embeds to allow fullscreen (ClearlyClaire)
  • Change AccessTokensVacuum to also delete expired tokens (ClearlyClaire)
  • Change profile updates to be sent to recently-mentioned servers (ClearlyClaire)
  • Change automatic post deletion thresholds and load detection (ClearlyClaire)
  • Change /api/v1/statuses/:id/history to always return at least one item (ClearlyClaire)
  • Change auto-linking to allow carets in URL query params (renchap)

Removed

Fixed

Security

  • Add finer permission requirements for managing webhooks (ClearlyClaire)
  • Update dependencies
  • Add hardening headers for user-uploaded files (ClearlyClaire)
  • Fix verified links possibly hiding important parts of the URL (CVE-2023-36462)
  • Fix timeout handling of outbound HTTP requests (CVE-2023-36461)
  • Fix arbitrary file creation through media processing (CVE-2023-36460)
  • Fix possible XSS in preview cards (CVE-2023-36459)

[4.1.2] - 2023-04-04

Fixed

  • Fix crash in tootctl commands making use of parallelization when Elasticsearch is enabled (ClearlyClaire, ClearlyClaire)
  • Fix crash in db:setup when Elasticsearch is enabled (rrgeorge)
  • Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (ClearlyClaire)
  • Fix invalid/expired invites being processed on sign-up (ClearlyClaire)

Security

  • Update Ruby to 3.0.6 due to ReDoS vulnerabilities (saizai)
  • Fix unescaped user input in LDAP query (ClearlyClaire)

[4.1.1] - 2023-03-16

Added

  • Add redirection from paths with url-encoded @ to their decoded form (thijskh)
  • Add lang attribute to native language names in language picker in Web UI (ClearlyClaire)
  • Add headers to outgoing mails to avoid auto-replies (ClearlyClaire)
  • Add support for refreshing many accounts at once with tootctl accounts refresh (9p4)
  • Add confirmation modal when clicking to edit a post with a non-empty compose form (PauloVilarinho)
  • Add support for the HAproxy PROXY protocol through the PROXY_PROTO_V1 environment variable (CSDUMMI)
  • Add SENDFILE_HEADER environment variable (Gargron)
  • Add cache headers to static files served through Rails (Gargron)

Changed

  • Increase contrast of upload progress bar background (toolmantim)
  • Change post auto-deletion throttling constants to better scale with server size (ClearlyClaire)
  • Change order of bookmark and favourite sidebar entries in single-column UI for consistency (TerryGarcia)
  • Change ActivityPub::DeliveryWorker retries to be spread out more (ClearlyClaire)

Fixed

  • Fix “Remove all followers from the selected domains” also removing follows and notifications (ClearlyClaire)
  • Fix streaming metrics format (emilweth, emilweth)
  • Fix case-sensitive check for previously used hashtags in hashtag autocompletion (deanveloper)
  • Fix focus point of already-attached media not saving after edit (ClearlyClaire)
  • Fix sidebar behavior in settings/admin UI on mobile (wxt2005)
  • Fix inefficiency when searching accounts per username in admin interface (ClearlyClaire)
  • Fix duplicate “Publish” button on mobile (ClearlyClaire)
  • Fix server error when failing to follow back followers from /relationships (ClearlyClaire)
  • Fix server error when attempting to display the edit history of a trendable post in the admin interface (ClearlyClaire)
  • Fix tootctl accounts migrate crashing because of a typo (ClearlyClaire)
  • Fix original account being unfollowed on migration before the follow request to the new account could be sent (ClearlyClaire)
  • Fix the “Back” button in column headers sometimes leaving Mastodon (c960657)
  • Fix pgBouncer resetting application name on every transaction (Gargron)
  • Fix unconfirmed accounts being counted as active users (ClearlyClaire)
  • Fix /api/v1/streaming sub-paths not being redirected (ClearlyClaire)
  • Fix drag'n'drop upload area text that spans multiple lines not being centered (vintprox)
  • Fix sidekiq jobs not triggering Elasticsearch index updates (ClearlyClaire)
  • Fix tags being unnecessarily stripped from plain-text short site description (c960657)
  • Fix HTML entities not being un-escaped in extracted plain-text from remote posts (c960657)
  • Fix dashboard crash on ElasticSearch server error (ClearlyClaire)
  • Fix incorrect post links in strikes when the account is remote (ClearlyClaire)
  • Fix misleading error code when receiving invalid WebAuthn credentials (ClearlyClaire)
  • Fix duplicate mails being sent when the SMTP server is too slow to close the connection (ClearlyClaire)

Security

  • Change user backups to use expiring URLs for download when possible (Gargron)
  • Add warning for object storage misconfiguration (ClearlyClaire)

[4.1.0] - 2023-02-10

Added

  • Add support for importing/exporting server-wide domain blocks (enbylenore, ClearlyClaire, dariusk, ClearlyClaire)
  • Add listing of followed hashtags (connorshea)
  • Add support for editing media description and focus point of already-sent posts (ClearlyClaire)
    • Previously, you could add and remove attachments, but not edit media description of already-attached media
    • REST API changes:
      • PUT /api/v1/statuses/:id now takes an extra media_attributes[] array parameter with the id of the updated media and their updated description, focus, and thumbnail
  • Add follow request banner on account header (ClearlyClaire)
    • REST API changes:
      • Relationship entities have an extra requested_by boolean attribute representing whether the represented user has requested to follow you
  • Add confirmation screen when handling reports (ClearlyClaire, Gargron, tribela)
  • Add option to make the landing page be /about even when trends are enabled (ClearlyClaire)
  • Add noindex setting back to the admin interface (prplecake)
  • Add instance peers API endpoint toggle back to the admin interface (dariusk)
  • Add instance activity API endpoint toggle back to the admin interface (dariusk)
  • Add setting for status page URL (Gargron, ClearlyClaire)
    • REST API changes:
      • Add configuration.urls.status attribute to the object returned by GET /api/v2/instance
  • Add account.approved webhook (Saiv46)
  • Add 12 hours option to polls (Pleclown)
  • Add dropdown menu item to open admin interface for remote domains (ClearlyClaire)
  • Add --remove-headers, --prune-profiles and --include-follows flags to tootctl media remove (evanphilip)
  • Add --email and --dry-run options to tootctl accounts delete (ClearlyClaire)
  • Add tootctl accounts migrate (ClearlyClaire)
  • Add tootctl accounts prune (tribela)
  • Add tootctl domains purge (ClearlyClaire)
  • Add SIDEKIQ_CONCURRENCY environment variable (muffinista)
  • Add DB_POOL environment variable support for streaming server (Gargron)
  • Add MIN_THREADS environment variable to set minimum Puma threads (jimeh)
  • Add explanation text to log-in page (ClearlyClaire)
  • Add user profile OpenGraph tag on post pages (bramus)
  • Add maskable icon support for Android (workeffortwaste)
  • Add Belarusian to supported languages (Mixaill)
  • Add Western Frisian to supported languages (ykzts)
  • Add Montenegrin to the language picker (ayefries)
  • Add Southern Sami and Lule Sami to the language picker (Jullan-M)
  • Add logging for Rails cache timeouts (ClearlyClaire)
  • Add color highlight for active hashtag “follow” button (MFTabriz)
  • Add brotli compression to assets:precompile (Izorkin)
  • Add “disabled” account filter to the /admin/accounts UI (tribela)
  • Add transparency to modal background for accessibility (edent)
  • Add lang attribute to image description textarea and poll option field (c960657)
  • Add spellcheck attribute to Content Warning and poll option input fields (c960657)
  • Add title attribute to video elements in media attachments (bramus)
  • Add left and right margins to emojis (dsblank)
  • Add roles attribute to Account entities in REST API (ClearlyClaire, tribela)
  • Add reading:autoplay:gifs to /api/v1/preferences (j-f1)
  • Add hide_collections parameter to /api/v1/accounts/credentials (CarlSchwan)
  • Add policy attribute to web push subscription objects in REST API at /api/v1/push/subscriptions (ClearlyClaire)
  • Add metrics endpoint to streaming API (Gargron, Gargron)
  • Add more specific error messages to HTTP signature verification (ClearlyClaire)
  • Add Storj DCS to cloud object storage options in the mastodon:setup rake task (jtolio)
  • Add checkmark symbol in the checkbox for sensitive media (sidp)
  • Add missing accessibility attributes to logout link in modals (kytta)
  • Add missing accessibility attributes to “Hide image” button in MediaGallery (hs4man21)
  • Add missing accessibility attributes to hide content warning field when disabled (hs4man21)
  • Add aria-hidden to footer circle dividers to improve accessibility (hs4man21)
  • Add lang attribute to compose form inputs (ClearlyClaire)

Changed

  • Ensure exact match is the first result in hashtag searches (ClearlyClaire)
  • Change account search to return followed accounts first (dariusk)
  • Change batch account suspension to create a strike (ClearlyClaire)
  • Change default reply language to match the default language when replying to a translated post (ClearlyClaire)
  • Change misleading wording about waitlists (ClearlyClaire)
  • Increase width of the unread notification border (connorshea)
  • Change new post notification button on profiles to make it more apparent when it is enabled (tribela)
  • Change trending tags admin interface to always show batch action controls (ClearlyClaire)
  • Change wording of some OAuth scope descriptions (ClearlyClaire)
  • Change wording of admin report handling actions (ClearlyClaire)
  • Change confirm prompts for relationships management (tribela)
  • Change language surrounding disability in prompts for media descriptions (hs4man21)
  • Change confusing wording in the sign in banner (ClearlyClaire)
  • Change POST /settings/applications/:id to regenerate token on scopes change (ClearlyClaire)
  • Change account moderation notes to make links clickable (ClearlyClaire)
  • Change link previews for statuses to never use avatar as fallback (Gargron)
  • Change email address input to be read-only for logged-in users when requesting a new confirmation e-mail (ClearlyClaire)
  • Change notifications per page from 15 to 40 in REST API (Gargron)
  • Change number of stored items in home feed from 400 to 800 (Gargron)
  • Change API rate limits from 300/5min per user to 1500/5min per user, 300/5min per app (Gargron)
  • Save avatar or header correctly even if the other one fails (tribela)
  • Change referrer-policy to same-origin application-wide (ClearlyClaire, ClearlyClaire)
  • Add 'private' to Cache-Control, match Rails expectations (daxtens)
  • Make the button that expands the compose form differentiable from the button that publishes a post (Tak)
  • Change automatic post deletion configuration to be accessible to moved users (ClearlyClaire)
  • Make tag following idempotent (trwnh, ClearlyClaire)
  • Use buildx functions for faster builds (inductor)
  • Split off Dockerfile components for faster builds (moritzheiber, ineffyble, BtbN)
  • Change last occurrence of “silence” to “limit” in UI text (cincodenada)
  • Change “hide toot” to “hide post” (seanthegeek)
  • Don't allow URLs that contain non-normalized paths to be verified (dgl)
  • Change the “Trending now” header to be a link to the Explore page (connorshea)
  • Change PostgreSQL connection timeout from 2 minutes to 15 seconds (ClearlyClaire)
  • Make handle more easily selectable on profile page (cadars)
  • Allow admins to refresh remotely-suspended accounts (ClearlyClaire)
  • Change dropdown menu to contain “Copy link to post” even for non-public posts (ClearlyClaire)
  • Allow adding relays in secure mode and limited federation mode (ineffyble)
  • Change timestamps to be displayed using the user's timezone throughout the moderation interface (FrancisMurillo, ClearlyClaire)
  • Change CSP directives on API to be tight and concise (ClearlyClaire)
  • Change web UI to not autofocus the compose form (raboof, Akkiesoft)
  • Change idempotency key handling for posting when database access is slow (lambda)
  • Change remote media files to be downloaded outside of transactions (ClearlyClaire)
  • Improve contrast of charts in “poll has ended” notifications (j-f1)
  • Change OEmbed detection and validation to be somewhat more lenient (ineffyble)
  • Widen ElasticSearch version detection to not display a warning for OpenSearch (VyrCossont, ClearlyClaire)
  • Change link verification to allow pages larger than 1MB as long as the link is in the first 1MB (untitaker)
  • Update default Node.js version to Node.js 16 (ineffyble, ClearlyClaire)

Removed

  • Officially remove support for Ruby 2.6 (ClearlyClaire)
  • Remove object-fit polyfill used for old versions of Microsoft Edge (shuuji3)
  • Remove intersection-observer polyfill for old Safari support (shuuji3)
  • Remove empty title tag from mailer layout (nametoolong)
  • Remove post count and last posts from ActivityPub representation of hashtag collections (ClearlyClaire)

Fixed

  • Fix changing domain block severity not undoing individual account effects (ClearlyClaire)
  • Fix suspension worker crashing on S3-compatible setups without ACL support (ClearlyClaire)
  • Fix possible race conditions when suspending/unsuspending accounts (ClearlyClaire)
  • Fix being stuck in edit mode when deleting the edited posts (ClearlyClaire)
  • Fix attached media uploads not being cleared when replying to a post (ClearlyClaire)
  • Fix filters not being applied to some notification types (ClearlyClaire)
  • Fix incorrect link in push notifications for some event types (elizabeth-dev)
  • Fix some performance issues with /admin/instances (ClearlyClaire)
  • Fix some pre-4.0 admin audit logs (ClearlyClaire)
  • Fix moderation audit log items for warnings having incorrect links (ClearlyClaire)
  • Fix account activation being sometimes triggered before email confirmation (ClearlyClaire)
  • Fix missing OAuth scopes for admin APIs (trwnh, trwnh)
  • Fix voter count not being cleared when a poll is reset (afontenot)
  • Fix attachments of edited posts not being fetched (ClearlyClaire)
  • Fix irreversible and whole_word parameters handling in /api/v1/filters (ClearlyClaire)
  • Fix 500 error when marking posts as sensitive while some of them are deleted (ClearlyClaire)
  • Fix expanded posts not always being scrolled into view (ClearlyClaire)
  • Fix not being able to scroll the remote interaction modal on small screens (xendke)
  • Fix not being able to scroll in post history modal (cadars)
  • Fix audio player volume control on Safari (minacle)
  • Fix disappearing “Explore” tabs on Safari (nyura, ykzts)
  • Fix wrong padding in RTL layout (Gargron)
  • Fix drag & drop upload area display in single-column mode (ClearlyClaire)
  • Fix being unable to get a single EmailDomainBlock from the admin API (trwnh)
  • Fix admin-set follow recommandations being case-sensitive (ClearlyClaire)
  • Fix unserialized role on account entities in admin API (Gargron)
  • Fix pagination of followed tags (trwnh)
  • Fix dropdown menu positions when scrolling (sidp, ClearlyClaire)
  • Fix email with empty domain name labels passing validation (ClearlyClaire)
  • Fix mysterious registration failure when “Require a reason to join” is set with open registrations (ClearlyClaire)
  • Fix attachment rendering of edited posts in OpenGraph (ClearlyClaire)
  • Fix invalid/empty RSS feed link on account pages (ClearlyClaire)
  • Fix error in VerifyLinkService when processing links with no href (joshuap)
  • Fix error in VerifyLinkService when processing links with invalid URLs (untitaker)
  • Fix media uploads with FFmpeg 5 (dead10ck)
  • Fix sensitive flag not being set when replying to a post with a content warning under certain conditions (kedamaDQ)
  • Fix misleading message briefly showing up when loading follow requests under some conditions (c960657)
  • Fix “Share @:user's profile” profile menu item not working (ClearlyClaire)
  • Fix crash and incorrect behavior in tootctl domains crawl (ClearlyClaire)
  • Fix autoplay on iOS (jamesadney)
  • Fix user clean-up scheduler crash when an unconfirmed account has a moderation note (ClearlyClaire)
  • Fix spaces not being stripped in admin account search (ClearlyClaire)
  • Fix spaces not being stripped when adding relays (ClearlyClaire)
  • Fix infinite loading spinner instead of soft 404 for non-existing remote accounts (ClearlyClaire)
  • Fix minor visual issue with the top border of verified account fields (j-f1)
  • Fix pending account approval and rejection not being recorded in the admin audit log (FrancisMurillo)
  • Fix “Sign up” button with closed registrations not opening modal on mobile (ClearlyClaire)
  • Fix UI header overflowing on mobile (ClearlyClaire)
  • Fix 500 error when trying to migrate to an invalid address (ClearlyClaire)
  • Fix crash when trying to fetch unobtainable avatar of user using external authentication (lochiiconnectivity)
  • Fix processing error on incoming malformed JSON-LD under some situations (ClearlyClaire)
  • Fix potential duplicate posts in Explore tab (ClearlyClaire)
  • Fix deprecation warning in tootctl accounts rotate (ClearlyClaire)
  • Fix styling of featured tags in light theme (ClearlyClaire)
  • Fix missing style in warning and strike cards (AtelierSnek, ClearlyClaire)
  • Fix wasteful request to /api/v1/custom_emojis when not logged in (ClearlyClaire)
  • Fix replies sometimes being delivered to user-blocked domains (tribela)
  • Fix admin dashboard crash when using some ElasticSearch replacements (cortices)
  • Fix profile avatar being slightly offset into left border (RiedleroD)
  • Fix N+1 queries in NotificationsController (nametoolong)
  • Fix being unable to react to announcements with the keycap number sign emoji (kescherCode)
  • Fix height computation of post embeds (hodgesmr)
  • Fix accessibility issue of the search bar due to hidden placeholder (alexstine)
  • Fix layout change handler not being removed due to a typo (nschonni)
  • Fix typo in the default S3_HOSTNAME used in the mastodon:setup rake task (danp)
  • Fix the top action bar appearing in the multi-column layout (ClearlyClaire)
  • Fix inability to use local LibreTranslate without setting ALLOWED_PRIVATE_ADDRESSES (ClearlyClaire)
  • Fix punycoded local domains not being prettified in initial state (Tritlo)
  • Fix CSP violation warning by removing inline CSS from SVG logo (luxiaba)
  • Fix margin for search field on medium window size (minacle)
  • Fix search popout scrolling with the page in single-column mode (rgroothuijsen)
  • Fix minor post cache hydration discrepancy (ClearlyClaire)
  • Fix detection in hashtags (parthoghosh24)
  • Fix hashtag follows bypassing user blocks (tribela)
  • Fix moved accounts being incorrectly redirected to account settings when trying to view a remote profile (ClearlyClaire)
  • Fix site upload validations (ClearlyClaire)
  • Fix “Add new domain block” button using last submitted search value instead of the current one (ClearlyClaire)
  • Fix misleading hashtag warning when posting with “Followers only” or “Mentioned people only” visibility (n0toose)
  • Fix embedded posts with videos grabbing focus (Akkiesoft)
  • Fix $ not being escaped in .env.production files generated by the mastodon:setup rake task (ClearlyClaire, ClearlyClaire)
  • Fix sanitizer parsing link text as HTML when stripping unsupported links (ClearlyClaire)
  • Fix scheduled_at input not using datetime-local when editing announcements (ClearlyClaire)
  • Fix REST API serializer for Account not including moved when the moved account has itself moved (ClearlyClaire)
  • Fix /api/v1/admin/trends/tags using wrong serializer (ClearlyClaire)
  • Fix situations in which instance actor can be set to a Mastodon-incompatible name (ClearlyClaire)

Security

[4.0.2] - 2022-11-15

Fixed

  • Fix wrong color on mentions hidden behind content warning in web UI (Gargron)
  • Fix filters from other users being used in the streaming service (ClearlyClaire)
  • Fix unsafe-eval being used when wasm-unsafe-eval is enough in Content Security Policy (Gargron, prplecake)

[4.0.1] - 2022-11-14

Fixed

  • Fix nodes order being sometimes mangled when rewriting emoji (ClearlyClaire)

[4.0.0] - 2022-11-14

Some of the features in this release have been funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.

