35 Mastodon releases were published

Release data is gathered from the GitHub repository every few minutes.

2.4 branch

2.4.3 latest
1 month ago
View release notes

Mastodon

Features:

Add more granular OAuth scopes (#7929)

Additionally to existing read, write, follow and push scopes, there are now read and write scopes limited to particular areas of the API, so an app could request to manage your blocks for you without gaining access to posting from your account or following other people. See the PR for details.

Keyword/phrase filtering (#7905)

A better alternative to the old client-side regex filter function: You can now define keywords or phrases to be hidden, choose which contexts (like home timeline vs notifications vs public timelines) the filter should be active in, and whether it should expire after a time. Comes with a new REST API so apps can manage filters and streaming API updates for client-side filtering.

GET|POST /api/v1/filters
GET|PUT|DELETE /api/v1/filters/:id

Follow recommendations API (#7918)

Interaction data is technically already in Mastodon in the form of status and favourite records, but costly to query. Mastodon will now denormalize such interaction data specifically for interactions with people you are not following (colloquially: "here is a list of people I often reblog/fave but am not following yet"). The idea is that you may have lots of positive interactions with someone, but forget to click follow on their profile. The new API method will return such results. No user interface yet.

GET /api/v1/suggestions
DELETE /api/v1/suggestions/:account_id

Other:

  • Add admin setting to enable OpenGraph previews for sensitive media (#7962)
  • Allow the media modal to be closed by pressing back (#7934)

Fixes:

  • Fix broken single column getting-started menu (#7862)
  • Fix CW field still having animation in when reduce motion is enabled (#7872)
  • Disable reverted index changes (#7871)
  • Fix jpeg files sometimes being returned with a .jpe extension (#7881)
  • Fix Chrome issue with sizes="0px" (#7886)
  • Add /mastodon/bin to $PATH (#7889)
  • Add .bundle to .dockerignore (#7895)
  • Add symbolic link for yarnpkg (#7894)
  • On the mobile UI, move the search column to the right (#7877)
  • Typo in signature verification failure logging (#7916)
  • Improve embeds (#7919)
  • Display full username in tooltip on search and autosuggest (#7920)
  • Fix style of attachment list on /about (#7930)
  • Fix M hotkey inserting @undefined when in detailed status (#7931)
  • Fix unknown addon provider in scalingo.json (#7928)
  • Restore support to Ruby 2.3 (#7935)
  • Disable service worker media cache and IndexedDB storage (#7932)
  • What is on your mind -> What's on your mind (#7938)
  • Respect noindex rule in remote follow view (#7939)
  • Add white outline to dark emojis (#7936)
  • Fix dark background error on user-mention autosuggest in light theme (#7937)
  • Fix overlapping profile name and domain (#7927)
  • Crush PNGs to reduce overall size (#7954)
  • Check reblogged status for blocked/muted mentions (#7957)
  • In e-mail validator, fallback from MX to A record (#7955)
  • If signed in, redirect autofollow invite to profile page (#7956)
  • Send undo of boost to original poster if reblog (#7959)
  • Update Twemoji to v11 (#7911)
  • Example for TOR federation in docker-compose.yml (#7875)
  • Remove .p-name microformat class (#7961)
  • Add follow button to detailed status, add gradient to mask bio cut-off (#7979)

Upgrade notes:

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Non-Docker only:

  • Dependency updates: bundle install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@ariasuni @d6rkaiz @Dryusdan @fvh-P @Gargron @hcmiya @hinaloe @kedamaDQ @m4sk1n @MaciekBaron @mareklach @martymcguire @NecroTechno @lynlynlynx @Quenty31 @renatolond @SerCom-KC @shuheiktgw @takayamaki @ThibG @u1-liquid @usbsnowcrash @ykzts @zunda

1 month, 4 weeks ago
View release notes

Mastodon

Features:

Add autofollow option to invites (#7805)

When creating an invite link, you can choose to make it personal: People who will sign up using the link will automatically follow you upon account activation. The sign-up screen will show this, and of course they can unfollow you later. Useful for bringing followers over from other platforms!

Change language opt-out to language opt-in (#7823)

The previous approach was a mistake: People don't speak more than a handful of languages most of the time, and making everyone tick more than 20 checkboxes just to remove everything they don't know was not user-friendly. This is a turn-around: Now you only have to select languages you want to see, everything else will be hidden. If you don't select anything, all languages will be shown to you, like before.

Allow selecting default posting language instead of auto-detect (#7828)

Language detection is guess-work and often gives inaccurate results, especially on very short messages. In 2.4.0, an option was added to the REST API to specify the language of a single toot manually. Now we're adding a preference to override auto-detection with some particular language.

Other:

  • Remove placeholder text for media-only toots (#7806)
  • Add "find friends", "invite people", and more to getting started footer (#7803)
  • Add profile options on compose form (#7789)
  • Add dat, dweb, ipfs, ipns, ssb, gopher protocols to URL extractor (#7810)

Fixes:

  • Remove rack-timeout (#7809)
  • Fix regression where CW is focused on reply (#7811)
  • Hide status content when spoiler text is not empty (#7797)
  • Put "Media only" option in column settings instead of content area headline (#7801)
  • Do not pre-emojify note HTML in accounts REST API (#7821)
  • Remove unused indexes (#7829)
  • DataTransfer.types may Array-like object (#7827)
  • Adjust account__action-bar contents (#7818)
  • Fix autosuggest-textarea backgrounds and some minor adjustments (#7817)
  • Make list icons different from the getting-started icons (#7838)
  • Create special case to prefer "jpeg" over "jpe" file extension (#7841)
  • Serialize language into ActivityPub JSON (#7840)
  • Update bcrypt to 3.1.12 fix issue with Fedora (#7845)

Upgrade notes:

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Non-Docker only:

  • Dependency updates: bundle install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@chr-1x @Gargron @hinaloe @Kjwon15 @lynlynlynx @mabkenar @SerCom-KC @shuheiktgw @ykzts

2 months ago
View release notes

Mastodon

Note: There is an important database migration in this release. Please read the upgrade notes carefully.

Features:

Add delete & redraft function (#7735)

If you noticed a typo or missing word on a toot that's already been sent, you can now choose to "delete & redraft" that toot. It pre-fills the compose area with all the data from your toot, including attached files, allowing you to edit and re-send it. It becomes a new toot, so boosts, favourites and replies to it will be reset.

Improved getting started column (#7676)

On mobile, the getting started column more prominently displays a link to your profile, preferences and security settings, and omits linking to timelines or columns that are anyway listed in the tab bar above.

On desktop, the getting started column now categorizes links into "Discovery" and "Personal" which should help new users orient themselves in the app. Links to blocked users, muted users and domain blocks have been moved to the dropdown menu on your own profile.

On both layouts, the bottom of the column has been restyled. Links to the FAQ, user guide and apps list have been replaced with links to "Hotkeys", "About this instance", "Terms of Service", "Documentation" and "Logout". Documentation, in turn, contains the FAQ, user guide and apps list.

Improved e-mail validation (#7631)

On sign up, entered e-mail address will be checked for the presence of an MX record, which indicates that it's potentially a real e-mail address. Furthermore, the MX record is checked against the e-mail domains blacklist, which allows blocking spammers who have many alias domains pointing to the same e-mail server.

Improve "Hide everything from {domain}" behaviour (#7765, #7773)

The confirmation dialog now explains what will happen when you block a domain. It will remove your followers from that domain, prevent new followers or follow requests from that domain, hide toots from the domain in public timelines, hide boosts of toots from the domain in your home timeline, and hide any mentions or notifications from that domain. It will not make you unfollow someone from that domain you've already been following, and those people will be able to appear in your home feed and notifications.

Filter out blocked/muted people from profile timelines (#7747)

Due to popular demand, boosts of blocked/muted people will no longer appear on profiles you view.

Other:

UI/UX additions:

  • Public timelines now have a tab bar for choosing between all toots and only ones that contain media attachments (#7598)
  • Submit report with ctrl+enter (#7729)
  • Emoji pack upgraded, new unicode emojis available in the picker (#7746)
  • Add "Edit profile" link to public profile page (#7754)

REST API additions:

  • New API endpoint: GET /api/v2/search, which returns the same results as v1, except the hashtags are returned as objects with trend data instead of mere strings (#7661)

Performance improvements:

  • Optimize direct timeline (#7614)
  • Reduce wasted work in RemoveStatusService due to inactive followers (#7672)
  • Improve counter caches on Status and Account (#7644)

Fixes:

Backend:

  • Disable AMS logging (#7623)
  • Catch ActionController::UnknownFormat and return HTTP 406 (#7621)
  • Rescue Mastodon::DimensionsValidationError in Remoteable (#7662)
  • Fix error when unmuting a domain without listing muted domains first (#7670)
  • Deduplicate accounts and make unique username/domain index case-insensitive (#7658)
  • Skip processing when HEAD method returns 501 (#7730)
  • Detect file extension from Content-Type header in Remoteable (#7733)
  • Migrate old web push subscriptions to ensure deliveries (#7764)

Deployments:

  • Remove Puma pidfile before boot if container receives SIGTERM (#7052)
  • Speed up some rake tasks by moving execution to Sidekiq (#7678)

ActivityPub:

  • Ignore multiple occurrences of a hashtag within a status (#7606)
  • Do not mark remote status as sensitive even if spoiler text is present (only apply that logic locally) (#7395)
  • Do not accept ActivityPub follow requests from blocked user (#7756)

OStatus:

  • Fix N+1 on AtomSerializer (#7669)

UI/UX:

  • Fix caret position after selected suggestion and media upload (#7595)
  • Fix lock icon position in account card (#7630)
  • Don't use Object.assign with Notification, only display actions for mentions (#7632)
  • Redirect / to home on mobile layout, to getting started on desktop (#7677)
  • Put the CW field between the toot we are replying to and the toot field (#7508)
  • Control the focus when clicking the CW button. (#7776)
  • Display numbers in account header using shortNumberFormat for consistency (#7723)
  • Remove unnecessary underline on admin accounts table (#7728)
  • Preserve newlines in delete & redraft and desktop notifications (#7750)
  • Improve emoji picker design in light theme (#7772, #7768)
  • Fix some colors in light theme (#7722)

Other:

  • Added the law requirements for the EU/EEA into the default privacy policy (#7605)

Upgrade notes:

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Please read: So far, Mastodon had been missing a database constraint for case-insensitivity (e.g. capital A vs lowercase a) due to an early mistake. Mostly it's been fine due to code outside of the database ensuring integrity, but that code has not always been perfect, and among other things sometimes failed due to race conditions. Long story short, your database may contain account records which share the same username/domain combination and are therefore unreachable by mentions, URLs, etc, and which sometimes lead to unexpected behaviour.

This release contains a fix for that situation. The database migrations will find affected accounts and either merge them (when possible and applicable) or delete them without trace, after which the database constraint will be created to ensure no data integrity issues of this nature occur in the future.

For remote accounts, the most recently active one will be the reference account into which others will be merged (but only as long as they have the same public key, which is definitive proof that it's really the same account).

For local accounts, the oldest account will be kept and others deleted. For people behind those duplicate accounts, Mastodon has never been fully functional, because they could never open their profile or receive mentions. However, if you want to manually deal with those accounts instead of having the migration delete them, before running the migration, you can use the rake mastodon:maintenance:find_duplicate_usernames task.

Non-Docker only:

  • Dependency updates: yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@abcang @akihikodaki @ariasuni @Gargron @imbsky @kedamaDQ @kibitan @lynlynlynx @m4sk1n @nightpool @renatolond @Reverite @SerCom-KC @shuheiktgw @takayamaki @tateisu @ThibG @unarist @ykzts

2.4
2 months, 3 weeks ago
View release notes

Mastodon

Features:

Offline functionality: (#6876, #6886)

The Mastodon webapp is a Progressive Web App, and now it can run without an active internet connection, too. While many of the functions will not be available, already loaded content will remain accessible. Once a connection is re-established, a clickable gap will be displayed in the columns, allowing you to load things you might have missed while you were offline.

Direct messaging improvements (#6956, #7089, #4514, #7067)

You can now begin a direct message to someone from the dropdown menu on their profile or on their toots. A warning will be displayed that all mentioned users will be able to see the message. A new type of column is now available, which lists all of your direct message correspondence.

New profile metadata (#6645, #7288)

You can now set up to 4 custom properties on your public profile (label and value). For example, you could link to your website, your Patreon, list your e-mail address for inquires, your pronouns, or who drew your avatar.

RSS for users (#7259)

User profiles and hashtags now offer RSS feeds. The content inside the user profile feed is the same as on the Atom feed (public and unlisted toots), but in a more feed reader-friendly format.

Admin UI improvements (#7188, #7189, #7347, #7342)

The report screen has been revamped. Staff can leave notes on reports as well as individual accounts. A history of actions performed on the report is displayed right there and then. The reported toots are displayed in a more compact and polished manner.

The admin view of an account's toots no longer includes private and direct toots. However, if they are reported, they still show up on the report screen.

When a report comes from another server, the account associated with it is not actually the person who sent the report, but a representative account of the server it was sent from, e.g. an admin. Now the report UI reflects this to reduce confusion.

Updated privacy policy (#6666)

We were previously using the privacy policy from Discourse verbatim (which, in turn, is a verbatim copy of the one in WordPress). The policy contained a lot of protections for behaviour the Mastodon software was not exhibiting. The new policy is more narrow and explicit and explains in more detail what kind of data you can store in Mastodon and how it is used. Instead of 5 years, automatic scrubbing of old IP addresses in the database will occur every 12 months.

Bot accounts (#7391)

If you run bots on Mastodon, you can now opt-in to display a bot badge on your profile. This works with non-Mastodon software, too, if the ActivityPub actor is of the Service or Application type. In the future, more features might be implemented to filter bot accounts or opt-out of interactions with them.

Custom emojis in profiles (#6124, #7374)

You can now use custom emojis in your profile's bio, in your display name, and in the values of the profile metadata properties mentioned earlier.

