cybre-space/CHANGELOG.md

173 KiB

Changelog

All notable changes to this project will be documented in this file.

Unreleased

Added

  • Add hotkeys for audio/video control in web UI (Gargron, Gargron)
    • Space and k to toggle playback
    • m to toggle mute
    • f to toggle fullscreen
    • j and l to go back and forward by 10 seconds
    • . and , to go back and forward by a frame (video only)
  • Add expand/compress button on media modal in web UI (mashirozx, mashirozx, mashirozx)
  • Add border around 🕺 emoji in web UI (ThibG)
  • Add border around 🐞 emoji in web UI (ThibG)
  • Add home link to the getting started column when home isn't mounted (ThibG)
  • Add option to disable swiping motions across the web UI (ThibG)
  • Add pop-out player for audio/video in web UI (Gargron, Gargron, Gargron)
    • Continue watching/listening when you scroll away
    • Action bar to interact with/open toot from the pop-out player
  • Add unread notification markers in web UI (ThibG, ThibG, ThibG, noellabo, noellabo)
  • Add paragraph about browser add-ons when encountering errors in web UI (ThibG)
  • Add import and export for bookmarks (ThibG)
  • Add cache buster feature for media files (Gargron)
    • If you have a proxy cache in front of object storage, deleted files will persist until the cache expires
    • If enabled, cache buster will make a special request to the proxy to signal a cache reset
  • Add duration option to the mute function (aquarla)
  • Add replies policy option to the list function (ThibG)
  • Add og:published_time OpenGraph tags on toots (nornagon)
  • Add option to be notified when a followed user posts (Gargron, ThibG, Gargron)
    • If you don't want to miss a toot, click the bell button!
  • Add client-side validation in password change forms (ThibG)
  • Add client-side validation in the registration form (ThibG, ThibG)
  • Add support for Gemini URLs (joshleeb)
  • Add WebAuthn as an alternative 2FA method (santiagorodriguez96, jiikko)
  • Add icon for mutual relationships in relationship manager (noellabo)
  • Add follow selected followers button in relationship manager (noellabo)
  • Add subresource integrity for JS and CSS assets (Gargron)
    • If you use a CDN for static assets (JavaScript, CSS, and so on), you have to trust that the CDN does not modify the assets maliciously
    • Subresource integrity compares server-generated asset digests with what's actually served from the CDN and prevents such attacks
  • Add ku, sa, sc, zgh to available locales (ykzts)
  • Add ability to force an account to mark media as sensitive (noellabo)
  • Add ability to block access or limit sign-ups from chosen IPs (Gargron)
    • Add rules for IPs or CIDR ranges that automatically expire after a configurable amount of time
    • Choose the severity of the rule, either blocking all access or merely limiting sign-ups
  • Add support for reversible suspensions through ActivityPub (Gargron)
    • Servers can signal that one of their accounts has been suspended
    • During suspension, the account can only delete its own content
    • A reversal of the suspension can be signalled the same way
    • A local suspension always overrides a remote one
  • Add ActivityPub follower synchronization mechanism (ThibG, ThibG)
  • Add outbox attribute to instance actor (ThibG)
  • Add featured hashtags as an ActivityPub collection (Gargron)
  • Add support for dereferencing objects through bearcaps (Gargron, noellabo)
  • Add S3_READ_TIMEOUT environment variable (tateisu)
  • Add ALLOWED_PRIVATE_ADDRESSES environment variable (ThibG)
  • Add --fix-permissions option to tootctl media remove-orphans (Gargron, uist1idrju3i)
  • Add tootctl accounts merge (Gargron)
    • Has someone changed their domain or subdomain thereby creating two accounts where there should be one?
    • This command will fix it on your end
  • Add tootctl maintenance fix-duplicates (ThibG, Gargron)
    • Index corruption in the database?
    • This command is for you
  • Add support for managing multiple stream subscriptions in a single connection (Gargron, Gargron, mfmfuyu, zunda)
    • Previously, getting live updates for multiple timelines required opening a HTTP or WebSocket connection for each
    • More connections means more resource consumption on both ends, not to mention the (ever so slight) delay when establishing a new connection
    • Now, with just a single WebSocket connection you can subscribe and unsubscribe to and from multiple streams
  • Add support for limiting results by both min_id and max_id at the same time in REST API (tateisu)
  • Add GET /api/v1/accounts/:id/featured_tags to REST API (noellabo)
  • Add optional tootctl remove media cronjob in Helm chart (dunn)

Changed

  • Change media modals look in web UI (Gargron, Gargron)
    • Background of the overlay matches the color of the image
    • Action bar to interact with or open the toot from the modal
  • Change order of announcements in admin UI to be newest-first (ThibG)
  • Change account suspensions to be reversible by default (Gargron, ThibG, ThibG, ThibG, ThibG, noellabo)
    • Suspensions no longer equal deletions
    • A suspended account can be unsuspended with minimal consequences for 30 days
    • Immediate deletion of data is still available as an explicit option
    • Suspended accounts can request an archive of their data through the UI
  • Change REST API to return empty data for suspended accounts (14765)
  • Change web UI to show empty profile for suspended accounts (Gargron)
  • Change featured hashtag suggestions to be recently used instead of most used (abcang)
  • Change direct toots to appear in the home feed again (Gargron, ThibG, noellabo)
    • Return to treating all toots the same instead of trying to retrofit direct visibility into an instant messaging model
  • Change email address validation to return more specific errors (ThibG)
  • Change HTTP signature requirements to include Digest header on POST requests (ThibG)
  • Change click area of video/audio player buttons to be bigger in web UI (ariasuni)
  • Change order of filters by alphabetic by "keyword or phrase" (ariasuni)
  • Change suspension of remote accounts to also undo outgoing follows (ThibG)
  • Change string "Home" to "Home and lists" in the filter creation screen (ariasuni)
  • Change string "Boost to original audience" to "Boost with original visibility" in web UI (3n-k1)
  • Change string "Show more" to "Show newer" and "Show older" on public pages (ariasuni)
  • Change order of announcements to be reverse chronological in web UI (dariusk, dariusk)
  • Change visibility icon next to timestamp to be clickable in web UI (ariasuni, mayaeh)

Removed

  • Remove fade-in animation from modals in web UI (Gargron)
  • Remove auto-redirect to direct messages in web UI (Gargron)
  • Remove obsolete IndexedDB operations from web UI (Gargron)
  • Remove dependency on unused and unmaintained http_parser.rb gem (ThibG)

Fixed

  • Fix deletes not reaching every server that interacted with toot (Gargron)
    • Previously, delete of a toot would be primarily sent to the followers of its author, people mentioned in the toot, and people who reblogged the toot
    • Now, additionally, it is ensured that it is sent to people who replied to it, favourited it, and to the person it replies to even if that person is not mentioned
  • Fix resolving an account through its non-canonical form (i.e. alternate domain) (ThibG)
  • Fix sending redundant ActivityPub events when processing remote account deletion (ThibG)
  • Fix Move handler not being triggered when failing to fetch target account (ThibG)
  • Fix downloading remote media files when server returns empty filename (ThibG)
  • Fix account processing failing because of large collections (ThibG)
  • Fix not being able to unfavorite toots one has lost access to (ThibG)
  • Fix not being able to unbookmark toots one has lost access to (ThibG)
  • Fix possible casing inconsistencies in hashtag search (ThibG)
  • Fix updating account counters when association is not yet created (Gargron)
  • Fix cookies not having a SameSite attribute (Gargron)
  • Fix poll ending notifications being created for each vote (ThibG)
  • Fix multiple boosts of a same toot erroneously appearing in TL (ThibG)
  • Fix asset builds not picking up CDN_HOST change (ThibG)
  • Fix desktop notifications permission prompt in web UI (Gargron, Gargron, ThibG)
    • Some time ago, browsers added a requirement that desktop notification prompts could only be displayed in response to a user-generated event (such as a click)
    • This means that for some time, users who haven't already given the permission before were not getting a prompt and as such were not receiving desktop notifications
  • Fix "Mark media as sensitive" string not supporting pluralizations in other languages in web UI (ariasuni)
  • Fix glitched image uploads when canvas read access is blocked in web UI (ThibG)
  • Fix some account gallery items having empty labels in web UI (ThibG)
  • Fix alt-key hotkeys activating while typing in a text field in web UI (ThibG)
  • Fix wrong seek bar width on media player in web UI (mfmfuyu)
  • Fix logging out on mobile in web UI (ThibG)
  • Fix wrong click area for GIFVs in media modal in web UI (noellabo)
  • Fix unreadable placeholder text color in high contrast theme in web UI (Gargron)
  • Fix scrolling issues when closing some dropdown menus in web UI (ThibG)
  • Fix notification filter bar incorrectly filtering gaps in web UI (ThibG)
  • Fix disabled boost icon being replaced by private boost icon on hover in web UI (ThibG)
  • Fix hashtag detection in compose form being different to server-side in web UI (kedamaDQ, ThibG)
  • Fix home last read marker mishandling gaps in web UI (ThibG)
  • Fix inefficiency when fetching hashtag timeline (noellabo, akihikodaki)
  • Fix inefficiency when fetching bookmarks (akihikodaki)
  • Fix inefficiency when fetching favourites (akihikodaki)
  • Fix inefficiency when fetching media-only account timeline (akihikodaki)
  • Fix redundant query when processing batch actions on custom emojis (niwatori24)
  • Fix PostgreSQL secret name for cronjob in Helm chart (metal3d)
  • Fix Procfile not being compatible with herokuish (acuteaura)
  • Fix installation of tini being split into multiple steps in Dockerfile (ryncsn)

Security

  • Fix streaming API allowing connections to persist after access token invalidation (Gargron)
  • Fix 2FA/sign-in token sessions being valid after password change (Gargron)

[3.2.1] - 2020-10-19

Added

  • Add support for latest HTTP Signatures spec draft (ThibG)
  • Add support for inlined objects in ActivityPub to/cc (ThibG)

Changed

  • Change actors to not be served at all without authentication in limited federation mode (ThibG)
    • Previously, a bare version of an actor was served when not authenticated, i.e. username and public key
    • Because all actor fetch requests are signed using a separate system actor, that is no longer required

Fixed

  • Fix tootctl media commands not recognizing very large IDs (ThibG)
  • Fix crash when failing to load emoji picker in web UI (ThibG)
  • Fix contrast requirements in thumbnail color extraction (ThibG)
  • Fix audio/video player not using CDN_HOST on public pages (ThibG)
  • Fix private boost icon not being used on public pages (OmmyZhang)
  • Fix audio player on Safari in web UI (ThibG, ThibG)
  • Fix dereferencing remote statuses not using the correct account for signature when receiving a targeted inbox delivery (ThibG)
  • Fix nil error in tootctl media remove (noellabo)
  • Fix videos with near-60 fps being rejected (Gargron)
  • Fix reported statuses not being included in warning e-mail (Gargron)
  • Fix Reject activities of Follow objects not correctly destroying a follow relationship (ThibG)
  • Fix inefficiencies in fan-out-on-write service (Gargron, noellabo)
  • Fix timeout errors when trying to webfinger some IPv6 configurations (Gargron)
  • Fix files served as application/octet-stream being rejected without attempting mime type detection (ThibG)