Added

Changed

Removed

  • Remove setting that disables account deletes (Gargron)
  • Remove digest e-mails (Gargron)
  • Remove unnecessary sections from welcome e-mail (Gargron)
  • Remove item titles from RSS feeds (Gargron)
  • Remove volume number from hashtags in web UI (Gargron)
  • Remove Nanobox configuration (tonyjiang)

Fixed

  • Fix rules with same priority being sorted non-deterministically (Gargron)
  • Fix error when invalid domain name is submitted (Gargron)
  • Fix icons having an image role (Gargron)
  • Fix connections to IPv6-only servers (ClearlyClaire)
  • Fix unnecessary service worker registration and preloading when logged out in web UI (ClearlyClaire)
  • Fix unnecessary and slow regex construction (raggi)
  • Fix mailers queue not being used for mailers (Gargron)
  • Fix error in webfinger redirect handling (ClearlyClaire)
  • Fix report category not being set to violation if rule IDs are provided (trwnh)
  • Fix nodeinfo metadata attribute being an array instead of an object (ClearlyClaire)
  • Fix account endorsements not being idempotent (trwnh)
  • Fix status and rule IDs not being strings in admin reports REST API (trwnh)
  • Fix error on invalid replies_policy in REST API (trwnh)
  • Fix redrafting a currently-editing post not leaving edit mode in web UI (ClearlyClaire)
  • Fix performance by avoiding method cache busts (raggi)
  • Fix opening the language picker scrolling the single-column view to the top in web UI (ClearlyClaire)
  • Fix content warning button missing aria-expanded attribute in web UI (ClearlyClaire)
  • Fix redundant aria-pressed attributes in web UI (Brawaru)
  • Fix crash when external auth provider has no display name set (ClearlyClaire)
  • Fix followers count not being updated when migrating follows (ClearlyClaire)
  • Fix double button to clear emoji search input in web UI (sunny)
  • Fix missing null check on applications on strike disputes (kescherCode)
  • Fix featured tags not saving preferred casing (Gargron)
  • Fix language not being saved when editing status (Gargron)
  • Fix not being able to input featured tag with hash symbol (Gargron)
  • Fix user clean-up scheduler crash when an unconfirmed account has a moderation note (ClearlyClaire)
  • Fix being unable to withdraw follow request when confirmation modal is disabled in web UI (ClearlyClaire)
  • Fix inaccurate admin log entry for re-sending confirmation e-mails (ClearlyClaire)
  • Fix edits not being immediately reflected (ClearlyClaire)
  • Fix bookmark import stopping at the first failure (ClearlyClaire)
  • Fix account action type validation (Gargron)
  • Fix upload progress not communicating processing phase in web UI (Gargron)
  • Fix wrong host being used for custom.css when asset host configured (Gargron)
  • Fix account migration form ever using outdated account data (Gargron, nightpool)
  • Fix error when uploading malformed CSV import (Gargron)
  • Fix avatars not using image tags in web UI (Gargron)
  • Fix handling of duplicate and out-of-order notifications in web UI (ClearlyClaire)
  • Fix reblogs being discarded after the reblogged status (ClearlyClaire)
  • Fix indexing scheduler trying to index when Elasticsearch is disabled (Gargron)
  • Fix n+1 queries when rendering initial state JSON (Gargron)
  • Fix n+1 query during status removal (Gargron)
  • Fix OCR not working due to Content Security Policy in web UI (prplecake)
  • Fix nofollow rel being removed in web UI (Gargron)
  • Fix language dropdown causing zoom on mobile devices in web UI (Gargron)
  • Fix button to dismiss suggestions not showing up in search results in web UI (ClearlyClaire)
  • Fix language dropdown sometimes not appearing in web UI (Gargron)
  • Fix quickly switching notification filters resulting in empty or incorrect list in web UI (ClearlyClaire, ClearlyClaire)
  • Fix media modal link button in web UI (ClearlyClaire)
  • Fix error upon successful account migration (Gargron)
  • Fix negatives values in search index causing queries to fail (Gargron, Gargron)
  • Fix error when searching for invalid URL (ClearlyClaire)
  • Fix IP blocks not having a unique index (Gargron)
  • Fix remote account in contact account setting not being used (Gargron)
  • Fix swallowing mentions of unconfirmed/unapproved users (ClearlyClaire)
  • Fix incorrect and slow cache invalidation when blocking domain and removing media attachments (ClearlyClaire)
  • Fix HTTPs redirect behaviour when running as I2P service (gi-yt)
  • Fix deleted pinned posts potentially counting towards the pinned posts limit (ClearlyClaire)
  • Fix compatibility with OpenSSL 3.0 (ClearlyClaire)
  • Fix error when a remote report includes a private post the server has no access to (ClearlyClaire)
  • Fix suspicious sign-in mails never being sent (ClearlyClaire)
  • Fix fallback locale when somehow user's locale is an empty string (tribela)
  • Fix avatar/header not being deleted locally when deleted on remote account (tribela)
  • Fix missing , in Blurhash validation (noellabo)
  • Fix order by most recent not working for relationships page in admin UI (tribela)
  • Fix uncaught error when invalid date is supplied to API (Gargron)
  • Fix REST API sometimes returning HTML on error (ClearlyClaire)
  • Fix ambiguous column names in tootctl media refresh (tribela)
  • Fix ambiguous column names in tootctl search deploy (mashirozx)
  • Fix CDN_HOST not being used in some asset URLs (tribela)
  • Fix CAS_DISPLAY_NAME, SAML_DISPLAY_NAME and OIDC_DISPLAY_NAME being ignored (ClearlyClaire)
  • Fix various typos in comments throughout the codebase (luzpaz)
  • Fix CSV import error when rows include unicode characters (HamptonMakes)

Security

  • Fix being able to spoof link verification (Gargron)
  • Fix emoji substitution not applying only to text nodes in backend code (ClearlyClaire)
  • Fix emoji substitution not applying only to text nodes in web UI (ClearlyClaire)
  • Fix rate limiting for paths with formats (Gargron)
  • Fix out-of-bound reads in blurhash transcoder (delroth)

[3.5.3] - 2022-05-26

Added

  • Add language dropdown to compose form in web UI (Gargron, ykzts)
  • Add warning for limited accounts in web UI (Gargron)
  • Add limited attribute to accounts in REST API (Gargron)

Changed

  • Change RSS feeds (Gargron, tribela)
    • Titles are now date and time of post
    • Bodies now render all content faithfully, including polls and emojis
    • All media attachments are included with Media RSS
  • Change "dangerous" to "sensitive" in privacy policy and web UI (Gargron)
  • Change unconfirmed accounts to not be visible in REST API (ClearlyClaire)
  • Change tootctl search deploy to improve performance (Gargron, Gargron)
  • Change search indexing to use batches to minimize resource usage (Gargron)

Fixed

  • Fix follower and other counters being able to go negative (Gargron)
  • Fix unnecessary query on when creating a status (ClearlyClaire)
  • Fix warning an account outside of a report closing all reports for that account (ClearlyClaire)
  • Fix error when resolving a link that redirects to a local post (ClearlyClaire)
  • Fix preferred posting language returning unusable value in REST API (Gargron)
  • Fix race condition error when external status is reblogged (ykzts)
  • Fix missing string for appeal validation error (Gargron)
  • Fix block/mute lists showing a follow button in web UI (ClearlyClaire)
  • Fix Redis configuration not being changed by mastodon:setup (ClearlyClaire)
  • Fix streaming notifications not using quick filter logic in web UI (ClearlyClaire)
  • Fix ambiguous wording on appeal actions in admin UI (ClearlyClaire)
  • Fix floating action button obscuring last element in web UI (ClearlyClaire)
  • Fix account warnings not being recorded in audit log (ClearlyClaire)
  • Fix leftover icons for direct visibility statuses (Steffo99)
  • Fix link verification requiring case sensitivity on links (sgolemon)
  • Fix embeds not setting their height correctly (rinsuki)

Security

  • Fix concurrent unfollowing decrementing follower count more than once (Gargron)
  • Fix being able to appeal a strike unlimited times (Gargron)
  • Fix being able to report otherwise inaccessible statuses (Gargron)
  • Fix empty votes arbitrarily increasing voters count in polls (Gargron)
  • Fix moderator identity leak when approving appeal of sensitive marked statuses (Gargron)
  • Fix suspended users being able to access APIs that don't require a user (Gargron)
  • Fix confirmation redirect to app without Location header (Gargron)

[3.5.2] - 2022-05-04

Added

  • Add warning on direct messages screen in web UI (Gargron)
    • We already had a warning when composing a direct message, it has now been reworded to be more clear
    • Same warning is now displayed when viewing sent and received direct messages
  • Add ability to set approval-based registration through tootctl (ClearlyClaire)
  • Add pre-filling of domain from search filter in domain allow/block admin UI (ClearlyClaire)

Changed

  • Change name of “Direct” visibility to “Mentioned people only” in web UI (Gargron, Gargron, ClearlyClaire)
  • Change trending posts to only show one post from each account (Gargron)
  • Change half-life of trending posts from 6 hours to 2 hours (Gargron)
  • Change full-text search feature to also include polls you have voted in (tribela)
  • Change Redis from using one connection per process, to using a connection pool (Gargron, ClearlyClaire, Gargron)
    • Different threads no longer have to wait on a mutex over a single connection
    • However, this does increase the number of Redis connections by a fair amount
    • We are planning to optimize Redis use so that the pool can be made smaller in the future

Removed

  • Remove IP matching from e-mail domain blocks (Gargron)
    • The IPs of the blocked e-mail domain or its MX records are no longer checked
    • Previously it was too easy to block e-mail providers by mistake

Fixed

  • Fix compatibility with Friendica's pinned posts (ClearlyClaire, ClearlyClaire)
  • Fix error when looking up handle with surrounding spaces in REST API (ClearlyClaire)
  • Fix double render error when authorizing interaction (Gargron)
  • Fix error when a post references an invalid media attachment (ClearlyClaire)
  • Fix error when trying to revoke OAuth token without supplying a token (Gargron)
  • Fix error caused by missing subject in Webfinger response (Gargron)
  • Fix error on attempting to delete an account moderation note (ClearlyClaire)
  • Fix light-mode emoji borders in web UI (Gaelan)
  • Fix being able to scroll away from the loading bar in web UI (Gargron)
  • Fix error when a bookmark or favorite has been reported and deleted (ClearlyClaire)
  • Fix being offered empty “Server rules violation” report option in web UI (ClearlyClaire)
  • Fix temporary network errors preventing from authorizing interactions with remote accounts (ClearlyClaire)
  • Fix incorrect link in "new trending tags" email (cdzombak)
  • Fix missing indexes on some foreign keys (ClearlyClaire)
  • Fix n+1 query on feed merge and populate operations (Gargron)
  • Fix feed unmerge worker being exceptionally slow in some conditions (ClearlyClaire)
  • Fix PeerTube videos appearing with an erroneous “Edited at” marker (ClearlyClaire)
  • Fix instance actor being created incorrectly when running through migrations (ClearlyClaire)
  • Fix web push notifications containing HTML entities (ClearlyClaire)
  • Fix inconsistent parsing of TRUSTED_PROXY_IP (ykzts)
  • Fix error when fetching pinned posts (tribela)
  • Fix wrong optimization in feed populate operation (dogelover911)
  • Fix error in alias settings page (ClearlyClaire)

[3.5.1] - 2022-04-08

Added

  • Add pagination for trending statuses in web UI (Gargron)

Changed

  • Change e-mail notifications to only be sent when recipient is offline (Gargron)
    • Send e-mails for mentions and follows by default again
    • But only when recipient does not have push notifications through an app
  • Change website attribute to be nullable on Application entity in REST API (rinsuki)

Removed

  • Remove sign-in token authentication, instead send e-mail about new sign-in (Gargron)
    • You no longer need to enter a security code sent through e-mail
    • Instead you get an e-mail about a new sign-in from an unfamiliar IP address

Fixed

  • Fix error responses for from search prefix (single-right-quote)
  • Fix dangling language-specific trends (Gargron)
  • Fix extremely rare race condition when deleting a status or account (ClearlyClaire)
  • Fix trends returning less results per page when filtered in REST API (Gargron)
  • Fix pagination header on empty trends responses in REST API (Gargron)
  • Fix cookies secure flag being set when served over Tor (Gargron)
  • Fix migration error handling (ClearlyClaire)
  • Fix error when re-running some migrations if they get interrupted at the wrong moment (ClearlyClaire)
  • Fix potentially missing statuses when reconnecting to streaming API in web UI (ClearlyClaire, ClearlyClaire, ClearlyClaire)
  • Fix error when sending warning emails with custom text (ClearlyClaire)
  • Fix unset SMTP_RETURN_PATH environment variable causing e-mail not to send (Gargron)
  • Fix possible duplicate statuses in timelines in some edge cases in web UI (ClearlyClaire)
  • Fix spurious edits and require incoming edits to be explicitly marked as such (ClearlyClaire)
  • Fix error when encountering invalid pinned statuses (ClearlyClaire)
  • Fix inconsistency in error handling when removing a status (ClearlyClaire)
  • Fix admin API unconditionally requiring CSRF token (ClearlyClaire)
  • Fix trending tags endpoint missing offset param in REST API (Gargron)
  • Fix unusual number formatting in some locales (ClearlyClaire)
  • Fix S3_FORCE_SINGLE_REQUEST environment variable not working (HolgerHuo)
  • Fix failure to build assets with OpenSSL 3 (ClearlyClaire)
  • Fix PWA manifest using outdated routes (HolgerHuo)
  • Fix error when indexing statuses into Elasticsearch (ClearlyClaire)

[3.5.0] - 2022-03-30

Added

  • Add support for incoming edited posts (Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, ClearlyClaire, Gargron, Gargron, ClearlyClaire, Gargron, Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron, Gargron, Gargron, ClearlyClaire, ClearlyClaire)
    • Previous versions remain available for perusal and comparison
    • People who reblogged a post are notified when it's edited
    • New REST APIs:
      • PUT /api/v1/statuses/:id
      • GET /api/v1/statuses/:id/history
      • GET /api/v1/statuses/:id/source
    • New streaming API event:
      • status.update
  • Add appeals for moderator decisions (Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron, Gargron, ClearlyClaire, Gargron)
    • All default moderator decisions now notify the affected user by e-mail
    • They now link to an appeal page instead of suggesting replying to the e-mail
    • They can now be found in account settings and not just e-mail
    • Users can submit one appeal within 20 days of the decision
    • Moderators can approve or reject the appeal
  • Add notifications for posts deleted by moderators (Gargron, Gargron, Gargron, Gargron, Gargron)
    • New, redesigned report view in admin UI
    • Common report actions now only take one click to complete
    • Deleting posts or marking as sensitive from report now notifies user
    • Reports can be categorized by reason and specific rules violated
    • The reasons are automatically cited in the notifications, except for spam
    • Marking posts as sensitive now federates using post editing
  • Add explore page with trending posts and links (Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, ClearlyClaire, Gargron, tribela, Gargron, Gargron, noiob, mayaeh, mayaeh, Gargron, mayaeh)
    • Hashtag trends algorithm is extended to work for posts and links
    • Links are only considered if they have an adequate preview card
    • Preview card generation has been improved to support structured data
    • Links can only trend if the publisher (domain) has been approved
    • Posts can only trend if the author has been approved
    • Individual approval and rejection for posts and links is also available
    • Moderators are notified about pending trends at most once every 2 hours
    • Posts and link trends are language-specific
    • Search page is redesigned into explore page in web UI
    • Discovery tab is coming soon in official iOS and Android apps
    • New REST APIs:
      • GET /api/v1/trends/links
      • GET /api/v1/trends/statuses
      • GET /api/v1/trends/tags (alias of GET /api/v1/trends)
      • GET /api/v1/admin/trends/links
      • GET /api/v1/admin/trends/statuses
      • GET /api/v1/admin/trends/tags
  • Add graphs and retention metrics to admin dashboard (Gargron, Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, mashirozx, ClearlyClaire)
    • Dashboard shows more numbers with development over time
    • Other data such as most used interface languages and sign-up sources
    • User retention graph shows how many new users stick around
    • New REST APIs:
      • POST /api/v1/admin/measures
      • POST /api/v1/admin/dimensions
      • POST /api/v1/admin/retention
  • Add GET /api/v1/accounts/familiar_followers to REST API (Gargron)
  • Add POST /api/v1/accounts/:id/remove_from_followers to REST API (noellabo)
  • Add category and rule_ids params to POST /api/v1/reports IN REST API (Gargron, Gargron, Gargron)
    • category can be one of: spam, violation, other (default)
    • rule_ids must reference rules returned in GET /api/v1/instance
  • Add global lang param to REST API (Gargron, Gargron)
  • Add types param to GET /api/v1/notifications in REST API (Gargron)
  • Add notifications for moderators about new sign-ups (Gargron, ClearlyClaire)
    • When a new user confirms e-mail, moderators receive a notification
    • New notification type:
      • admin.sign_up
  • Add authentication history (Gargron, ClearlyClaire, baby-gnu)
  • Add ability to automatically delete old posts (ClearlyClaire, ClearlyClaire, tribela)
  • Add ability to pin private posts (ClearlyClaire, tribela, ClearlyClaire, MitarashiDango)
  • Add ability to filter search results by author using from: syntax (tribela)
  • Add ability to delete canonical email blocks in admin UI (ClearlyClaire)
  • Add ability to purge undeliverable domains in admin UI (ClearlyClaire, tribela, tribela, tribela)
  • Add ability to disable e-mail token authentication for specific users in admin UI (Gargron)
  • Add ability to suspend accounts in batches in admin UI (Gargron, ClearlyClaire, Gargron)
    • New, redesigned accounts list in admin UI
    • Batch suspensions are meant to help clean up spam and bot accounts
    • They do not generate notifications
  • Add ability to filter reports by origin of target account in admin UI (Gargron)
  • Add support for login through OpenID Connect (chandrn7)
  • Add lazy loading for emoji picker in web UI (mashirozx, ClearlyClaire)
  • Add single option votes tooltip in polls in web UI (Brawaru)
  • Add confirmation modal when closing media edit modal with unsaved changes in web UI (ClearlyClaire)
  • Add hint about missing media attachment description in web UI (Gargron)
  • Add support for fetching Create and Announce activities by URI in ActivityPub (ClearlyClaire)
  • Add S3_FORCE_SINGLE_REQUEST environment variable (ClearlyClaire)
  • Add OMNIAUTH_ONLY environment variable (ClearlyClaire, ClearlyClaire)
  • Add ES_USER and ES_PASS environment variables for Elasticsearch authentication (tribela)
  • Add CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED environment variable (baby-gnu)
  • Add ability to pass specific domains to tootctl accounts cull (tribela)
  • Add --by-uri option to tootctl domains purge (ClearlyClaire)
  • Add --batch-size option to tootctl search deploy (aquarla)
  • Add --remove-orphans option to tootctl statuses remove (noellabo)