Add preference to hide following/followers lists (#7532)

You can now choose to hide who you follow and who follows you from your public profile. The setting likewise hides this information from ActivityPub data and the REST API. Please mind that such information is an important discovery mechanism for other people for finding good content, but it can also be abused for profiling by association, which is why we are adding this option. Please also mind that the information could be stitched together under certain circumstances: a server where you have a number of followers will know about those followers, another server will know about its followers, etc.

Other:

UI/UX additions:

  • Added missing management UI for user-hidden domains (#6628)
  • Allow boosting own private toots to followers (#6157)
  • Collapse overly long conversations on public pages, with controls for expanding (#7102)
  • Added hotkey for revealing/hiding text behind a content warning (#7173)
  • Added high contrast theme (#7213)
  • Automatically resize images before upload in web UI to reduce bandwidth usage (#7223)
  • "Administered by" information on the frontpage (#6984)
  • Add search item to tab bar for mobile devices (#7072)
  • Hide search from compose tab on mobile devices (#7077)
  • Show media in a modal on public pages too (#6801)
  • Added contact e-mail hint to 2FA login form (#7376)
  • Added hint about 7 day cooldown for archive takeout (#7375)
  • Show media modal on public timeline (#7413)

Administration additions:

  • Ability to define a list of disallowed hashtags (#7176)
  • Added "1 week" as expiry option for invites (#6872)
  • Admins and moderators now have the ability to remove an account’s avatar (#6998)
  • Ability to change the user’s email address (#7074)
  • Ability to resend confirmation emails (#7378)
  • Allow searching for custom emojis by incomplete shortcode in admin UI (#7099)

Deployment additions:

  • Ability to specify Redis password during mastodon:setup (#7222)
  • Enable ElasticSearch support by default on Nanobox (#6977)
  • Support for running Mastodon as a hidden service (e.g. Tor) (#7134)
  • Log when a rate limit is hit by someone (#7096)

REST API additions:

  • Enable updating additional account information from user preferences via REST API (#6789)
  • New rate limit for POST /api/v1/media to limit amount of data someone could upload in 24h to 10GB (#7337)
  • Support explicitly supplying language code for status via REST API (#7389)
  • Disable API access when login is disabled for the account (#7289)
  • Return HTTP 410 for suspended accounts in GET /api/v1/accounts/:id (#7287)
  • Add REST API for Web Push Notifications subscriptions (#7445)

Performance improvements:

  • Improve performance of rendering mentions and custom emojis in text (#7271)
  • Add support for a separate Redis server for volatile cache (#7272)
  • Validate HTTP response length while receiving (#6891)
  • Add a circuit breaker for ActivityPub deliveries to minimize 10s timeouts (#7053)
  • Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
  • Perform processing that does not use the database before connecting to the database in streaming API (#7168)
  • Marginally optimize RAM usage (#7301)
  • Reduce needlessly rendered data in ActivityPub (#7357)
  • Store home feeds for 7 days instead of 14 (#7354)
  • Marginally improve file/identify/convert/ffmpeg calls performance with posix-spawn (#7346)
  • Improve performance of POST /api/v1/statuses (#7317)
  • Improve performance when fetching conversation threads (#7321)
  • Improve performance of rendering Webfinger response (#7319)
  • Improve web UI load performance when there are a lot of custom emojis on the server (#7047)
  • Support gzip encoding on HTTP requests (#7425)
  • Disallow async function in service worker to allow minimizing the JS (#7482)
  • Do not use permitted_for scope when querying pinned statuses (#7510)

Fixes:

Backend:

  • Rescue SSL errors when processing mentions, remove useless line (#7184)
  • Prevent animations in OpenGraph preview cards (#7109)
  • Ensure SynchronizeFeaturedCollectionWorker is unique and clean up (#7043)
  • Allow more than the max pinned toots if account is not local (#7105)
  • Improve GIFV encoding params (#7098)
  • Remove most behaviour disparities between blocks and mutes (#7231)
  • Fix unpermitted parameters warning when generating pagination URLs (#6995)
  • Rescue Mastodon::LengthValidationError in FetchLinkCardService (#7424)
  • Catch Paperclip processing failures (fixes #6378) (#7439)
  • Update session activation time (fixes #5605) (#7408)
  • Raise Mastodon::RaceConditionError if Redis lock failed (#7511)

Deployments:

  • Add missing OTP_SECRET in scalingo.json (#6917)
  • Do not default SMTP verify mode to "peer", default to "none" (#6996)
  • Improve OpenStack v3 compatibility (#7392)

REST API/API:

  • Prevent suspended accounts from appearing in search results when it's an exact match (#7246)
  • When creating status, if no sensitive param is given, use user's default (#7057)

ActivityPub:

  • Support actors/statuses with multiple types (#7305)
  • Store URIs of follows, follow requests and blocks for ActivityPub to pass them back correctly (#7160)
  • Improve pagination for ActivityPub outbox, following and followers collections (#7356)
  • Fix handling of malformed ActivityPub payloads when URIs are nil (#7370)
  • Fix add/remove activities for pinned toots not being sent (#7393)
  • Forward deletes on the same path as reply forwarding (#7058)
  • Do not ignore unknown media attachments, only skip them (#6948)
  • Fix hashtags not being federated together with mentions (fixes #6900) (#7406)
  • Take the first recognized actor_type. (#7410)
  • Fetch boosted statuses on behalf of a follower (fixes #7426) (#7459)
  • Fix account URI not updating when updating ActivityPub account (#7488)
  • HTTP signatures spec no longer requires algorithms field (#7525)
  • User agent for WebFinger (#7531)
  • Resolve unknown status from Add activity, skip Remove if unknown (#7526)
  • Do not raise delivery failure on 4xx errors, increase stoplight threshold (#7541)

OStatus:

  • The special handling of the "nsfw" hashtag is removed for everything except OStatus. Also, it is now only added to an outgoing status if any media is attached, rather than always when a content warning is present (#7398)
  • Fix custom emoji handling in UpdateRemoteProfileService (OStatus) (#7501)

UI/UX:

  • Improve relative timestamps in web UI, show year in dates older than a year (#7233)
  • Place emoji picker top if it is closer to the bottom of the viewport (#7314)
  • Place privacy dropdown menu top if it is closer to the bottom of the viewport (#7106)
  • Fix esc hotkey behavior (#7199)
  • Fix the hot key (j, k) does not function correctly when there is a pinned toot in account timeline. (#7202)
  • Fix caret position after inserting emoji (#7167)
  • Make scroll bars a bit wider on webkit browsers (#7060)
  • Change icon for domain blocks (#7139)
  • Remove duplicate frequently used emojis (#7064)
  • Improve dropdowns accessibility (#7318)
  • Set max-height to videos (and gif videos) on modals (#6914)
  • Note if the user is already following the target when authorizing follow (#6325)
  • Set Referrer-Policy to origin in web UI and public pages of private toots to obfuscate what you were viewing in web UI (#7162)
  • When notification type is filtered, ignore live updates for it, preventing gradual emptying of the column (#7101)
  • Optimize public/headers/missing.png (#7084)
  • Fix text color in "show more" link inside boost confirmation modal (#7183)
  • Able to deactivate invites if they aren't expired (#7163)
  • Use randomized setTimeout when fallback-polling and re-add since_id (#7522)
  • Skip pagination logic for pinned account timelines in reducer (#7540)
  • Do not override the default push notification settings (#6037)
  • In footer, replace text "Mastodon" with logo (#7545)
  • Disables autocorrect/autocapitalize on remote username field. (#7549)
  • Improve default background of public profile header (#7556)
  • Use real container width in MediaGallery srcSet (#7571)

Other:

  • Use RAILS_LOG_LEVEL to set log level of Sidekiq, too (#7079)

Upgrade notes:

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Troubleshooting

  • If you are on Ruby 2.3.x and lower you will get errors when uploading images. Please upgrade to Ruby 2.5.1 or at least 2.4.x
  • If avatars and images in web UI are suddenly not loading, check if the server serves them with a CORS header, e.g. Access-Control-Allow-Origin: https://example.com/ where example.com is your domain. This is needed for the offline functionality of the webapp to work.
  • If image uploads stopped working (images won't even begin uploading), it's likely you have a restrictive CSP (Content-Security-Policy) header set up and need to adjust it (allow blob: as img-src and connect-src). This is because overly large images will be downsized in the browser before upload to save bandwidth
  • If you get 500 errors related to cache, this might be due to the upgrade from Rails 5.1 to Rails 5.2. The cache can be discarded by using RAILS_ENV=production bundle exec rails console: Rails.cache.delete
  • If you are using Ceph for uploads, add S3_SIGNATURE_VERSION=s3

How to view logs

I get this question a lot so let's get this out of the way. The errors you see in the browser (with the disappointed elephant) are always reflected in the log of the web process. Here is how to view those logs:

  • With Docker: docker logs mastodon_web_1 (add -f for live scroll)
  • Non-Docker: journalctl -u mastodon-web (add -f for live scroll)

Furthermore, each request has a unique Request-Id header, which you can get from the Network tab of your web inspector in the browser. You can search the logs with that Request-Id value to find specifically the error message of that request.

Note: If the web process isn't actually started, the error will not be in those logs. It will most likely be in the Nginx error log, if you use Nginx, e.g.: /var/log/nginx/error.log by default. And it will most likely be about how the web process isn't running.

Contributors to this release:

@abcang @akihikodaki @ashfurrow @beatrix-bitrot @Dar13 @ekiru @Gargron @goofy-bz @hcmiya @hugogameiro @imbsky @jenkr55 @jumoru @KScl @luzi82 @lynlynlynx @m4sk1n @MasterGroosha @matthiasbeyer @maxolasersquad @mayaeh @nightpool @petzah @Quenty31 @renatolond @retokromer @SerCom-KC @shuheiktgw @stemid @sts10 @Sylvhem @takayamaki @TakesxiSximada @Technowix @ThibG @ThisIsMissEm @unarist @unleashed @wiktor-k @ykzts

2.3 branch

4 months, 3 weeks ago
View release notes

Mastodon

Fixes

  • Critical: Fixes a regression in unique username validation for local users where a non-lowercase older username would be wrongly ignored, allowing duplicate (differently-cased) usernames. The regression was introduced in 2.3.2 only.

Upgrade notes:

The release fixes a bug that allowed duplicate usernames under some circumstances. To help find these duplicates and clean them up, a new rake task was added: RAILS_ENV=production bundle exec rails mastodon:maintenance:find_duplicate_usernames (in Docker: docker-compose run --rm web rails mastodon:maintenance:find_duplicate_usernames). The task will return a list of affected accounts, if any. It will not remove anything automatically.

Discretion is advised in choosing which accounts to keep (usually the oldest one, however). (See below for renaming instead of deleting). Please mind that database records for accounts cannot be removed from the admin UI by design. You will need to carefully use the Rails console (RAILS_ENV=production bundle exec rails console and equivalent in Docker) like this, for example when account ID is 1234:

ruby account = Account.find(1234) account.user.destroy account.destroy

This will remove the record from the database without trace, and clean up any uploaded files and other database associations to that record. (The account ID is part of the admin URL returned by the rake task). You may wish to keep the account and only rename it, however. This can also be only done through the console, like this:

ruby account = Account.find(1234) account.username = account.username + "1" account.save

This would change username alice to alice1, for example. If alice1 already exists, you should pick alice2, etc.

Contributors to this release:

@Gargron

4 months, 3 weeks ago
View release notes

Mastodon

Fixes

Main reason for patch:

Downgrade Dockerfile to Ruby 2.4.3 on Alpine 3.6 to fix segmentation faults in Docker setups (#6806)

Note: This does not affect you if you are not using Docker.

Other fixes:

  • [Nanobox] Stream backups (#6799)
  • Cache web UI with service worker (#6802)
  • Properly center "nothing here" message (#6788)
  • Fix output of user's newly generated password in mastodon:add_user Rake task (#6800)
  • Handle Mastodon::HostValidationError when pulling remoteable assets in Rake task (#6782)
  • Add more entropy to archive download filenames (#6811)
  • If DEFAULT_LOCALE is set, enforce it instead of HTTP request locale (#6817)
  • Fix elephant graphic being draggable and selectable (#6819)
  • Revert #6479, hide sensitive text/images from OpenGraph previews (#6818)
  • Fix regression: Ignore media validation when attaching to status during processing (#6822)
  • Fix e-mail changed notification (fixes #6778) (#6835)
  • Display content warning in notification emails (#6832)
  • Serialize mentions in the order they are added (#6836, #6858)
  • In the event of HTTP request failure, try other IPs returned by DNS (#6813)
  • Prevent outdated mention autosuggestions from popping up (#6838)
  • Use username/domain instead of URI to match existing accounts in ActivityPub (#6842)
  • Fix i18n fallback configuration (#6843)
  • Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845)
  • Security updates for the sanitize and loofah gems (#6855)
  • Hide floating action button on thread views (#6859)
  • Prepare for allowing periods in usernames in the future (#6844, #6863)

Upgrade notes:

Non-Docker only:

  • Dependency updates: bundle install

Both Docker and non-Docker:

  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@ThibG @patf @akihikodaki @rtucker @devkral @renatolond @nightpool @danhunsaker @ykzts @trwnh @m4sk1n

5 months ago
View release notes

Mastodon

Fixes

  • Remove unused git from Docker image (#6724)
  • Remove unused su-exec from Docker image (#6722)
  • Fix accidentally double-encoded page titles (#6720)
  • Use Alpine Linux yarn package in Docker instead of building it manually (#6725)
  • Improve performance of account media timelines API (#6729)
  • Make catalan words with the L geminate letter work in hashtags (#6741)
  • Add license info to README (#6583)
  • Fix focal point cropping, fix focal point modal (#6740)
  • Hide loading bar on status interactions (#6774)
  • Fix follow relationships not loading after notifications fetch (#6746)
  • Fix Procfile on OS X (#6748)
  • Avoid using JS to set height in MediaModal (#6750)
  • Hide pinned toots on with replies (#6753)
  • Insert space before shortcode if necessary (#6751)
  • set SAFETY_ASSURED=1 of db:setup in mastodon:setup (#6758)
  • Detailed SMTP setup (#6759)
  • [Nanobox] Fix DB backup task (#6766)
  • Change the title of spoiler button by state (#6772)
  • Change the title of sensitive button by state (#6771)
  • Adjust RTL styles for landing page (#6768)
  • Log BackupWorker backtrace, delete Backup if retries exhausted (#6769)

Features

  • Add show more/less toggle for entire threads in web UI (#6733)
  • Add new avatar placeholder with cute elephant and higher dimensions (#6728)

Upgrade notes:

Both Docker and non-Docker:

  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@abcang @akihikodaki @connyduck @danhunsaker @Gargron @m4sk1n @nightpool @renatolond @TrashMacNugget @ushitora-anqou @ykzts @yuntan

2.3
5 months, 1 week ago
View release notes

Mastodon

Features:

Full-text search for authorized statuses (#6423)

You'll be able to search for toots you've written, boosted, favourited or were mentioned in. The API does not change in any way to allow this, but since this is a computationally-heavy feature, it's optional for admins to setup and requires an ElasticSearch database.