[3.2.0] - 2020-07-27

Added

  • Add SMTP_SSL environment variable (OmmyZhang)
  • Add hotkey for toggling content warning input in web UI (ThibG)
  • Add e-mail-based sign in challenge for users with disabled 2FA (Gargron)
    • If user tries signing in after:
      • Being inactive for a while
      • With a previously unknown IP
      • Without 2FA being enabled
    • Require to enter a token sent via e-mail before sigining in
  • Add limit param to RSS feeds (noellabo)
  • Add visibility param to share page (noellabo)
  • Add blurhash to link previews (ThibG, ThibG, ThibG, Sasha-Sorokin, Sasha-Sorokin, ThibG, ThibG, ThibG)
    • In web UI, toots cannot be marked as sensitive unless there is media attached
    • However, it's possible to do via API or ActivityPub
    • Thumnails of link previews of such posts now use blurhash in web UI
    • The Card entity in REST API has a new blurhash attribute
  • Add support for summary field for media description in ActivityPub (ThibG)
  • Add hints about incomplete remote content to web UI (Gargron, noellabo)
  • Add personal notes for accounts (ThibG, Gargron, Sasha-Sorokin)
    • To clarify, these are notes only you can see, to help you remember details
    • Notes can be viewed and edited from profiles in web UI
    • New REST API: POST /api/v1/accounts/:id/note with comment param
    • The Relationship entity in REST API has a new note attribute
  • Add Helm chart (dunn, dunn, dunn)
  • Add customizable thumbnails for audio and video attachments (Gargron, Gargron, Gargron, Gargron, ThibG, ThibG, noellabo, noellabo)
    • Metadata (album, artist, etc) is no longer stripped from audio files
    • Album art is automatically extracted from audio files
    • Thumbnail can be manually uploaded for both audio and video attachments
    • Media upload APIs now support thumbnail param
      • On POST /api/v1/media and POST /api/v2/media
      • And on PUT /api/v1/media/:id
    • ActivityPub representation of media attachments represents custom thumbnails with an icon attribute
    • The Media Attachment entity in REST API now has a preview_remote_url to its preview_url, equivalent to remote_url to its url
  • Add color extraction for thumbnails (Gargron, ThibG)
    • The meta attribute on the Media Attachment entity in REST API can now have a colors attribute which in turn contains three hex colors: background, foreground, and accent
    • The background color is chosen from the most dominant color around the edges of the thumbnail
    • The foreground and accent colors are chosen from the colors that are the most different from the background color using the CIEDE2000 algorithm
    • The most satured color of the two is designated as the accent color
    • The one with the highest W3C contrast is designated as the foreground color
    • If there are not enough colors in the thumbnail, new ones are generated using a monochrome pattern
  • Add a visibility indicator to toots in web UI (noellabo, highemerly)
  • Add tootctl email_domain_blocks (tateisu, Gargron)
  • Add "Add new domain block" to header of federation page in admin UI (ariasuni)
  • Add ability to keep emoji picker open with ctrl+click in web UI (bclindner, noellabo)
  • Add custom icon for private boosts in web UI (ThibG)
  • Add support for Create and Update activities that don't inline objects in ActivityPub (ThibG)
  • Add support for Undo activities that don't inline activities in ActivityPub (ThibG)

Changed

  • Change .env.production.sample to be leaner and cleaner (Gargron)
    • It was overloaded as de-facto documentation and getting quite crowded
    • Defer to the actual documentation while still giving a minimal example
  • Change tootctl search deploy to work faster and display progress (Gargron)
  • Change User-Agent of link preview fetching service to include "Bot" (Gargron)
    • Some websites may not render OpenGraph tags into HTML if that's not the case
  • Change behaviour to carry blocks over when someone migrates their followers (ThibG)
  • Change volume control and download buttons in web UI (Gargron)
  • Change design of audio players in web UI (Gargron, ThibG, Gargron, ThibG, Gargron, ThibG)
  • Change reply filter to never filter own toots in web UI (ThibG)
  • Change boost button to no longer serve as visibility indicator in web UI (noellabo, ThibG)
  • Change contrast of flash messages (cchoi12)
  • Change wording from "Hide media" to "Hide image/images" in web UI (ariasuni)
  • Change appearence of settings pages to be more consistent (ariasuni)
  • Change "Add media" tooltip to not include long list of formats in web UI (ariasuni)
  • Change how badly contrasting emoji are rendered in web UI (leo60228, ThibG, mfmfuyu, ThibG)
  • Change structure of unavailable content section on about page (ariasuni)
  • Change behaviour to accept ActivityPub activities relayed through group actor (noellabo)
  • Change amount of processing retries for ActivityPub activities (noellabo)

Removed

  • Remove the terms "blacklist" and "whitelist" from UX (Gargron, mayaeh)
    • Environment variables changed (old versions continue to work):
      • WHITELIST_MODELIMITED_FEDERATION_MODE
      • EMAIL_DOMAIN_BLACKLISTEMAIL_DOMAIN_DENYLIST
      • EMAIL_DOMAIN_WHITELISTEMAIL_DOMAIN_ALLOWLIST
    • CLI option changed:
      • tootctl domains purge --whitelist-modetootctl domains purge --limited-federation-mode
  • Remove some unnecessary database indices (lfuelling, noellabo)
  • Remove unnecessary Node.js version upper bound (ykzts)

Fixed

  • Fix following param not working when exact match is found in account search (noellabo)
  • Fix sometimes occuring duplicate mention notifications (noellabo)
  • Fix RSS feeds not being cachable (ThibG)
  • Fix lack of locking around processing of Announce activities in ActivityPub (noellabo)
  • Fix boosted toots from blocked account not being retroactively removed from TL (ThibG)
  • Fix large shortened numbers (like 1.2K) using incorrect pluralization (Sasha-Sorokin)
  • Fix streaming server trying to use empty password to connect to Redis when REDIS_PASSWORD is given but blank (ThibG)
  • Fix being unable to unboost posts when blocked by their author (ThibG)
  • Fix account domain block not properly unfollowing accounts from domain (Gargron)
  • Fix removing a domain allow wiping known accounts in open federation mode (ThibG)
  • Fix blocks and mutes pagination in web UI (ThibG)
  • Fix new posts pushing down origin of opened dropdown in web UI (ThibG, ThibG)
  • Fix timeline markers not being saved sometimes (ThibG, ThibG, ThibG)
  • Fix CSV uploads being rejected (noellabo)
  • Fix incompatibility with ElasticSearch 7.x (noellabo)
  • Fix being able to search posts where you're in the target audience but not actively mentioned (noellabo)
  • Fix non-local posts appearing on local-only hashtag timelines in web UI (noellabo)
  • Fix tootctl media remove-orphans choking on unknown files in storage (Gargron)
  • Fix tootctl upgrade storage-schema misbehaving (Gargron, angristan)
    • Fix it marking records as upgraded even though no files were moved
    • Fix it not working with S3 storage
    • Fix it not working with custom emojis
  • Fix GIF reader raising incorrect exceptions (ThibG)
  • Fix hashtag search performing account search as well (ThibG)
  • Fix Webfinger returning wrong status code on malformed or missing param (ThibG)
  • Fix rake mastodon:setup error when some environment variables are set (ThibG)
  • Fix admin page crashing when trying to block an invalid domain name in admin UI (ThibG)
  • Fix unsent toot confirmation dialog not popping up in single column mode in web UI (ThibG)
  • Fix performance of follow import (noellabo)
    • Reduce timeout of Webfinger requests to that of other requests
    • Use circuit breakers to stop hitting unresponsive servers
    • Avoid hitting servers that are already known to be generally unavailable
  • Fix filters ignoring media descriptions (BenLubar)
  • Fix some actions on custom emojis leading to cryptic errors in admin UI (ThibG)
  • Fix ActivityPub serialization of replies when some of them are URIs (ThibG)
  • Fix rake mastodon:setup choking on environment variables containing % (ThibG)
  • Fix account redirect confirmation message talking about moved followers (ThibG)
  • Fix avatars having the wrong size on public detailed status pages (ThibG)
  • Fix various issues around OpenGraph representation of media (Gargron)
    • Pages containing audio no longer say "Attached: 1 image" in description
    • Audio attachments now represented as OpenGraph og:audio
    • The twitter:player page now uses Mastodon's proper audio/video player
    • Audio/video buffered bars now display correctly in audio/video player
    • Volume and progress bars now respond to movement/move smoother
  • Fix audio/video/images/cards not reacting to window resizes in web UI (Gargron)
  • Fix very wide media attachments resulting in too thin a thumbnail in web UI (ThibG)
  • Fix crash when merging posts into home feed after following someone (ThibG)
  • Fix unique username constraint for local users not being enforced in database (ThibG)
  • Fix unnecessary gap under video modal in web UI (mfmfuyu)
  • Fix 2FA and sign in token pages not respecting user locale (mfmfuyu)
  • Fix unapproved users being able to view profiles when in limited-federation mode and requiring approval for sign-ups (ThibG)
  • Fix initial audio volume not corresponding to what's displayed in audio player in web UI (ThibG)
  • Fix timelines sometimes jumping when closing modals in web UI (ThibG)
  • Fix memory usage of downloading remote files (Gargron, Gargron, noellabo)
    • Don't read entire file (up to 40 MB) into memory
    • Read and write it to temp file in small chunks
  • Fix inconsistent account header padding in web UI (trwnh)
  • Fix Thai being skipped from language detection (Sasha-Sorokin)
    • Since Thai has its own alphabet, it can be detected more reliably
  • Fix broken hashtag column options styling in web UI (ThibG)
  • Fix pointer cursor being shown on toots that are not clickable in web UI (arielrodrigues)
  • Fix lock icon not being shown when locking account in profile settings (ThibG)
  • Fix domain blocks doing work the wrong way around (ThibG)
    • Instead of suspending accounts one by one, mark all as suspended first (quick)
    • Only then proceed to start removing their data (slow)
    • Clear out media attachments in a separate worker (slow)

[v3.1.5] - 2020-07-07

Security

  • Fix media attachment enumeration (ThibG)
  • Change rate limits for various paths (Gargron)
  • Fix other sessions not being logged out on password change (Gargron)

[v3.1.4] - 2020-05-14

Added

  • Add vi to available locales (taicv)
  • Add ability to remove identity proofs from account (Gargron)
  • Add ability to exclude local content from federated timeline (noellabo, noellabo)
    • Add remote param to GET /api/v1/timelines/public REST API
    • Add public/remote / public:remote variants to streaming API
    • "Remote only" option in federated timeline column settings in web UI
  • Add ability to exclude remote content from hashtag timelines in web UI (noellabo)
    • No changes to REST API
    • "Local only" option in hashtag column settings in web UI
  • Add Capistrano tasks that reload the services after deploying (berkes)
  • Add invites_enabled attribute to GET /api/v1/instance in REST API (ThibG)
  • Add tootctl emoji export command (lfuelling)
  • Add separate cache directory for non-local uploads (Gargron, Hanage999, mayaeh)
    • Add tootctl upgrade storage-schema command to move old non-local uploads to the cache directory
  • Add buttons to delete header and avatar from profile settings (sternenseemann)
  • Add emoji graphics and shortcodes from Twemoji 12.1.5 (DeeUnderscore)