Changed

Removed

  • Remove profile directory link from main navigation panel in web UI (Gargron)
  • Remove language detection through cld3 (Gargron, ykzts, Gargron, Gargron)
    • cld3 is very inaccurate on short-form content even with unique alphabets
    • Post language can be overridden individually using language param
    • Otherwise, it defaults to the user's interface language
  • Remove support for OAUTH_REDIRECT_AT_SIGN_IN (ClearlyClaire)
    • Use OMNIAUTH_ONLY instead
  • Remove Keybase integration (Gargron)
  • Remove old columns and indexes (ClearlyClaire, Gargron, ClearlyClaire)
  • Remove shortcodes from newly-created media attachments (ClearlyClaire, ClearlyClaire)

Deprecated

  • GET /api/v1/trendsGET /api/v1/trends/tags
  • OAuth follow scope → read and/or write
  • text attribute on DELETE /api/v1/statuses/:idGET /api/v1/statuses/:id/source

Fixed

  • Fix IDN domains not being rendered correctly in a few left-over places (Gargron)
  • Fix Sanskrit translation not being used in web UI (ClearlyClaire)
  • Fix Kurdish languages having the wrong language codes (ClearlyClaire)
  • Fix pghero making database schema suggestions (ClearlyClaire)
  • Fix encoding glitch in the OpenGraph description of a profile page (ClearlyClaire)
  • Fix web manifest not permitting PWA usage from alternate domains (HolgerHuo)
  • Fix not being able to edit media attachments for scheduled posts (ClearlyClaire)
  • Fix subscribed relay activities being recorded as boosts (ClearlyClaire)
  • Fix streaming API server error messages when JSON parsing fails not specifying the source (ClearlyClaire)
  • Fix browsers autofilling new password field with old password (mashirozx)
  • Fix text being invisible before fonts load in web UI (tribela)
  • Fix public profile pages of unconfirmed users being accessible (ClearlyClaire, ClearlyClaire)
  • Fix nil error when trying to fetch key for signature verification (Gargron)
  • Fix null values being included in some indexes (Gargron)
  • Fix POST /api/v1/emails/confirmations not being available after sign-up (Gargron)
  • Fix rare race condition when reblogged post is deleted (ClearlyClaire, ClearlyClaire)
  • Fix being able to add more than 4 hashtags to hashtag column in web UI (Gargron)
  • Fix data integrity of featured tags (Gargron)
  • Fix performance of account timelines (Gargron)
  • Fix returning empty <p> tag for blank account note in REST API (Gargron)
  • Fix leak of existence of otherwise inaccessible posts in REST API (Gargron)
  • Fix not showing loading indicator when searching in web UI (Gargron)
  • Fix media modal footer's “external link” not being a link (ClearlyClaire)
  • Fix reply button on media modal not giving focus to compose form (ClearlyClaire)
  • Fix some media attachments being converted with too high framerates (ClearlyClaire)
  • Fix sign in token and warning emails failing to send when contact e-mail address is malformed (helloworldstack)
  • Fix opening the emoji picker scrolling the single-column view to the top (ClearlyClaire)
  • Fix edge case where settings/admin page sidebar would be incorrectly hidden (ClearlyClaire)
  • Fix performance of server-side filtering (ClearlyClaire)
  • Fix privacy policy link not being visible on small screens (Gargron)
  • Fix duplicate accounts when searching by IP range in admin UI (Gargron, tribela)
  • Fix error when performing a batch action on posts in admin UI (ClearlyClaire)
  • Fix deletes not being signed in authorized fetch mode (Gargron)
  • Fix Undo Announce sometimes inlining the originally Announced status (ClearlyClaire)
  • Fix localization of cold-start follow recommendations (Gargron, Gargron)
  • Fix replies collection incorrectly looping (ClearlyClaire)
  • Fix errors when multiple Delete are received for a given actor (ClearlyClaire)
  • Fixed prototype pollution bug and only allow trusted origin (r0hanSH)
  • Fix text being incorrectly pre-selected in composer textarea on /share (ClearlyClaire)
  • Fix SMTP_ENABLE_STARTTLS_AUTO/SMTP_TLS/SMTP_SSL environment variables don't work (kgtkr)
  • Fix media upload specific rate limits only being applied to v1 endpoint in REST API (tribela)
  • Fix media descriptions not being used for client-side filtering (ClearlyClaire)
  • Fix cold-start follow recommendation favouring older accounts due to wrong sorting (noellabo)
  • Fix not redirect to the right page after authenticating with WebAuthn (heguro)
  • Fix searching for additional hashtags in hashtag column (ClearlyClaire)
  • Fix color of hashtag column settings inputs (ClearlyClaire)
  • Fix performance of tootctl statuses remove (noellabo)
  • Fix tootctl accounts cull not excluding domains on timeouts and certificate issues (ClearlyClaire)
  • Fix 404 error when filtering admin action logs by non-existent target account (ClearlyClaire)
  • Fix error when accessing streaming API without any OAuth scopes (Brawaru)
  • Fix follow request count not updating when new follow requests arrive over streaming API in web UI (matildepark)
  • Fix error when unsuspending a local account (HolgerHuo)
  • Fix crash when a notification contains a not yet processed media attachment in web UI (ClearlyClaire)
  • Fix wrong color of download button in audio player in web UI (ClearlyClaire)
  • Fix notes for others accounts not being deleted when an account is deleted (ClearlyClaire)
  • Fix error when logging occurrence of unsupported video file (noellabo)
  • Fix wrong elements in trends widget being hidden on smaller screens in web UI (tribela)
  • Fix link to about page being displayed in limited federation mode (weex)
  • Fix styling of boost button in media modal not reflecting ability to boost (ClearlyClaire)
  • Fix OCR failure when erroneous lang data is in cache (ClearlyClaire)
  • Fix downloading media from blocked domains in tootctl media refresh (tribela)
  • Fix login form being displayed on landing page when already logged in (ClearlyClaire)
  • Fix polling for media processing status too frequently in web UI (tribela)
  • Fix hashtag autocomplete overriding user-typed case (weex)
  • Fix WebAuthn authentication setup to not prompt for PIN (truongnmt)

Security

  • Fix being able to post URLs longer than 4096 characters (Gargron)
  • Fix being able to bypass e-mail restrictions (Gargron)

[3.4.6] - 2022-02-03

Fixed

  • Fix mastodon:webpush:generate_vapid_key task requiring a functional environment (ClearlyClaire)
  • Fix spurious errors when receiving an Add activity for a private post (ClearlyClaire)

Security

[3.4.5] - 2022-01-31

Added

Fixed

[3.4.4] - 2021-11-26

Fixed

  • Fix error when suspending user with an already blocked canonical email (ClearlyClaire)
  • Fix overflow of long profile fields in admin UI (ClearlyClaire)
  • Fix confusing error when WebFinger request returns empty document (ClearlyClaire)
  • Fix upload of remote media with OpenStack Swift sometimes failing (ClearlyClaire)
  • Fix logout link not working in Safari (noellabo)
  • Fix “open” link of media modal not closing modal in web UI (ClearlyClaire)
  • Fix replying from modal in web UI (ClearlyClaire)
  • Fix mastodon:setup command crashing in some circumstances (ClearlyClaire)

Security

[3.4.3] - 2021-11-06

Fixed

  • Fix login being broken due to inaccurately applied backport fix in 3.4.2 (Gargron)

[3.4.2] - 2021-11-06

Added

  • Add configuration attribute to GET /api/v1/instance (Gargron)

Fixed

  • Fix handling of back button with modal windows in web UI (ClearlyClaire)
  • Fix pop-in player when author has long username in web UI (ClearlyClaire)
  • Fix crash when a status with a playing video gets deleted in web UI (ClearlyClaire)
  • Fix crash with Microsoft Translate in web UI (ClearlyClaire)
  • Fix PWA not being usable from alternate domains (HolgerHuo)
  • Fix locale-specific number rounding errors (ClearlyClaire)
  • Fix scheduling a status decreasing status count (ClearlyClaire)
  • Fix user's canonical email address being blocked when user deletes own account (ClearlyClaire)
  • Fix not being able to suspend users that already have their canonical e-mail blocked (Gargron)
  • Fix anonymous access to outbox not being cached by the reverse proxy (ClearlyClaire)
  • Fix followers synchronization mechanism not working when URI has empty path (ClearlyClaire)
  • Fix serialization of counts in REST API when user hides their network (ClearlyClaire)
  • Fix inefficiencies in auto-linking code (ClearlyClaire)
  • Fix tootctl self-destruct not sending delete activities for recently-suspended accounts (ClearlyClaire)
  • Fix suspicious sign-in e-mail text being out of date (ClearlyClaire)
  • Fix some frameworks being unnecessarily loaded (ClearlyClaire)
  • Fix canonical e-mail blocks missing foreign key constraints (ClearlyClaire)
  • Fix inconsistent order on account's statuses page in admin UI (tribela)
  • Fix media from blocked domains being redownloaded by tootctl media refresh (tribela)
  • Fix mastodon:setup generated env-file syntax (ClearlyClaire)
  • Fix link previews being incorrectly generated from earlier links (ClearlyClaire)
  • Fix wrong to/cc values for remote groups in ActivityPub (ClearlyClaire)
  • Fix mentions with non-ascii TLDs not being processed (ClearlyClaire)
  • Fix authentication failures halfway through a sign-in attempt (ClearlyClaire, ClearlyClaire)
  • Fix suspended accounts statuses being merged back into timelines (ClearlyClaire)
  • Fix crash when encountering invalid account fields (ClearlyClaire)
  • Fix invalid blurhash handling for remote activities (noellabo)
  • Fix newlines being added to account notes when an account moves (ClearlyClaire, noellabo)
  • Fix crash when creating an announcement with links (ClearlyClaire)
  • Fix logging out from one browser logging out all other sessions (ClearlyClaire)

Security

[3.4.1] - 2021-06-03

Added

  • Add new emoji assets from Twemoji 13.1.0 (Gargron)

Fixed

  • Fix some ActivityPub identifiers in server actor outbox (ClearlyClaire)
  • Fix custom CSS path setting cookies and being uncacheable due to it (tribela)
  • Fix unread notification count when polling in web UI (ClearlyClaire)
  • Fix health check not being accessible through localhost (ClearlyClaire)
  • Fix some redis locks auto-releasing too fast (ClearlyClaire, ClearlyClaire)
  • Fix e-mail confirmations API not working correctly (Gargron)
  • Fix migration script not being able to run if it fails midway (ClearlyClaire)
  • Fix account deletion sometimes failing because of optimistic locks (ClearlyClaire)
  • Fix deprecated slash as division in SASS files (ClearlyClaire)
  • Fix tootctl search deploy compatibility error on Ruby 3 (ClearlyClaire)
  • Fix mailer jobs for deleted notifications erroring out (ClearlyClaire)

[3.4.0] - 2021-05-16

Added

  • Add follow recommendations for onboarding (Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, noellabo, noellabo, Gargron, Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire)
    • Tutorial on first web UI launch has been replaced with follow suggestions
    • Follow suggestions take user locale into account and are a mix of accounts most followed by currently active local users, and accounts that wrote the most shared/favourited posts in the last 30 days
    • Only accounts that have opted-in to being discoverable from their profile settings, and that do not require follow requests, will be suggested
    • Moderators can review suggestions for every supported locale and suppress specific suggestions from appearing and admins can ensure certain accounts always show up in suggestions from the settings area
    • New users no longer automatically follow admins
  • Add server rules (Gargron, ClearlyClaire)
    • Admins can create and edit itemized server rules
    • They are available through the REST API and on the about page
  • Add canonical e-mail blocks for suspended accounts (Gargron)
    • Normally, people can make multiple accounts using the same e-mail address using the + trick or by inserting or removing . characters from the first part of their address
    • Once an account is suspended, it will no longer be possible for the e-mail address used by that account to be used for new sign-ups in any of its forms
  • Add management of delivery availability in admin UI (noellabo)
  • Add system checks to dashboard in admin UI (Gargron, ClearlyClaire, ClearlyClaire)
    • The dashboard will now warn you if you some Sidekiq queues are not being processed, if you have not defined any server rules, or if you forgot to run database migrations from the latest Mastodon upgrade
  • Add inline description of moderation actions in admin UI (ClearlyClaire)
  • Add "recommended" label to activity/peers API toggles in admin UI (Gargron)
  • Add joined date to profiles in web UI (Gargron, rinsuki)
  • Add transition to media modal background in web UI (mkljczk)
  • Add option to opt-out of unread notification markers in web UI (ClearlyClaire)
  • Add borders to 📱, 🚲, and 📲 emojis in web UI (ClearlyClaire, ClearlyClaire)
  • Add dropdown for boost privacy in boost confirmation modal in web UI (ClearlyClaire)
  • Add support for Ruby 3.0 (ClearlyClaire, ClearlyClaire)
  • Add Message-ID header to outgoing emails (ClearlyClaire)
    • Some e-mail spam filters penalize e-mails that have a Message-ID header that uses a different domain name than the sending e-mail address. Now, the same domain will be used
  • Add af, gd and si locales (Gargron)
  • Add guard against DNS rebinding attacks (noellabo, noellabo)
  • Add HTTP header to explicitly opt-out of FLoC by default (ClearlyClaire)
  • Add missing push notification title for polls and statuses (ClearlyClaire, mkljczk, ClearlyClaire)
  • Add POST /api/v1/emails/confirmations to REST API (Gargron, Gargron)
    • This method allows an app through which a user signed-up to request a new confirmation e-mail to be sent, or to change the e-mail of the account before it is confirmed
  • Add GET /api/v1/accounts/lookup to REST API (Gargron, ClearlyClaire)
    • This method allows to quickly convert a username of a known account to an ID that can be used with the REST API, or to check if a username is available for sign-up
  • Add policy param to POST /api/v1/push/subscriptions in REST API (Gargron)
    • This param allows an app to control from whom notifications should be delivered as push notifications to the app
  • Add details to error response for POST /api/v1/accounts in REST API (Gargron)
    • This attribute allows an app to display more helpful information to the user about why the sign-up did not succeed
  • Add SIDEKIQ_REDIS_URL and related environment variables to optionally use a separate Redis server for Sidekiq (noellabo)

Changed

  • Change trending hashtags to be affected be reblogs (Gargron)
    • Previously, only original posts contributed to a hashtag's trending score
    • Now, reblogs of posts will also contribute to that hashtag's trending score
  • Change e-mail confirmation link to always redirect to web UI (ClearlyClaire)
  • Change log level of worker lifecycle to WARN in streaming API (Gargron)
    • Since running with INFO log level in production is not always desirable, it is easy to miss when a worker is shutdown and a new one is started
  • Change the nouns "toot" and "status" to "post" in web UI (Gargron, Gargron)
    • To be clear, the button still says "Toot!"
  • Change order of dropdown menu on posts to be more intuitive in web UI (ariasuni)
  • Change description of keyboard shortcuts in web UI (ariasuni)
  • Change option labels on edit profile page (Gargron)
    • "Lock account" is now "Require follow requests"
    • "List this account on the directory" is now "Suggest account to others"
    • "Hide your network" is now "Hide your social graph"
  • Change newly generated account IDs to not be enumerable (ClearlyClaire)
  • Change Web Push API deliveries to use request pooling (Gargron)
  • Change multiple mentions with same username to render with domain (Gargron, noellabo)
    • When a post contains mentions of two or more users who have the same username, but on different domains, render their names with domain to help disambiguate them
    • Always render the domain of usernames used in profile metadata
  • Change health check endpoint to reveal less information (Gargron)
  • Change account counters to use upsert (requires Postgres >= 9.5) (ClearlyClaire)
  • Change mastodon:setup to not call assets:precompile in Docker (ClearlyClaire)
  • Change max. image dimensions to 1920x1080px (1080p) (Gargron)
    • Previously, this was 1280x1280px
    • This is the amount of pixels that original images get downsized to
  • Change custom emoji to be animated when hovering container in web UI (ClearlyClaire)
  • Change streaming API from deprecated ClusterWS/cws to ws (ClearlyClaire)
  • Change systemd configuration to add sandboxing features (Izorkin, Izorkin, Izorkin)
  • Change nginx configuration to make running Onion service easier (cohosh)
  • Change Helm configuration (dunn, dunn, dunn, dunn, dunn)
  • Change Docker configuration (SuperSandro2000, mashirozx)

Removed

  • Remove PubSubHubbub-related columns from accounts table (Gargron, ClearlyClaire)
  • Remove dependency on @babel/plugin-proposal-class-properties (ykzts)
  • Remove dependency on pluck_each gem (Gargron)
  • Remove spam check and dependency on nilsimsa gem (Gargron)
  • Remove MySQL-specific code from Mastodon::MigrationHelpers (ClearlyClaire)
  • Remove IE11 from supported browsers target (gol-cha)