Account archive download (#6460)

Every 7 days you are able to request a full archive of your toots. The toots are exported in ActivityPub JSON format alongside the media files attached to them, your avatar and header images as well as the private key of your account used for signing content. Theoretically, such an archive could be used by any application to support full content migration.

Focal points (#6520)

When uploading a picture, you will be able to select a "focal point" on it, that is to say, the place that should not be cropped out under any circumstances. Mastodon uses varying dimensions of thumbnails, but all of them will respect the focal point. 3rd party apps can also implement this.

Note for app developers: The focal point is returned inside the meta property of media attachments. It's structured like this: { focus: { x: 0, y: -0.1 } }. It is a coordinate on a grid, see this reference.

In turn, the API methods for creating and updating a media attachment accept the focus param, which is expected to be a string of two floating point numbers separated by a comma, e.g. 0.1,0.2

Federated reports (#6570)

Improved UI of the report dialog with an added option to send an anonymized copy of the report to the server of the user you report (normally, the report only goes to your own server's admins!)

Redesign landing page (again) (#6486, #6543, #6545)

The new landing page makes better use of space. The login link is more prominent, and a new hero image is available for admins to customize from admin settings (when not set, it falls back to the OpenGraph thumbnail image admins can also set).

Click card to embed external content (#6471)

YouTube, Vimeo, SoundCloud, Twitch Clips and other websites that support embedding used to appear in the detailed view of a toot straight away, which is not very good for privacy, because embeds load information from another server. Now, a preview of the embed is displayed first, and only once you click it, the remote content is loaded.

Other:

UI/UX additions:

  • Add "previous" navigation to public profile pages (#6497)
  • Add "Toots/Toots with replies/Media" tab in web UI (#6572, #6589)
  • Admin settings: Option to show only local toots in timeline preview (#6292)
  • Add preference to always display sensitive media (#6448)
  • Do not hide NSFW media/CW'd text in OpenGraph tags (#6479)
  • Save video metadata and improve video OpenGraph tags (#6481)
  • Move "compose" button on mobile to floating action button (#6594)
  • Increase avatars to 400x400 max, do not upscale smaller avatars (#6651)
  • Implement tag auto-completion by history (#6621)
  • Improved media modal with pinch zoom (#5956)
  • Make more apparent that an account is blocked or muted (fixes #6544) (#6627, #6636)
  • Remove text requirement from statuses when media is attached, do not auto-insert media URL into text (#6672)
  • Display attachment filenames in notifications (#6693)
  • Display attachment filesnames in timelines in compact style when media is missing (#6680)

Deployment additions:

  • PAM authentication (#5303)
  • CAS + SAML authentication (#6425)
  • LDAP authentication (#6556)
  • Interactive rake mastodon:setup task (#6451)

REST API additions:

  • Add locked to /api/v1/update_credentials (#6506)
  • Add only_media param to public and hashtag timelines API (#6576)
  • Add contact_account and languages to instance API (#6574)

Federation additions:

  • Allow retrieval of private statuses using HTTP signatures (#6225)
  • Accept ActivityPub announce from the author of the original note (#6236)
  • Reject->Follow will remove both follow request and the follow, whichever exists (#6571)
  • Push discovered status through streaming API within a 6h time window (#6484)
  • Federate pinned statuses over ActivityPub (#6610)

Performance improvements:

  • Cache for relationships API (#6482)

Fixes:

UI/UX improvements:

  • Responsively enforce 16:9 ratio on all media thumbnails in web UI (#6590)
  • Fix button hiding when header title is too long (#6406)
  • Same hashtag regex on server and in the web UI (#6431)
  • Fix column header button outline (#6411)
  • Set minimum height for mastodon on drawer (#6142)
  • Change web UI "posts" to "toots" on profile for consistency (#6447)
  • Fix media button type (#6478)
  • Remove outline from body window (#6502)
  • Fix media spoiler design (#6507)
  • Improve public account cards (#6559)
  • Fix password recovery (#6459)
  • Prevent weird redirects to JSON resources after login under some circumstances (#6528)
  • Fix accounts' display name/bio not being set from initial state (#6644)
  • Show media on report UI (#6619)
  • Place dropdown menu top if it is closer to the bottom of the viewport (#6641)
  • Redirect from web tag timeline to public tag timeline if not signed in (#6633)
  • Add headings to the security settings page (#6661)
  • Remove pointer events on the entire UI when a dropdown menu is open (#6648)
  • Don't escape status text while truncating for title of page (#6671)
  • When enabled, always display media in gallery. Also: click to reveal (#6692)
  • Add missing meta description to profiles, some other SEO stuff (#6706)

Backend fixes:

  • Make sure status is not nil in mailer (#6428)
  • Fix saving of oEmbed image (#6409)
  • Validation of character count works even when text of status is nil (#6429)
  • Fix response of signature_verification_failure_reason (#6441)
  • Prevent stale account caches in notifications API (#6442)
  • Prevent HTTP requests to private IP ranges (#6410)
  • Fix avatar/header resizing issues and glitches (#6508, #6515)
  • Ensure the app does not even start if OTP_SECRET is not set (#6557)

REST API fixes:

  • Exclude nil from relationships array (#6427)
  • Ensure that boolean params in the API are parsed for truthiness (#6575)

Docker image improvements:

  • Isolate internal services from external networks (#6369)
  • Set permissions during the build process instead of during startup (#6514)

Upgrade notes:

Enabling optional new features:

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Docker only:

Note: We will now publish pre-built Docker images as tootsuite/mastodon instead of gargron/mastodon. Furthermore, the edge tag will now refer to the master branch, latest to the latest stable release, other tags will remain the same. The docker-compose.yml file and documentation has been adjusted accordingly.

Troubleshooting

  • If you are using Docker with docker-compose and are getting a PG::ConnectionBad: could not translate host name "db" to address: Name does not resolve, you might have to do docker-compose down (make sure you were using volumes so you won't lose data!) before you can run any further docker-compose commands.

Contributors to this release:

@abcang @akihikodaki @beatrix-bitrot @chaosbunker @connyduck @danhunsaker @devkral @espenronnevik @foxsan48 @Gargron @gloaec @HellPie @ineffyble @kazu9su @Kjwon15 @lynlynlynx @m4sk1n @masarakki @MasterGroosha @mayaeh @MitarashiDango @moritzheiber @northerner @patf @puckipedia @pwoolcoc @redtachyons @renatolond @rfwatson @rinsuki @sim6 @Sylvhem @takayamaki @ThibG @ThomasLeister @TrashMacNugget @valrus @vpzomtrrfrt @ykzts @yuntan

2.2 branch

2.2
6 months, 2 weeks ago
View release notes

Mastodon

Features:

Improved e-mail digest feature (#6252)

The e-mail digest feature has existed for a long time, but the sending was not automated and had to be triggered by a manual task run. Many admins have not configured a cronjob to run it, and so the feature has never really seen wide use. What is a digest? A digest is sent after 20 days of inactivity, only if the recipient has been mentioned during that period. The digest summarizes the mentions the recipient received.

The digest sending is now part of Sidekiq, therefore no cronjob configuration is necessary anymore. Furthermore, the digest e-mails now have a pretty HTML version as well as the old plain-text one.

HTML e-mail templates for all e-mails (#6256, #6263, #6272, #6301)

All transactional e-mails in Mastodon have been reworked to improve clarity and phrasing. They now have pretty HTML versions as well as the old plain-text ones. The design is responsive and has been tested among a variety of e-mail clients.

Welcome e-mail (#6273)

After activating a new account by confirming the e-mail address, the user will receive a welcome e-mail. This e-mail outlines the first steps and provides some helpful tips.

Home timeline improvement for returning users (#6251)

This is a fix as well as a feature. You might know that Mastodon stops storing the home timeline for users who haven't been online longer than 2 weeks, to use storage and processing power optimally. When a user returns after 2 weeks, the home timeline must be regenerated. This has been somewhat buggy and opaque in the past.

Bugs related to this feature have been fixed. Furthermore, the API of the home timeline was changed in a non-breaking way to return HTTP status code 206 (Partial Content) when the home timeline is in the process of being regenerated. This information will now allow the web UI to display a fancy loading graphic to communicate this process to the user. The web UI will keep refreshing the home timeline until it's done regenerating. This should eliminate the problem of users coming back to seemingly empty timelines.

Other:

  • Web UI now supports web share. Supporting browsers can now register the web app as a receiver of share activities from other apps (#6278)
  • The recommended version of Ruby has been upgraded to 2.5.0. There is no rush to upgrade that, however. If you'd like to keep using 2.4.2 and rbenv complains, simply overwrite the value inside the .ruby-version file (#6097)
  • The onboarding (tutorial) modal window has been updated and improved (#6303)
  • Display number of follow requests in getting started menu (#6313)

Fixes:

  • Handle sessions that can't be translated (#6245)
  • Fix column headers accessibility (#6199)
  • Add some browsers (#6246)
  • Make columns-area unscrollable when modal opened (#6241)
  • Suppress CSRF token warnings in logs (#6240)
  • Allow attributedTo in a status to be an embedded object (#6238)
  • Fix #6128 - Display unfollow button even if account moved (#6258)
  • Surround mid-text display names with bdi tags (#6257)
  • When must_be_following_dm is on, only notify if recipient dm'ed user (#6283)
  • Fix regeneration marker not expiring (#6290)
  • Replace drawer elephant graphic with a vector image (#6286)
  • Retry delivering toots over ActivityPub for about 2 days (#6298)
  • Fix "tzinfo-data is not present" docker error (#6300)
  • Process mentions and reblogs even from resolved threads (#6299)
  • Do not throw away statuses obtained via websocket when API request finishes (#6302)
  • Make text e-mails consistent with HTML ones in UserMailer (#6291)
  • Fix #6269 - Render LOCAL_DOMAIN as unicode in presentational views (#6305)

Upgrade notes:

  • Please mind that the new HTML e-mails mean that the sidekiq process, which sends them, must now have access to the packs generated by assets:precompile. The docker-compose manifest has been updated to mount the packs volume for the sidekiq container. Outside docker, this information may be relevant to you if you use a multi-server setup and have previously avoided compiling or syncing assets on the sidekiq machines.

Non-Docker only:

  • The recommended version of Ruby has been upgraded to 2.5.0. There is no rush to upgrade that, however. If you'd like to keep using 2.4.2 and rbenv complains, simply overwrite the value inside the .ruby-version file
  • Dependency updates: bundle install and yarn install

Docker-only:

  • You might have to do: docker-compose stop sidekiq && docker-compose rm sidekiq before the final docker-compose up -d of the upgrade, because otherwise the new volume mapping mentioned above will not take hold and e-mail sending jobs in Sidekiq will be failing.

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)
  • Run RAILS_ENV=production bundle exec rails mastodon:maintenance:remove_regeneration_markers (in Docker: docker-compose run --rm web rails mastodon:maintenance:remove_regeneration_markers) once to fix a past issue with bugged out home timelines that were supposed to be regenerated

Contributors to this release:

@abcang @akihikodaki @codl @Gargron @Kjwon15 @m4sk1n @marrus-sh @mayaeh @mike-burns @neetshin @norayr @patf @pierreozoux @puckipedia @Quenty31 @redtachyons @renatolond @rinsuki @SerCom-KC @ThibG @yi0713 @ykzts

2.1 branch

7 months, 1 week ago
View release notes

Mastodon

Note: Some of these patches are security-related. A timely upgrade is advised.

Fixes:

  • Fix unintended cache (#6214)
  • Fix force_ssl conditional (#6201)
  • Skip remote reblogs of non-public objects (#6230)
  • Fix bad URL schemes being accepted (#6219)
  • Refactor /api/web APIs to use the centralized axios instance (#6223)
  • Increase rate limit on protected paths (fix wrongful throttling on login/sign up) (#6229)
  • ActivityPub: Move Article from supported to converted types (#6218)
  • ActivityPub: Revert #5772 (#6221)
  • ActivityPub: Add the author of a status to cc if reblogged (#6226)
  • Do not display elephant friend in single-column layout (#6222)
  • Add index on statuses for /api/v1/accounts/:account_id/statuses (#6202)
  • Use content warning for page title when present (#6231)

Upgrade notes:

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@Gargron @Kjwon15 @MasterGroosha @nightpool @puckipedia @renatolond @SerCom-KC @takayamaki @ykzts

7 months, 1 week ago
View release notes

Mastodon

Features:

  • Add rake task to check and purge accounts that are missing in origin (#6085)

    Usage: rails mastodon:maintenance:purge_removed_accounts will scan through all known remote accounts. If one cannot be re-resolved, you will be asked for confirmation to delete it from your database. If you don't want to be asked for confirmation each time, use the command rails mastodon:maintenance:purge_removed_accounts -- --force

    This command is not expected to be run frequently or systematically. Sometimes you may wish to preserve copies of accounts that have disappeared. Another fix included in this release will ensure that purposefully deleted accounts no longer leave behind anything on remote servers in the future.