Changed

  • Change error message when trying to migrate to an account that does not have current account set as an alias to be more clear (TheEvilSkeleton)
  • Change delivery failure tracking to work with hostnames instead of URLs (Gargron, noellabo, noellabo, noellabo)
  • Change Content-Security-Policy to not need unsafe-inline style-src (ThibG, ThibG, ThibG, ThibG, ThibG)
  • Change how RSS items are titled and formatted (ThibG, ykzts)

Fixed

  • Fix dropdown of muted and followed accounts offering option to hide boosts in web UI (ThibG)
  • Fix "You are already signed in" alert being shown at wrong times (ThibG)
  • Fix retrying of failed-to-download media files not actually working (noellabo)
  • Fix first poll option not being focused when adding a poll in web UI (ThibG)
  • Fix sr locale being selected over sr-Latn (ThibG)
  • Fix error within error when limiting backtrace to 3 lines (Gargron)
  • Fix tootctl media remove-orphans crashing on "Import" files (ThibG)
  • Fix regression in tootctl media remove-orphans (Gargron)
  • Fix old unique jobs digests not having been cleaned up (Gargron)
  • Fix own following/followers not showing muted users (ThibG)
  • Fix list of followed people ignoring sorting on Follows & Followers page (taras2358)
  • Fix wrong pgHero Content-Security-Policy when CDN_HOST is set (ThibG)
  • Fix needlessly deduplicating usernames on collisions with remote accounts when signing-up through SAML/CAS (kaiyou)
  • Fix page incorrectly scrolling when bringing up dropdown menus in web UI (ThibG)
  • Fix messed up z-index when NoScript blocks media/previews in web UI (ThibG)
  • Fix "See what's happening" page showing public instead of local timeline for logged-in users (ThibG)
  • Fix not being able to resolve public resources in development environment (Gargron)
  • Fix uninformative error message when uploading unsupported image files (ThibG)
  • Fix expanded video player issues in web UI (ThibG, eai04191)
  • Fix and refactor keyboard navigation in dropdown menus in web UI (ThibG)
  • Fix uploaded image orientation being messed up in some browsers in web UI (ThibG)
  • Fix actions log crash when displaying updates of deleted announcements in admin UI (ThibG)
  • Fix search not working due to proxy settings when using hidden services (Gargron)
  • Fix poll refresh button not being debounced in web UI (rasjonell, ThibG)
  • Fix confusing error when failing to add an alias to an unknown account (ThibG)
  • Fix "Email changed" notification sometimes having wrong e-mail (ThibG)
  • Fix varioues issues on the account aliases page (ThibG)
  • Fix API footer link in web UI (bubblineyuri)
  • Fix pagination of following, followers, follow requests, blocks and mutes lists in web UI (ThibG)
  • Fix styling of polls in JS-less fallback on public pages (ThibG)
  • Fix trying to delete already deleted file when post-processing (Gargron)

Security

  • Fix Doorkeeper vulnerability that exposed app secret to users who authorized the app and reset secret of the web UI that could have been exposed (dependabot-preview[bot], Gargron)
    • For apps that self-register on behalf of every individual user (such as most mobile apps), this is a non-issue
    • The issue only affects developers of apps who are shared between multiple users, such as server-side apps like cross-posters

[v3.1.3] - 2020-04-05

Added

  • Add ability to filter audit log in admin UI (Gargron)
  • Add titles to warning presets in admin UI (Gargron)
  • Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (Gargron)
  • Add ability to delete files uploaded for settings in admin UI (ThibG)
  • Add sorting by username, creation and last activity in admin UI (ThibG)
  • Add explanation as to why unlocked accounts may have follow requests in web UI (ThibG)
  • Add link to bookmarks to dropdown in web UI (mayaeh)
  • Add support for links to statuses in announcements to be opened in web UI (ThibG, ThibG)
  • Add tooltips to audio/video player buttons in web UI (ariasuni)
  • Add submit button to the top of preferences pages (guigeekz)
  • Add specific rate limits for posting, following and reporting (Gargron, Gargron)
    • 300 posts every 3 hours
    • 400 follows or follow requests every 24 hours
    • 400 reports every 24 hours
  • Add federation support for the "hide network" preference (ThibG)
  • Add --skip-media-remove option to tootctl statuses remove (tateisu)

Changed

  • Change design of polls in web UI (Sasha-Sorokin, ThibG)
  • Change status click areas in web UI to be bigger (ariasuni)
  • Change tootctl media remove-orphans to work for all classes (Gargron)
  • Change local media attachments to perform heavy processing asynchronously (Gargron)
  • Change video uploads to always be converted to H264/MP4 (Gargron, ThibG, ThibG)
  • Change video uploads to enforce certain limits (Gargron)
    • Dimensions smaller than 1920x1200px
    • Frame rate at most 60fps
  • Change the tooltip "Toggle visibility" to "Hide media" in web UI (ariasuni)
  • Change description of privacy levels to be more intuitive in web UI (ariasuni)
  • Change GIF label to be displayed even when autoplay is enabled in web UI (koyuawsmbrtn)
  • Change the string "Hide everything from …" to "Block domain …" in web UI (ThibG, mayaeh)
  • Change wording of media display preferences to be more intuitive (ariasuni)

Deprecated

  • POST /api/v1/mediaPOST /api/v2/media (Gargron)

Fixed

  • Fix tootctl media remove-orphans ignoring PAPERCLIP_ROOT_PATH (Gargron)
  • Fix returning results when searching for URL with non-zero offset (Gargron)
  • Fix pinning a column in web UI sometimes redirecting out of web UI (Gargron)
  • Fix background jobs not using locks like they are supposed to (Gargron)
  • Fix content warning being unnecessarily cleared when hiding content warning input in web UI (ThibG)
  • Fix "Show more" not switching to "Show less" on public pages (ThibG)
  • Fix import overwrite option not being selectable (noellabo)
  • Fix wrong color for ellipsis in boost confirmation dialog in web UI (ariasuni)
  • Fix unnecessary unfollowing when importing follows with overwrite option (noellabo)
  • Fix 404 and 410 API errors being silently discarded in web UI (ThibG)
  • Fix OCR not working on Safari because of unsupported worker-src CSP (ThibG)
  • Fix media not being marked sensitive when a content warning is set with no text (ThibG)
  • Fix crash after deleting announcements in web UI (codesections, ThibG)
  • Fix bookmarks not being searchable (Kjwon15, noellabo)
  • Fix reported accounts not being whitelisted from further spam checks when resolving a spam check report (ThibG)
  • Fix web UI crash in single-column mode on prehistoric browsers (ThibG)
  • Fix some timeouts when searching for URLs (ThibG)
  • Fix detailed view of direct messages displaying a 0 boost count in web UI (ThibG)
  • Fix regression in “Edit media” modal in web UI (ThibG)
  • Fix public posts from silenced accounts not being changed to unlisted visibility (ThibG)
  • Fix error when searching for URLs that contain the mention syntax (ThibG)
  • Fix text area above/right of emoji picker being accidentally clickable in web UI (ariasuni)
  • Fix too large announcements not being scrollable in web UI (ThibG)
  • Fix tootctl media remove-orphans crashing when encountering invalid media (ThibG)
  • Fix installation failing when Redis password contains special characters (ThibG)
  • Fix announcements with fully-qualified mentions to local users crashing web UI (ThibG)

Security

  • Fix re-sending of e-mail confirmation not being rate limited (Gargron)

[v3.1.2] - 2020-02-27

Added

  • Add --reset-password option to tootctl accounts modify (ThibG)
  • Add source-mapped stacktrace to error message in web UI (ThibG)

Fixed

  • Fix dismissing an announcement twice raising an obscure error (ThibG)
  • Fix misleading error when attempting to re-send a pending follow request (ThibG)
  • Fix backups failing when files are missing from media attachments (ThibG)
  • Fix duplicate accounts being created when fetching an account for its key only (ThibG)
  • Fix /web redirecting to /web/web in web UI (ThibG)
  • Fix previously OStatus-based accounts not being detected as ActivityPub (ThibG)
  • Fix account JSON/RSS not being cacheable due to wrong mime type comparison (ThibG)
  • Fix old browsers crashing because of missing finally polyfill in web UI (ThibG)
  • Fix account's bio not being shown if there are no proofs/fields in admin UI (ThibG)
  • Fix sign-ups without checked user agreement being accepted through the web form (ThibG)
  • Fix non-x64 architectures not being able to build Docker image because of hardcoded Node.js architecture (SaraSmiseth)
  • Fix invite request input not being shown on sign-up error if left empty (ThibG)
  • Fix some migration hints mentioning GitLab instead of Mastodon (saper)

Security

  • Fix leak of arbitrary statuses through unfavourite action in REST API (Gargron)

[3.1.1] - 2020-02-10

Fixed

  • Fix yanked dependency preventing installation (mayaeh)

[3.1.0] - 2020-02-09

Added

  • Add bookmarks (ThibG, Gargron, Gomasy)
  • Add announcements (Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, ThibG, ThibG, Gargron, ThibG, ThibG)
  • Add number animations in web UI (Gargron, Gargron)
  • Add kab, is, kn, mr, ur to available locales (Gargron, BoFFire, Gargron)
  • Add profile filter category (ThibG)
  • Add ability to add oneself to lists (ThibG)
  • Add hint how to contribute translations to preferences page (Sasha-Sorokin)
  • Add signatures to statuses in archive takeout (noellabo)
  • Add support for magnet: and xmpp links (ThibG, ThibG)
  • Add follow_request notification type (ThibG)
  • Add ability to filter reports by account domain in admin UI (ThibG)
  • Add link to search for users connected from the same IP address to admin UI (ThibG)
  • Add link to reports targeting a specific domain in admin view (ThibG)
  • Add support for EventSource streaming in web UI (BenLubar)
  • Add hotkey for opening media attachments in web UI (ThibG, Kjwon15)
  • Add relationship-based options to status dropdowns in web UI (Gargron, ThibG, Gargron)
  • Add support for submitting media description with ctrl+enter in web UI (ThibG)
  • Add download button to audio and video players in web UI (NimaBoscarino)
  • Add setting for whether to crop images in timelines in web UI (duxovni)
  • Add support for Event activities (tcitworld)
  • Add basic support for Group actors (noellabo)
  • Add S3_OVERRIDE_PATH_STYLE environment variable (Gargron)
  • Add S3_OPEN_TIMEOUT environment variable (tateisu)
  • Add LDAP_MAIL environment variable (madmath03)
  • Add LDAP_UID_CONVERSION_ENABLED environment variable (madmath03)
  • Add --remote-only option to tootctl emoji purge (ThibG)
  • Add tootctl media remove-orphans (Gargron, Gargron)
  • Add tootctl media lookup command (irlcatgirl)
  • Add cache for OEmbed endpoints to avoid extra HTTP requests (Gargron)
  • Add support for KaiOS arrow navigation to public pages (nolanlawson)
  • Add discoverable to accounts in REST API (trwnh)
  • Add admin setting to disable default follows (ArisuOngaku)
  • Add support for LDAP and PAM in the OAuth password grant strategy (ntl-purism, Gargron)
  • Allow support for Accept/Reject activities with a non-embedded object (puckipedia)
  • Add "Show thread" button to public profiles (Sasha-Sorokin)