Fixed

  • Fix "You might be interested in" flashing while searching in web UI (Gargron)
  • Fix display of posts without text content in web UI (ClearlyClaire)
  • Fix Google Translate breaking web UI (ClearlyClaire, ClearlyClaire)
  • Fix web UI crashing when SVG support is disabled (ClearlyClaire)
  • Fix web UI crash when a status opened in the media modal is deleted (kaias1jp)
  • Fix OCR language data failing to load in web UI (ClearlyClaire)
  • Fix footer links not being clickable in Safari in web UI (noellabo)
  • Fix autofocus/autoselection not working on mobile in web UI (ClearlyClaire, ClearlyClaire)
  • Fix media redownload worker retrying on unexpected response codes (Gargron)
  • Fix thread resolve worker retrying when status no longer exists (Gargron)
  • Fix n+1 queries when rendering statuses in REST API (abcang)
  • Fix n+1 queries when rendering notifications in REST API (abcang)
  • Fix delete of local reply to local parent not being forwarded (Gargron)
  • Fix remote reporters not receiving suspend/unsuspend activities (Gargron)
  • Fix understanding (not fully qualified) as:Public and Public (ClearlyClaire)
  • Fix actor update not being distributed on profile picture deletion (ClearlyClaire)
  • Fix processing of incoming Delete activities (ClearlyClaire)
  • Fix processing of incoming Block activities (ClearlyClaire)
  • Fix processing of incoming Update activities of unknown accounts (ClearlyClaire)
  • Fix URIs of repeat follow requests not being recorded (ClearlyClaire)
  • Fix error on requests with no Digest header (ClearlyClaire)
  • Fix activity object not requiring signature in secure mode (ClearlyClaire)
  • Fix database serialization failure returning HTTP 500 (Gargron)
  • Fix media processing getting stuck on too much stdin/stderr (Gargron)
  • Fix some inefficient array manipulations (007lva, 007lva)
  • Fix some inefficient regex matching (007lva)
  • Fix some inefficient SQL queries (abcang, abcang, abcang)
  • Fix trying to fetch key from empty URI when verifying HTTP signature (Gargron)
  • Fix tootctl maintenance fix-duplicates failures (ClearlyClaire, ClearlyClaire)
  • Fix error when removing status caused by race condition (Gargron)
  • Fix blocking someone not clearing up list feeds (ClearlyClaire)
  • Fix misspelled URLs character counting (ClearlyClaire)
  • Fix Sidekiq hanging forever due to a Resolv bug in Ruby 2.7.3 (ClearlyClaire)
  • Fix edge case where follow limit interferes with accepting a follow (ClearlyClaire)
  • Fix inconsistent lead text style in admin UI (Gargron, ClearlyClaire)
  • Fix reports of already suspended accounts being recorded (Gargron)
  • Fix sign-up restrictions based on IP addresses not being enforced (ClearlyClaire)
  • Fix YouTube embeds failing due to YouTube serving wrong OEmbed URLs (Gargron)
  • Fix error when rendering public pages with media without meta (Gargron)
  • Fix misaligned logo on follow button on public pages (noellabo)
  • Fix video modal not working on public pages (noellabo)
  • Fix race conditions on account migration creation (ClearlyClaire)
  • Fix not being able to change world filter expiration back to “Never” (ClearlyClaire)
  • Fix .env.vagrant not setting RAILS_ENV variable (chandrn7)
  • Fix error when muting users with duration in REST API (Tak)
  • Fix border padding on front page in light theme (ClearlyClaire)
  • Fix wrong URL to custom CSS when CDN_HOST is used (ClearlyClaire)
  • Fix tootctl accounts unfollow (ClearlyClaire)
  • Fix tootctl emoji import wasting time on MacOS shadow files (cortices)
  • Fix tootctl emoji import not treating shortcodes as case-insensitive (angristan)
  • Fix some issues with SAML account creation (Gargron, kaiyou)
  • Fix MX validation applying for explicitly allowed e-mail domains (ClearlyClaire)
  • Fix share page not using configured custom mascot (tribela)
  • Fix instance actor not being automatically created if it wasn't seeded properly (ClearlyClaire)
  • Fix HTTPS enforcement preventing Mastodon from being run as an Onion service (cohosh, jtracey, ClearlyClaire, cohosh)
  • Fix app name, website and redirect URIs not having a maximum length (Gargron)

[3.3.0] - 2020-12-27

Added

  • Add hotkeys for audio/video control in web UI (Gargron, Gargron)
    • Space and k to toggle playback
    • m to toggle mute
    • f to toggle fullscreen
    • j and l to go back and forward by 10 seconds
    • . and , to go back and forward by a frame (video only)
  • Add expand/compress button on media modal in web UI (mashirozx, mashirozx, mashirozx)
  • Add border around 🕺 emoji in web UI (ClearlyClaire)
  • Add border around 🐞 emoji in web UI (ClearlyClaire)
  • Add home link to the getting started column when home isn't mounted (ClearlyClaire)
  • Add option to disable swiping motions across the web UI (ClearlyClaire)
  • Add pop-out player for audio/video in web UI (Gargron, Gargron, Gargron, noellabo)
    • Continue watching/listening when you scroll away
    • Action bar to interact with/open toot from the pop-out player
  • Add unread notification markers in web UI (ClearlyClaire, ClearlyClaire, ClearlyClaire, noellabo, noellabo)
  • Add paragraph about browser add-ons when encountering errors in web UI (ClearlyClaire)
  • Add import and export for bookmarks (ClearlyClaire)
  • Add cache buster feature for media files (Gargron)
    • If you have a proxy cache in front of object storage, deleted files will persist until the cache expires
    • If enabled, cache buster will make a special request to the proxy to signal a cache reset
  • Add duration option to the mute function (aquarla)
  • Add replies policy option to the list function (ClearlyClaire, trwnh)
  • Add og:published_time OpenGraph tags on toots (nornagon)
  • Add option to be notified when a followed user posts (Gargron, ClearlyClaire, Gargron)
    • If you don't want to miss a toot, click the bell button!
  • Add client-side validation in password change forms (ClearlyClaire)
  • Add client-side validation in the registration form (ClearlyClaire, ClearlyClaire)
  • Add support for Gemini URLs (joshleeb)
  • Add app shortcuts to web app manifest (mkljczk)
  • Add WebAuthn as an alternative 2FA method (santiagorodriguez96, jiikko)
  • Add honeypot fields and minimum fill-out time for sign-up form (ClearlyClaire)
  • Add icon for mutual relationships in relationship manager (noellabo)
  • Add follow selected followers button in relationship manager (noellabo)
  • Add subresource integrity for JS and CSS assets (Gargron)
    • If you use a CDN for static assets (JavaScript, CSS, and so on), you have to trust that the CDN does not modify the assets maliciously
    • Subresource integrity compares server-generated asset digests with what's actually served from the CDN and prevents such attacks
  • Add ku, sa, sc, zgh to available locales (ykzts)
  • Add ability to force an account to mark media as sensitive (noellabo)
  • Add ability to block access or limit sign-ups from chosen IPs (Gargron, ClearlyClaire)
    • Add rules for IPs or CIDR ranges that automatically expire after a configurable amount of time
    • Choose the severity of the rule, either blocking all access or merely limiting sign-ups
  • Add support for reversible suspensions through ActivityPub (Gargron)
    • Servers can signal that one of their accounts has been suspended
    • During suspension, the account can only delete its own content
    • A reversal of the suspension can be signalled the same way
    • A local suspension always overrides a remote one
  • Add indication to admin UI of whether a report has been forwarded (ClearlyClaire)
  • Add display of reasons for joining of an account in admin UI (mashirozx)
  • Add option to obfuscate domain name in public list of domain blocks (Gargron)
  • Add option to make reasons for joining required on sign-up (ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire)
  • Add ActivityPub follower synchronization mechanism (ClearlyClaire, ClearlyClaire)
  • Add outbox attribute to instance actor (ClearlyClaire)
  • Add featured hashtags as an ActivityPub collection (Gargron, noellabo)
  • Add support for dereferencing objects through bearcaps (Gargron, noellabo)
  • Add S3_READ_TIMEOUT environment variable (tateisu)
  • Add ALLOWED_PRIVATE_ADDRESSES environment variable (ClearlyClaire)
  • Add --fix-permissions option to tootctl media remove-orphans (Gargron, uist1idrju3i)
  • Add tootctl accounts merge (Gargron, ClearlyClaire, ClearlyClaire)
    • Has someone changed their domain or subdomain thereby creating two accounts where there should be one?
    • This command will fix it on your end
  • Add tootctl maintenance fix-duplicates (ClearlyClaire, Gargron, ClearlyClaire)
    • Index corruption in the database?
    • This command is for you
  • Add support for managing multiple stream subscriptions in a single connection (Gargron, Gargron, mfmfuyu, zunda)
    • Previously, getting live updates for multiple timelines required opening a HTTP or WebSocket connection for each
    • More connections means more resource consumption on both ends, not to mention the (ever so slight) delay when establishing a new connection
    • Now, with just a single WebSocket connection you can subscribe and unsubscribe to and from multiple streams
  • Add support for limiting results by both min_id and max_id at the same time in REST API (tateisu)
  • Add GET /api/v1/accounts/:id/featured_tags to REST API (noellabo, noellabo)
  • Add stoplight for object storage failures, return HTTP 503 in REST API (Gargron)
  • Add optional tootctl remove media cronjob in Helm chart (dunn)
  • Add clean error message when RAILS_ENV is unset (ClearlyClaire)

Changed

  • Change media modals look in web UI (Gargron, Gargron, Gargron, Gargron, Kjwon15, noellabo, ClearlyClaire)
    • Background of the overlay matches the color of the image
    • Action bar to interact with or open the toot from the modal
  • Change order of announcements in admin UI to be newest-first (ClearlyClaire)
  • Change account suspensions to be reversible by default (Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire, noellabo, ClearlyClaire, Gargron, Gargron)
    • Suspensions no longer equal deletions
    • A suspended account can be unsuspended with minimal consequences for 30 days
    • Immediate deletion of data is still available as an explicit option
    • Suspended accounts can request an archive of their data through the UI
  • Change REST API to return empty data for suspended accounts (14765)
  • Change web UI to show empty profile for suspended accounts (Gargron, Gargron)
  • Change featured hashtag suggestions to be recently used instead of most used (abcang)
  • Change direct toots to appear in the home feed again (Gargron, ClearlyClaire, noellabo)
    • Return to treating all toots the same instead of trying to retrofit direct visibility into an instant messaging model
  • Change email address validation to return more specific errors (ClearlyClaire)
  • Change HTTP signature requirements to include Digest header on POST requests (ClearlyClaire)
  • Change click area of video/audio player buttons to be bigger in web UI (ariasuni)
  • Change order of filters by alphabetic by "keyword or phrase" (ariasuni)
  • Change suspension of remote accounts to also undo outgoing follows (ClearlyClaire)
  • Change string "Home" to "Home and lists" in the filter creation screen (ariasuni)
  • Change string "Boost to original audience" to "Boost with original visibility" in web UI (3n-k1)
  • Change string "Show more" to "Show newer" and "Show older" on public pages (ariasuni)
  • Change order of announcements to be reverse chronological in web UI (dariusk, dariusk)
  • Change RTL detection to rely on unicode-bidi paragraph by paragraph in web UI (Gargron)
  • Change visibility icon next to timestamp to be clickable in web UI (ariasuni, mayaeh)
  • Change public thread view to hide "Show thread" link (ClearlyClaire)
  • Change number format on about page from full to shortened (Gargron)
  • Change how scheduled tasks run in multi-process environments (noellabo)
    • New dedicated queue scheduler
    • Runs by default when Sidekiq is executed with no options
    • Has to be added manually in a multi-process environment

Removed

  • Remove fade-in animation from modals in web UI (Gargron)
  • Remove auto-redirect to direct messages in web UI (Gargron)
  • Remove obsolete IndexedDB operations from web UI (Gargron)
  • Remove dependency on unused and unmaintained http_parser.rb gem (ClearlyClaire)

Fixed

  • Fix layout on about page when contact account has a long username (ClearlyClaire)
  • Fix follow limit preventing re-following of a moved account (Gargron, ClearlyClaire)
  • Fix deletes not reaching every server that interacted with toot (Gargron)
    • Previously, delete of a toot would be primarily sent to the followers of its author, people mentioned in the toot, and people who reblogged the toot
    • Now, additionally, it is ensured that it is sent to people who replied to it, favourited it, and to the person it replies to even if that person is not mentioned
  • Fix resolving an account through its non-canonical form (i.e. alternate domain) (ClearlyClaire)
  • Fix sending redundant ActivityPub events when processing remote account deletion (ClearlyClaire)
  • Fix Move handler not being triggered when failing to fetch target account (ClearlyClaire)
  • Fix downloading remote media files when server returns empty filename (ClearlyClaire)
  • Fix account processing failing because of large collections (ClearlyClaire)
  • Fix not being able to unfavorite toots one has lost access to (ClearlyClaire)
  • Fix not being able to unbookmark toots one has lost access to (ClearlyClaire)
  • Fix possible casing inconsistencies in hashtag search (ClearlyClaire)
  • Fix updating account counters when association is not yet created (Gargron)
  • Fix cookies not having a SameSite attribute (Gargron)
  • Fix poll ending notifications being created for each vote (ClearlyClaire)
  • Fix multiple boosts of a same toot erroneously appearing in TL (ClearlyClaire)
  • Fix asset builds not picking up CDN_HOST change (ClearlyClaire)
  • Fix desktop notifications permission prompt in web UI (Gargron, Gargron, ClearlyClaire, ClearlyClaire)
    • Some time ago, browsers added a requirement that desktop notification prompts could only be displayed in response to a user-generated event (such as a click)
    • This means that for some time, users who haven't already given the permission before were not getting a prompt and as such were not receiving desktop notifications
  • Fix "Mark media as sensitive" string not supporting pluralizations in other languages in web UI (ariasuni)
  • Fix glitched image uploads when canvas read access is blocked in web UI (ClearlyClaire)
  • Fix some account gallery items having empty labels in web UI (ClearlyClaire)
  • Fix alt-key hotkeys activating while typing in a text field in web UI (ClearlyClaire)
  • Fix wrong seek bar width on media player in web UI (mfmfuyu)
  • Fix logging out on mobile in web UI (ClearlyClaire)
  • Fix wrong click area for GIFVs in media modal in web UI (noellabo)
  • Fix unreadable placeholder text color in high contrast theme in web UI (Gargron)
  • Fix scrolling issues when closing some dropdown menus in web UI (ClearlyClaire)
  • Fix notification filter bar incorrectly filtering gaps in web UI (ClearlyClaire)
  • Fix disabled boost icon being replaced by private boost icon on hover in web UI (ClearlyClaire)
  • Fix hashtag detection in compose form being different to server-side in web UI (kedamaDQ, ClearlyClaire)
  • Fix home last read marker mishandling gaps in web UI (ClearlyClaire)
  • Fix unnecessary re-rendering of various components when typing in web UI (Gargron)
  • Fix notifications being unnecessarily re-rendered in web UI (ClearlyClaire)
  • Fix column swiping animation logic in web UI (ClearlyClaire)
  • Fix inefficiency when fetching hashtag timeline (noellabo, akihikodaki)
  • Fix inefficiency when fetching bookmarks (akihikodaki)
  • Fix inefficiency when fetching favourites (akihikodaki)
  • Fix inefficiency when fetching media-only account timeline (akihikodaki)
  • Fix inefficiency when deleting accounts (Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron)
  • Fix redundant query when processing batch actions on custom emojis (niwatori24)
  • Fix slow distinct queries where grouped queries are faster (Gargron)
  • Fix performance on instances list in admin UI (Gargron)
  • Fix server actor appearing in list of accounts in admin UI (ClearlyClaire)
  • Fix "bootstrap timeline accounts" toggle in site settings in admin UI (ClearlyClaire)
  • Fix PostgreSQL secret name for cronjob in Helm chart (metal3d)
  • Fix Procfile not being compatible with herokuish (acuteaura)
  • Fix installation of tini being split into multiple steps in Dockerfile (ryncsn)

Security

  • Fix streaming API allowing connections to persist after access token invalidation (Gargron)
  • Fix 2FA/sign-in token sessions being valid after password change (Gargron)
  • Fix resolving accounts sometimes creating duplicate records for a given ActivityPub identifier (ClearlyClaire)

[3.2.2] - 2020-12-19

Added

  • Add tootctl maintenance fix-duplicates (ClearlyClaire, Gargron)
    • Index corruption in the database?
    • This command is for you

Removed

  • Remove dependency on unused and unmaintained http_parser.rb gem (ClearlyClaire)

Fixed

  • Fix Move handler not being triggered when failing to fetch target account (ClearlyClaire)
  • Fix downloading remote media files when server returns empty filename (ClearlyClaire)
  • Fix possible casing inconsistencies in hashtag search (ClearlyClaire)
  • Fix updating account counters when association is not yet created (Gargron)
  • Fix account processing failing because of large collections (ClearlyClaire)
  • Fix resolving an account through its non-canonical form (i.e. alternate domain) (ClearlyClaire)
  • Fix slow distinct queries where grouped queries are faster (Gargron)

Security

  • Fix 2FA/sign-in token sessions being valid after password change (Gargron)
  • Fix resolving accounts sometimes creating duplicate records for a given ActivityPub identifier (ClearlyClaire)

[3.2.1] - 2020-10-19

Added

  • Add support for latest HTTP Signatures spec draft (ClearlyClaire)
  • Add support for inlined objects in ActivityPub to/cc (ClearlyClaire)

Changed

  • Change actors to not be served at all without authentication in limited federation mode (ClearlyClaire)
    • Previously, a bare version of an actor was served when not authenticated, i.e. username and public key
    • Because all actor fetch requests are signed using a separate system actor, that is no longer required

Fixed

  • Fix tootctl media commands not recognizing very large IDs (ClearlyClaire)
  • Fix crash when failing to load emoji picker in web UI (ClearlyClaire)
  • Fix contrast requirements in thumbnail color extraction (ClearlyClaire)
  • Fix audio/video player not using CDN_HOST on public pages (ClearlyClaire)
  • Fix private boost icon not being used on public pages (OmmyZhang)
  • Fix audio player on Safari in web UI (ClearlyClaire, ClearlyClaire)
  • Fix dereferencing remote statuses not using the correct account for signature when receiving a targeted inbox delivery (ClearlyClaire)
  • Fix nil error in tootctl media remove (noellabo)
  • Fix videos with near-60 fps being rejected (Gargron)
  • Fix reported statuses not being included in warning e-mail (Gargron)
  • Fix Reject activities of Follow objects not correctly destroying a follow relationship (ClearlyClaire)
  • Fix inefficiencies in fan-out-on-write service (Gargron, noellabo)
  • Fix timeout errors when trying to webfinger some IPv6 configurations (Gargron)
  • Fix files served as application/octet-stream being rejected without attempting mime type detection (ClearlyClaire)