  • Make some federation APIs cacheable by e.g. nginx or varnish (#6101, #6115)
  • Cache JSON of immutable ActivityPub representations (#6171)
  • Add more instance stats APIs (#6125)

    From the point of deployment, Mastodon will begin counting weekly numbers of active users, posted statuses and new registrations. These numbers will be available from GET /api/v1/instance/activity. Furthermore, the instance will announce the list of domains it has seen under GET /api/v1/instance/peers. Please mind that those domains are not the domains of users followed by the users of this instance, nor do domain blocks have any effect on the list. It is merely the domains of users the instance has previously resolved. The commonly known "connections" count metric has previously announced this exact data.

    Both of these new stats endpoints can be disabled from admin settings.

  • Display a warning when composing unlisted toots with something looking like a hashtag (#6132)
  • Add confirmation step for email changes (#6071)
  • Reduce federation traffic when an account is deleted/suspended (#6172)

Fixes:

  • Replace <code> to <kbd> in KeyboardShortcuts component (#6049)
  • Display deleted users' role as “Suspended” (#6080)
  • Reduce the number of synchronous resolves when posting toots (#6075)
  • Move dropdown transform origin to top edge (#6091)
  • Reduce motion for boost animation (#5871)
  • Add supported Node.js version to package.json (#6096)
  • Add mute, block, conversation mute actions to detailed status dropdown menu (#6099)
  • Faster index on notifications table (#6108)
  • Fix XML oEmbed support discovery (#6104)
  • Move the mastodon on Getting Started column to drawer column (#6109)
  • Keep the same filters and page when doing custom emojo stuff (#6114)
  • Show mastodon on modal (#6129)
  • delete X-UA-Compatible (#6068)
  • Fix newlines-to-spaces functionality (#6158)
  • Don't leave behind husk of remotely-deleted profile (#6159)
  • Update moved-to property when it's removed too (#6160)
  • Sanitize incoming classlist properly (#6162)
  • Allow to dereference Follow object for ActivityPub (#5772)
  • Don't normalize URLs in toots (#6134)
  • Fix OpenSSL dependency in ostatus2 (#6174)
  • Fix nil error in log_target_from_history helper (#6173)
  • Rearrange items in Getting Started navigation (#6126)
  • Fix FetchAtomService not finding alternatives if there's a Link header (#6170)
  • Fallback default thumbnail in instance status API (#6177)
  • Use disable_ddl_transaction! to prevent warnings on migration (#6183)
  • Fix overflowing audit logs (#6184)
  • Fix email confirmation link not updating email (#6187)
  • Fix RFC 5646 Regular Expression (#6190)
  • When fetching an ActivityPub-enabled status, do not re-request it as text/html (#6196)
  • Fix PuSH workers error when retries exhausted (#6200)

Upgrade notes:

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@akihikodaki @beatrix-bitrot @chriswmartin @cpsdqs @Gargron @Kjwon15 @lynlynlynx @m4sk1n @MitarashiDango @muan @neetshin @nightpool @noiob @nolanlawson @Otakan951 @patf @petzah @puckipedia @Quenty31 @stalker314314 @takayamaki @TheKinrar @ThibG @unarist @ykzts @yukimochi @zunda

2.1
8 months ago
View release notes

Mastodon

Features:

Lists (#5703)

Lists allow you to categorize your home feed for easier digestion. You can sort people you are following into arbitrary lists, and mount those lists in your web UI as separate columns. Lists are private and cannot include people you are not following.

How to get started: "Getting Started" -> "Lists". Open a list and click on the column sliders icon to see "Edit list" and "Delete list" options. And don't forget you can pin columns!

Invite system (#5814)

The invite system allows you to generate an invite link that lets people sign up even if registrations are closed. Each invite link can have an optional time limit or maximum uses limit. The minimum role required for creating invites can be adjusted in admin settings, by default this function is exposed to admins only.

Account migration: profile moved note (#5746)

If you move from one account to another in the Mastodon network, you can now configure your old account to display a prominent link to the new profile. While this isn't quite the automated follower migration yet, it's a step above having to do it manually. When this is setup, the profile avatar is also greyed out and the follow button is hidden to make it more obvious.

How to get started: "Edit profile" -> scroll down to "Move to a different account". This setting currently does not touch your followers so it is reversible.

Moderator role (#5635)

The permission system in Mastodon has been expanded. Between users and admins there is a new role, moderator, which can handle reports and some other moderation-related functions but nothing like site settings. Admin navigation has been reworked.

How to get started: To avoid tricky situations admins cannot demote other admins through the UI. So if you've got fellow admins who were really supposed to be mods all along, you'll need to use the Rails console. In it, you can do: User.find_by(email: 'email@of.mod').update(admin: false, moderator: true)

Audit log for staff actions (#5757)

All actions performed by admins and moderators are now logged into an audit log, visible to admins and moderators.

Memorial accounts (#5615)

Admins can now disable logins of accounts without suspending. Separately, an account can be turned into a memorial page. That automatically disables the login and displays a note on the profile.

Improved muting (#5087)

Over the course of the project's lifetime the mute function has gone through various changes following user feedback. The last iteration essentially equalized it with block, with stealth being the only difference. However, the initial use case of mutes was missed by some. As a result, when muting someone, you can now choose whether you want to mute notifications from them or not. If not, they can still talk to you.

Hide boosts from people you are following (#5762)

You can now do this. There's not much to say about it, but it's a highly requested feature.

Block direct messages from people you don't follow (#5669)

You can now do this. There's not much to say about it, but it's a highly requested feature.

Integration with PeerTube (#5848)

PeerTube is a decentralized alternative to YouTube that is also based on ActivityPub, like Mastodon. With some minor adjustments we ensured that PeerTube users can be followed from Mastodon and you can properly receive updates from them.

Other:

  • UI: Ability to hide some custom emoji without disabling them (#5485)
  • UI: Add ServiceWorker caching for static assets (#5524)
  • UI: Show the local couterpart of emoji when it exists in admin UI (#5467)
  • UI: Show confirmation dialog on leaving Web UI while composing (#5616)
  • UI: Allow to open a modal for embedded photo (#5777)
  • UI: Add keyboard shortcuts legend (#5823)
  • API: Rate limit by user instead of IP when API user is authenticated (#5923, #5948)
  • UI: Improve public status page title (now includes author's name and excerpt) (#5985)
  • API: Make it possible to stream public timelines without authorization (#5977)
  • UI: Add Galician language support (#5955)

Upgrade notes:

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)
  • This release includes changes to some preview cards, that means you need to run RAILS_ENV=production bundle exec rails mastodon:maintenance:migrate_photo_preview_cards immediately AFTER you updated. Note that this will queue some pull jobs for Sidekiq.

Troubleshooting

Fixes:

  • UI: Remove unnecessary translateZ(0) when doing scale() (#5473)
  • UI: Remove translateZ(0) on modal overlay (#5478)
  • Fix Cocaine::ExitStatusError when uploading small non-animated GIF (#5489)
  • UI: Fix column design broken with very long title (#5493)
  • Fix copying emojis: redirect to the page you were on (#5509)
  • ActivityPub: Allow ActivityPub Note's tag and attachment to be single objects (#5534)
  • Add artist, title, and date metadata to boop.{mp3,ogg} (#5531)
  • Instantiate service classes for each call (fixes #5540) (#5543)
  • UI: Separate Follow/Unfollow and back buttons (#5496)
  • Avoid modifying emoji data inline (#5548)
  • ActivityPub: Update remote ActivityPub users when fetching their toots (#5545)
  • UI: Avoid useless renders in WrappedSwitch (#5580)
  • Add account search condition (instance domain) (#5577)
  • UI: Don't display any descendants of .invisible (#5567)
  • UI: Hide disabled custom emojis from emoji picker and emoji auto suggestions. (#5613)
  • UI: Make fullscreen video in detailed status plays in fullscreen (Partially fix #5160) (#5611)
  • Unify file upload to use the fog gem (#5604)
  • ActivityPub: Resolve remote accounts when mentioned even if they are already known (#5539)
  • ActivityPub: Do not process undeliverable mentions (#5598)
  • UI: Avoid emojifying on invisible text (#5558)
  • Twidere mentions workaround (#5552)
  • UI: Eliminate space around emoji (#5474)
  • In remove_remote, exclude already removed media attachments. (#5626)
  • UI: Fix focused background color of direct toots (#5642)
  • ActivityPub: Retry thread resolving (#5599)
  • UI: Reset column loading status after fetch failure (#5659)
  • Allow specifying STATSD_NAMESPACE (#5700)
  • Filter searched toots to be consistent with blocking behaviors (#5383)
  • Fix N+1 at notification (#5752)
  • Fix NoMethodError at ActivityPub::FetchRemoteStatusService (#5753)
  • Fixed duplicating URL of photo type of oEmbed (#5763)
  • Add index of account and reblog to statuses (#5785)
  • UI: Don't remove originals of boosted toots from timeline (#5479)
  • Fix unnecessary order (#5807)
  • Do not filter the status collection after muting and blocking (#5815)
  • UI: Use account.display_name for og:title single toot pages (#5821)
  • Merge indexes for reblog on statuses table (#5831)
  • Add index on stream_entries table (#5793)
  • ActivityPub: Fix too many forwards in ActivityPub federation traffic (#5854)
  • Remove rabl dependency (#5894)
  • UI: Disable status content outline (#5921)
  • UI: Prevent duplicate load of favourites (#5931)
  • UI: Keep WebPush settings after logout (#5879)
  • UI: Polish video player CSS, add timer on fullscreen/modal/public pages (#5928)
  • UI: Ensure link thumbnails are not stretched to super low quality (#5932)
  • ActivityPub: Do not downgrade to OStatus once ActivityPub is known (#5929)
  • UI: Fix Audio.prototype.seek is undefined (#5935)
  • UI: Move push notifications settings (regression from #5879) (#5941)
  • UI: Back to Web UI from tag page when signed in (#5943)
  • Ignore HEAD method if does not support (#5949)
  • Save media outside transaction (#5959)
  • Fix account and tag searches with leading/trailing spaces (#5965)
  • UI: Change the disclaimer under the sign up form (#5817)
  • Exclude moved accounts from search results (#5984)
  • Change conditional to avoid nil into string error in sidekiq (#5987)
  • Return false if object does not respond to url (#5988)
  • Store preview image for embedded photo in preview cards (#5986)
  • UI: Make detect empty string before assign image description (#5994)
  • API: Improve error handling in streaming/index.js (#5968)
  • UI: Use streaming API for standalone timelines on /about and /tag pages (#5998)
  • UI: Shorten English title for 2FA to avoid line-break (#6001)
  • UI: Fix GIF avatars not autoplaying when GIF autoplay is enabled (#6000)
  • UI: Clean up admin UI for accounts (#6004)
  • Fix redundant HTTP request in FetchLinkCardService (#6002)
  • UI: Set direction style to reply indicator (#6006)
  • UI: Redesign tootbox (#5919)
  • UI: Exchange the order of spoiler-input and unlocked warning (#6015)
  • Do not hide statuses from silenced accounts from other silenced accounts in threads (#6030)

Contributors to this release:

@abcang @akihikodaki @Aldarone @alxrcs @aschmitz @BaptisteGelez @barzamin @BoFFire @clworld @contraexemplo @cormojs @danhunsaker @dblandin @ekiru @Gargron @goofy-bz @hcmiya @ilpianista @jeroenpraat @jmontane @joshuap @kaniini @kedamaDQ @KEINOS @lynlynlynx @m4sk1n @masarakki @matt-auckland @mayaeh @minacle @MitarashiDango @Nanamachi @neetshin @nightpool @nullkal @Quenty31 @renatolond @salvadorpla @sdukhovni @SerCom-KC @sorin-davidoi @Sylvhem @takayamaki @theboss @ThibG @trebmuh @unarist @voidsatisfaction @ykzts @ysksn @yukimochi

2.0 branch

2.0
10 months ago
View release notes

Mastodon

Breaking changes:

  • All id attributes in the REST API responses, including attributes that end in _id, are now returned as strings instead of integers. This is because large integers cannot be encoded in JSON losslessly, and all IDs in Mastodon are now bigint. Some apps will not work with this release until they are updated
  • Mastodon will no longer deliver private and direct statuses to OStatus-based recipients (that means pre-1.6.0 Mastodon, too)
  • Stylesheet customizations now work differently due to the new theme feature. See upgrade notes for details.

Features:

Custom emoji (#4988, #5243, #5258, #5002)

Admins may upload 50KB PNG images and assign them shortcodes. These images act as custom emojis that can be embedded inline in statuses using those shortcodes, like :example:. The emojis display correctly between different instances, but users can only use their local emojis. However, it is simple enough to make a local copy of a desired emoji.

Admins may disable individual remote emojis from being displayed on their instance. The domain block reject media option also works on them.

Add support for multiple themes (#4959, #5336)

Besides the old custom.scss way, admins may install additional themes. When more than one theme is installed, the option to select your preference appears in user's preferences.

Replace EmojiOne emoji pack with Twemoji (#5046)

The newer releases of EmojiOne have switched their license and availability. To get access to all the latest standard emojis, we switched packs to Twemoji, which has a more permissive license, which is used by Twitter and Discord.

Add emoji autosuggestions (#5053)

When beginning to type a shortcode, an autosuggestion appears instantly, like for usernames. Upon selection it inserts the unicode character into the text. Entering a standard emoji's shortcode and leaving it as such now is interpreted as you meaning to leave it as plain text, it will not be converted to unicode server-side to avoid garbling code and IPv6 addresses that contain syntax that is similar to shortcodes.

New emoji picker (#5046, #5275)

The emoji picker has been improved. It will display your instances's custom emojis as well as keep track of the emojis you use frequently and your selected skin tone modifier.

New error page graphic. Other error page improvements (#5067, #5099)

The 500 error page is now generated during the assets:precompile rake task, meaning that it can use the same stylesheets and assets as the rest of the application. The loading of external Google Fonts was removed from the page. Custom style adjustments will also work on it now. And there's a new elephant graphic on it.

Better primary ID generation (#4801, #5260)

The so-called Snowflake algorithm of generating primary IDs for statuses is used now. It includes timestamps in the ID, making it possible to sort items chronologically regardless of when they were actually inserted into the database, without giving up performance or the uniqueness required for keyset pagination. It also makes it harder to guess how large someone's database table truly is. When resolving old statuses from other instances, such as for boosts, search or thread resolving, this means that newly resolved old statuses will no longer appear at the top of public timelines.