Changed

  • Change last_status_at to be a date, not datetime in REST API (ThibG)
  • Change followers page to relationships page in admin UI (Gargron, Gargron)
  • Change reported media attachments to always be hidden in admin UI (Gargron, ThibG)
  • Change string from "Disable" to "Disable login" in admin UI (nileshkumar)
  • Change report page structure in admin UI (Sasha-Sorokin)
  • Change swipe sensitivity to be lower on small screens in web UI (umonaca)
  • Change audio/video playback to stop playback when out of view in web UI (Gargron)
  • Change media description label based on upload type in web UI (ThibG)
  • Change large numbers to render without decimal units in web UI (noellabo)
  • Change "Add a choice" button to be disabled rather than hidden when poll limit reached in web UI (ThibG, hinaloe)
  • Change tootctl statuses remove to keep statuses favourited or bookmarked by local users (ThibG, Gomasy)
  • Change domain block behavior to update user records (fast) before deleting data (slower) (ThibG)
  • Change behaviour to strip audio metadata on uploads (hugogameiro)
  • Change accepted length of remote media descriptions from 420 to 1,500 characters (ThibG)
  • Change preferences pages structure (Sasha-Sorokin, mayaeh, Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin)
  • Change format of titles in RSS (devkral)
  • Change favourite icon animation from spring-based motion to CSS animation in web UI (ThibG)
  • Change minimum required Node.js version to 10, and default to 12 (Shleeble, mkody, Shleeble)
  • Change spam check to exempt server staff (ThibG)
  • Change to fallback to to Create audience when object has no defined audience (ThibG)
  • Change Twemoji library to 12.1.3 in web UI (koyuawsmbrtn)
  • Change blocked users to be hidden from following/followers lists (ThibG)
  • Change signature verification to ignore signatures with invalid host (Gargron)

Removed

Fixed

  • Fix some translatable strings being used wrongly (Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin, mayaeh)
  • Fix headline of public timeline page when set to local-only (ykzts)
  • Fix space between tabs not being spread evenly in web UI (Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin)
  • Fix interactive delays in database migrations with no TTY (Gargron)
  • Fix status overflowing in report dialog in web UI (ThibG)
  • Fix unlocalized dropdown button title in web UI (Sasha-Sorokin)
  • Fix media attachments without file being uploadable (Gargron)
  • Fix unfollow confirmations in profile directory in web UI (ThibG)
  • Fix duplicate description meta tag on accounts public pages (ThibG)
  • Fix slow query of federated timeline (notozeki)
  • Fix not all of account's active IPs showing up in admin UI (Gargron, Gargron)
  • Fix search by IP not using alternative browser sessions in admin UI (Gargron)
  • Fix “X new items” not showing up for slow mode on empty timelines in web UI (ThibG)
  • Fix OEmbed endpoint being inaccessible in secure mode (Gargron)
  • Fix proofs API being inaccessible in secure mode (Gargron)
  • Fix Ruby 2.7 incompatibilities (ThibG, ThibG, Shleeble, zunda)
  • Fix invalid poll votes being accepted in REST API (ThibG)
  • Fix old migrations failing because of strong migrations update (ThibG, ThibG)
  • Fix reuse of detailed status components in web UI (ThibG)
  • Fix base64-encoded file uploads not being possible in REST API (Gargron, Gargron)
  • Fix error due to missing authentication call in filters controller (Gargron)
  • Fix uncaught unknown format error in host meta controller (Gargron)
  • Fix URL search not returning private toots user has access to (ThibG, ThibG)
  • Fix cache digesting log noise on status embeds (Gargron)
  • Fix slowness due to layout thrashing when reloading a large set of statuses in web UI (panarom, panarom, Gargron)
  • Fix error when fetching followers/following from REST API when user has network hidden (Gargron)
  • Fix IDN mentions not being processed, IDN domains not being rendered (Gargron, Gargron, Gargron)
  • Fix error when searching for empty phrase (Gargron)
  • Fix backups stopping due to read timeouts (chr-1x)
  • Fix batch actions on non-pending tags in admin UI (ThibG)
  • Fix sample SAML_ACS_URL, SAML_ISSUER (orlea)
  • Fix manual scrolling issue on Firefox/Windows in web UI (ThibG)
  • Fix archive takeout failing if total dump size exceeds 2GB (scd31, Gargron)
  • Fix custom emoji category creation silently erroring out on duplicate category (ThibG)
  • Fix link crawler not specifying preferred content type (ThibG)
  • Fix featured hashtag setting page erroring out instead of rejecting invalid tags (ThibG)
  • Fix tooltip messages of single/multiple-choice polls switcher being reversed in web UI (acid-chicken)
  • Fix typo in help text of tootctl statuses remove (trwnh)
  • Fix generic HTTP 500 error on duplicate records (Gargron)
  • Fix old migration failing with new status default scope (ThibG)
  • Fix errors when using search API with no query (Gargron, trwnh)
  • Fix poll options not being selectable via keyboard in web UI (ThibG)
  • Fix conversations not having an unread indicator in web UI (Gargron)
  • Fix lost focus when modals open/close in web UI (ThibG)
  • Fix pending upload count not being decremented on error in web UI (ThibG)
  • Fix empty poll options not being removed on remote poll update (ThibG)
  • Fix OCR with delete & redraft in web UI (ThibG)
  • Fix blur behind closed registration message (ThibG)
  • Fix OEmbed discovery not handling different URL variants in query (Gargron)
  • Fix link crawler crashing on <a> tags without href (ThibG)
  • Fix whitelisted subdomains being ignored in whitelist mode (noiob)
  • Fix broken audit log in whitelist mode in admin UI (ThibG)
  • Fix unread indicator not honoring "Only media" option in local and federated timelines in web UI (ThibG)
  • Fix error when rebuilding home feeds (dariusk)
  • Fix relationship caches being broken as result of a follow request (ThibG)
  • Fix more items than the limit being uploadable in web UI (ThibG)
  • Fix various issues with account migration (ThibG)
  • Fix filtered out items being counted as pending items in slow mode in web UI (ThibG)
  • Fix notification filters not applying to poll options (ThibG)
  • Fix notification message for user's own poll saying it's a poll they voted on in web UI (ykzts)
  • Fix polls with an expiration not showing up as expired in web UI (noellabo)
  • Fix volume slider having an offset between cursor and slider in Chromium in web UI (ThibG)
  • Fix Vagrant image not accepting connections (shrft)
  • Fix batch actions being hidden on small screens in admin UI (ThibG)
  • Fix incoming federation not working in whitelist mode (ThibG)
  • Fix error when passing empty source param to PUT /api/v1/accounts/update_credentials (jglauche)
  • Fix HTTP-based streaming API being cacheable by proxies (BenLubar)
  • Fix users being able to register while tootctl self-destruct is in progress (Kjwon15)
  • Fix microformats detection in link crawler not ignoring h-card links (nightpool)
  • Fix outline on full-screen video in web UI (hinaloe)
  • Fix TLD domain blocks not being editable (ThibG)
  • Fix Nanobox deploy hooks (danhunsaker)
  • Fix needlessly complicated SQL query when performing account search amongst followings (ThibG)
  • Fix favourites count not updating when unfavouriting in web UI (NimaBoscarino)
  • Fix occasional crash on scroll in Chromium in web UI (hinaloe)
  • Fix intersection observer not working in single-column mode web UI (panarom)
  • Fix voting issue with remote polls that contain trailing spaces (ThibG)
  • Fix dynamic elements not working in pgHero due to CSP rules (ykzts)
  • Fix overly verbose backtraces when delivering ActivityPub payloads (zunda)
  • Fix rendering <a> without href when scheme unsupported (Gargron)
  • Fix unfiltered params error when generating ActivityPub tag pagination (Gargron)
  • Fix malformed HTML causing uncaught error (Gargron)
  • Fix native share button not being displayed for unlisted toots (ThibG)
  • Fix remote convertible media attachments (e.g. GIFs) not being saved (Gargron)
  • Fix account query not using faster index (abcang)
  • Fix error when sending moderation notification (renatolond)

Security

  • Fix OEmbed leaking information about existence of non-public statuses (Gargron)
  • Fix password change/reset not immediately invalidating other sessions (Gargron)
  • Fix settings pages being cacheable by the browser (Gargron)

[3.0.1] - 2019-10-10

Added

  • Add tootctl media usage command (Gargron)
  • Add admin setting to auto-approve trending hashtags (Gargron, Gargron)

Changed

  • Change tootctl media refresh to skip already downloaded attachments (Gargron)

Removed

  • Remove auto-silence behaviour from spam check (Gargron)
  • Remove HTML lang attribute from individual statuses in web UI (Gargron)
  • Remove fallback to long description on sidebar and meta description (Gargron)

Fixed

  • Fix preloaded JSON-LD context for identity not being used (Gargron)
  • Fix media editing modal changing dimensions once the image loads (Gargron)
  • Fix not showing whether a custom emoji has a local counterpart in admin UI (Gargron)
  • Fix attachment not being re-downloaded even if file is not stored (Gargron)
  • Fix old migration trying to use new column due to default status scope (Gargron)
  • Fix column back button missing for not found accounts (trwnh)
  • Fix issues with tootctl's parallelization and progress reporting (Gargron, Gargron)
  • Fix existing user records with now-renamed pt locale (Gargron)
  • Fix hashtag timeline REST API accepting too many hashtags (Gargron)
  • Fix GET /api/v1/instance REST APIs being unavailable in secure mode (Gargron)
  • Fix performance of home feed regeneration and merging (Gargron)
  • Fix ffmpeg performance issues due to stdout buffer overflow (hugogameiro)
  • Fix S3 adapter retrying failing uploads with exponential backoff (Gargron)
  • Fix tootctl accounts cull advertising unused option flag (Kjwon15)