[3.2.0] - 2020-07-27

Added

  • Add SMTP_SSL environment variable (OmmyZhang)
  • Add hotkey for toggling content warning input in web UI (ClearlyClaire)
  • Add e-mail-based sign in challenge for users with disabled 2FA (Gargron)
    • If user tries signing in after:
      • Being inactive for a while
      • With a previously unknown IP
      • Without 2FA being enabled
    • Require to enter a token sent via e-mail before sigining in
  • Add limit param to RSS feeds (noellabo)
  • Add visibility param to share page (noellabo)
  • Add blurhash to link previews (ClearlyClaire, ClearlyClaire, ClearlyClaire, Sasha-Sorokin, Sasha-Sorokin, ClearlyClaire, ClearlyClaire, ClearlyClaire)
    • In web UI, toots cannot be marked as sensitive unless there is media attached
    • However, it's possible to do via API or ActivityPub
    • Thumbnails of link previews of such posts now use blurhash in web UI
    • The Card entity in REST API has a new blurhash attribute
  • Add support for summary field for media description in ActivityPub (ClearlyClaire)
  • Add hints about incomplete remote content to web UI (Gargron, noellabo)
  • Add personal notes for accounts (ClearlyClaire, Gargron, Sasha-Sorokin)
    • To clarify, these are notes only you can see, to help you remember details
    • Notes can be viewed and edited from profiles in web UI
    • New REST API: POST /api/v1/accounts/:id/note with comment param
    • The Relationship entity in REST API has a new note attribute
  • Add Helm chart (dunn, dunn, dunn)
  • Add customizable thumbnails for audio and video attachments (Gargron, Gargron, Gargron, Gargron, ClearlyClaire, ClearlyClaire, noellabo, noellabo)
    • Metadata (album, artist, etc) is no longer stripped from audio files
    • Album art is automatically extracted from audio files
    • Thumbnail can be manually uploaded for both audio and video attachments
    • Media upload APIs now support thumbnail param
      • On POST /api/v1/media and POST /api/v2/media
      • And on PUT /api/v1/media/:id
    • ActivityPub representation of media attachments represents custom thumbnails with an icon attribute
    • The Media Attachment entity in REST API now has a preview_remote_url to its preview_url, equivalent to remote_url to its url
  • Add color extraction for thumbnails (Gargron, ClearlyClaire)
    • The meta attribute on the Media Attachment entity in REST API can now have a colors attribute which in turn contains three hex colors: background, foreground, and accent
    • The background color is chosen from the most dominant color around the edges of the thumbnail
    • The foreground and accent colors are chosen from the colors that are the most different from the background color using the CIEDE2000 algorithm
    • The most saturated color of the two is designated as the accent color
    • The one with the highest W3C contrast is designated as the foreground color
    • If there are not enough colors in the thumbnail, new ones are generated using a monochrome pattern
  • Add a visibility indicator to toots in web UI (noellabo, highemerly)
  • Add tootctl email_domain_blocks (tateisu, Gargron)
  • Add "Add new domain block" to header of federation page in admin UI (ariasuni)
  • Add ability to keep emoji picker open with ctrl+click in web UI (bclindner, noellabo)
  • Add custom icon for private boosts in web UI (ClearlyClaire)
  • Add support for Create and Update activities that don't inline objects in ActivityPub (ClearlyClaire)
  • Add support for Undo activities that don't inline activities in ActivityPub (ClearlyClaire)

Changed

  • Change .env.production.sample to be leaner and cleaner (Gargron)
    • It was overloaded as de-facto documentation and getting quite crowded
    • Defer to the actual documentation while still giving a minimal example
  • Change tootctl search deploy to work faster and display progress (Gargron)
  • Change User-Agent of link preview fetching service to include "Bot" (Gargron)
    • Some websites may not render OpenGraph tags into HTML if that's not the case
  • Change behaviour to carry blocks over when someone migrates their followers (ClearlyClaire)
  • Change volume control and download buttons in web UI (Gargron)
  • Change design of audio players in web UI (Gargron, ClearlyClaire, Gargron, ClearlyClaire, Gargron, ClearlyClaire)
  • Change reply filter to never filter own toots in web UI (ClearlyClaire)
  • Change boost button to no longer serve as visibility indicator in web UI (noellabo, ClearlyClaire)
  • Change contrast of flash messages (cchoi12)
  • Change wording from "Hide media" to "Hide image/images" in web UI (ariasuni)
  • Change appearance of settings pages to be more consistent (ariasuni)
  • Change "Add media" tooltip to not include long list of formats in web UI (ariasuni)
  • Change how badly contrasting emoji are rendered in web UI (leo60228, ClearlyClaire, mfmfuyu, ClearlyClaire)
  • Change structure of unavailable content section on about page (ariasuni)
  • Change behaviour to accept ActivityPub activities relayed through group actor (noellabo)
  • Change amount of processing retries for ActivityPub activities (noellabo)

Removed

  • Remove the terms "blacklist" and "whitelist" from UX (Gargron, mayaeh)
    • Environment variables changed (old versions continue to work):
      • WHITELIST_MODELIMITED_FEDERATION_MODE
      • EMAIL_DOMAIN_BLACKLISTEMAIL_DOMAIN_DENYLIST
      • EMAIL_DOMAIN_WHITELISTEMAIL_DOMAIN_ALLOWLIST
    • CLI option changed:
      • tootctl domains purge --whitelist-modetootctl domains purge --limited-federation-mode
  • Remove some unnecessary database indexes (lfuelling, noellabo)
  • Remove unnecessary Node.js version upper bound (ykzts)

Fixed

  • Fix following param not working when exact match is found in account search (noellabo)
  • Fix sometimes occurring duplicate mention notifications (noellabo)
  • Fix RSS feeds not being cacheable (ClearlyClaire)
  • Fix lack of locking around processing of Announce activities in ActivityPub (noellabo)
  • Fix boosted toots from blocked account not being retroactively removed from TL (ClearlyClaire)
  • Fix large shortened numbers (like 1.2K) using incorrect pluralization (Sasha-Sorokin)
  • Fix streaming server trying to use empty password to connect to Redis when REDIS_PASSWORD is given but blank (ClearlyClaire)
  • Fix being unable to unboost posts when blocked by their author (ClearlyClaire)
  • Fix account domain block not properly unfollowing accounts from domain (Gargron)
  • Fix removing a domain allow wiping known accounts in open federation mode (ClearlyClaire)
  • Fix blocks and mutes pagination in web UI (ClearlyClaire)
  • Fix new posts pushing down origin of opened dropdown in web UI (ClearlyClaire, ClearlyClaire)
  • Fix timeline markers not being saved sometimes (ClearlyClaire, ClearlyClaire, ClearlyClaire)
  • Fix CSV uploads being rejected (noellabo)
  • Fix incompatibility with Elasticsearch 7.x (noellabo)
  • Fix being able to search posts where you're in the target audience but not actively mentioned (noellabo)
  • Fix non-local posts appearing on local-only hashtag timelines in web UI (noellabo)
  • Fix tootctl media remove-orphans choking on unknown files in storage (Gargron)
  • Fix tootctl upgrade storage-schema misbehaving (Gargron, angristan)
    • Fix it marking records as upgraded even though no files were moved
    • Fix it not working with S3 storage
    • Fix it not working with custom emojis
  • Fix GIF reader raising incorrect exceptions (ClearlyClaire)
  • Fix hashtag search performing account search as well (ClearlyClaire)
  • Fix Webfinger returning wrong status code on malformed or missing param (ClearlyClaire)
  • Fix rake mastodon:setup error when some environment variables are set (ClearlyClaire)
  • Fix admin page crashing when trying to block an invalid domain name in admin UI (ClearlyClaire)
  • Fix unsent toot confirmation dialog not popping up in single column mode in web UI (ClearlyClaire)
  • Fix performance of follow import (noellabo)
    • Reduce timeout of Webfinger requests to that of other requests
    • Use circuit breakers to stop hitting unresponsive servers
    • Avoid hitting servers that are already known to be generally unavailable
  • Fix filters ignoring media descriptions (BenLubar)
  • Fix some actions on custom emojis leading to cryptic errors in admin UI (ClearlyClaire)
  • Fix ActivityPub serialization of replies when some of them are URIs (ClearlyClaire)
  • Fix rake mastodon:setup choking on environment variables containing % (ClearlyClaire)
  • Fix account redirect confirmation message talking about moved followers (ClearlyClaire)
  • Fix avatars having the wrong size on public detailed status pages (ClearlyClaire)
  • Fix various issues around OpenGraph representation of media (Gargron)
    • Pages containing audio no longer say "Attached: 1 image" in description
    • Audio attachments now represented as OpenGraph og:audio
    • The twitter:player page now uses Mastodon's proper audio/video player
    • Audio/video buffered bars now display correctly in audio/video player
    • Volume and progress bars now respond to movement/move smoother
  • Fix audio/video/images/cards not reacting to window resizes in web UI (Gargron)
  • Fix very wide media attachments resulting in too thin a thumbnail in web UI (ClearlyClaire)
  • Fix crash when merging posts into home feed after following someone (ClearlyClaire)
  • Fix unique username constraint for local users not being enforced in database (ClearlyClaire)
  • Fix unnecessary gap under video modal in web UI (mfmfuyu)
  • Fix 2FA and sign in token pages not respecting user locale (mfmfuyu)
  • Fix unapproved users being able to view profiles when in limited-federation mode and requiring approval for sign-ups (ClearlyClaire)
  • Fix initial audio volume not corresponding to what's displayed in audio player in web UI (ClearlyClaire)
  • Fix timelines sometimes jumping when closing modals in web UI (ClearlyClaire)
  • Fix memory usage of downloading remote files (Gargron, Gargron, noellabo)
    • Don't read entire file (up to 40 MB) into memory
    • Read and write it to temp file in small chunks
  • Fix inconsistent account header padding in web UI (trwnh)
  • Fix Thai being skipped from language detection (Sasha-Sorokin)
    • Since Thai has its own alphabet, it can be detected more reliably
  • Fix broken hashtag column options styling in web UI (ClearlyClaire)
  • Fix pointer cursor being shown on toots that are not clickable in web UI (arielrodrigues)
  • Fix lock icon not being shown when locking account in profile settings (ClearlyClaire)
  • Fix domain blocks doing work the wrong way around (ClearlyClaire)
    • Instead of suspending accounts one by one, mark all as suspended first (quick)
    • Only then proceed to start removing their data (slow)
    • Clear out media attachments in a separate worker (slow)

[3.1.5] - 2020-07-07

Security

  • Fix media attachment enumeration (ClearlyClaire)
  • Change rate limits for various paths (Gargron)
  • Fix other sessions not being logged out on password change (Gargron)

[3.1.4] - 2020-05-14

Added

  • Add vi to available locales (taicv)
  • Add ability to remove identity proofs from account (Gargron)
  • Add ability to exclude local content from federated timeline (noellabo, noellabo)
    • Add remote param to GET /api/v1/timelines/public REST API
    • Add public/remote / public:remote variants to streaming API
    • "Remote only" option in federated timeline column settings in web UI
  • Add ability to exclude remote content from hashtag timelines in web UI (noellabo)
    • No changes to REST API
    • "Local only" option in hashtag column settings in web UI
  • Add Capistrano tasks that reload the services after deploying (berkes)
  • Add invites_enabled attribute to GET /api/v1/instance in REST API (ClearlyClaire)
  • Add tootctl emoji export command (lfuelling)
  • Add separate cache directory for non-local uploads (Gargron, Hanage999, mayaeh)
    • Add tootctl upgrade storage-schema command to move old non-local uploads to the cache directory
  • Add buttons to delete header and avatar from profile settings (sternenseemann)
  • Add emoji graphics and shortcodes from Twemoji 12.1.5 (DeeUnderscore)

Changed

Fixed

  • Fix dropdown of muted and followed accounts offering option to hide boosts in web UI (ClearlyClaire)
  • Fix "You are already signed in" alert being shown at wrong times (ClearlyClaire)
  • Fix retrying of failed-to-download media files not actually working (noellabo)
  • Fix first poll option not being focused when adding a poll in web UI (ClearlyClaire)
  • Fix sr locale being selected over sr-Latn (ClearlyClaire)
  • Fix error within error when limiting backtrace to 3 lines (Gargron)
  • Fix tootctl media remove-orphans crashing on "Import" files (ClearlyClaire)
  • Fix regression in tootctl media remove-orphans (Gargron)
  • Fix old unique jobs digests not having been cleaned up (Gargron)
  • Fix own following/followers not showing muted users (ClearlyClaire)
  • Fix list of followed people ignoring sorting on Follows & Followers page (taras2358)
  • Fix wrong pgHero Content-Security-Policy when CDN_HOST is set (ClearlyClaire)
  • Fix needlessly deduplicating usernames on collisions with remote accounts when signing-up through SAML/CAS (kaiyou)
  • Fix page incorrectly scrolling when bringing up dropdown menus in web UI (ClearlyClaire)
  • Fix messed up z-index when NoScript blocks media/previews in web UI (ClearlyClaire)
  • Fix "See what's happening" page showing public instead of local timeline for logged-in users (ClearlyClaire)
  • Fix not being able to resolve public resources in development environment (Gargron)
  • Fix uninformative error message when uploading unsupported image files (ClearlyClaire)
  • Fix expanded video player issues in web UI (ClearlyClaire, eai04191)
  • Fix and refactor keyboard navigation in dropdown menus in web UI (ClearlyClaire)
  • Fix uploaded image orientation being messed up in some browsers in web UI (ClearlyClaire)
  • Fix actions log crash when displaying updates of deleted announcements in admin UI (ClearlyClaire)
  • Fix search not working due to proxy settings when using hidden services (Gargron)
  • Fix poll refresh button not being debounced in web UI (rasjonell, ClearlyClaire)
  • Fix confusing error when failing to add an alias to an unknown account (ClearlyClaire)
  • Fix "Email changed" notification sometimes having wrong e-mail (ClearlyClaire)
  • Fix various issues on the account aliases page (ClearlyClaire)
  • Fix API footer link in web UI (bubblineyuri)
  • Fix pagination of following, followers, follow requests, blocks and mutes lists in web UI (ClearlyClaire)
  • Fix styling of polls in JS-less fallback on public pages (ClearlyClaire)
  • Fix trying to delete already deleted file when post-processing (Gargron)

Security

  • Fix Doorkeeper vulnerability that exposed app secret to users who authorized the app and reset secret of the web UI that could have been exposed (dependabot-preview[bot], Gargron)
    • For apps that self-register on behalf of every individual user (such as most mobile apps), this is a non-issue
    • The issue only affects developers of apps who are shared between multiple users, such as server-side apps like cross-posters

[3.1.3] - 2020-04-05

Added

  • Add ability to filter audit log in admin UI (Gargron)
  • Add titles to warning presets in admin UI (Gargron)
  • Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (Gargron)
  • Add ability to delete files uploaded for settings in admin UI (ClearlyClaire)
  • Add sorting by username, creation and last activity in admin UI (ClearlyClaire)
  • Add explanation as to why unlocked accounts may have follow requests in web UI (ClearlyClaire)
  • Add link to bookmarks to dropdown in web UI (mayaeh)
  • Add support for links to statuses in announcements to be opened in web UI (ClearlyClaire, ClearlyClaire)
  • Add tooltips to audio/video player buttons in web UI (ariasuni)
  • Add submit button to the top of preferences pages (guigeekz)
  • Add specific rate limits for posting, following and reporting (Gargron, Gargron)
    • 300 posts every 3 hours
    • 400 follows or follow requests every 24 hours
    • 400 reports every 24 hours
  • Add federation support for the "hide network" preference (ClearlyClaire)
  • Add --skip-media-remove option to tootctl statuses remove (tateisu)

Changed

  • Change design of polls in web UI (Sasha-Sorokin, ClearlyClaire)
  • Change status click areas in web UI to be bigger (ariasuni)
  • Change tootctl media remove-orphans to work for all classes (Gargron)
  • Change local media attachments to perform heavy processing asynchronously (Gargron)
  • Change video uploads to always be converted to H264/MP4 (Gargron, ClearlyClaire, ClearlyClaire)
  • Change video uploads to enforce certain limits (Gargron)
    • Dimensions smaller than 1920x1200px
    • Frame rate at most 60fps
  • Change the tooltip "Toggle visibility" to "Hide media" in web UI (ariasuni)
  • Change description of privacy levels to be more intuitive in web UI (ariasuni)
  • Change GIF label to be displayed even when autoplay is enabled in web UI (koyuawsmbrtn)
  • Change the string "Hide everything from …" to "Block domain …" in web UI (ClearlyClaire, mayaeh)
  • Change wording of media display preferences to be more intuitive (ariasuni)

Deprecated

  • POST /api/v1/mediaPOST /api/v2/media (Gargron)

Fixed

  • Fix tootctl media remove-orphans ignoring PAPERCLIP_ROOT_PATH (Gargron)
  • Fix returning results when searching for URL with non-zero offset (Gargron)
  • Fix pinning a column in web UI sometimes redirecting out of web UI (Gargron)
  • Fix background jobs not using locks like they are supposed to (Gargron)
  • Fix content warning being unnecessarily cleared when hiding content warning input in web UI (ClearlyClaire)
  • Fix "Show more" not switching to "Show less" on public pages (ClearlyClaire)
  • Fix import overwrite option not being selectable (noellabo)
  • Fix wrong color for ellipsis in boost confirmation dialog in web UI (ariasuni)
  • Fix unnecessary unfollowing when importing follows with overwrite option (noellabo)
  • Fix 404 and 410 API errors being silently discarded in web UI (ClearlyClaire)
  • Fix OCR not working on Safari because of unsupported worker-src CSP (ClearlyClaire)
  • Fix media not being marked sensitive when a content warning is set with no text (ClearlyClaire)
  • Fix crash after deleting announcements in web UI (codesections, ClearlyClaire)
  • Fix bookmarks not being searchable (Kjwon15, noellabo)
  • Fix reported accounts not being whitelisted from further spam checks when resolving a spam check report (ClearlyClaire)
  • Fix web UI crash in single-column mode on prehistoric browsers (ClearlyClaire)
  • Fix some timeouts when searching for URLs (ClearlyClaire)
  • Fix detailed view of direct messages displaying a 0 boost count in web UI (ClearlyClaire)
  • Fix regression in “Edit media” modal in web UI (ClearlyClaire)
  • Fix public posts from silenced accounts not being changed to unlisted visibility (ClearlyClaire)
  • Fix error when searching for URLs that contain the mention syntax (ClearlyClaire)
  • Fix text area above/right of emoji picker being accidentally clickable in web UI (ariasuni)
  • Fix too large announcements not being scrollable in web UI (ClearlyClaire)
  • Fix tootctl media remove-orphans crashing when encountering invalid media (ClearlyClaire)
  • Fix installation failing when Redis password contains special characters (ClearlyClaire)
  • Fix announcements with fully-qualified mentions to local users crashing web UI (ClearlyClaire)