Hotkeys in web UI (#5164)

The web UI can now be navigated and controlled with a variety of hotkeys.

For example, 1-9 will focus a corresponding column (skipping the compose drawer, that is). n will focus the compose textarea, while alt+n will not only focus it but also reset it. s will focus the search form.

When a timeline is focused, j/down-arrow and k/up-arrow move the focus down/up; o/enter expands the status, p opens the author's profile, r to reply, m to mention author, f to favourite, b to boost.

In terms of general navigation, backspace is bound to navigating backward. A quick combination of g and certain letters will take you to a particular page: s to start, h to home, n to notifications, l to local timeline, t to federated timeline, f to your favourites, u to your own profile, p to your pinned toots, b to your blocked users, m to your muted users.

Add ability to specify alternative text for media attachments (#5123)

After uploading a media attachment but before submitting the toot, the description of the upload can be specified to allow people who use screen readers to enjoy the upload, too. Up to 420 characters can be used.

Redesign public hashtag pages (#5237)

The public hashtag pages are used almost exclusively by non-logged-in users, so they should act more like landing pages. The updated design uses the same embedded timeline component as the frontpage, meaning there are auto-updates and infinite scroll and it looks more like what you get if you sign up. It also displays login and sign-up buttons on the side, as well as a few benefits of Mastodon.

Implement dynamic e-mail blacklist for admins (#5109)

Previously the only way to prevent an e-mail domain from being used by new sign-ups was to specify an environment variable and restart Mastodon. This does not work well enough. Now this setting can be changed inside the admin UI without restarting Mastodon, instead.

Other:

  • After 7 days of repeated delivery failures, give up on inbox delivery to reduce wasted effort (#5131)
  • Send streaming API delete to people mentioned in status, so they would get it even if they don't follow the author (#5103)
  • In detailed status view, display the attachment uncropped if there's only one of it (#5054)
  • When a streaming API status arrives, sort it into conversations live so you don't have to reload the conversation to see it (#5206)
  • New Material app icon for Chrome, new icons for iOS, Microsoft (#5291, #5321)
  • New API: GET /api/v1/apps/verify_credentials to confirm app works (#5112)
  • Reorganize preferences page (#5161, #4447)
  • Admins can now add moderation notes to accounts (#5240)
  • New preference for reducing animations in web UI to prevent motion sickness (#5393)

Upgrade notes:

Non-Docker only:

  • The recommended Ruby version has been bumped to 2.4.2. However, it is only a recommendation. If you would like to stay with 2.4.1, simply overwrite the value in .ruby-version
  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate). Depending on your database size, this migration may take a long while! It may also lead to some downtime. Make sure you have backups. This is because we are upgrading a multitude of database columns from int to bigint to make sure they're future-proof.
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Optionally:

  • custom.scss is no longer automatically loaded because the feature has been reworked into themes. Change to default: styles/custom.scss in config/themes.yml to restore old behaviour

Troubleshooting

  • If you have upgraded to the master branch before v2.0.0rc1 and your custom emoji now fail to load, perform this rake task: RAILS_ENV=production bundle exec rake paperclip:refresh:thumbnails CLASS=CustomEmoji

Fixes:

  • Web UI: Make sure formatted numbers don't contain insignificant zeroes (#4993)
  • Bump recommended Ruby version to 2.4.2 (#4958)
  • Fix performance on stats queries (#4996)
  • OpenGraph: Fix error when generating OpenGraph tags for images without metadata (#4995)
  • ActivityPub: Add published property to activity for reblogs (#5000)
  • Re-allow final underscore in parsed URLs (#4999)
  • Web UI: Improve scrolling performance on Chrome (#5001)
  • Remove ubuntu-toolchain-r-test dependency (#5005)
  • Fix account records being read before processing finished (#4998)
  • Web UI: Hide sensitive image by default on the public pages (#5009)
  • ActivityPub: Use OrderedCollectionPage to return followers/following list (#4949)
  • Web UI: Improve scrolling performance in general (#5011, #5152)
  • Web UI: Fix remote statuses being html_encoded in public pages (#5012)
  • Fix race condition when processing incoming OStatus messages (#5013)
  • API: Change IDs to strings rather than numbers in API JSON output (#5019)
  • Web UI: Use file extensions in addition to MIME types for file picker (#5029)
  • Disable private status federation over OStatus (#5027)
  • Web UI: Reduce wasted renders (#5021, #5036)
  • Web UI: Improve mobile style of /about/more (#5034)
  • Web UI: Make dropdowns render into portal, expand animation (#5018, #5140)
  • Document REDIS_NAMESPACE (#5038)
  • Do not filter statuses with unknown languages (#5045)
  • Web UI: Fix overflowing tabs in account__action-bar (#5056)
  • Web UI: Fix media gallery CSS (#5064)
  • Web UI: Change mobile layout breakpoint from 1024px to 630px (#5063)
  • Suppress backtrace when failed to communicate with a remote instance (#5076)
  • Thread notification e-mails for mentions by conversation (#5061)
  • Web UI: Increase max height of preview card image (#5092)
  • Stop processing of payload if it originates from a local account (#5100)
  • API: When OAuth password verification fails, return 401 instead of redirect to login (#5111)
  • Web UI: Remove now redundant warnings about OStatus privacy (#5102)
  • Improve worker performance by flushing body when performing POST requests (#5128)
  • ActivityPub: If HTTP signature is wrong and webfinger cache is stale, retry with resolve (#5129)
  • Web UI: Improve performance of modal and swipe animations (#5135)
  • Change max redirects followed to 2 (#5136)
  • When using statsd to track Mastodon performance, it will now get more useful metrics (#5118)
  • Web UI: Upgrade to React 16 (#5119)
  • Web UI: Make emoji autosuggestions immediate, usernames appear sooner (#5149)
  • Fix bug with OpenStack v2 (#5155)
  • Fix order of paginated accounts on authorized followers page (#3357)
  • Mobile: Make Chrome splash screen the same color as web UI's background color for smoother transition (#5169)
  • Web UI: Toggle contain:strict on fullscreen (#5159)
  • Append confirmation link as plain text in e-mails (#5146)
  • Web UI: When muting someone, clear web UI of their content like for blocks (#5172)
  • Web UI: Fix emoji sequence bug in substring-trie (#5191)
  • Web UI: Compress and combine emoji data (#5201, #5229)
  • Improve HTTP responses for Salmon and ActivityPub inbox processing (#5200)
  • ActivityPub: Fix possible acct URI usurpation in account discovery (#5208)
  • Use separate workers to process imports, retry failures (#5207)
  • ActivityPub: Validate id of objects (#5114)
  • Web UI: Use own, shorter relative timestamps in web UI to save space (#5171)
  • OpenGraph: Use summary_large_image card only when media attachments present (#5219)
  • Web UI: Fix remote profile being displayed as HTML on remote follow page (#5249)
  • Improve error handling in LinkCrawlWorker (#5250)
  • Web UI: Fix overflowing (#5246)
  • Web UI: Show buffering in video player (#5261)
  • Web UI: Dynamically calculate card height for embeds instead of using CSS padding trick (#5265)
  • ActivityPub: Use object URI only in Announce, instead of embedding (#5266)
  • Fix pagination in blocks API (#5285)
  • Web UI: Center error layout (#5289)
  • Fix offline-plugin warning in dev mode (#5411)
  • Disable reblog counter for private toots (#5397)
  • Fix unreblogged toot being at wrong position in the home timeline (#5418)
  • Ensure that home feed regeneration after inactivity restores non-zero items (#5409)
  • Properly remove unreblogged toots from timelines by keeping references of all reblogs (#5419)
  • Web UI: Replace newlines in desktop notifications with spaces instead of removing them (#5361)
  • Allow unreblogging pre-ActivityPub reblogs (#5376)
  • ActivityPub: Fix remote status fetching for ActivityPub-only WEB_ACCOUNT users (#5372)
  • Web UI: Avoid confusing messaging: When unfollowing, remove toots from home in web UI immediately (#5369)
  • Web UI: Avoid confusing messaging: Do not try to guess why home timeline is empty in web UI (#5370)
  • Fix user sign in count updating on every request, optimize some queries (#5368)
  • Optimize Status#permitted_for 500x (account timeline) (#5373)
  • Make HTTP deliveries faster by closing connection right after posting (#5390)
  • Fix some failure cases when fetching link preview cards (#5347)
  • Web UI: Reduce discrepancies between server and client-side character count (#5360)
  • Fix reblog count increasing without reason (#5363)
  • Web UI: Fix React warning about tabIndex on status with CW (#5432)
  • Don't capture scheme-less URLs in the status (#5435)
  • When status is fetched instead of delivered, do not stream it (#5437)
  • Web UI: Fix unwanted content warning gap in CSS (#5436)
  • OpenGraph: OpenGraph tags on sign in and sign up pages (#5308)
  • Web UI: Only preload JS on /web pages (#5325)
  • Web UI: In thread view, only scroll on first update, and scroll to replied-to post (#5322)

Contributors to this release:

  • @abcang
  • @akihikodaki
  • @Aldarone
  • @aschmitz
  • @BoFFire
  • @cacheflow
  • @contraexemplo
  • @crakaC
  • @ErikXXon
  • @gandaro
  • @Gargron
  • @hcmiya
  • @hinaloe
  • @JeanGauthier
  • @jeroenpraat
  • @JohnD28
  • @k24
  • @Kjwon15
  • @lynlynlynx
  • @m4sk1n
  • @mabkenar
  • @masarakki
  • @mathias-b
  • @MightyPork
  • @MitarashiDango
  • @monsterpit-daggertooth
  • @nolanlawson
  • @nullkal
  • @pfm-eyesightjp
  • @renatolond
  • @roikale
  • @salvadorpla
  • @sylph01
  • @Sylvhem
  • @takayamaki
  • @Technowix
  • @ThibG
  • @tkbky
  • @unarist
  • @utam0k
  • @voidsatisfaction
  • @yanakend
  • @yannicka
  • @YaQ00
  • @ykzts
  • @zunda

1.6 branch

11 months ago
View release notes

Mastodon

Fixes:

  • Reset preview image if avatar/header image selection was cancelled (#4893)
  • Fix error when following locked accounts (#4896)
  • Fix count numbers from ActivityPub not being saved (#4899)
  • Merge context hash into final JSON hash after key transform (#4898)
  • Fix nil error for old toots that don't have a conversation (#4900)
  • Clean up and improve generated OpenGraph tags (#4901)
  • Whenever a remote keypair changes, unfollow them and re-subscribe to them (#4907)
  • Specify libicu explicitly in Aptfile (#4920)
  • Fix height cache (#4909)
  • Limit pinned toots to 5 (#4923)
  • Add missing suspend checks (#4921)
  • Fix ActivityPub handling of replies with WEB_DOMAIN (#4904)
  • Fix share intent (#4926)
  • Do not keep remote file names, generate random (#4934)
  • Enable to recognize most kinds of characters as URL paths (#4941, #4968, #4975)
  • Fix race condition when receiving an ActivityPub Create multiple times (#4930)
  • Remove redundant width/height values from SVGs to fix Safari bug (#4956)
  • Fix invisible load more button (#4962)
  • Fix filterable_languages method of SettingsHelper (#4966)
  • Fix hasSize condition in secSet and sizes. (#4969)
  • Fix AP serialization error when thread is missing (#4970)
  • Fix an error in ReplyDistributionWorker when replied status was deleted (#4974)
  • Adjust landing pages 2 (#4967)
  • Fix an error when actor json couldn't be fetched in ResolveRemoteAccountService (#4979)
  • Randomize sidekiq-scheduler cron schedule (#4980)
  • Fix cancellation of scroll to the right (#4978)
  • Raise an error on getting activity uri for remote status (#4984)
  • Validate uri presence for remote status (#4985)
  • Oauth code in input form and add description message (#4986)

Features:

  • Add OpenStack Keystone V3 support (#4889)
  • Add section for protocol specific information on the admin page (#4910)
  • Admin UI: Make instance names in into links to user list in the instance (#4924)
  • Admin UI: Add instance search feature (#4925)
  • Admin UI: Uploads for admin site settings (#4913)
    You can now upload your own OpenGraph thumbnail for your instance
  • Redesign video player (#4911)
  • Support OpenGraph video embeds (e.g. Twitch clips) (#4897)
  • Include requested URL into the message on network errors (#4945)
  • Add scheduled worker to purge old user IPs (#4951)
  • When web UI URL used while logged out, redirect to corresponding static page (#4954)
  • When accessing uncached media attachment, redownload it (#4955)

Upgrade notes:

Non-Docker only:

  • Dependency updates: bundle install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@abcang @akihikodaki @Artoria2e5 @bounshi @bruwalfas @contraexemplo @fvh-P @Gargron @greysteil @jeroenpraat @lynlynlynx @m4sk1n @mabkenar @MitarashiDango @nullkal @patf @Quent-in @sdukhovni @ThibG @unarist @ykzts @yukimochi @zunda

1.6
11 months, 1 week ago
View release notes

Mastodon

ActivityPub is a new federated web protocol. From this release onward it is the primary protocol of Mastodon. We will remain compatible with OStatus for the foreseeable future, but version 2.0 of Mastodon will stop sending private toots over it. After installation, accounts in the database will slowly start upgrading. One of the immediate and obvious perks of this new protocol is more complete conversation views on every instance (presuming all participants are upgraded). For more, see this blog post.