[3.0.0] - 2019-10-03

Added

  • Add "not available" label to unloaded media attachments in web UI (Gargron, Gargron)
  • Add profile directory to web UI (Gargron, mayaeh)
    • Add profile directory opt-in federation
    • Add profile directory REST API
  • Add special alert for throttled requests in web UI (ThibG)
  • Add confirmation modal when logging out from the web UI (ThibG)
  • Add audio player in web UI (Gargron, Gargron, Gargron, ThibG, Gargron)
  • Add autosuggestions for hashtags in web UI (Gargron, ThibG, Gargron, Gargron, Gargron)
  • Add media editing modal with OCR tool in web UI (Gargron, Gargron, ThibG, ThibG, Gargron, Gargron, Gargron)
  • Add indicator of unread notifications to window title when web UI is out of focus (Gargron, Gargron)
  • Add indicator for which options you voted for in a poll in web UI (ThibG)
  • Add search results pagination to web UI (Gargron, ThibG)
  • Add option to disable real-time updates in web UI ("slow mode") (Gargron, ykzts, ThibG, Gargron, ThibG)
  • Add option to disable blurhash previews in web UI (ThibG)
  • Add native smooth scrolling when supported in web UI (ThibG)
  • Add scrolling to the search bar on focus in web UI (Kjwon15)
  • Add refresh button to list of rebloggers/favouriters in web UI (Gargron)
  • Add error description and button to copy stack trace to web UI (Gargron)
  • Add search and sort functions to hashtag admin UI (mayaeh, Gargron, mayaeh)
  • Add setting for default search engine indexing in admin UI (brortao)
  • Add account bio to account view in admin UI (ThibG)
  • Add option to include reported statuses in warning e-mail from admin UI (Gargron, Gargron, Gargron, Gargron, mayaeh)
  • Add number of pending accounts and pending hashtags to dashboard in admin UI (Gargron)
  • Add account migration UI (Gargron, noellabo, noellabo, noellabo, noellabo)
  • Add table of contents to about page (Gargron, ykzts, ykzts, Kjwon15)
  • Add password challenge to 2FA settings, e-mail notifications (Gargron)
  • Add optional public list of domain blocks with comments (ThibG, ThibG, Gargron)
  • Add an RSS feed for featured hashtags (noellabo)
  • Add explanations to featured hashtags UI and profile (Gargron)
  • Add hashtag trends with admin and user settings (Gargron, Gargron, Gargron, Gargron, Gargron, mayaeh, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, ThibG, Sasha-Sorokin, Gargron, Gargron)
    • Add hashtag usage breakdown to admin UI
    • Add batch actions for hashtags to admin UI
    • Add trends to web UI
    • Add trends to public pages
    • Add user preference to hide trends
    • Add admin setting to disable trends
  • Add categories for custom emojis (Gargron, Gargron, Gargron, highemerly)
    • Add custom emoji categories to emoji picker in web UI
    • Add category to custom emojis in REST API
    • Add batch actions for custom emojis in admin UI
  • Add max image dimensions to error message (raboof)
  • Add aac, m4a, 3gp, amr, wma to allowed audio formats (Gargron, umonaca)
  • Add search syntax for operators and phrases (Gargron)
  • Add REST API for managing featured hashtags (noellabo)
  • Add REST API for managing timeline read markers (Gargron)
  • Add exclude_unreviewed param to GET /api/v2/search REST API (Gargron)
  • Add reason param to POST /api/v1/accounts REST API (Gargron)
  • Add ActivityPub secure mode (Gargron, ThibG, ThibG)
  • Add HTTP signatures to all outgoing ActivityPub GET requests (Gargron, ThibG)
  • Add support for ActivityPub Audio activities (ThibG)
  • Add ActivityPub actor representing the entire server (ThibG, rtucker, ThibG, Gargron)
  • Add whitelist mode (Gargron, mayaeh)
  • Add config of multipart threshold for S3 (ykzts, ykzts)
  • Add health check endpoint for web (ykzts, ykzts)
  • Add HTTP signature keyId to request log (Gargron)
  • Add SMTP_REPLY_TO environment variable (hugogameiro)
  • Add tootctl preview_cards remove command (mayaeh)
  • Add tootctl media refresh command (Gargron)
  • Add tootctl cache recount command (Gargron)
  • Add option to exclude suspended domains from tootctl domains crawl (dariusk)
  • Add parallelization to tootctl search deploy (noellabo)
  • Add soft delete for statuses for instant deletes through API (Gargron, Gargron)
  • Add rails-level JSON caching (Gargron, Gargron)
  • Add request pool to improve delivery performance (Gargron, ykzts)
  • Add concurrent connection attempts to resolved IP addresses (ThibG)
  • Add index for remember_token to improve login performance (abcang)
  • Add more accurate hashtag search (Gargron, Gargron, Gargron)
  • Add more accurate account search (Gargron, Gargron)
  • Add a spam check (Gargron, Gargron, ThibG)
  • Add new languages (Gargron)
    • Breton
    • Spanish (Argentina)
    • Estonian
    • Macedonian
    • New Norwegian
  • Add NodeInfo endpoint (Gargron, Gargron)

Changed

  • Change conversations UI (Gargron)
  • Change dashboard to short number notation (noellabo, noellabo)
  • Change REST API GET /api/v1/timelines/public to require authentication when public preview is off (ThibG)
  • Change REST API POST /api/v1/follow_requests/:id/(approve|reject) to return relationship (ThibG)
  • Change rate limit for media proxy (ykzts)
  • Change unlisted custom emoji to not appear in autosuggestions (Gargron)
  • Change max length of media descriptions from 420 to 1500 characters (Gargron, ThibG)
  • Change deletes to preserve soft-deleted statuses in unresolved reports (Gargron)
  • Change tootctl to use inline parallelization instead of Sidekiq (Gargron)
  • Change account deletion page to have better explanations (Gargron, Gargron)
  • Change hashtag component in web UI to show numbers for 2 last days (Gargron, Gargron, Gargron)
  • Change OpenGraph description on sign-up page to reflect invite (Gargron)
  • Change layout of public profile directory to be the same as in web UI (Gargron)
  • Change detailed status child ordering to sort self-replies on top (ThibG)
  • Change window resize handler to switch to/from mobile layout as soon as needed (ThibG)
  • Change icon button styles to make hover/focus states more obvious (ThibG)
  • Change contrast of status links that are not mentions or hashtags (ThibG)
  • Change hashtags to preserve first-used casing (Gargron, Gargron, Gargron, Gargron, Gargron)
  • Change unconfirmed user login behaviour (Gargron, ThibG, Gargron)
  • Change single-column mode to scroll the whole page (Gargron, Gargron, Gargron, ThibG, Gargron, Gargron, ThibG, Gargron)
  • Change tootctl accounts follow to only work with local accounts (angristan)
  • Change Dockerfile (Shleeble, ykzts, Shleeble)
  • Change supported Node versions to include v12 (abcang)
  • Change Portuguese language from pt to pt-PT (Gargron)
  • Change domain block silence to always require approval on follow (ThibG)
  • Change link preview fetcher to not perform a HEAD request first (Gargron)
  • Change tootctl domains purge to accept multiple domains at once (Gargron)

Removed

  • Remove OStatus support (Gargron, Gargron, Gargron, ThibG, ThibG)
  • Remove Atom feeds and old URLs in the form of GET /:username/updates/:id (Gargron)
  • Remove WebP support (angristan)
  • Remove deprecated config options from Heroku and Scalingo (ykzts)
  • Remove deprecated REST API GET /api/v1/search API (Gargron)
  • Remove deprecated REST API GET /api/v1/statuses/:id/card (Gargron)
  • Remove deprecated REST API POST /api/v1/notifications/dismiss?id=:id (Gargron)
  • Remove deprecated REST API GET /api/v1/timelines/direct (Gargron)

Fixed

  • Fix manifest warning (ykzts)
  • Fix admin UI for custom emoji not respecting GIF autoplay preference (ThibG)
  • Fix page body not being scrollable in admin/settings layout (Gargron)
  • Fix placeholder colors for inputs not being explicitly defined (Gargron)
  • Fix incorrect enclosure length in RSS (tsia)
  • Fix TOTP codes not being filtered from logs during enabling/disabling (Gargron)
  • Fix webfinger response not returning 410 when account is suspended (Gargron)
  • Fix ActivityPub Move handler queuing jobs that will fail if account is suspended (Gargron)
  • Fix SSO login not using existing account when e-mail is verified (Gargron)
  • Fix web UI allowing uploads past status limit via drag & drop (Gargron)
  • Fix expiring polls not being displayed as such in web UI (ThibG)
  • Fix 2FA challenge and password challenge for non-database users (Gargron, Gargron)
  • Fix profile fields overflowing page width in web UI (Gargron)
  • Fix web push subscriptions being deleted on rate limit or timeout (Gargron)
  • Fix display of long poll options in web UI (ThibG, ThibG)
  • Fix search API not resolving URL when type is given (Gargron)
  • Fix hashtags being split by ZWNJ character (Gargron)
  • Fix scroll position resetting when opening media modals in web UI (Gargron)
  • Fix duplicate HTML IDs on about page (ThibG)
  • Fix admin UI showing superfluous reject media/reports on suspended domain blocks (ThibG)
  • Fix ActivityPub context not being dynamically computed (ThibG)
  • Fix Mastodon logo style on hover on public pages' footer (ThibG)
  • Fix height of dashboard counters (ThibG)
  • Fix custom emoji animation on hover in web UI directory bios (ThibG)
  • Fix non-numbers being passed to Redis and causing an error (Gargron)
  • Fix error in REST API for an account's statuses (Gargron)
  • Fix uncaught error when resource param is missing in Webfinger request (Gargron)
  • Fix uncaught domain normalization error in remote follow (Gargron)
  • Fix uncaught 422 and 500 errors (Gargron, Gargron)
  • Fix uncaught parameter missing exceptions and missing error templates (Gargron)
  • Fix encoding error when checking e-mail MX records (Gargron)
  • Fix items in StatusContent render list not all having a key (ThibG)
  • Fix remote and staff-removed statuses leaving media behind for a day (Gargron)
  • Fix CSP needlessly allowing blob URLs in script-src (ThibG)
  • Fix ignoring whole status because of one invalid hashtag (Gargron)
  • Fix hidden statuses losing focus (ThibG)
  • Fix loading bar being obscured by other elements in web UI (Gargron)
  • Fix multiple issues with replies collection for pages further than self-replies (ThibG)
  • Fix blurhash and autoplay not working on public pages (Gargron)
  • Fix 422 being returned instead of 404 when POSTing to unmatched routes (Gargron, Gargron)
  • Fix client-side resizing of image uploads (ThibG)
  • Fix short number formatting for numbers above million in web UI (Gargron)
  • Fix ActivityPub and REST API queries setting cookies and preventing caching (ThibG, ThibG, ThibG, ThibG)
  • Fix some emojis in profile metadata labels are not emojified. (kedamaDQ)
  • Fix account search always returning exact match on paginated results (Gargron)
  • Fix acct URIs with IDN domains not being resolved (Gargron)
  • Fix admin dashboard missing latest features (Gargron)
  • Fix jumping of toot date when clicking spoiler button (ariasuni)
  • Fix boost to original audience not working on mobile in web UI (ThibG)
  • Fix handling of webfinger redirects in ResolveAccountService (ThibG)
  • Fix URLs appearing twice in errors of ActivityPub::DeliveryWorker (Gargron)
  • Fix support for HTTP proxies (ThibG)
  • Fix HTTP requests to IPv6 hosts (ThibG)
  • Fix error in ElasticSearch index import (mayaeh)
  • Fix duplicate account error when seeding development database (ysksn)
  • Fix performance of session clean-up scheduler (abcang)
  • Fix older migrations not running (zunda)
  • Fix URLs counting towards RTL detection (ahangarha)
  • Fix unnecessary status re-rendering in web UI (ThibG)
  • Fix http_parser.rb gem not being compiled when no network available (petabyteboy)
  • Fix muted text color not applying to all text (trwnh)
  • Fix follower/following lists resetting on back-navigation in web UI (Gargron)
  • Fix n+1 query when approving multiple follow requests (abcang)
  • Fix records not being indexed into ElasticSearch sometimes (Gargron)
  • Fix needlessly indexing unsearchable statuses into ElasticSearch (Gargron)
  • Fix new user bootstrapping crashing when to-be-followed accounts are invalid (ThibG)
  • Fix featured hashtag URL being interpreted as media or replies tab (Gargron)
  • Fix account counters being overwritten by parallel writes (Gargron)

Security

  • Fix performance of GIF re-encoding and always strip EXIF data from videos (Gargron)

[2.9.3] - 2019-08-10

Added

  • Add GIF and WebP support for custom emojis (Gargron)
  • Add logout link to dropdown menu in web UI (koyuawsmbrtn)
  • Add indication that text search is unavailable in web UI (ThibG, ThibG)
  • Add suffix to Mastodon::Version to help forks (clarfon)
  • Add on-hover animation to animated custom emoji in web UI (ThibG, ThibG, ThibG)
  • Add custom emoji support in profile metadata labels (ThibG)