Security

  • Fix re-sending of e-mail confirmation not being rate limited (Gargron)

[v3.1.2] - 2020-02-27

Added

  • Add --reset-password option to tootctl accounts modify (ClearlyClaire)
  • Add source-mapped stacktrace to error message in web UI (ClearlyClaire)

Fixed

  • Fix dismissing an announcement twice raising an obscure error (ClearlyClaire)
  • Fix misleading error when attempting to re-send a pending follow request (ClearlyClaire)
  • Fix backups failing when files are missing from media attachments (ClearlyClaire)
  • Fix duplicate accounts being created when fetching an account for its key only (ClearlyClaire)
  • Fix /web redirecting to /web/web in web UI (ClearlyClaire)
  • Fix previously OStatus-based accounts not being detected as ActivityPub (ClearlyClaire)
  • Fix account JSON/RSS not being cacheable due to wrong mime type comparison (ClearlyClaire)
  • Fix old browsers crashing because of missing finally polyfill in web UI (ClearlyClaire)
  • Fix account's bio not being shown if there are no proofs/fields in admin UI (ClearlyClaire)
  • Fix sign-ups without checked user agreement being accepted through the web form (ClearlyClaire)
  • Fix non-x64 architectures not being able to build Docker image because of hardcoded Node.js architecture (SaraSmiseth)
  • Fix invite request input not being shown on sign-up error if left empty (ClearlyClaire)
  • Fix some migration hints mentioning GitLab instead of Mastodon (saper)

Security

  • Fix leak of arbitrary statuses through unfavourite action in REST API (Gargron)

[3.1.1] - 2020-02-10

Fixed

  • Fix yanked dependency preventing installation (mayaeh)

[3.1.0] - 2020-02-09

Added

Changed

  • Change last_status_at to be a date, not datetime in REST API (ClearlyClaire)
  • Change followers page to relationships page in admin UI (Gargron, Gargron)
  • Change reported media attachments to always be hidden in admin UI (Gargron, ClearlyClaire)
  • Change string from "Disable" to "Disable login" in admin UI (nileshkumar)
  • Change report page structure in admin UI (Sasha-Sorokin)
  • Change swipe sensitivity to be lower on small screens in web UI (umonaca)
  • Change audio/video playback to stop playback when out of view in web UI (Gargron)
  • Change media description label based on upload type in web UI (ClearlyClaire)
  • Change large numbers to render without decimal units in web UI (noellabo)
  • Change "Add a choice" button to be disabled rather than hidden when poll limit reached in web UI (ClearlyClaire, hinaloe)
  • Change tootctl statuses remove to keep statuses favourited or bookmarked by local users (ClearlyClaire, Gomasy)
  • Change domain block behavior to update user records (fast) before deleting data (slower) (ClearlyClaire)
  • Change behaviour to strip audio metadata on uploads (hugogameiro)
  • Change accepted length of remote media descriptions from 420 to 1,500 characters (ClearlyClaire)
  • Change preferences pages structure (Sasha-Sorokin, mayaeh, Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin)
  • Change format of titles in RSS (devkral)
  • Change favourite icon animation from spring-based motion to CSS animation in web UI (ClearlyClaire)
  • Change minimum required Node.js version to 10, and default to 12 (Shleeble, mkody, Shleeble)
  • Change spam check to exempt server staff (ClearlyClaire)
  • Change to fallback to to Create audience when object has no defined audience (ClearlyClaire)
  • Change Twemoji library to 12.1.3 in web UI (koyuawsmbrtn)
  • Change blocked users to be hidden from following/followers lists (ClearlyClaire)
  • Change signature verification to ignore signatures with invalid host (Gargron)

Removed

Fixed

  • Fix some translatable strings being used wrongly (Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin, mayaeh)
  • Fix headline of public timeline page when set to local-only (ykzts)
  • Fix space between tabs not being spread evenly in web UI (Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin)
  • Fix interactive delays in database migrations with no TTY (Gargron)
  • Fix status overflowing in report dialog in web UI (ClearlyClaire)
  • Fix unlocalized dropdown button title in web UI (Sasha-Sorokin)
  • Fix media attachments without file being uploadable (Gargron)
  • Fix unfollow confirmations in profile directory in web UI (ClearlyClaire)
  • Fix duplicate description meta tag on accounts public pages (ClearlyClaire)
  • Fix slow query of federated timeline (notozeki)
  • Fix not all of account's active IPs showing up in admin UI (Gargron, Gargron)
  • Fix search by IP not using alternative browser sessions in admin UI (Gargron)
  • Fix “X new items” not showing up for slow mode on empty timelines in web UI (ClearlyClaire)
  • Fix OEmbed endpoint being inaccessible in secure mode (Gargron)
  • Fix proofs API being inaccessible in secure mode (Gargron)
  • Fix Ruby 2.7 incompatibilities (ClearlyClaire, ClearlyClaire, Shleeble, zunda)
  • Fix invalid poll votes being accepted in REST API (ClearlyClaire)
  • Fix old migrations failing because of strong migrations update (ClearlyClaire, ClearlyClaire)
  • Fix reuse of detailed status components in web UI (ClearlyClaire)
  • Fix base64-encoded file uploads not being possible in REST API (Gargron, Gargron)
  • Fix error due to missing authentication call in filters controller (Gargron)
  • Fix uncaught unknown format error in host meta controller (Gargron)
  • Fix URL search not returning private toots user has access to (ClearlyClaire, ClearlyClaire)
  • Fix cache digesting log noise on status embeds (Gargron)
  • Fix slowness due to layout thrashing when reloading a large set of statuses in web UI (panarom, panarom, Gargron)
  • Fix error when fetching followers/following from REST API when user has network hidden (Gargron)
  • Fix IDN mentions not being processed, IDN domains not being rendered (Gargron, Gargron, Gargron)
  • Fix error when searching for empty phrase (Gargron)
  • Fix backups stopping due to read timeouts (chr-1x)
  • Fix batch actions on non-pending tags in admin UI (ClearlyClaire)
  • Fix sample SAML_ACS_URL, SAML_ISSUER (orlea)
  • Fix manual scrolling issue on Firefox/Windows in web UI (ClearlyClaire)
  • Fix archive takeout failing if total dump size exceeds 2GB (scd31, Gargron)
  • Fix custom emoji category creation silently erroring out on duplicate category (ClearlyClaire)
  • Fix link crawler not specifying preferred content type (ClearlyClaire)
  • Fix featured hashtag setting page erroring out instead of rejecting invalid tags (ClearlyClaire)
  • Fix tooltip messages of single/multiple-choice polls switcher being reversed in web UI (acid-chicken)
  • Fix typo in help text of tootctl statuses remove (trwnh)
  • Fix generic HTTP 500 error on duplicate records (Gargron)
  • Fix old migration failing with new status default scope (ClearlyClaire)
  • Fix errors when using search API with no query (Gargron, trwnh)
  • Fix poll options not being selectable via keyboard in web UI (ClearlyClaire)
  • Fix conversations not having an unread indicator in web UI (Gargron)
  • Fix lost focus when modals open/close in web UI (ClearlyClaire)
  • Fix pending upload count not being decremented on error in web UI (ClearlyClaire)
  • Fix empty poll options not being removed on remote poll update (ClearlyClaire)
  • Fix OCR with delete & redraft in web UI (ClearlyClaire)
  • Fix blur behind closed registration message (ClearlyClaire)
  • Fix OEmbed discovery not handling different URL variants in query (Gargron)
  • Fix link crawler crashing on <a> tags without href (ClearlyClaire)
  • Fix whitelisted subdomains being ignored in whitelist mode (noiob)
  • Fix broken audit log in whitelist mode in admin UI (ClearlyClaire)
  • Fix unread indicator not honoring "Only media" option in local and federated timelines in web UI (ClearlyClaire)
  • Fix error when rebuilding home feeds (dariusk)
  • Fix relationship caches being broken as result of a follow request (ClearlyClaire)
  • Fix more items than the limit being uploadable in web UI (ClearlyClaire)
  • Fix various issues with account migration (ClearlyClaire)
  • Fix filtered out items being counted as pending items in slow mode in web UI (ClearlyClaire)
  • Fix notification filters not applying to poll options (ClearlyClaire)
  • Fix notification message for user's own poll saying it's a poll they voted on in web UI (ykzts)
  • Fix polls with an expiration not showing up as expired in web UI (noellabo)
  • Fix volume slider having an offset between cursor and slider in Chromium in web UI (ClearlyClaire)
  • Fix Vagrant image not accepting connections (shrft)
  • Fix batch actions being hidden on small screens in admin UI (ClearlyClaire)
  • Fix incoming federation not working in whitelist mode (ClearlyClaire)
  • Fix error when passing empty source param to PUT /api/v1/accounts/update_credentials (jglauche)
  • Fix HTTP-based streaming API being cacheable by proxies (BenLubar)
  • Fix users being able to register while tootctl self-destruct is in progress (Kjwon15)
  • Fix microformats detection in link crawler not ignoring h-card links (nightpool)
  • Fix outline on full-screen video in web UI (hinaloe)
  • Fix TLD domain blocks not being editable (ClearlyClaire)
  • Fix Nanobox deploy hooks (danhunsaker)
  • Fix needlessly complicated SQL query when performing account search amongst followings (ClearlyClaire)
  • Fix favourites count not updating when unfavouriting in web UI (NimaBoscarino)
  • Fix occasional crash on scroll in Chromium in web UI (hinaloe)
  • Fix intersection observer not working in single-column mode web UI (panarom)
  • Fix voting issue with remote polls that contain trailing spaces (ClearlyClaire)
  • Fix dynamic elements not working in pgHero due to CSP rules (ykzts)
  • Fix overly verbose backtraces when delivering ActivityPub payloads (zunda)
  • Fix rendering <a> without href when scheme unsupported (Gargron)
  • Fix unfiltered params error when generating ActivityPub tag pagination (Gargron)
  • Fix malformed HTML causing uncaught error (Gargron)
  • Fix native share button not being displayed for unlisted toots (ClearlyClaire)
  • Fix remote convertible media attachments (e.g. GIFs) not being saved (Gargron)
  • Fix account query not using faster index (abcang)
  • Fix error when sending moderation notification (renatolond)

Security

  • Fix OEmbed leaking information about existence of non-public statuses (Gargron)
  • Fix password change/reset not immediately invalidating other sessions (Gargron)
  • Fix settings pages being cacheable by the browser (Gargron)

[3.0.1] - 2019-10-10

Added

  • Add tootctl media usage command (Gargron)
  • Add admin setting to auto-approve trending hashtags (Gargron, Gargron)

Changed

  • Change tootctl media refresh to skip already downloaded attachments (Gargron)

Removed

  • Remove auto-silence behaviour from spam check (Gargron)
  • Remove HTML lang attribute from individual statuses in web UI (Gargron)
  • Remove fallback to long description on sidebar and meta description (Gargron)

Fixed

  • Fix preloaded JSON-LD context for identity not being used (Gargron)
  • Fix media editing modal changing dimensions once the image loads (Gargron)
  • Fix not showing whether a custom emoji has a local counterpart in admin UI (Gargron)
  • Fix attachment not being re-downloaded even if file is not stored (Gargron)
  • Fix old migration trying to use new column due to default status scope (Gargron)
  • Fix column back button missing for not found accounts (trwnh)
  • Fix issues with tootctl's parallelization and progress reporting (Gargron, Gargron)
  • Fix existing user records with now-renamed pt locale (Gargron)
  • Fix hashtag timeline REST API accepting too many hashtags (Gargron)
  • Fix GET /api/v1/instance REST APIs being unavailable in secure mode (Gargron)
  • Fix performance of home feed regeneration and merging (Gargron)
  • Fix ffmpeg performance issues due to stdout buffer overflow (hugogameiro)
  • Fix S3 adapter retrying failing uploads with exponential backoff (Gargron)
  • Fix tootctl accounts cull advertising unused option flag (Kjwon15)

[3.0.0] - 2019-10-03

Added

Changed

  • Change conversations UI (Gargron)
  • Change dashboard to short number notation (noellabo, noellabo)
  • Change REST API GET /api/v1/timelines/public to require authentication when public preview is off (ClearlyClaire)
  • Change REST API POST /api/v1/follow_requests/:id/(approve|reject) to return relationship (ClearlyClaire)
  • Change rate limit for media proxy (ykzts)
  • Change unlisted custom emoji to not appear in autosuggestions (Gargron)
  • Change max length of media descriptions from 420 to 1500 characters (Gargron, ClearlyClaire)
  • Change deletes to preserve soft-deleted statuses in unresolved reports (Gargron)
  • Change tootctl to use inline parallelization instead of Sidekiq (Gargron)
  • Change account deletion page to have better explanations (Gargron, Gargron)
  • Change hashtag component in web UI to show numbers for 2 last days (Gargron, Gargron, Gargron)
  • Change OpenGraph description on sign-up page to reflect invite (Gargron)
  • Change layout of public profile directory to be the same as in web UI (Gargron)
  • Change detailed status child ordering to sort self-replies on top (ClearlyClaire)
  • Change window resize handler to switch to/from mobile layout as soon as needed (ClearlyClaire)
  • Change icon button styles to make hover/focus states more obvious (ClearlyClaire)
  • Change contrast of status links that are not mentions or hashtags (ClearlyClaire)
  • Change hashtags to preserve first-used casing (Gargron, Gargron, Gargron, Gargron, Gargron)
  • Change unconfirmed user login behaviour (Gargron, ClearlyClaire, Gargron)
  • Change single-column mode to scroll the whole page (Gargron, Gargron, Gargron, ClearlyClaire, Gargron, Gargron, ClearlyClaire, Gargron)
  • Change tootctl accounts follow to only work with local accounts (angristan)
  • Change Dockerfile (Shleeble, ykzts, Shleeble)
  • Change supported Node versions to include v12 (abcang)
  • Change Portuguese language from pt to pt-PT (Gargron)
  • Change domain block silence to always require approval on follow (ClearlyClaire)
  • Change link preview fetcher to not perform a HEAD request first (Gargron)
  • Change tootctl domains purge to accept multiple domains at once (Gargron)

Removed

  • Remove OStatus support (Gargron, Gargron, Gargron, ClearlyClaire, ClearlyClaire)
  • Remove Atom feeds and old URLs in the form of GET /:username/updates/:id (Gargron)
  • Remove WebP support (angristan)
  • Remove deprecated config options from Heroku and Scalingo (ykzts)
  • Remove deprecated REST API GET /api/v1/search API (Gargron)
  • Remove deprecated REST API GET /api/v1/statuses/:id/card (Gargron)
  • Remove deprecated REST API POST /api/v1/notifications/dismiss?id=:id (Gargron)
  • Remove deprecated REST API GET /api/v1/timelines/direct (Gargron)

Fixed

  • Fix manifest warning (ykzts)
  • Fix admin UI for custom emoji not respecting GIF autoplay preference (ClearlyClaire)
  • Fix page body not being scrollable in admin/settings layout (Gargron)
  • Fix placeholder colors for inputs not being explicitly defined (Gargron)
  • Fix incorrect enclosure length in RSS (tsia)
  • Fix TOTP codes not being filtered from logs during enabling/disabling (Gargron)
  • Fix webfinger response not returning 410 when account is suspended (Gargron)
  • Fix ActivityPub Move handler queuing jobs that will fail if account is suspended (Gargron)
  • Fix SSO login not using existing account when e-mail is verified (Gargron)
  • Fix web UI allowing uploads past status limit via drag & drop (Gargron)
  • Fix expiring polls not being displayed as such in web UI (ClearlyClaire)
  • Fix 2FA challenge and password challenge for non-database users (Gargron, Gargron)
  • Fix profile fields overflowing page width in web UI (Gargron)
  • Fix web push subscriptions being deleted on rate limit or timeout (Gargron)
  • Fix display of long poll options in web UI (ClearlyClaire, ClearlyClaire)
  • Fix search API not resolving URL when type is given (Gargron)
  • Fix hashtags being split by ZWNJ character (Gargron)
  • Fix scroll position resetting when opening media modals in web UI (Gargron)
  • Fix duplicate HTML IDs on about page (ClearlyClaire)
  • Fix admin UI showing superfluous reject media/reports on suspended domain blocks (ClearlyClaire)
  • Fix ActivityPub context not being dynamically computed (ClearlyClaire)
  • Fix Mastodon logo style on hover on public pages' footer (ClearlyClaire)
  • Fix height of dashboard counters (ClearlyClaire)
  • Fix custom emoji animation on hover in web UI directory bios (ClearlyClaire)
  • Fix non-numbers being passed to Redis and causing an error (Gargron)
  • Fix error in REST API for an account's statuses (Gargron)
  • Fix uncaught error when resource param is missing in Webfinger request (Gargron)
  • Fix uncaught domain normalization error in remote follow (Gargron)
  • Fix uncaught 422 and 500 errors (Gargron, Gargron)
  • Fix uncaught parameter missing exceptions and missing error templates (Gargron)
  • Fix encoding error when checking e-mail MX records (Gargron)
  • Fix items in StatusContent render list not all having a key (ClearlyClaire)
  • Fix remote and staff-removed statuses leaving media behind for a day (Gargron)
  • Fix CSP needlessly allowing blob URLs in script-src (ClearlyClaire)
  • Fix ignoring whole status because of one invalid hashtag (Gargron)
  • Fix hidden statuses losing focus (ClearlyClaire)
  • Fix loading bar being obscured by other elements in web UI (Gargron)
  • Fix multiple issues with replies collection for pages further than self-replies (ClearlyClaire)
  • Fix blurhash and autoplay not working on public pages (Gargron)
  • Fix 422 being returned instead of 404 when POSTing to unmatched routes (Gargron, Gargron)
  • Fix client-side resizing of image uploads (ClearlyClaire)
  • Fix short number formatting for numbers above million in web UI (Gargron)
  • Fix ActivityPub and REST API queries setting cookies and preventing caching (ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire)
  • Fix some emojis in profile metadata labels are not emojified. (kedamaDQ)
  • Fix account search always returning exact match on paginated results (Gargron)
  • Fix acct URIs with IDN domains not being resolved (Gargron)
  • Fix admin dashboard missing latest features (Gargron)
  • Fix jumping of toot date when clicking spoiler button (ariasuni)
  • Fix boost to original audience not working on mobile in web UI (ClearlyClaire)
  • Fix handling of webfinger redirects in ResolveAccountService (ClearlyClaire)
  • Fix URLs appearing twice in errors of ActivityPub::DeliveryWorker (Gargron)
  • Fix support for HTTP proxies (ClearlyClaire)
  • Fix HTTP requests to IPv6 hosts (ClearlyClaire)
  • Fix error in Elasticsearch index import (mayaeh)
  • Fix duplicate account error when seeding development database (ysksn)
  • Fix performance of session clean-up scheduler (abcang)
  • Fix older migrations not running (zunda)
  • Fix URLs counting towards RTL detection (ahangarha)
  • Fix unnecessary status re-rendering in web UI (ClearlyClaire)
  • Fix http_parser.rb gem not being compiled when no network available (petabyteboy)
  • Fix muted text color not applying to all text (trwnh)
  • Fix follower/following lists resetting on back-navigation in web UI (Gargron)
  • Fix n+1 query when approving multiple follow requests (abcang)
  • Fix records not being indexed into Elasticsearch sometimes (Gargron)
  • Fix needlessly indexing unsearchable statuses into Elasticsearch (Gargron)
  • Fix new user bootstrapping crashing when to-be-followed accounts are invalid (ClearlyClaire)
  • Fix featured hashtag URL being interpreted as media or replies tab (Gargron)
  • Fix account counters being overwritten by parallel writes (Gargron)