Fixes:

  • During Docker build: Use multiple cores in bundler and make (#4544)
  • Web perf: Cache status height (#4439)
  • Fixes to the about page (#4554, #4548, #4682)
  • Add missing content type on throttled responses (#4558)
  • Add coalesce option to avatar and header convert processor (#4552)
  • Add missing @ to the onboarding modal (#4560)
  • Add missing scroll to top to some column headers (#4563)
  • Add favourited toot to favourites column (#4562)
  • Remove toot from favorites column when unfavorited (#4597)
  • Fix emoji picker scrollbar style (#4572)
  • Extend Devise remember_me longevity to 1 year instead of 2 weeks (#4587)
  • Fix search (regression from #4589) (#4594)
  • Fix require_user! behavior when not logged in (#4604)
  • Don't send Link header when prev and next links are empty (#4633)
  • Re-add missing token authorization for /api/v1/verify_credentials (#4650)
  • Refactored streaming connections (#4645)
  • Do not try to re-subscribe to unsubscribed accounts (#4653)
  • Fix visual line-break glitch with .invisible parts of links (#4655)
  • Increase contrast in landing pages (#4567)
  • Periodically remove expired PuSH subscribers (#4654)
  • Disable babel-loader cache when in development environment (#4684)
  • Don't load Roboto webfont when system font is used in the app (#4591)
  • Automatically authorize pending incoming follow requests after unlocking account (#4658)
  • Adjust RTL styles (#4712)
  • Do not scroll the columns area due to redirection (#4541)
  • Remove unnecessary indices (#4738)
  • Add close tag of iframe for OEmbed response (#4745)
  • Docker: Update to Alpine 3.6 (#4747)
  • Make first use less overwhelming with browser permissions: Ask for desktop notifications after 1 minute, ask to register protocol handler after 5 minutes (#4760)
  • Use system's default font (when selected) on non web UI pages too (#4553)
  • Link previews storage and fetching reworked/optimized (#4642)
  • Fix text position of "sensitive content" spoiler in Safari (Mac/iPhone) (#4570)
  • Make "unfollow" remove pending outgoing follow requests too (#4781)
  • Validate presence of data in imports (#4782)
  • Fix short number locales (#4790)
  • Fix a problem that notification column goes to top (#4792)
  • Use correct syntax for content preloading (#4798)
  • Fix streaming url to lowercase (#4804)
  • Show pinned statuses only in the top of the profile page (#4803)
  • Fix some ActivityPub JSON bugs (#4796)
  • Add new index on notifications to make filtering faster (#4750)
  • Adjust status embeds (#4808)
  • Restore instant follow in API response when account is unlocked (#4799)
  • Fix mentions in direct statuses not being delivered via AP (#4806)
  • Do not execute the job with the same arguments as the retry job (#4814)
  • Fix text position of NSFW for video file (#4819)
  • Fix scroll position (#4821)
  • Add Smartphone screen favourite back button and adjust styles (#4813)
  • Make new statuses use the same URI format in both ActivityPub and OStatus (fixes threading issue in OStatus) (#4815)
  • Fix rake task compatibility with Ruby 2.3.x (#4832)
  • Report comment: limit to 1000 characters (#4833)
  • Enable UniqueRetryJobMiddleware even when called from sidekiq worker (#4836)
  • Fix counting of local statuses for stats (#4839)
  • Fix language filter codes (#4841)
  • Handle stream_entry URL correctly in ActivityPub (#4854)
  • Refresh timeline after toot while the timeline is disconnected (#4858)
  • When visibility missing from API call to toot, fallback to user preference (#4861)
  • Check if already follow-requested from FollowService to avoid error (#4855)
  • Scrollable tables in settings pages (#4857)
  • Add missing reject_media check before avatar download via ActivityPub (#4862)
  • Fix errors preventing UnsubscribeService from working (#4866)
  • Set fallback address when empty notification address (#4868)
  • Fix dimensions of loading component for compose drawer (#4872)
  • Hide modal loading screen for media/video/boost/confirm/actions modals (#4873)

Features:

  • 🎉 🎉 ActivityPub 🎉 🎉
  • Security:
    • Digest header on requests with body (#4565)
    • Add handling of Linked Data Signatures in payloads (#4687, #4752)
    • Support more variations of ActivityPub keyId in signature (#4630)
  • Plumbing:
    • Incoming processing (#4216, #4571, #4595, #4601, #4629, #4639, #4728, #4729, #4763, #4754, #4761)
    • Delivery (#4566, #4703, #4704, #4739)
    • Improvements to representation of entities (#4592, #4737, #4764, #4767, #4779)
  • Protocol upgrade:
    • Migration from OStatus (#4583, #4593, #4623, #4631, #4632, #4617, #4662, #4582, #4702, #4730, #4756, #4766)
    • Alternate links to ActivityPub resources from HTML/HEAD variants (#4586)
    • Hook up URL-based resource look-up to ActivityPub (#4589, #4661, #4599, #4668, #4672)
  • User-facing:
    • Update admin view for ActivityPub users (#4600, #4622)
    • Forward ActivityPub deletes to followers of rebloggers (#4706)
    • Forward ActivityPub replies to local statuses to followers of authors (#4709)
    • Fetch statuses/following/followers numbers from ActivityPub (#4840)
  • Include the stats from the /about/more page in API response about instance (#4074)
  • Add protocol handler. Mastodon can now respond to URLs that begin with web+mastodon://, e.g. specially crafted "follow me" buttons would automatically open your correct instance from any webpage (#4511)
  • web+mastodon://follow?uri=alice@example.com opens follow dialog for alice
  • web+mastodon://share?text=Lorem+ipsum opens new toot dialog with preset text "Lorem ipsum"
  • Redesign public profiles. Add no-replies, with-replies, only-media filters (#4608, #4711, #4713)
  • Developer UI for OAuth applications (#2758, #4664, #4671)
  • Add Mastodon::Source.url for forks (#4643)
  • Pinned statuses (#4675, #4690, #4817)
  • Update status embeds with better URLs, better design, branded follow button using protocol handler (#4742)
  • "Embed" modal in web UI (#4748, #4759, #4773)
  • Add script to make embedded iframes autosize (#4853)
  • OpenStack Swift support as alternative to S3 📎 (#2322, #4816)
  • "Mute conversation" option on all own toots, not just in notifications (#4844)
  • Default follows for new users (#4871)
    New users automatically follow certain accounts upon e-mail confirmation. Configurable with admin site setting. When nothing else set, defaults to admins.

Upgrade notes:

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)
  • After database migrations, clean out old preview cards thumbnails with RAILS_ENV=production bundle exec rails mastodon:maintenance:remove_deprecated_preview_cards (in Docker: docker-compose run --rm web rails mastodon:maintenance:remove_deprecated_preview_cards)

Contributors to this release:

@abcang @akihikodaki @algernon @andydrop @anneau @BoFFire @clworld @contraexemplo @cygnan @diomed @ekiru @eramdam @Gargron @Jehops @lynlynlynx @m4sk1n @mabkenar @masarakki @mayaeh @MightyPork @MitarashiDango @miuchan @muffinista @nightpool @nullkal @pfm-eyesightjp @Quent-in @rkarabut @salvadorpla @sorin-davidoi @Sylvhem @takayamaki @TheInventrix @ThomasLeister @thurloat @trebmuh @treyssatvincent @unarist @vahnj @voidsatisfaction @Wonderfall @ykzts @yoshi-pc @yukimochi @zunda

1.5 branch

1 year ago
View release notes

Mastodon

Fixes:

  • Critical: Fix WebFinger regression that some servers experience (#4527)
  • Use correct keys for keyboard navigation (#4487)
  • Fix column-back-button style for some browsers (#4484)
  • Don't normalize invalid domain names (#4499)
  • Make number of comparison in emojify() fewer (#4500)
  • Redirect to PasswordController#new when reset_password_token is invalid (#4506)
  • Enable cache for babel-loader (#4505)
  • Docker: Use GNU libiconv in Nokogiri (#4494)
  • Scroll columns area to right when children property is changed (#4517)
  • Add "signed in as" header to some pages (#4523)

Upgrade notes:

Non-Docker only:

  • Dependency updates: bundle install

Both Docker and non-Docker:

  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

TBA

1.5
1 year ago
View release notes

Mastodon

Fixes:

  • Increased threshold for triggering a swipe on mobile (#4037)
  • Faster emojify (#4049)
  • Process links in toots on update as well a mount (#4042)
  • Faster JSON generation (#4090)
  • Fix verified feed author not being enforced when processing feed (#4092)
  • Fix sessions getting forgotten too soon (#4091)
  • Lazy load less used components in web UI (#3879)
  • Change account link to admin account link on report page (#4119)
  • GIF autoplay now defaults to off (#4132)
  • Improve PuSH resubscription scheduling (#4142)
  • Reduce webpack memory usage (#4139)
  • /api/v1/search now requires authentication (#4155)
  • Do not make HTTP roundtrip when resolving local URL (#4160)
  • Add background color for spoiler input, like toot textarea (#4181)
  • Make tag search case insensitive again (#4184)
  • Store emojis as unicode (#4189)
  • Fix subsequent replies to unresolved status not being filtered from home timeline (#4190)
  • HTTP signatures: connect signed PuSH subscription requests to instance domain, removes the drawback of serving Mastodon from a subdomain (#4146, #4205)
  • Optimize uri normalization (#4212)
  • Exclude self toots from regular expression filter (#4245)
  • Mutes now block notifications (#4300)
  • Change "Content Warning" to "Write your warning here" (#4313)
  • No scrollbar if not needed (#4350)
  • Exit early in load function (#4349)
  • Use passive wheel listener (#4348)
  • Update Capistrano lock version in config/deploy.rb (#4352)
  • Guard against missing ref (#4353)
  • Send short account URL to remote instance (regression from #3844) (#4355)
  • Allow longer link text on landing page (reduce padding for Mobile) (#4363)
  • Fix multiple-gif display in user page (#4364)
  • Adjust mobile landing page (#4366)
  • Added external link icons to joinmastodon navbar buttons (#4368)
  • Improve accessibility (#4369, #4377, #4405, #4408, #4417)
  • Add index favourites on account_id and id (#4360)
  • Fix padding in hero container of landing page (#4373)
  • s/PubSubHubbub/WebSub/g (#4372)
  • Fix crash when heading is undefined (#4378)
  • Guard against deleted notifications (#4379)
  • Manually set tabs style when swiping (#4320)
  • Fix infinite scroll fluidity (#4381)
  • Accept backup codes for disabling 2FA (#4382)
  • Add callback_url/acct information for Sidekiq PuSH workers Exception. (#4281)
  • Fix multipoint shortcode bug (#4387)
  • Fix an error when a user tries to search nonexistent remote user (regression from #4275) (#4400)
  • Add default settings for user (#4393)
  • [nanobox] Minor tweaks for 1.5 (#4395)
  • Fallback to site_hostname when site_title is empty (#4394)
  • Use star icon for favourite action (#4396)
  • Fix timeline height on landing page for Safari (#4392)
  • Symlink sw.js to assets/sw.js (#4357)
  • Web push notifications: Do not hard reload tab (#4380)
  • Web push notifications: Group notifications (#4388)
  • Remove hash from chunk filename when dev env (#4411)
  • Fix column header in landing page (regression from #4405) (#4416)
  • Fix protruded information board section in about/more page (#4415)
  • Unify webpackChunkName to lowercase (#4412)
  • Fix current session not being displayed in sessions list (#4424)
  • When PuSH subscribe attempts are exhausted, unsubscribe (#4422)
  • Fix guard clause in WebPushNotificationWorker (#4421)
  • Use consistent icons for web push notifications, same as web UI (#4426)
  • Fix web push notifications "boost" icon not being loaded (regression from #4426) (#4431)
  • Accessability fixes (#4432)
  • Allow animation to end before navigating (#4429)
  • Improve accessibility (#4435, #4457)
  • Don't add tabIndex to wrapped status (#4437)
  • Fix autocomplete option in haml files (#4438)
  • Avoid optimization for non-touch devices (#4444)
  • Use a fainted text color for <hr> elements in the landing page (#4443)
  • Set contact address in about/more as mailto link (#4450)
  • Remove outline from focused toot (#4448)
  • Change to sensitive when adding content warning from web UI (#4456)
  • Disable sensitive button when with content warnings (#4460)
  • Fix button overflow on confirmation modal for mobile (#4465)

Features:

  • Customize privacy policy from admin UI (#4062)
  • Setting to use native system font in web UI (#4033)
  • Nanobox: automated backups (#4023)
  • Swipe animations on mobile web UI (#4105)
  • /api/v1/accounts/verify_credentials now returns user's chosen privacy default (#4075)
  • New preference: always mark media as sensitive (#4136)
  • Success page when remote following someone (#4129)
  • New landing page with public timeline (can be disabled by admin) (#4122)
  • Rake task to redownload avatars/headers (#4156)
  • Improved design of admin settings (#4163)
  • Whenever content warning is preset, media sensitivity is also enforced (#4176)
  • Web Push Notifications (#3243)
  • Adjustable time period for mastodon:media:remove_remote (#4191)
  • Add option to opt out of search engines on public profile/status pages (#4199)
  • Pin favourites column (#4201)
  • Improve ActivityPub representations (#3844)
  • Add unfollow modal (optional) (#4246)
  • Add feature to revoke sessions (#4259)
  • Add admin button to re-subscribe to all accounts from a domain (#4285)
  • Show avatar/header on edit profile page (#4288)
  • Add rake task mastodon:feeds:build to regenerate all active users' feeds (#4303)
  • New logo (#4306)
  • Add loading indicator animation (#4316)
  • Allow domain blocks that only reject media without silencing or suspending (#4325)
  • Redesign extended information page (#4322)
  • Redesign terms page (#4338)
  • Improve remote profile disclaimer (#4342)
  • Web share button (#4365, #4402)
  • Open dropdown menu as modal on mobile (#4295)
  • Count all URLs in text as 23 characters flat, do not count domain part of usernames (#4427)

Upgrade notes:

Non-Docker only:

  • New system package dependencies: libicu-dev libidn11-dev
  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • To enable Web Push notifications, you should generate a few extra secrets and put them into your environment (usually .env.production). Generate the secrets/variables with: RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key (in Docker: docker-compose run --rm web rake mastodon:webpush:generate_vapid_key)
  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate). There are some column data updates, so the migration may take a while if your tables have many rows. If you get a lock error, you'll need to shut down the Mastodon web process during the upgrade.
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)
  • The file sw.js (service worker definition) served from the public directory should be served with no cache headers or cache headers with max-age 0 (basically, don't cache it)
  • There are no more mandatory regular cronjobs, because all important tasks have been moved to Sidekiq. Deprecated rake tasks like mastodon:daily now do nothing.