Changed

  • Change default interface of web and streaming from 0.0.0.0 to 127.0.0.1 (Gargron, zunda, Gargron, zunda)
  • Change the retry limit of web push notifications (highemerly)
  • Change ActivityPub deliveries to not retry HTTP 501 errors (Gargron)
  • Change language detection to include hashtags as words (Gargron)
  • Change terms and privacy policy pages to always be accessible (Gargron)
  • Change robots tag to include noarchive when user opts out of indexing (Kjwon15)

Fixed

  • Fix account domain block not clearing out notifications (Gargron)
  • Fix incorrect locale sometimes being detected for browser (Gargron)
  • Fix crash when saving invalid domain name (Gargron)
  • Fix pinned statuses REST API returning pagination headers (Gargron)
  • Fix "cancel follow request" button having unreadable text in web UI (Gargron)
  • Fix image uploads being blank when canvas read access is blocked (ThibG)
  • Fix avatars not being animated on hover when not logged in (ThibG)
  • Fix overzealous sanitization of HTML lists (ThibG)
  • Fix block crashing when a follow request exists (ThibG)
  • Fix backup service crashing when an attachment is missing (ThibG)
  • Fix account moderation action always sending e-mail notification (Gargron)
  • Fix swiping columns on mobile sometimes failing in web UI (ThibG)
  • Fix wrong actor URI being serialized into poll updates (ThibG)
  • Fix statsd UDP sockets not being cleaned up in Sidekiq (Gargron)
  • Fix expiration date of filters being set to "never" when editing them (ThibG)
  • Fix support for MP4 files that are actually M4V files (Gargron)
  • Fix alerts not being typecast correctly in push subscription in REST API (Gargron)
  • Fix some notices staying on unrelated pages (ThibG)
  • Fix unboosting sometimes preventing a boost from reappearing on feed (ThibG, Gargron)
  • Fix only one middle dot being recognized in hashtags (Gargron, ThibG)
  • Fix unnecessary SQL query performed on unauthenticated requests (Gargron)
  • Fix incorrect timestamp displayed on featured tags (Kjwon15)
  • Fix privacy dropdown active state when dropdown is placed on top of it (ThibG)
  • Fix filters not being applied to poll options (ThibG)
  • Fix keyboard navigation on various dropdowns (ThibG, ThibG, ThibG)
  • Fix keyboard navigation in modals (ThibG)
  • Fix image conversation being non-deterministic due to timestamps (Gargron)
  • Fix web UI performance (ThibG, ThibG)
  • Fix scrolling to compose form when not necessary in web UI (ThibG, ThibG)
  • Fix save button being enabled when list title is empty in web UI (ThibG)
  • Fix poll expiration not being pre-filled on delete & redraft in web UI (ThibG)
  • Fix content warning sometimes being set when not requested in web UI (ThibG)

Security

  • Fix invites not being disabled upon account suspension (ThibG)
  • Fix blocked domains still being able to fill database with account records (Gargron)

[2.9.2] - 2019-06-22

Added

  • Add short_description and approval_required to GET /api/v1/instance (Gargron)

Changed

  • Change camera icon to paperclip icon in upload form (koyuawsmbrtn)

Fixed

  • Fix audio-only OGG and WebM files not being processed as such (Gargron)
  • Fix audio not being downloaded from remote servers (Gargron)

[2.9.1] - 2019-06-22

Added

Changed

  • Change domain blocks to automatically support subdomains (Gargron)
  • Change Nanobox configuration to bring it up to date (danhunsaker)

Removed

  • Remove expensive counters from federation page in admin UI (Gargron)

Fixed

  • Fix converted media being saved with original extension and mime type (Gargron)
  • Fix layout of identity proofs settings (acid-chicken)
  • Fix active scope only returning suspended users (ThibG)
  • Fix sanitizer making block level elements unreadable (Gargron)
  • Fix label for site theme not being translated in admin UI (palindromordnilap)
  • Fix statuses not being filtered irreversibly in web UI under some circumstances (ThibG)
  • Fix scrolling behaviour in compose form (ThibG)

[2.9.0] - 2019-06-13

Added

Changed

  • Change default layout to single column in web UI (Gargron)
  • Change light theme (Gargron, Gargron, yuzulabo, Gargron)
  • Change preferences page into appearance, notifications, and other (Gargron, Gargron)
  • Change priority of delete activity forwards for replies and reblogs (Gargron)
  • Change Mastodon logo to use primary text color of the given theme (Gargron)
  • Change reblogs counter to be updated when boosted privately (Gargron)
  • Change bio limit from 160 to 500 characters (trwnh)
  • Change API rate limiting to reduce allowed unauthenticated requests (ThibG, hinaloe, mayaeh)
  • Change help text of tootctl emoji import command to specify a gzipped TAR archive is required (dariusk)
  • Change web UI to hide poll options behind content warnings (ThibG)
  • Change silencing to ensure local effects and remote effects are the same for silenced local users (ThibG)
  • Change tootctl domains purge to remove custom emoji as well (Kjwon15)
  • Change Docker image to keep apt working (SuperSandro2000)

Removed

Fixed

  • Fix RTL layout not being RTL within the columns area in web UI (Gargron)
  • Fix display of alternative text when a media attachment is not available in web UI (ThibG)
  • Fix not being able to directly switch between list timelines in web UI (Gargron)
  • Fix media sensitivity not being maintained in delete & redraft in web UI (ThibG)
  • Fix emoji picker being always displayed in web UI (noellabo, yuzulabo, wcpaez)
  • Fix potential private status leak through caching (ThibG)
  • Fix refreshing featured toots when the new collection is empty in web UI (ThibG)
  • Fix undoing domain block also undoing individual moderation on users from before the domain block (ThibG)
  • Fix time not being local in the audit log (yuzulabo)
  • Fix statuses removed by moderation re-appearing on subsequent fetches (Kjwon15)
  • Fix misattribution of inlined announces if attributedTo isn't present in ActivityPub (ThibG)
  • Fix GET /api/v1/polls/:id not requiring authentication for non-public polls (Gargron)
  • Fix handling of blank poll options in ActivityPub (ThibG)
  • Fix avatar preview aspect ratio on edit profile page (Kjwon15)
  • Fix web push notifications not being sent for polls (ThibG)
  • Fix cut off letters in last paragraph of statuses in web UI (ariasuni)
  • Fix list not being automatically unpinned when it returns 404 in web UI (Gargron)
  • Fix login sometimes redirecting to paths that are not pages (Gargron)

[2.8.4] - 2019-05-24

Fixed

  • Fix delivery not retrying on some inbox errors that should be retriable (ThibG)
  • Fix unnecessary 5 minute cooldowns on signature verifications in some cases (ThibG)
  • Fix possible race condition when processing statuses (ThibG)

Security

  • Require specific OAuth scopes for specific endpoints of the streaming API, instead of merely requiring a token for all endpoints, and allow using WebSockets protocol negotiation to specify the access token instead of using a query string (ThibG)

[2.8.3] - 2019-05-19

Added

  • Add og:image:alt OpenGraph tag (BenLubar)
  • Add clickable area below avatar in statuses in web UI (Dar13)
  • Add crossed-out eye icon on account gallery in web UI (Kjwon15)
  • Add media description tooltip to thumbnails in web UI (ThibG)

Changed

  • Change "mark as sensitive" button into a checkbox for clarity (ThibG)

Fixed

  • Fix bug allowing users to publicly boost their private statuses (ThibG, ThibG)
  • Fix performance in formatter by a little (ThibG)
  • Fix some colors in the light theme (yuzulabo)
  • Fix some colors of the high contrast theme (yuzulabo)
  • Fix ambivalent active state of poll refresh button in web UI (MaciekBaron)
  • Fix duplicate posting being possible from web UI (hinaloe)
  • Fix "invited by" not showing up in admin UI (ThibG)

[2.8.2] - 2019-05-05

Added

Fixed

  • Fix cropped hero image on frontpage (BaptisteGelez)
  • Fix blurhash gem not compiling on some operating systems (Gargron)
  • Fix unexpected CSS animations in some browsers (ThibG)
  • Fix closing video modal scrolling timelines to top (ThibG)

[2.8.1] - 2019-05-04

Added

  • Add link to existing domain block when trying to block an already-blocked domain (ThibG)
  • Add button to view context to media modal when opened from account gallery in web UI (Gargron)
  • Add ability to create multiple-choice polls in web UI (ThibG)
  • Add GITHUB_REPOSITORY and SOURCE_BASE_URL environment variables (rosylilly)
  • Add /interact/ paths to robots.txt (ThibG)
  • Add blurhash to the Attachment entity in the REST API (Gargron)

Changed

  • Change hidden media to be shown as a blurhash-based colorful gradient instead of a black box in web UI (Gargron)
  • Change rejected media to be shown as a blurhash-based gradient instead of a list of filenames in web UI (Gargron)
  • Change e-mail whitelist/blacklist to not be checked when invited (Gargron)
  • Change cache header of REST API results to no-cache (ThibG)
  • Change the "mark media as sensitive" button to be more obvious in web UI (Gargron, Gargron)
  • Change account gallery in web UI to display 3 columns, open media modal (Gargron, Gargron)

Fixed

  • Fix LDAP/PAM/SAML/CAS users not being pre-approved (Gargron)
  • Fix accounts created through tootctl not being always pre-approved (Gargron)
  • Fix Sidekiq retrying ActivityPub processing jobs that fail validation (ThibG)
  • Fix toots not being scrolled into view sometimes through keyboard selection (ThibG)
  • Fix expired invite links being usable to bypass approval mode (ThibG)
  • Fix not being able to save e-mail preference for new pending accounts (Gargron)
  • Fix upload progressbar when image resizing is involved (ThibG)
  • Fix block action not automatically cancelling pending follow request (ThibG)
  • Fix stoplight logging to stderr separate from Rails logger (Gargron)
  • Fix sign up button not saying sign up when invite is used (Gargron)
  • Fix health checks in Docker Compose configuration (fabianonline)
  • Fix modal items not being scrollable on touch devices (kedamaDQ)
  • Fix Keybase configuration using wrong domain when a web domain is used (BenLubar)
  • Fix avatar GIFs not being animated on-hover on public profiles (hyenagirl64)
  • Fix OpenGraph parser not understanding some valid property meta tags (da2x)
  • Fix wrong fonts being displayed when Roboto is installed on user's machine (ThibG)
  • Fix confirmation modals being too narrow for a secondary action button (ThibG)

[2.8.0] - 2019-04-10

Added

Changed

  • Change design of landing page (Gargron, Gargron, ThibG, ThibG, koyuawsmbrtn, Gargron)
  • Change design of profile column in web UI (Gargron, Aditoo17, ThibG, mayaeh, ThibG)
  • Change language detector threshold from 140 characters to 4 words (Gargron)
  • Change language detector to always kick in for non-latin alphabets (Gargron)
  • Change icons of features on admin dashboard (Gargron)
  • Change DNS timeouts from 1s to 5s (ThibG)
  • Change Docker image to use Ubuntu with jemalloc (Sir-Boops, BenLubar)
  • Change public pages to be cacheable by proxies (BenLubar)
  • Change the 410 gone response for suspended accounts to be cacheable by proxies (ThibG)
  • Change web UI to not not empty timeline of blocked users on block (ThibG)
  • Change JSON serializer to remove unused @context values (Gargron)
  • Change GIFV file size limit to be the same as for other videos (rinsuki)
  • Change Webpack to not use @babel/preset-env to compile node_modules (ykzts)
  • Change web UI to use new Web Share Target API (gol-cha)
  • Change ActivityPub reports to have persistent URIs (ThibG)
  • Change tootctl accounts cull --dry-run to list accounts that would be deleted (BenLubar)
  • Change format of CSV exports of follows and mutes to include extra settings (ThibG, ThibG)
  • Change ActivityPub collections to be cacheable by proxies (ThibG)
  • Change REST API and public profiles to not return follows/followers for users that have blocked you (Gargron)
  • Change the groupings of menu items in settings navigation (Gargron)