Security

  • Fix performance of GIF re-encoding and always strip EXIF data from videos (Gargron)

[2.9.3] - 2019-08-10

Added

Changed

  • Change default interface of web and streaming from 0.0.0.0 to 127.0.0.1 (Gargron, zunda, Gargron, zunda)
  • Change the retry limit of web push notifications (highemerly)
  • Change ActivityPub deliveries to not retry HTTP 501 errors (Gargron)
  • Change language detection to include hashtags as words (Gargron)
  • Change terms and privacy policy pages to always be accessible (Gargron)
  • Change robots tag to include noarchive when user opts out of indexing (Kjwon15)

Fixed

  • Fix account domain block not clearing out notifications (Gargron)
  • Fix incorrect locale sometimes being detected for browser (Gargron)
  • Fix crash when saving invalid domain name (Gargron)
  • Fix pinned statuses REST API returning pagination headers (Gargron)
  • Fix "cancel follow request" button having unreadable text in web UI (Gargron)
  • Fix image uploads being blank when canvas read access is blocked (ClearlyClaire)
  • Fix avatars not being animated on hover when not logged in (ClearlyClaire)
  • Fix overzealous sanitization of HTML lists (ClearlyClaire)
  • Fix block crashing when a follow request exists (ClearlyClaire)
  • Fix backup service crashing when an attachment is missing (ClearlyClaire)
  • Fix account moderation action always sending e-mail notification (Gargron)
  • Fix swiping columns on mobile sometimes failing in web UI (ClearlyClaire)
  • Fix wrong actor URI being serialized into poll updates (ClearlyClaire)
  • Fix statsd UDP sockets not being cleaned up in Sidekiq (Gargron)
  • Fix expiration date of filters being set to "never" when editing them (ClearlyClaire)
  • Fix support for MP4 files that are actually M4V files (Gargron)
  • Fix alerts not being typecast correctly in push subscription in REST API (Gargron)
  • Fix some notices staying on unrelated pages (ClearlyClaire)
  • Fix unboosting sometimes preventing a boost from reappearing on feed (ClearlyClaire, Gargron)
  • Fix only one middle dot being recognized in hashtags (Gargron, ClearlyClaire)
  • Fix unnecessary SQL query performed on unauthenticated requests (Gargron)
  • Fix incorrect timestamp displayed on featured tags (Kjwon15)
  • Fix privacy dropdown active state when dropdown is placed on top of it (ClearlyClaire)
  • Fix filters not being applied to poll options (ClearlyClaire)
  • Fix keyboard navigation on various dropdowns (ClearlyClaire, ClearlyClaire, ClearlyClaire)
  • Fix keyboard navigation in modals (ClearlyClaire)
  • Fix image conversation being non-deterministic due to timestamps (Gargron)
  • Fix web UI performance (ClearlyClaire, ClearlyClaire)
  • Fix scrolling to compose form when not necessary in web UI (ClearlyClaire, ClearlyClaire)
  • Fix save button being enabled when list title is empty in web UI (ClearlyClaire)
  • Fix poll expiration not being pre-filled on delete & redraft in web UI (ClearlyClaire)
  • Fix content warning sometimes being set when not requested in web UI (ClearlyClaire)

Security

  • Fix invites not being disabled upon account suspension (ClearlyClaire)
  • Fix blocked domains still being able to fill database with account records (Gargron)

[2.9.2] - 2019-06-22

Added

  • Add short_description and approval_required to GET /api/v1/instance (Gargron)

Changed

  • Change camera icon to paperclip icon in upload form (koyuawsmbrtn)

Fixed

  • Fix audio-only OGG and WebM files not being processed as such (Gargron)
  • Fix audio not being downloaded from remote servers (Gargron)

[2.9.1] - 2019-06-22

Added

Changed

  • Change domain blocks to automatically support subdomains (Gargron)
  • Change Nanobox configuration to bring it up to date (danhunsaker)

Removed

  • Remove expensive counters from federation page in admin UI (Gargron)

Fixed

  • Fix converted media being saved with original extension and mime type (Gargron)
  • Fix layout of identity proofs settings (acid-chicken)
  • Fix active scope only returning suspended users (ClearlyClaire)
  • Fix sanitizer making block level elements unreadable (Gargron)
  • Fix label for site theme not being translated in admin UI (palindromordnilap)
  • Fix statuses not being filtered irreversibly in web UI under some circumstances (ClearlyClaire)
  • Fix scrolling behaviour in compose form (ClearlyClaire)

[2.9.0] - 2019-06-13

Added

Changed

  • Change default layout to single column in web UI (Gargron)
  • Change light theme (Gargron, Gargron, yuzulabo, Gargron)
  • Change preferences page into appearance, notifications, and other (Gargron, Gargron)
  • Change priority of delete activity forwards for replies and reblogs (Gargron)
  • Change Mastodon logo to use primary text color of the given theme (Gargron)
  • Change reblogs counter to be updated when boosted privately (Gargron)
  • Change bio limit from 160 to 500 characters (trwnh)
  • Change API rate limiting to reduce allowed unauthenticated requests (ClearlyClaire, hinaloe, mayaeh)
  • Change help text of tootctl emoji import command to specify a gzipped TAR archive is required (dariusk)
  • Change web UI to hide poll options behind content warnings (ClearlyClaire)
  • Change silencing to ensure local effects and remote effects are the same for silenced local users (ClearlyClaire)
  • Change tootctl domains purge to remove custom emoji as well (Kjwon15)
  • Change Docker image to keep apt working (SuperSandro2000)

Removed

Fixed

  • Fix RTL layout not being RTL within the columns area in web UI (Gargron)
  • Fix display of alternative text when a media attachment is not available in web UI (ClearlyClaire)
  • Fix not being able to directly switch between list timelines in web UI (Gargron)
  • Fix media sensitivity not being maintained in delete & redraft in web UI (ClearlyClaire)
  • Fix emoji picker being always displayed in web UI (noellabo, yuzulabo, wcpaez)
  • Fix potential private status leak through caching (ClearlyClaire)
  • Fix refreshing featured toots when the new collection is empty in web UI (ClearlyClaire)
  • Fix undoing domain block also undoing individual moderation on users from before the domain block (ClearlyClaire)
  • Fix time not being local in the audit log (yuzulabo)
  • Fix statuses removed by moderation re-appearing on subsequent fetches (Kjwon15)
  • Fix misattribution of inlined announces if attributedTo isn't present in ActivityPub (ClearlyClaire)
  • Fix GET /api/v1/polls/:id not requiring authentication for non-public polls (Gargron)
  • Fix handling of blank poll options in ActivityPub (ClearlyClaire)
  • Fix avatar preview aspect ratio on edit profile page (Kjwon15)
  • Fix web push notifications not being sent for polls (ClearlyClaire)
  • Fix cut off letters in last paragraph of statuses in web UI (ariasuni)
  • Fix list not being automatically unpinned when it returns 404 in web UI (Gargron)
  • Fix login sometimes redirecting to paths that are not pages (Gargron)

[2.8.4] - 2019-05-24

Fixed

  • Fix delivery not retrying on some inbox errors that should be retriable (ClearlyClaire)
  • Fix unnecessary 5 minute cooldowns on signature verifications in some cases (ClearlyClaire)
  • Fix possible race condition when processing statuses (ClearlyClaire)

Security

  • Require specific OAuth scopes for specific endpoints of the streaming API, instead of merely requiring a token for all endpoints, and allow using WebSockets protocol negotiation to specify the access token instead of using a query string (ClearlyClaire)

[2.8.3] - 2019-05-19

Added

  • Add og:image:alt OpenGraph tag (BenLubar)
  • Add clickable area below avatar in statuses in web UI (Dar13)
  • Add crossed-out eye icon on account gallery in web UI (Kjwon15)
  • Add media description tooltip to thumbnails in web UI (ClearlyClaire)

Changed

  • Change "mark as sensitive" button into a checkbox for clarity (ClearlyClaire)

Fixed

  • Fix bug allowing users to publicly boost their private statuses (ClearlyClaire, ClearlyClaire)
  • Fix performance in formatter by a little (ClearlyClaire)
  • Fix some colors in the light theme (yuzulabo)
  • Fix some colors of the high contrast theme (yuzulabo)
  • Fix ambivalent active state of poll refresh button in web UI (MaciekBaron)
  • Fix duplicate posting being possible from web UI (hinaloe)
  • Fix "invited by" not showing up in admin UI (ClearlyClaire)

[2.8.2] - 2019-05-05

Added

Fixed

  • Fix cropped hero image on frontpage (BaptisteGelez)
  • Fix blurhash gem not compiling on some operating systems (Gargron)
  • Fix unexpected CSS animations in some browsers (ClearlyClaire)
  • Fix closing video modal scrolling timelines to top (ClearlyClaire)

[2.8.1] - 2019-05-04

Added

  • Add link to existing domain block when trying to block an already-blocked domain (ClearlyClaire)
  • Add button to view context to media modal when opened from account gallery in web UI (Gargron)
  • Add ability to create multiple-choice polls in web UI (ClearlyClaire)
  • Add GITHUB_REPOSITORY and SOURCE_BASE_URL environment variables (rosylilly)
  • Add /interact/ paths to robots.txt (ClearlyClaire)
  • Add blurhash to the Attachment entity in the REST API (Gargron)

Changed

  • Change hidden media to be shown as a blurhash-based colorful gradient instead of a black box in web UI (Gargron)
  • Change rejected media to be shown as a blurhash-based gradient instead of a list of filenames in web UI (Gargron)
  • Change e-mail whitelist/blacklist to not be checked when invited (Gargron)
  • Change cache header of REST API results to no-cache (ClearlyClaire)
  • Change the "mark media as sensitive" button to be more obvious in web UI (Gargron, Gargron)
  • Change account gallery in web UI to display 3 columns, open media modal (Gargron, Gargron)

Fixed

  • Fix LDAP/PAM/SAML/CAS users not being pre-approved (Gargron)
  • Fix accounts created through tootctl not being always pre-approved (Gargron)
  • Fix Sidekiq retrying ActivityPub processing jobs that fail validation (ClearlyClaire)
  • Fix toots not being scrolled into view sometimes through keyboard selection (ClearlyClaire)
  • Fix expired invite links being usable to bypass approval mode (ClearlyClaire)
  • Fix not being able to save e-mail preference for new pending accounts (Gargron)
  • Fix upload progressbar when image resizing is involved (ClearlyClaire)
  • Fix block action not automatically cancelling pending follow request (ClearlyClaire)
  • Fix stoplight logging to stderr separate from Rails logger (Gargron)
  • Fix sign up button not saying sign up when invite is used (Gargron)
  • Fix health checks in Docker Compose configuration (fabianonline)
  • Fix modal items not being scrollable on touch devices (kedamaDQ)
  • Fix Keybase configuration using wrong domain when a web domain is used (BenLubar)
  • Fix avatar GIFs not being animated on-hover on public profiles (hyenagirl64)
  • Fix OpenGraph parser not understanding some valid property meta tags (da2x)
  • Fix wrong fonts being displayed when Roboto is installed on user's machine (ClearlyClaire)
  • Fix confirmation modals being too narrow for a secondary action button (ClearlyClaire)

[2.8.0] - 2019-04-10

Added

Changed

  • Change design of landing page (Gargron, Gargron, ClearlyClaire, ClearlyClaire, koyuawsmbrtn, Gargron)
  • Change design of profile column in web UI (Gargron, Aditoo17, ClearlyClaire, mayaeh, ClearlyClaire)
  • Change language detector threshold from 140 characters to 4 words (Gargron)
  • Change language detector to always kick in for non-latin alphabets (Gargron)
  • Change icons of features on admin dashboard (Gargron)
  • Change DNS timeouts from 1s to 5s (ClearlyClaire)
  • Change Docker image to use Ubuntu with jemalloc (Sir-Boops, BenLubar)
  • Change public pages to be cacheable by proxies (BenLubar)
  • Change the 410 gone response for suspended accounts to be cacheable by proxies (ClearlyClaire)
  • Change web UI to not empty timeline of blocked users on block (ClearlyClaire)
  • Change JSON serializer to remove unused @context values (Gargron)
  • Change GIFV file size limit to be the same as for other videos (rinsuki)
  • Change Webpack to not use @babel/preset-env to compile node_modules (ykzts)
  • Change web UI to use new Web Share Target API (gol-cha)
  • Change ActivityPub reports to have persistent URIs (ClearlyClaire)
  • Change tootctl accounts cull --dry-run to list accounts that would be deleted (BenLubar)
  • Change format of CSV exports of follows and mutes to include extra settings (ClearlyClaire, ClearlyClaire)
  • Change ActivityPub collections to be cacheable by proxies (ClearlyClaire)
  • Change REST API and public profiles to not return follows/followers for users that have blocked you (Gargron)
  • Change the groupings of menu items in settings navigation (Gargron)

Removed

  • Remove zopfli compression to speed up Webpack from 6min to 1min (nolanlawson)
  • Remove stats.json generation to speed up Webpack (nolanlawson)

Fixed

  • Fix public timelines being broken by new toots when they are not mounted in web UI (Gargron)
  • Fix quick filter settings not being saved when selecting a different filter in web UI (ClearlyClaire)
  • Fix remote interaction dialogs being indexed by search engines (Gargron)
  • Fix maxed-out invites not showing up as expired in UI (Gargron)
  • Fix scrollbar styles on compose textarea (Gargron)
  • Fix timeline merge workers being queued for remote users (Gargron)
  • Fix alternative relay support regression (Gargron)
  • Fix trying to fetch keys of unknown accounts on a self-delete from them (ClearlyClaire)
  • Fix CAS :service_validate_url option (enewhuis)
  • Fix race conditions when creating backups (ClearlyClaire)
  • Fix whitespace not being stripped out of username before validation (aurelien-reeves)
  • Fix n+1 query when deleting status (Gargron)
  • Fix exiting follows not being rejected when suspending a remote account (ClearlyClaire)
  • Fix the underlying button element in a disabled icon button not being disabled (ClearlyClaire)
  • Fix race condition when streaming out deleted statuses (ClearlyClaire)
  • Fix performance of admin federation UI by caching account counts (Gargron)
  • Fix JS error on pages that don't define a CSRF token (hinaloe)
  • Fix tootctl accounts cull sometimes removing accounts that are temporarily unreachable (BenLubar)

[2.7.4] - 2019-03-05

Fixed

  • Fix web UI not cleaning up notifications after block (Gargron)
  • Fix redundant HTTP requests when resolving private statuses (ClearlyClaire)
  • Fix performance of account media query (abcang)
  • Fix mention processing for unknown accounts (ClearlyClaire)
  • Fix getting started column not scrolling on short screens (trwnh)
  • Fix direct messages pagination in the web UI (ClearlyClaire)
  • Fix serialization of Announce activities (ClearlyClaire)
  • Fix home timeline perpetually reloading when empty in web UI (Gargron)
  • Fix lists export (ClearlyClaire)
  • Fix edit profile page crash for suspended-then-unsuspended users (ClearlyClaire)

[2.7.3] - 2019-02-23

Added

  • Add domain filter to the admin federation page (ClearlyClaire)
  • Add quick link from admin account view to block/unblock instance (ClearlyClaire)

Fixed

  • Fix video player width not being updated to fit container width (ClearlyClaire)
  • Fix domain filter being shown in admin page when local filter is active (ClearlyClaire)
  • Fix crash when conversations have no valid participants (ClearlyClaire)
  • Fix error when performing admin actions on no statuses (ClearlyClaire)

Changed

  • Change custom emojis to randomize stored file name (hinaloe)

[2.7.2] - 2019-02-17

Added

  • Add support for IPv6 in e-mail validation (zoc)
  • Add record of IP address used for signing up (ClearlyClaire)
  • Add tight rate-limit for API deletions (30 per 30 minutes) (Gargron)
  • Add support for embedded Announce objects attributed to the same actor (ClearlyClaire, Gargron)
  • Add spam filter for Create and Announce activities (Gargron, Gargron, Gargron)
  • Add registrations attribute to GET /api/v1/instance (Gargron)
  • Add vapid_key to POST /api/v1/apps and GET /api/v1/apps/verify_credentials (Gargron)

Fixed

  • Fix link color and add link underlines in high-contrast theme (Gargron, Gargron)
  • Fix unicode characters in URLs not being linkified (JMendyk, hinaloe)
  • Fix URLs linkifier grabbing ending quotation as part of the link (Gargron)
  • Fix authorized applications page design (rinsuki)
  • Fix custom emojis not showing up in share page emoji picker (rinsuki)
  • Fix too liberal application of whitespace in toots (trwnh)
  • Fix misleading e-mail hint being displayed in admin view (ClearlyClaire)
  • Fix tombstones not being cleared out (abcang)
  • Fix some timeline jumps (ClearlyClaire, ClearlyClaire, rinsuki)
  • Fix content warning input taking keyboard focus even when hidden (hinaloe)
  • Fix hashtags select styling in default and high-contrast themes (Gargron)
  • Fix style regressions on landing page (Gargron)
  • Fix hashtag column not subscribing to stream on mount (Gargron)
  • Fix relay enabling/disabling not resetting inbox availability status (Gargron)
  • Fix mutes, blocks, domain blocks and follow requests not paginating (Gargron)
  • Fix crash on public hashtag pages when streaming fails (ClearlyClaire)