If push notifications are not being sent and the server logs show errors like Webpush::InvalidSubscription - 400 Unauthorized Registration or Request did not validate Invalid bearer token: Auth > 24 hours in the future, most likely the server time is not accurate (you can use ntp to synchronize it and prevent it from drifting).

If you're upgrading from a version prior to 1.4.2, you may need to run the following command to prepare for the 1.4.2 referential integrity migration:

  • RAILS_ENV=production bundle exec rails mastodon:maintenance:prepare_for_foreign_keys (in Docker: docker-compose run --rm web rails mastodon:maintenance:prepare_for_foreign_keys)

Contributors to this release:

@aaribaud @abcang @akihikodaki @clworld @cygnan @danhunsaker @eramdam @Gargron @ignisf @jeroenpraat @Komic @lindwurm @lynlynlynx @m4sk1n @mabkenar @masarakki @mayaeh @MightyPork @MitarashiDango @nightpool @nullkal @Quent-in @rkarabut @schas002 @ScienJus @sdukhovni @skoji @sorin-davidoi @Sylvhem @ThibG @unarist @ykzts @yukimochi

1.4 branch

1 year, 1 month ago
View release notes

Fixes:

  • Security fix: access tokens used by web UI are now session-bound instead of reused between sessions (#3940)
  • Security fix: require 2FA token to disable 2FA (#3935)
  • Fix "favourites" page not working in web UI (#3925)
  • Fix elephant in onboarding modal being very small on mobile (#3932)
  • Fix incorrect aspect ratio on some preview images in image modal (#3966)
  • Fix jittery timelines (#3972)
  • Fix order of processing when regenerating home feeds from scratch (#3984)
  • Optimize number of commands when trimming home feeds (#3989)
  • Optimize regenerating home feeds (#3990)
  • Optimize emoji replacements in web UI (#4019)
  • Check external changes to textarea before submitting (Grammarly support) (#3632)
  • "Credentials" page renamed to "Security" (#3941)
  • Remove babel compilation step from streaming API server (#3950)
  • Detect more Salmon delivery failures and retry (#3960)

Features:

  • Swipeable columns, media, onboarding modal on mobile (#3643, #3934)
  • Login sessions tracking (under "Security") (#3616, #3929)
  • Admins now receive e-mails about new reports in the system (#3949)
  • Responsive images in media gallery for higher res on high DPI devices (#3963)
  • New rake task to create a user account from the command line (mastodon:add_user) (#1482)
  • Report screen is now a modal instead of a column (#3965)

Upgrade notes:

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@abcang @akihikodaki @Aldarone @amazedkoumei @danhunsaker @debanshuk @Gargron @ikuradon @M1dgard @m4sk1n @mjankowski @nolanlawson @pfm-eyesightjp @sorin-davidoi @ThibG @unarist @ykzts @yukimochi

1 year, 1 month ago
View release notes

Fixes:

  • Bumps the version up to 1.4.6 properly, unlike 1.4.5 which reports itself as 1.4.4
  • Setting toggles properly connected to their labels (#3907)

Upgrade notes:

Both Docker and non-Docker:

  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Upgrade notes if you are upgrading straight from 1.4.3:

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors:

@Gargron @ykzts

1 year, 1 month ago
View release notes

Note: It is recommended to upgrade straight to 1.4.6

Fixes performance regression in 1.4.4 (#3892)

Contributors:

@akihikodaki @foxsan48 @Gargron @nightpool @Quent-in @rkarabut @unarist

1 year, 1 month ago
View release notes

Note: It is recommended to upgrade straight to 1.4.6

Fixes:

  • Whitelist allowed classes for federated statuses (no more spinning) (#3810)
  • Debounce autosuggestions (#3836)
  • Fix hashtag timelines not updating in real time (#3849)
  • Fix character/grapheme count stuff (#3839)
  • Account deletions can be disabled as an instance setting (#3852)
  • Set cursor: pointer only when necessary (#3857)
  • Clicking on the CW text should expand the status (#3855)
  • Fix RTL detection on Ruby side (#3867)
  • "NSFW" button replaced with eye icon, consistent with other UI elements for the function (#3759)
  • Filter direct statuses in Status.as_home_timeline (#3842)
  • Fix remote conversation URIs not being recorded (#3870)
  • Instead of each streaming server subscribing to all redis channels, subscribe on demand (#3828)

Upgrade notes:

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors:

@ThibG @Gargron @ykzts @abcang @unarist @akihikodaki @Quent-in @nightpool @nolanlawson @alpaca-tc @marrus-sh @zunda @masarakki @noraworld @m4sk1n @sorin-davidoi @deflis

1 year, 2 months ago
View release notes

This is a hotfix release

Unfortunately right after v1.4.2 went out, I was informed of a regression from one of the pull requests. This wasn't noticed earlier even though it was up for testing on mastodon.social and glitch.social for a week. This is an important privacy bug (#3752) that we fixed immediately after being informed of it.

No special upgrade instructions are necessary. This release is otherwise identical to v1.4.2. Only the code needs to be updated.

1 year, 2 months ago
View release notes

Fixes:

  • JS performance improvements (#3402, #3300, #3475)
  • Unauthorized websockets access returns 401 instead of closing connection (#3411)
  • Fix webpack building on Windows (#3426)
  • Fix crash in TW locale (#3459)
  • Focus submit button on boost modal (#3494)
  • Usernames and hashtags no longer have influence over language detection (#3503)
  • Update Rails from 5.0.x to 5.1.x (#3121)
  • Add missing database indices (#3510)
  • Clicking label influences the connected toggle (#3530)
  • Only push updates to streaming API for recipients who are signed in to the streaming API (#3278)
  • Bulk pushes to sidekiq (#3536)
  • Refocus textarea after tooting (#3537)
  • Fix limits param in favourites controller (#3553)
  • No-op when following an already followed account (#3575)
  • No-op when favouriting/reblogging toot that has already been favourited/reblogged (#3641)
  • Fix embed page being broken (#3577)
  • Introduce foreign key constraints (#3562)
  • Fix failing thread resolving (#3599, #3622)
  • Fix exact hashtag search (#3611)
  • Fix crash when searching for invalid URLs (#3613)
  • Don't show business e-mail if it's blank (#3619)
  • Allow class attribute on anchors during sanitization to preserve microformats (#3623)
  • Display error message if JS is disabled (#3634)
  • Fix race condition when resolving remote account (#3606)
  • Support multiple trusted proxies (#3639)
  • When language cannot be reliably detected, set it to nil instead of to default locale of instance (#3666)
  • Fix RTL styles (#3669)
  • Improve RTL detection by ignoring whitespace, usernames, URLs and hashtags (#3682)
  • Fix issue where some Node.js versions wouldn't have "includes" function and the streaming API would crash (#3667)
  • Fix case sensitive e-mail check (#3688)
  • Fix deletion of toot sending the original toot to mentioned addresses instead of the "delete" Salmon (#3672)
  • Fix incompatibility with Hubzilla Salmon slaps (#3699)
  • Fix badly positioned unread indicator in column (#3720)
  • Fix unclickable onboarding modal links (#3724)
  • Adjust quality settings of GIFs converted to MP4s to actually save space (#3723)
  • Link the project website from "powered by" links (#3725)
  • Fix content jumping on scroll sometimes (#3734)
  • While the home feed is being regenerated for a returning user, display live results from database instead of nothing (#3721)
  • Batch status deletes for performance and less cross-instance payloads, when suspending accounts (#3735)
  • Save column settings when they are changed rather than when the area is collapsed (#3743)
  • Suspended/deleted accounts no longer come up in search/autocomplete (#3728)

Features:

  • Columns can be pinned, unpinned and moved (#3207)
  • Regex filters on local and federated timelines (#3564)
  • Preference for confirmation dialog on toot deletion (#3368)
  • Simplify stylesheets customization again (#3373)
  • Configurable reserved usernames, so people can't register e.g. "admin", "support", etc (#3566)
  • Dynamic app manifest so "Add to homescreen" will use configured instance name etc (#3563)
  • Image viewer modal uses low-res preview images before full-res is loaded for immediate feedback (#3595)
  • Admin buttons to control PuSH subscription to a remote account (#3640)
  • Admin button to re-download avatar/header of remote account (#3640)
  • Account deletion (#3728)

Upgrade notes:

This release adds database-level constraints for ensure cross-referential integrity. Previously, incorrect records could have persisted due to race conditions and request timeouts in the Ruby codebase. Because Postgres cannot create the constraints if violations of the constraints already exist, I have written a rake task for cleaning up the incorrect records in the database that you should execute before the migration.

If for some reason you cannot deploy the code first without running database migrations in the process (e.g. Capistrano deployments), you can simply copypaste the code from the rake task into the Rails console and execute it that way.

Because of how Postgres executes the creation of foreign keys, if Mastodon activity is happening at the same time, the migration may fail with a "deadlock". In such a case I recommend disabling user access to Mastodon during the migration, which shouldn't take longer than a minute.

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • Run the rake task to prepare for the database migrations: RAILS_ENV=production bundle exec rails mastodon:maintenance:prepare_for_foreign_keys (in Docker: docker-compose run --rm web rails mastodon:maintenance:prepare_for_foreign_keys)
  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)
  • The upgrade from Rails 5.0 to 5.1 will break cached entities. Cache lives for 10 minutes, so you can either wait for it to go away after 10 minutes, or clear Rails cache with RAILS_ENV=production bundle exec rails r Rails.cache.clear (in Docker: docker-compose run --rm web rails r Rails.cache.clear)

Contributors: @akihikodaki @alpaca-tc @Artoria2e5 @caasi @ChristopherWMartin @clworld @danhunsaker @diomed @fvh-P @Gargron @harukasan @ikuradon @jackjennings @jeroenpraat @jumbosushi @lindwurm @m4sk1n @masarakki @mjankowski @Naouak @nolanlawson @nullkal @Quent-in @reneklacan @rkarabut @salvadorpla @sorin-davidoi @STJrInuyasha @takayamaki @ThibG @unarist @ykzts @yukimochi @zunda

1 year, 2 months ago
View release notes

Fixes:

  • Fix boost icon: center vertically (#2690)
  • Fix to completely hide NSFW-tagged images (#2724)
  • Fix width of .confirmation-modal on narrow screens (#2743)
  • Always respond with 200 to PuSH payloads (#2733)
  • Language improvements, replace whatlanguage with CLD (#2753, #2949)
  • Handle out-of-order deletes for statuses (#2734)
  • Replace best_in_place editor on admin settings page (#2789)
  • Performance: Delete records in smaller transaction (#2802)
  • More robust PuSH subscription refreshes (#2799)
  • Use Twitter::Extractor for creating links (#2502)
  • Performance: Optimize follower_accounts and following_accounts (#2820)
  • Performance: Fix slow query in notifications api (#2851)
  • Performance: Add asynchronous emojione-picker (code-splitting) (#2863)
  • Fix a aspect ratio for the embedded video (#2872)
  • Fix local fonts and change font-face values (#2877)
  • Add content-type in pubsubhubhub request header (#2943)
  • Disabled auto focus on toot form when search results are shown. (#2942)
  • Performance: Add account_id DESC to optimize PrecomputeFeedService (#2967)
  • Send HEAD request ahead of GET when fetching URL previews (#2972)
  • Fix mention regex to support unicode (#2420)
  • When avatar/header are missing, do not include the missing file into Atom (#2988)
  • Accept own ID for remote follow with and without preceding @ (#2991)
  • Delete associated notifications when a status is deleted (#2994)
  • Trim long usernames in public follower/following lists (#2993)
  • Fix not rejecting remote URIs when parsing out local IDs (#3012)
  • Prepend reblogs' wrapper content with "RT @original_author", (#3013)
  • Do not cancel PuSH subscriptions after encountering "permanent" error (#3046)
  • Do not override ctrl/cmd+click on permalinks (#3073)
  • Hide signup path unless the instance allows registration. (#3055)
  • Performance: Optimize Status#permitted_for 24x (#3069)
  • Performance: Improve Account#triadic_closures (#3079)
  • Performance: Make faster ProcessFeedService (#3080)
  • Enable to handle app immediately after closing modal (#3082)
  • Performance: Make .column-collapse animation simple (#3086)
  • Resolve preview cards for remote statuses as well as local ones (#3088)
  • Do not hardcode the exclamation in "toot!", wrap it in an extra locale key (#3089)
  • Performance: Avoid useless renders (#3141)
  • Performance: Improvements (#3168)
  • Run processes in Docker as non-root user (#3159)
  • Performance: Use joins for account properties (#3167)
  • Performance: Remove unnecessary div (#3172)
  • Performance: Faster boot time (#3176)
  • Replace mastodon:media:clear and mastodon:feeds:clear rake tasks with sidekiq scheduler (#3180)
  • Add boop sounds in Vorbis format (#2963)
  • Focus tab of Mastodon when clicking notification (#2989)
  • Fix regression in mutes API and similar (#3202)
  • Allow access token in URI in the EventSource streaming API (#3208)
  • Language attribute in statuses JSON (#3209)
  • Fix "Edit profile" on the account action bar (#3222)
  • Fix cache not being configured correctly (#3219)
  • Keep children of the column-collapsable until animation is completed (#3218)
  • Fix locale regression that made logged-out public pages crash (#3231)
  • Fix "saved" message in wrong locale after updating preferences (#3232)
  • Put creation of remote statuses in a transaction to prevent incomplete statuses from being returned in the API (#3233)
  • Fix more locale regressions from #3055 (#3242)
  • Focus the submit button (#3253)
  • Fix Devise destroy method being available to delete user record (#3266)
  • Fix following/followers API to return correct link headers (#3268)
  • Skip formatting for cashtag in status text (#3275)
  • Fix hovering default value for avatar component (#3290)
  • Fix settings model sometimes returning nil (#3213)
  • Add flex: 0 0 auto to some components to avoid bugs on iOS9 (#3313)
  • Fix "contains" CSS for Chromium <57 (#3317)
  • Fix style regression of buttons not inheriting document font by default (#3310)
  • Fix load more feature on the Account media gallery (#3293)
  • Remove status context construction in the React side (#3331)
  • Remove redundant call of recent scope in AccountsController (#3330)
  • Introduce react-textarea-autosize instead of using style.height side effects (#3334)
  • Add "meta" attribute to return of POST /api/v1/media method as well (#3333)
  • Replace onboarding elephant with friendlier graphic, shorter animation (#3337)
  • Fix some nil errors (#3338)
  • Language filtering in streaming API (#3339)
  • Add missing background center on public profile headers (#3340)
  • Avoid comparing domains when looking for an exact match of a local account (#3336)
  • Fix empty flash message on the settings page (#3345)
  • Fix #2922 - Load stylesheet from "custom.css" entrypoint when present (#3332)
  • Reject revoked access_token on Streaming API. (#3367)
  • Improve streaming API cluster logging, fix streaming API hanging up (#3370)
  • Fix Webpack Bundle Analyzer output for Webpacker (#3374)
  • Simplify isIntersecting in status_list.js (#3371)
  • Fix IntersectionObserver isIntersecting in Edge (#3365)
  • Update bootsnap to 0.3.0 (fix xattr.h error) (#3390)
  • Fix video having black border on top (#3392)