Removed

  • Remove zopfli compression to speed up Webpack from 6min to 1min (nolanlawson)
  • Remove stats.json generation to speed up Webpack (nolanlawson)

Fixed

  • Fix public timelines being broken by new toots when they are not mounted in web UI (Gargron)
  • Fix quick filter settings not being saved when selecting a different filter in web UI (ThibG)
  • Fix remote interaction dialogs being indexed by search engines (Gargron)
  • Fix maxed-out invites not showing up as expired in UI (Gargron)
  • Fix scrollbar styles on compose textarea (Gargron)
  • Fix timeline merge workers being queued for remote users (Gargron)
  • Fix alternative relay support regression (Gargron)
  • Fix trying to fetch keys of unknown accounts on a self-delete from them (ThibG)
  • Fix CAS :service_validate_url option (enewhuis)
  • Fix race conditions when creating backups (ThibG)
  • Fix whitespace not being stripped out of username before validation (aurelien-reeves)
  • Fix n+1 query when deleting status (Gargron)
  • Fix exiting follows not being rejected when suspending a remote account (ThibG)
  • Fix the underlying button element in a disabled icon button not being disabled (ThibG)
  • Fix race condition when streaming out deleted statuses (ThibG)
  • Fix performance of admin federation UI by caching account counts (Gargron)
  • Fix JS error on pages that don't define a CSRF token (hinaloe)
  • Fix tootctl accounts cull sometimes removing accounts that are temporarily unreachable (BenLubar)

[2.7.4] - 2019-03-05

Fixed

  • Fix web UI not cleaning up notifications after block (Gargron)
  • Fix redundant HTTP requests when resolving private statuses (ThibG)
  • Fix performance of account media query (abcang)
  • Fix mention processing for unknown accounts (ThibG)
  • Fix getting started column not scrolling on short screens (trwnh)
  • Fix direct messages pagination in the web UI (ThibG)
  • Fix serialization of Announce activities (ThibG)
  • Fix home timeline perpetually reloading when empty in web UI (Gargron)
  • Fix lists export (ThibG)
  • Fix edit profile page crash for suspended-then-unsuspended users (ThibG)

[2.7.3] - 2019-02-23

Added

  • Add domain filter to the admin federation page (ThibG)
  • Add quick link from admin account view to block/unblock instance (ThibG)

Fixed

  • Fix video player width not being updated to fit container width (ThibG)
  • Fix domain filter being shown in admin page when local filter is active (ThibG)
  • Fix crash when conversations have no valid participants (ThibG)
  • Fix error when performing admin actions on no statuses (ThibG)

Changed

  • Change custom emojis to randomize stored file name (hinaloe)

[2.7.2] - 2019-02-17

Added

  • Add support for IPv6 in e-mail validation (zoc)
  • Add record of IP address used for signing up (ThibG)
  • Add tight rate-limit for API deletions (30 per 30 minutes) (Gargron)
  • Add support for embedded Announce objects attributed to the same actor (ThibG, Gargron)
  • Add spam filter for Create and Announce activities (Gargron, Gargron, Gargron)
  • Add registrations attribute to GET /api/v1/instance (Gargron)
  • Add vapid_key to POST /api/v1/apps and GET /api/v1/apps/verify_credentials (Gargron)

Fixed

  • Fix link color and add link underlines in high-contrast theme (Gargron, Gargron)
  • Fix unicode characters in URLs not being linkified (JMendyk, hinaloe)
  • Fix URLs linkifier grabbing ending quotation as part of the link (Gargron)
  • Fix authorized applications page design (rinsuki)
  • Fix custom emojis not showing up in share page emoji picker (rinsuki)
  • Fix too liberal application of whitespace in toots (trwnh)
  • Fix misleading e-mail hint being displayed in admin view (ThibG)
  • Fix tombstones not being cleared out (abcang)
  • Fix some timeline jumps (ThibG, ThibG, rinsuki)
  • Fix content warning input taking keyboard focus even when hidden (hinaloe)
  • Fix hashtags select styling in default and high-contrast themes (Gargron)
  • Fix style regressions on landing page (Gargron)
  • Fix hashtag column not subscribing to stream on mount (Gargron)
  • Fix relay enabling/disabling not resetting inbox availability status (Gargron)
  • Fix mutes, blocks, domain blocks and follow requests not paginating (Gargron)
  • Fix crash on public hashtag pages when streaming fails (ThibG)

Changed

  • Change icon for unlisted visibility level (clarcharr)
  • Change queue of actor deletes from push to pull for non-follower recipients (ThibG)
  • Change robots.txt to exclude media proxy URLs (nightpool)
  • Change upload description input to allow line breaks (BenLubar)
  • Change dist/mastodon-streaming.service to recommend running node without intermediary npm command (nolanlawson)
  • Change conversations to always show names of other participants (Gargron)
  • Change buttons on timeline preview to open the interaction dialog (Gargron)
  • Change error graphic to hover-to-play (Gargron)

[2.7.1] - 2019-01-28

Fixed

  • Fix SSO authentication not working due to missing agreement boolean (Gargron)
  • Fix slow fallback of CopyAccountStats migration setting stats to 0 (Gargron)
  • Fix wrong command in migration error message (angristan)
  • Fix initial value of volume slider in video player and handle volume changes (ThibG)
  • Fix missing hotkeys for notifications (ThibG)
  • Fix being able to attach unattached media created by other users (ThibG)
  • Fix unrescued SSL error during link verification (renatolond)
  • Fix Firefox scrollbar color regression (trwnh)
  • Fix scheduled status with media immediately creating a status (ThibG)
  • Fix missing strong style for landing page description (Kjwon15)

[2.7.0] - 2019-01-20

Added

  • Add link for adding a user to a list from their profile (namelessGonbai)
  • Add joining several hashtags in a single column (gdpelican)
  • Add volume sliders for videos (sumdog)
  • Add a tooltip explaining what a locked account is (pawelngei)
  • Add preloaded cache for common JSON-LD contexts (ThibG)
  • Add profile directory (Gargron)
  • Add setting to not group reblogs in home feed (ThibG)
  • Add admin ability to remove a user's header image (ThibG)
  • Add account hashtags to ActivityPub actor JSON (Gargron)
  • Add error message for avatar image that's too large (sumdog)
  • Add notification quick-filter bar (pawelngei)
  • Add new first-time tutorial (Gargron)
  • Add moderation warnings (Gargron)
  • Add emoji codepoint mappings for v11.0 (Gargron)
  • Add REST API for creating an account (Gargron)
  • Add support for Malayalam in language filter (tachyons)
  • Add exclude_reblogs option to account statuses API (Gargron)
  • Add local followers page to admin account UI (chr-1x)
  • Add healthcheck commands to docker-compose.yml (BenLubar)
  • Add handler for Move activity to migrate followers (Gargron)
  • Add CSV export for lists and domain blocks (Gargron)
  • Add tootctl accounts follow ACCT (Gargron)
  • Add scheduled statuses (Gargron)
  • Add immutable caching for S3 objects (nolanlawson)
  • Add cache to custom emojis API (Gargron)
  • Add preview cards to non-detailed statuses on public pages (Gargron)
  • Add mod and moderator to list of default reserved usernames (Gargron)
  • Add quick links to the admin interface in the web UI (ThibG)
  • Add tootctl domains crawl (Gargron)
  • Add attachment list fallback to public pages (ThibG)
  • Add tootctl --version (Gargron)
  • Add information about how to opt-in to the directory on the directory (Gargron)
  • Add timeouts for S3 (Gargron)
  • Add support for non-public reblogs from ActivityPub (Gargron)
  • Add sending of Reject activity when sending a Block activity (ThibG)

Changed

  • Temporarily pause timeline if mouse moved recently (lmorchard)
  • Change the password form order (mayaeh)
  • Redesign admin UI for accounts (Gargron, Gargron)
  • Redesign admin UI for instances/domain blocks (Gargron)
  • Swap avatar and header input fields in profile page (ThibG)
  • When posting in mobile mode, go back to previous history location (ThibG)
  • Split out is_changing_upload from is_submitting (ThibG)
  • Back to the getting-started when pins the timeline. (kedamaDQ)
  • Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (Gargron)
  • Limit maximum visibility of local silenced users to unlisted (ThibG)
  • Change API error message for unconfirmed accounts (noellabo)
  • Change the icon to "reply-all" when it's a reply to other accounts (mayaeh)
  • Do not ignore federated reports targetting already-reported accounts (ThibG)
  • Upgrade default Ruby version to 2.6.0 (Gargron)
  • Change e-mail digest frequency (Gargron)
  • Change Docker images for Tor support in docker-compose.yml (Sir-Boops)
  • Display fallback link card thumbnail when none is given (Gargron)
  • Change account bio length validation to ignore mention domains and URLs (Gargron)
  • Use configured contact user for "anonymous" federation activities (yukimochi)
  • Change remote interaction dialog to use specific actions instead of generic "interact" (Gargron)
  • Always re-fetch public key when signature verification fails to support blind key rotation (ThibG)
  • Make replies to boosts impossible, connect reply to original status instead (valerauko)
  • Change e-mail MX validation to check both A and MX records against blacklist (Gargron)
  • Hide floating action button on search and getting started pages (tmm576)
  • Redesign public hashtag page to use a masonry layout (Gargron)
  • Use summary as summary instead of content warning for converted ActivityPub objects (Gargron)
  • Display a double reply arrow on public pages for toots that are replies (ThibG)
  • Change admin UI right panel size to be wider (Kjwon15)

Removed

  • Remove links to bridge.joinmastodon.org (non-functional) (Gargron)
  • Remove LD-Signatures from activities that do not need them (ThibG)