Changed

  • Change icon for unlisted visibility level (clarcharr)
  • Change queue of actor deletes from push to pull for non-follower recipients (ClearlyClaire)
  • Change robots.txt to exclude media proxy URLs (nightpool)
  • Change upload description input to allow line breaks (BenLubar)
  • Change dist/mastodon-streaming.service to recommend running node without intermediary npm command (nolanlawson)
  • Change conversations to always show names of other participants (Gargron)
  • Change buttons on timeline preview to open the interaction dialog (Gargron)
  • Change error graphic to hover-to-play (Gargron)

[2.7.1] - 2019-01-28

Fixed

  • Fix SSO authentication not working due to missing agreement boolean (Gargron)
  • Fix slow fallback of CopyAccountStats migration setting stats to 0 (Gargron)
  • Fix wrong command in migration error message (angristan)
  • Fix initial value of volume slider in video player and handle volume changes (ClearlyClaire)
  • Fix missing hotkeys for notifications (ClearlyClaire)
  • Fix being able to attach unattached media created by other users (ClearlyClaire)
  • Fix unrescued SSL error during link verification (renatolond)
  • Fix Firefox scrollbar color regression (trwnh)
  • Fix scheduled status with media immediately creating a status (ClearlyClaire)
  • Fix missing strong style for landing page description (Kjwon15)

[2.7.0] - 2019-01-20

Added

  • Add link for adding a user to a list from their profile (namelessGonbai)
  • Add joining several hashtags in a single column (gdpelican)
  • Add volume sliders for videos (sumdog)
  • Add a tooltip explaining what a locked account is (pawelngei)
  • Add preloaded cache for common JSON-LD contexts (ClearlyClaire)
  • Add profile directory (Gargron)
  • Add setting to not group reblogs in home feed (ClearlyClaire)
  • Add admin ability to remove a user's header image (ClearlyClaire)
  • Add account hashtags to ActivityPub actor JSON (Gargron)
  • Add error message for avatar image that's too large (sumdog)
  • Add notification quick-filter bar (pawelngei)
  • Add new first-time tutorial (Gargron)
  • Add moderation warnings (Gargron)
  • Add emoji codepoint mappings for v11.0 (Gargron)
  • Add REST API for creating an account (Gargron)
  • Add support for Malayalam in language filter (tachyons)
  • Add exclude_reblogs option to account statuses API (Gargron)
  • Add local followers page to admin account UI (chr-1x)
  • Add healthcheck commands to docker-compose.yml (BenLubar)
  • Add handler for Move activity to migrate followers (Gargron)
  • Add CSV export for lists and domain blocks (Gargron)
  • Add tootctl accounts follow ACCT (Gargron)
  • Add scheduled statuses (Gargron)
  • Add immutable caching for S3 objects (nolanlawson)
  • Add cache to custom emojis API (Gargron)
  • Add preview cards to non-detailed statuses on public pages (Gargron)
  • Add mod and moderator to list of default reserved usernames (Gargron)
  • Add quick links to the admin interface in the web UI (ClearlyClaire)
  • Add tootctl domains crawl (Gargron)
  • Add attachment list fallback to public pages (ClearlyClaire)
  • Add tootctl --version (Gargron)
  • Add information about how to opt-in to the directory on the directory (Gargron)
  • Add timeouts for S3 (Gargron)
  • Add support for non-public reblogs from ActivityPub (Gargron)
  • Add sending of Reject activity when sending a Block activity (ClearlyClaire)

Changed

  • Temporarily pause timeline if mouse moved recently (lmorchard)
  • Change the password form order (mayaeh)
  • Redesign admin UI for accounts (Gargron, Gargron)
  • Redesign admin UI for instances/domain blocks (Gargron)
  • Swap avatar and header input fields in profile page (ClearlyClaire)
  • When posting in mobile mode, go back to previous history location (ClearlyClaire)
  • Split out is_changing_upload from is_submitting (ClearlyClaire)
  • Back to the getting-started when pins the timeline. (kedamaDQ)
  • Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (Gargron)
  • Limit maximum visibility of local silenced users to unlisted (ClearlyClaire)
  • Change API error message for unconfirmed accounts (noellabo)
  • Change the icon to "reply-all" when it's a reply to other accounts (mayaeh)
  • Do not ignore federated reports targeting already-reported accounts (ClearlyClaire)
  • Upgrade default Ruby version to 2.6.0 (Gargron)
  • Change e-mail digest frequency (Gargron)
  • Change Docker images for Tor support in docker-compose.yml (Sir-Boops)
  • Display fallback link card thumbnail when none is given (Gargron)
  • Change account bio length validation to ignore mention domains and URLs (Gargron)
  • Use configured contact user for "anonymous" federation activities (yukimochi)
  • Change remote interaction dialog to use specific actions instead of generic "interact" (Gargron)
  • Always re-fetch public key when signature verification fails to support blind key rotation (ClearlyClaire)
  • Make replies to boosts impossible, connect reply to original status instead (valerauko)
  • Change e-mail MX validation to check both A and MX records against blacklist (Gargron)
  • Hide floating action button on search and getting started pages (tmm576)
  • Redesign public hashtag page to use a masonry layout (Gargron)
  • Use summary as summary instead of content warning for converted ActivityPub objects (Gargron)
  • Display a double reply arrow on public pages for toots that are replies (ClearlyClaire)
  • Change admin UI right panel size to be wider (Kjwon15)

Removed

  • Remove links to bridge.joinmastodon.org (non-functional) (Gargron)
  • Remove LD-Signatures from activities that do not need them (ClearlyClaire)

Fixed

  • Remove unused computation of reblog references from updateTimeline (ClearlyClaire)
  • Fix loaded embeds resetting if a status arrives from API again (ClearlyClaire)
  • Fix race condition causing shallow status with only a "favourited" attribute (ClearlyClaire)
  • Remove intermediary arrays when creating hash maps from results (Gargron)
  • Extract counters from accounts table to account_stats table to improve performance (Gargron)
  • Change identities id column to a bigint (Gargron)
  • Fix conversations API pagination (ClearlyClaire)
  • Improve account suspension speed and completeness (Gargron)
  • Fix thread depth computation in statuses_controller (ClearlyClaire)
  • Fix database deadlocks by moving account stats update outside transaction (ClearlyClaire)
  • Escape HTML in profile name preview in profile settings (pawelngei)
  • Use same CORS policy for /@:username and /users/:username (ClearlyClaire)
  • Make custom emoji domains case insensitive (Esteth)
  • Various fixes to scrollable lists and media gallery (ClearlyClaire)
  • Fix bootsnap cache directory being declared relatively (Gargron)
  • Fix timeline pagination in the web UI (ClearlyClaire)
  • Fix padding on dropdown elements in preferences (ClearlyClaire)
  • Make avatar and headers respect GIF autoplay settings (ClearlyClaire)
  • Do no retry Web Push workers if the server returns a 4xx response (Gargron)
  • Minor scrollable list fixes (ClearlyClaire)
  • Ignore low-confidence CharlockHolmes guesses when parsing link cards (ClearlyClaire)
  • Fix tootctl accounts rotate not updating public keys (Gargron)
  • Fix CSP / X-Frame-Options for media players (jomo)
  • Fix unnecessary loadMore calls when the end of a timeline has been reached (ClearlyClaire)
  • Skip mailer job retries when a record no longer exists (Gargron)
  • Fix composer not getting focus after reply confirmation dialog (ClearlyClaire)
  • Fix signature verification stoplight triggering on non-timeout errors (Gargron)
  • Fix ThreadResolveWorker getting queued with invalid URLs (Gargron)
  • Fix crash when clearing uninitialized timeline (ClearlyClaire)
  • Avoid duplicate work by merging ReplyDistributionWorker into DistributionWorker (ClearlyClaire)
  • Skip full text search if it fails, instead of erroring out completely (Kjwon15)
  • Fix profile metadata links not verifying correctly sometimes (shrft)
  • Ensure blocked user unfollows blocker if Block/Undo-Block activities are processed out of order (ClearlyClaire)
  • Fix unreadable text color in report modal for some statuses (Gargron)
  • Stop GIFV timeline preview explicitly when it's opened in modal (kedamaDQ)
  • Fix scrollbar width compensation (ClearlyClaire)
  • Fix race conditions when processing deleted toots (ClearlyClaire)
  • Fix SSO issues on WebKit browsers by disabling Same-Site cookie again (moritzheiber)
  • Fix empty OEmbed error (renatolond)
  • Fix drag & drop modal not disappearing sometimes (hinaloe)
  • Fix statuses with content warnings being displayed in web push notifications sometimes (ClearlyClaire)
  • Fix scroll-to-detailed status not working on public pages (ClearlyClaire)
  • Fix media modal loading indicator (ClearlyClaire)
  • Fix hashtag search results not having a permalink fallback in web UI (ClearlyClaire)
  • Fix slightly cropped font on settings page dropdowns when using system font (ariasuni)
  • Fix not being able to drag & drop text into forms (tmm576)

Security

  • Sanitize and sandbox toot embeds in web UI (ClearlyClaire)
  • Add tombstones for remote statuses to prevent replay attacks (ClearlyClaire)

[2.6.5] - 2018-12-01

Changed

  • Change lists to display replies to others on the list and list owner (ClearlyClaire)

Fixed

  • Fix failures caused by commonly-used JSON-LD contexts being unavailable (ClearlyClaire)

[2.6.4] - 2018-11-30

Fixed

  • Fix yarn dependencies not installing due to yanked event-stream package (Gargron)

[2.6.3] - 2018-11-30

Added

  • Add hyphen to characters allowed in remote usernames (ClearlyClaire)

Changed

  • Change server user count to exclude suspended accounts (Gargron)

Fixed

  • Fix ffmpeg processing sometimes stalling due to overfilled stdout buffer (hugogameiro)
  • Fix missing DNS records raising the wrong kind of exception (Gargron)
  • Fix already queued deliveries still trying to reach inboxes marked as unavailable (Gargron)

Security

  • Fix TLS handshake timeout not being enforced (Gargron)

[2.6.2] - 2018-11-23

Added

  • Add Page to whitelisted ActivityPub types (mbajur)
  • Add 20px to column width in web UI (Gargron)
  • Add amount of freed disk space in tootctl media remove (Gargron, Gargron, mayaeh)
  • Add "Show thread" link to self-replies (Gargron)

Changed

  • Change order of Atom and RSS links so Atom is first (Alkarex)
  • Change Nginx configuration for Nanobox apps (danhunsaker)
  • Change the follow action to appear instant in web UI (Gargron)
  • Change how the ActiveRecord connection is instantiated in on_worker_boot (Gargron)
  • Change tootctl accounts cull to always touch accounts so they can be skipped (renatolond)
  • Change mime type comparison to ignore JSON-LD profile (valerauko)

Fixed

  • Fix web UI crash when conversation has no last status (sammy8806)
  • Fix follow limit validator reporting lower number past threshold (Gargron)
  • Fix form validation flash message color and input borders (Gargron)
  • Fix invalid twitter:player cards being displayed (ClearlyClaire)
  • Fix emoji update date being processed incorrectly (ClearlyClaire)
  • Fix playing embed resetting if status is reloaded in web UI (ClearlyClaire, Gargron)
  • Fix web UI crash when favouriting a deleted status (ClearlyClaire)
  • Fix intermediary arrays being created for hash maps (Gargron)
  • Fix filter ID not being a string in REST API (Gargron)

Security

  • Fix multiple remote account deletions being able to deadlock the database (Gargron)
  • Fix HTTP connection timeout of 10s not being enforced (Gargron)

[2.6.1] - 2018-10-30

Fixed

  • Fix resolving resources by URL not working due to a regression in valerauko (Gargron)
  • Fix reducer error in web UI when a conversation has no last status (Gargron)

[2.6.0] - 2018-10-30

Added

  • Add link ownership verification (Gargron)
  • Add conversations API (Gargron)
  • Add limit for the number of people that can be followed from one account (Gargron)
  • Add admin setting to customize mascot (ashleyhull-versent)
  • Add support for more granular ActivityPub audiences from other software, i.e. circles (Gargron, Gargron, Gargron)
  • Add option to block all reports from a domain (Gargron)
  • Add user preference to always expand toots marked with content warnings (webroo)
  • Add user preference to always hide all media (fvh-P)
  • Add force_login param to OAuth authorize page (Gargron)
  • Add tootctl accounts backup (Gargron, Gargron)
  • Add tootctl accounts create (Gargron, Gargron)
  • Add tootctl accounts cull (Gargron, Gargron)
  • Add tootctl accounts delete (Gargron, Gargron)
  • Add tootctl accounts modify (Gargron, Gargron)
  • Add tootctl accounts refresh (Gargron, Gargron)
  • Add tootctl feeds build (Gargron, Gargron)
  • Add tootctl feeds clear (Gargron, Gargron)
  • Add tootctl settings registrations open (Gargron, Gargron)
  • Add tootctl settings registrations close (Gargron, Gargron)
  • Add min_id param to REST API to support backwards pagination (Gargron)
  • Add a confirmation dialog when hitting reply and the compose box isn't empty (ClearlyClaire)
  • Add PostgreSQL disk space growth tracking in PGHero (Gargron)
  • Add button for disabling local account to report quick actions bar (Gargron)
  • Add Czech language (Aditoo17)
  • Add same-site (lax) attribute to cookies (sorin-davidoi)
  • Add support for styled scrollbars in Firefox Nightly (sorin-davidoi)
  • Add highlight to the active tab in web UI profiles (rhoio)
  • Add auto-focus for comment textarea in report modal (ClearlyClaire)
  • Add auto-focus for emoji picker's search field (ClearlyClaire)
  • Add nginx and systemd templates to dist/ directory (Gargron)
  • Add support for /.well-known/change-password (Gargron)
  • Add option to override FFMPEG binary path (sascha-sl)
  • Add dns-prefetch tag when using different host for assets or uploads (Gargron)
  • Add description meta tag (Gargron)
  • Add Content-Security-Policy header (ClearlyClaire)
  • Add cache for the instance info API (ykzts)
  • Add suggested follows to search screen in mobile layout (Gargron)
  • Add CORS header to /.well-known/* routes (BenLubar)
  • Add card attribute to statuses returned from REST API (Gargron)
  • Add in-stream link preview (Gargron)
  • Add support for ActivityPub Page objects (mbajur)

Changed

  • Change forms design (Gargron)
  • Change reports overview to group by target account (Gargron)
  • Change web UI to show "read more" link on overly long in-stream statuses (lanodan)
  • Change design of direct messages column (Gargron, Gargron)
  • Change home timelines to exclude DMs (Gargron)
  • Change list timelines to exclude all replies (cbayerlein)
  • Change admin accounts UI default sort to most recent (Gargron)
  • Change documentation URL in the UI (Gargron)
  • Change style of success and failure messages (Gargron)
  • Change DM filtering to always allow DMs from staff (qguv)
  • Change recommended Ruby version to 2.5.3 (zunda)
  • Change docker-compose default to persist volumes in current directory (Gargron)
  • Change character counters on edit profile page to input length limit (Gargron)
  • Change notification filtering to always let through messages from staff (Gargron)
  • Change "hide boosts from user" function also hiding notifications about boosts (ClearlyClaire)
  • Change CSS detailed-status__wrapper class actually wrap the detailed status (trwnh)

Deprecated

  • GET /api/v1/timelines/directGET /api/v1/conversations (Gargron)
  • POST /api/v1/notifications/dismissPOST /api/v1/notifications/:id/dismiss (Gargron)
  • GET /api/v1/statuses/:id/cardcard attributed included in status (Gargron)

Removed

  • Remove "on this device" label in column push settings (rhoio)
  • Remove rake tasks in favour of tootctl commands (Gargron)

Fixed

  • Fix remote statuses using instance's default locale if no language given (Kjwon15)
  • Fix streaming API not exiting when port or socket is unavailable (Gargron)
  • Fix network calls being performed in database transaction in ActivityPub handler (Gargron)
  • Fix dropdown arrow position (ClearlyClaire)
  • Fix first element of dropdowns being focused even if not using keyboard (ClearlyClaire)
  • Fix tootctl requiring bundle exec invocation (abcang)
  • Fix public pages not using animation preference for avatars (renatolond)
  • Fix OEmbed/OpenGraph cards not understanding relative URLs (ClearlyClaire)
  • Fix some dark emojis not having a white outline (ClearlyClaire)
  • Fix media description not being displayed in various media modals (ClearlyClaire)
  • Fix generated URLs of desktop notifications missing base URL (GenbuHase)
  • Fix RTL styles (mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar)
  • Fix crash in streaming API when tag param missing (Gargron)
  • Fix hotkeys not working when no element is focused (ClearlyClaire)
  • Fix some hotkeys not working on detailed status view (ClearlyClaire)
  • Fix og:url on status pages (ClearlyClaire)
  • Fix upload option buttons only being visible on hover (Gargron)
  • Fix tootctl not returning exit code 1 on wrong arguments (sascha-sl)
  • Fix preview cards for appearing for profiles mentioned in toot (ClearlyClaire, ClearlyClaire)
  • Fix local accounts sometimes being duplicated as faux-remote (Gargron)
  • Fix emoji search when the shortcode has multiple separators (ClearlyClaire)
  • Fix dropdowns sometimes being partially obscured by other elements (kedamaDQ)
  • Fix cache not updating when reply/boost/favourite counters or media sensitivity update (Gargron)
  • Fix empty display name precedence over username in web UI (Gargron)
  • Fix td instead of th in sessions table header (Gargron)
  • Fix handling of content types with profile (valerauko)

[2.5.2] - 2018-10-12

Security

[2.5.1] - 2018-10-07

Fixed

  • Fix database migrations for PostgreSQL below 9.5 (Gargron)
  • Fix class autoloading issue in ActivityPub Create handler (Gargron)
  • Fix cache statistics not being sent via statsd when statsd enabled (ykzts)
  • Bump puma from 3.11.4 to 3.12.0 (dependabot[bot])

Security

  • Fix some local images not having their EXIF metadata stripped on upload (ClearlyClaire)
  • Fix being able to enable a disabled relay via ActivityPub Accept handler (ClearlyClaire)
  • Bump nokogiri from 1.8.4 to 1.8.5 (dependabot[bot])
  • Fix being able to report statuses not belonging to the reported account (ClearlyClaire)