Fixed

  • Remove unused computation of reblog references from updateTimeline (ThibG)
  • Fix loaded embeds resetting if a status arrives from API again (ThibG)
  • Fix race condition causing shallow status with only a "favourited" attribute (ThibG)
  • Remove intermediary arrays when creating hash maps from results (Gargron)
  • Extract counters from accounts table to account_stats table to improve performance (Gargron)
  • Change identities id column to a bigint (Gargron)
  • Fix conversations API pagination (ThibG)
  • Improve account suspension speed and completeness (Gargron)
  • Fix thread depth computation in statuses_controller (ThibG)
  • Fix database deadlocks by moving account stats update outside transaction (ThibG)
  • Escape HTML in profile name preview in profile settings (pawelngei)
  • Use same CORS policy for /@:username and /users/:username (ThibG)
  • Make custom emoji domains case insensitive (Esteth)
  • Various fixes to scrollable lists and media gallery (ThibG)
  • Fix bootsnap cache directory being declared relatively (Gargron)
  • Fix timeline pagination in the web UI (ThibG)
  • Fix padding on dropdown elements in preferences (ThibG)
  • Make avatar and headers respect GIF autoplay settings (ThibG)
  • Do no retry Web Push workers if the server returns a 4xx response (Gargron)
  • Minor scrollable list fixes (ThibG)
  • Ignore low-confidence CharlockHolmes guesses when parsing link cards (ThibG)
  • Fix tootctl accounts rotate not updating public keys (Gargron)
  • Fix CSP / X-Frame-Options for media players (jomo)
  • Fix unnecessary loadMore calls when the end of a timeline has been reached (ThibG)
  • Skip mailer job retries when a record no longer exists (Gargron)
  • Fix composer not getting focus after reply confirmation dialog (ThibG)
  • Fix signature verification stoplight triggering on non-timeout errors (Gargron)
  • Fix ThreadResolveWorker getting queued with invalid URLs (Gargron)
  • Fix crash when clearing uninitialized timeline (ThibG)
  • Avoid duplicate work by merging ReplyDistributionWorker into DistributionWorker (ThibG)
  • Skip full text search if it fails, instead of erroring out completely (Kjwon15)
  • Fix profile metadata links not verifying correctly sometimes (shrft)
  • Ensure blocked user unfollows blocker if Block/Undo-Block activities are processed out of order (ThibG)
  • Fix unreadable text color in report modal for some statuses (Gargron)
  • Stop GIFV timeline preview explicitly when it's opened in modal (kedamaDQ)
  • Fix scrollbar width compensation (ThibG)
  • Fix race conditions when processing deleted toots (ThibG)
  • Fix SSO issues on WebKit browsers by disabling Same-Site cookie again (moritzheiber)
  • Fix empty OEmbed error (renatolond)
  • Fix drag & drop modal not disappearing sometimes (hinaloe)
  • Fix statuses with content warnings being displayed in web push notifications sometimes (ThibG)
  • Fix scroll-to-detailed status not working on public pages (ThibG)
  • Fix media modal loading indicator (ThibG)
  • Fix hashtag search results not having a permalink fallback in web UI (ThibG)
  • Fix slightly cropped font on settings page dropdowns when using system font (ariasuni)
  • Fix not being able to drag & drop text into forms (tmm576)

Security

  • Sanitize and sandbox toot embeds in web UI (ThibG)
  • Add tombstones for remote statuses to prevent replay attacks (ThibG)

[2.6.5] - 2018-12-01

Changed

  • Change lists to display replies to others on the list and list owner (ThibG)

Fixed

  • Fix failures caused by commonly-used JSON-LD contexts being unavailable (ThibG)

[2.6.4] - 2018-11-30

Fixed

  • Fix yarn dependencies not installing due to yanked event-stream package (Gargron)

[2.6.3] - 2018-11-30

Added

  • Add hyphen to characters allowed in remote usernames (ThibG)

Changed

  • Change server user count to exclude suspended accounts (Gargron)

Fixed

  • Fix ffmpeg processing sometimes stalling due to overfilled stdout buffer (hugogameiro)
  • Fix missing DNS records raising the wrong kind of exception (Gargron)
  • Fix already queued deliveries still trying to reach inboxes marked as unavailable (Gargron)

Security

  • Fix TLS handshake timeout not being enforced (Gargron)

[2.6.2] - 2018-11-23

Added

  • Add Page to whitelisted ActivityPub types (mbajur)
  • Add 20px to column width in web UI (Gargron)
  • Add amount of freed disk space in tootctl media remove (Gargron, Gargron, mayaeh)
  • Add "Show thread" link to self-replies (Gargron)

Changed

  • Change order of Atom and RSS links so Atom is first (Alkarex)
  • Change Nginx configuration for Nanobox apps (danhunsaker)
  • Change the follow action to appear instant in web UI (Gargron)
  • Change how the ActiveRecord connection is instantiated in on_worker_boot (Gargron)
  • Change tootctl accounts cull to always touch accounts so they can be skipped (renatolond)
  • Change mime type comparison to ignore JSON-LD profile (valerauko)

Fixed

  • Fix web UI crash when conversation has no last status (sammy8806)
  • Fix follow limit validator reporting lower number past threshold (Gargron)
  • Fix form validation flash message color and input borders (Gargron)
  • Fix invalid twitter:player cards being displayed (ThibG)
  • Fix emoji update date being processed incorrectly (ThibG)
  • Fix playing embed resetting if status is reloaded in web UI (ThibG, Gargron)
  • Fix web UI crash when favouriting a deleted status (ThibG)
  • Fix intermediary arrays being created for hash maps (Gargron)
  • Fix filter ID not being a string in REST API (Gargron)

Security

  • Fix multiple remote account deletions being able to deadlock the database (Gargron)
  • Fix HTTP connection timeout of 10s not being enforced (Gargron)

[2.6.1] - 2018-10-30

Fixed

  • Fix resolving resources by URL not working due to a regression in valerauko (Gargron)
  • Fix reducer error in web UI when a conversation has no last status (Gargron)

[2.6.0] - 2018-10-30

Added

  • Add link ownership verification (Gargron)
  • Add conversations API (Gargron)
  • Add limit for the number of people that can be followed from one account (Gargron)
  • Add admin setting to customize mascot (ashleyhull-versent)
  • Add support for more granular ActivityPub audiences from other software, i.e. circles (Gargron, Gargron, Gargron)
  • Add option to block all reports from a domain (Gargron)
  • Add user preference to always expand toots marked with content warnings (webroo)
  • Add user preference to always hide all media (fvh-P)
  • Add force_login param to OAuth authorize page (Gargron)
  • Add tootctl accounts backup (Gargron, Gargron)
  • Add tootctl accounts create (Gargron, Gargron)
  • Add tootctl accounts cull (Gargron, Gargron)
  • Add tootctl accounts delete (Gargron, Gargron)
  • Add tootctl accounts modify (Gargron, Gargron)
  • Add tootctl accounts refresh (Gargron, Gargron)
  • Add tootctl feeds build (Gargron, Gargron)
  • Add tootctl feeds clear (Gargron, Gargron)
  • Add tootctl settings registrations open (Gargron, Gargron)
  • Add tootctl settings registrations close (Gargron, Gargron)
  • Add min_id param to REST API to support backwards pagination (Gargron)
  • Add a confirmation dialog when hitting reply and the compose box isn't empty (ThibG)
  • Add PostgreSQL disk space growth tracking in PGHero (Gargron)
  • Add button for disabling local account to report quick actions bar (Gargron)
  • Add Czech language (Aditoo17)
  • Add same-site (lax) attribute to cookies (sorin-davidoi)
  • Add support for styled scrollbars in Firefox Nightly (sorin-davidoi)
  • Add highlight to the active tab in web UI profiles (rhoio)
  • Add auto-focus for comment textarea in report modal (ThibG)
  • Add auto-focus for emoji picker's search field (ThibG)
  • Add nginx and systemd templates to dist/ directory (Gargron)
  • Add support for /.well-known/change-password (Gargron)
  • Add option to override FFMPEG binary path (sascha-sl)
  • Add dns-prefetch tag when using different host for assets or uploads (Gargron)
  • Add description meta tag (Gargron)
  • Add Content-Security-Policy header (ThibG)
  • Add cache for the instance info API (ykzts)
  • Add suggested follows to search screen in mobile layout (Gargron)
  • Add CORS header to /.well-known/* routes (BenLubar)
  • Add card attribute to statuses returned from REST API (Gargron)
  • Add in-stream link preview (Gargron)
  • Add support for ActivityPub Page objects (mbajur)

Changed

  • Change forms design (Gargron)
  • Change reports overview to group by target account (Gargron)
  • Change web UI to show "read more" link on overly long in-stream statuses (lanodan)
  • Change design of direct messages column (Gargron, Gargron)
  • Change home timelines to exclude DMs (Gargron)
  • Change list timelines to exclude all replies (cbayerlein)
  • Change admin accounts UI default sort to most recent (Gargron)
  • Change documentation URL in the UI (Gargron)
  • Change style of success and failure messages (Gargron)
  • Change DM filtering to always allow DMs from staff (qguv)
  • Change recommended Ruby version to 2.5.3 (zunda)
  • Change docker-compose default to persist volumes in current directory (Gargron)
  • Change character counters on edit profile page to input length limit (Gargron)
  • Change notification filtering to always let through messages from staff (Gargron)
  • Change "hide boosts from user" function also hiding notifications about boosts (ThibG)
  • Change CSS detailed-status__wrapper class actually wrap the detailed status (trwnh)

Deprecated

  • GET /api/v1/timelines/directGET /api/v1/conversations (Gargron)
  • POST /api/v1/notifications/dismissPOST /api/v1/notifications/:id/dismiss (Gargron)
  • GET /api/v1/statuses/:id/cardcard attributed included in status (Gargron)

Removed

  • Remove "on this device" label in column push settings (rhoio)
  • Remove rake tasks in favour of tootctl commands (Gargron)

Fixed

  • Fix remote statuses using instance's default locale if no language given (Kjwon15)
  • Fix streaming API not exiting when port or socket is unavailable (Gargron)
  • Fix network calls being performed in database transaction in ActivityPub handler (Gargron)
  • Fix dropdown arrow position (ThibG)
  • Fix first element of dropdowns being focused even if not using keyboard (ThibG)
  • Fix tootctl requiring bundle exec invocation (abcang)
  • Fix public pages not using animation preference for avatars (renatolond)
  • Fix OEmbed/OpenGraph cards not understanding relative URLs (ThibG)
  • Fix some dark emojis not having a white outline (ThibG)
  • Fix media description not being displayed in various media modals (ThibG)
  • Fix generated URLs of desktop notifications missing base URL (GenbuHase)
  • Fix RTL styles (mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar)
  • Fix crash in streaming API when tag param missing (Gargron)
  • Fix hotkeys not working when no element is focused (ThibG)
  • Fix some hotkeys not working on detailed status view (ThibG)
  • Fix og:url on status pages (ThibG)
  • Fix upload option buttons only being visible on hover (Gargron)
  • Fix tootctl not returning exit code 1 on wrong arguments (sascha-sl)
  • Fix preview cards for appearing for profiles mentioned in toot (ThibG, ThibG)
  • Fix local accounts sometimes being duplicated as faux-remote (Gargron)
  • Fix emoji search when the shortcode has multiple separators (ThibG)
  • Fix dropdowns sometimes being partially obscured by other elements (kedamaDQ)
  • Fix cache not updating when reply/boost/favourite counters or media sensitivity update (Gargron)
  • Fix empty display name precedence over username in web UI (Gargron)
  • Fix td instead of th in sessions table header (Gargron)
  • Fix handling of content types with profile (valerauko)

[2.5.2] - 2018-10-12

Security

[2.5.1] - 2018-10-07

Fixed

  • Fix database migrations for PostgreSQL below 9.5 (Gargron)
  • Fix class autoloading issue in ActivityPub Create handler (Gargron)
  • Fix cache statistics not being sent via statsd when statsd enabled (ykzts)
  • Bump puma from 3.11.4 to 3.12.0 (dependabot[bot])

Security

  • Fix some local images not having their EXIF metadata stripped on upload (ThibG)
  • Fix being able to enable a disabled relay via ActivityPub Accept handler (ThibG)
  • Bump nokogiri from 1.8.4 to 1.8.5 (dependabot[bot])
  • Fix being able to report statuses not belonging to the reported account (ThibG)