Features:

  • Filter out languages from public timelines based on preferences (#2361, #3175)
  • Admins can disable 2FA for users (#2584)
  • Webpack (#2617)
  • Show boosted user's avatar (#2518)
  • Show emoji shortname in a tooltip (#2784)
  • Decode IDN URLs in PreviewCard (#2781)
  • When streaming API is disconnected, poll home/notifications (#2776)
  • Replace ws with uws (#2807)
  • Sidekiq dashboard displays scheduled tasks (#2898)
  • Add <ostatus:conversation /> to Atom feeds (#3016)
  • Make direct statuses stand out more (#3025)
  • Ability to mute notifications for an entire conversation (#3017)
  • Admins can filter accounts based on username/display name/e-mail/IP (#2968)
  • Ability to hide all content from a domain (#2381)
  • Media gallery view on profiles (#3120)
  • Allow alternate domains to be recognized by Webfinger, while still returning a canonical acct (#3187)
  • Only load i18n data for current language in web UI (#3130)
  • Toggle sensitive from admin page (#3261)
  • Don't notify me when my toot is faved by someone i muted (#3245)
  • Performance: Use node instead of babel-node for streaming API (#3269)
  • Fix DM being highlighted when it's inside a favourite notification (#3267)
  • Show error message to suspended user (#3281)
  • Performance: Lazy load toots using IntersectionObserver (#3191)
  • Go to root after login in single user mode (#3289)

Upgrade notes:

Non-Docker only:

  • This release switches the minimum supported Node.js version from 4 to 6
  • Three additional system packages are required: pkg-config libprotobuf-dev protobuf-compiler
  • Dependency updates: bundle install and yarn install

Docker-only:

  • Processes inside Docker no longer run as root. Existing installations will require you to change directory ownership of the uploads volume to a different UID/GID: something like sudo chown -R 991:991 public/system (the default UID/GID of the new in-Docker user is 991/991)

Both Docker and non-Docker:

  • If you have CDN_HOST set, make sure it contains the protocol part (http:// or https://), if it does not, adjust it before doing the next step
  • If you set a non-default STREAMING_API_BASE_URL, change the protocol part to ws:// or wss:// respectively
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)
  • Generated assets now live under public/packs instead of public/assets. This is mostly irrelevant but might affect some custom proxying configurations.
  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)

Contributors to this release:

@AA4ch1 @abcang @akihikodaki @alpaca-tc @beatrix-bitrot @BoFFire @bzg @clworld @danhunsaker @esetomo @Gargron @geta6 @happycoloredbanana @harukasan @h-izumi @immae @jackjennings @jeroenpraat @Jnsll @kaniini @knu @m4sk1n @mabkenar @masarakki @mjankowski @nolanlawson @Pangoraw @pfm-eyesightjp @Quent-in @rkarabut @salvadorpla @seefood @sorin-davidoi @stephenburgess8 @sterbfly @tomosm @treby @unarist @vidarlee @Wonderfall @xqus @yiskah @ykzts @yookoala @znz @zunda

1.3 branch

1 year, 3 months ago
View release notes

This is a patch release that backports a few important improvements from the upcoming v1.4 release which is still a work in progress.

PuSH subscriptions is how Mastodon instances send each other statuses of followed accounts. They have to be periodically renewed (by default they run for around 30 days). Because Scalingo does not support cronjobs, and Heroku requires a separate scheduler setup, those installations are in most dire need of this update, which moves the renewal code into the Sidekiq process instead. But everyone else will also benefit from the renewals being more efficient and failure-resistant. Previous behaviour did not have retries, so if a subscription request failed, it would only be retried when you next ran the cronjob, which meant gaps in followed people's timelines for days or longer.

Fixes:

  • PuSH subscriptions refresh now run through Sidekiq, it no longer requires cronjobs (old mastodon:push:refresh rake task becomes no-op), more efficient/less hard-hitting order in which subscription requests are sent, better handling of errors and retrial in case of temporary failures (#2799)
  • Handle out-of-order delete events (e.g. when delete arrives before original status - future original status will get ignored now) (#2734)
  • Always respond with 200 to PuSH deliveries instead of 201/202, check Salmon verification synchronously to return useful error to remote server (#2733)

Upgrade notes:

  • This release includes dependency updates, that means you need to run bundle install (not required in Docker deployments)

Contributors:

@Gargron

1 year, 3 months ago
View release notes

Stabilized release. Fixes:

  • Fix templating error in reports (#2546)
  • Fix templating error in remote follows (#2547)
  • Fix templating error on public page when hashtag doesn't exist (#2563)
  • Fix Mastodon version not being returned correctly from API (#2590)
  • Fix incorrect attachment type being set for reject_media-blocked domains (#2599)
  • Remove unneeded order clause on public follower/following pages (#2615)
  • Fix more style regressions from CSS/BEM refactor (#2608)

Upgrade notes:

  • This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors:

@alpaca-tc @Artoria2e5 @ashfurrow @BoFFire @Gargron @JoelQ @mjankowski @patf @rkarabut @stephenburgess8 @S-YOU @Wonderfall @yiskah @ykzts @y-temp4

1 year, 3 months ago
View release notes

Immediate hotfix for obscure formatting issue that slipped through review and testing.

1.3
1 year, 3 months ago
View release notes

This update includes important security fixes.

Fixes:

  • Textarea height reset on submission (#2236)
  • Fixed mistakes in onboarding modal (#1964)
  • Improve bio compatibility with GNU social (#2278)
  • Adjust boost icon tooltip according to visibility (#1754)
  • Support for IDN (utf8/punycode) URLs (#2363, #2370)
  • Fix e-mail whitelist rules (#2213)
  • Fix hashtags in private toots listing the toot on public hashtag pages (#2182)
  • Fix status being available in public timelines before images finished attaching (#2426)
  • Add shared status tampering verification (#2525)
  • Hide redundant links on small screens (#2175)
  • Fix mangling of ##tags (#2247)
  • Various performance improvements, bug fixes

Features:

  • Version now returned in API (#2181)
  • Display remaining characters when editing profile (2219)
  • Display local time rather than UTC through JS (#2174)
  • API for single notification dismissal (#2251)
  • Emoji picker can now be localized (#2294, #2302)
  • Improve aria support (#2299, #1424, #2516)
  • Confirmation modals for deleting, blocking and muting (#2279)
  • Private toots now federate out to remote followers (#2111)
  • Improved reports admin UI (#2349)
  • Switching the context column in web UI made faster (#2271)
  • Right-to-left design for the UI (#2378)
  • API support for idempotency header to prevent duplicate toots via network failures (#2419)
  • Save media dimensions for media attachments (#2448)
  • Link preview cards now support OEmbed, e.g. YouTube, Vimeo, Flickr embeds (#2337)
  • Mastodon self-identifies when doing HTTP requests (#2073, #2253)

Various improved localizations and new translations.

Upgrade notes:

  • This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors:

@178inaba @akihikodaki @Aldarone @alpaca-tc @ameliavoncat @anon5r @Artoria2e5 @ashfurrow @benediktg @blinry @camponez @codl @diomed @DoubleMalt @esetomo @evanminto @expenses @Fiaxhs @Gargron @ik11235 @ineffyble @j0k3r @jeroenpraat @JoelQ @jpdevries @kayleej @kodnaplakal @LindseyB @mabkenar @magurotabetai @masarakki @mecab @michaeljdeeb @mig5 @mjankowski @mtparet @Naouak @nolanlawson @orzFly @Quent-in @rainyday @ramlmn @saper @shnjp @siuying @stephenburgess8 @STJrInuyasha @suzukaze @tahnok @takp @ThibG @tsuwatch @unarist @walf443 @Wonderfall @yhirano55 @yiskah @ykzts @ymmtmdk @yookoala

1.2 branch

1 year, 3 months ago
View release notes

This release includes important security improvements and fixes.

Fixes:

  • Remove unneeded query when posting toot without attachments (#1907)
  • Long statuses in boost dialog scroll again (#1710)
  • Fix unreblog/unfavourite API returning stale boolean result (#1989)
  • Fix treatment of special characters in XML (#1988)
  • Skip posting to the API if text is empty (#1962)
  • Optimized logo to look sharper (#2020)
  • Cache account IDs to be excluded from public timelines (blocked, blocking, muted accounts) for faster queries (#1858)
  • Fix multiple load-more requests being fired on account timelines (#2066)
  • Ensure that uploaded files are saved with a file extension (#2078)
  • Remove unused fonts (#2103)
  • Language detection falls back to user's selected locale, otherwise to default locale (#2099)
  • Hide link preview if there is a content warning (#1617)
  • Fix broken URLs due to HTML escaping (#2138)
  • Use confirmed users in about/more stats instead of all (#2127)
  • Fix potential for webfinger redirect misuse (#2147)
  • Uncached attachments now have type unknown (instead of image, video etc) and no longer transparently hotlink to the remote URL. In the web UI, they are now displayed as a list of links, instead of preview (#2110)
  • Fix gif uploads (#2172)

Features:

  • Streaming API server now can run in a cluster mode (i.e. multiple processes kickstarted by one master process) (#1970)
  • Preferred user locale assigned on sign-up (#1982)
  • When over the character limit, character counter goes red (#1980)
  • Disable toot button when over character limit (#2088)
  • Option to disable all GIF autoplay in the web UI (#1991)
  • List of known instances in admin UI (#2095)
  • Filter reports by accounts/target accounts (#2092)
  • API to retrieve status no longer requires authentication (similar to public timelines APIs) (#1919)
  • Rate limits on login attempts, sign-up attemps, and forgotten password attempts (#2079)
  • Automatically expand textarea (#2128)
  • OpenGraph tags on public followers/following pages (#2052)

There are also various localization additions and improvements, as well as refactors and new test suites.

Upgrade notes:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@8398a7 @857b @abcang @alpaca-tc @anon5r @Artoria2e5 @ashfurrow @blackle @bradurani @chrolis @cyweo @d6rkaiz @daprice @dar5hak @diomed @dunn @eramdam @evilny0 @expenses @fsubal @Gargron @geta6 @happycoloredbanana @hugogameiro @ian-kelling @iblech @ik11235 @ikasoumen @ineffyble @iwaim @jeroenpraat @JoelQ @jpdevries @k0ta0uchi @kodnaplakal @kuro5hin @matsurai25 @matteoaquila @mig5 @mistydemeo @mjankowski @Moosh-be @patf @reedcourty @rkarabut @SansPseudoFix @saper @saturday06 @snwh @tmyt @tomfhowe @tototoshi @trebmuh @tsuwatch @usagi-f @walf443 @ykzts @yookoala @zacanger

1 year, 3 months ago
View release notes

See 1.2.2

1.2
1 year, 4 months ago
View release notes
  • JS subresource integrity (#1729)
  • Title attribute on URLs (#1755)
  • List of muted users in web UI (#1799)
  • Ability to run Mastodon on a subdomain while using root domain as identifier (#1267)
  • Periodic refreshing of Webfinger-sourced data to help with cases where URLs or public keys of an account have changed (#1323)
  • Recovery codes for 2FA (#1773)
  • Deployment with single-user mode enabled gives chance for one account to register (#1820)
  • Admin function to reset someone's password (#1841)
  • Use a slightly different reply icon to indicate when a toot is part of a conversation (#1869)
  • Error message if video cannot be played (#1879)
  • Atom feeds always have valid title tags (#1875)
  • Improved compatibility with Google Cloud Storage instead of S3 (#1886)
  • Improved admin domain block UI and functionality (#1865):
  • Ability to undo a domain block
  • Ability to specify an option to block media caching from a domain
  • API returns remote URL for media attachment instead of locally cached one if there is no locally cached copy (i.e. hotlinking)
  • Home column regex filter now matches against plain-text instead of HTML markup (#1845)
  • Less network requests when processing mentions from Atom (#1938)
  • Update OStatus2 dependency to fix incompatibility with Ruby 2.4.1 (#1936)
  • Web UI greets new users with a modal explaining first steps (#1883)
  • Use heuristics to detect language of toots and return it from the API (#1772)
  • You can now put down CSS (SCSS) customizations into a special file that isn't in version control and so will not be overwritten by future updates (#1368)
  • Various bug fixes and refactors, special shout out to @mjankowski
  • Various improvements to existing localizations
  • Rake task to clear out unconfirmed user accounts older than 2 days rake mastodon:users:clear
  • Rake task that unites all other mandatory periodic tasks: rake mastodon:daily

Upgrade notes:

  • This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)

Contributors to this release:

  • abcang
  • Akihiko Odaki
  • Alda Marteau-Hardi
  • Alex Dunn
  • alpaca-tc
  • Amakasu Ryoma
  • Andrew
  • Ash Furrow
  • Ben Roberts
  • Bryce Chidester
  • Chad Pytel
  • Darío Hereñú
  • Eduardo Elias
  • Effy Elden
  • Erwan Leboucher
  • Eugen Rochko
  • Fjoerfoks
  • George Hattori
  • goofy-bz
  • Henry Smith
  • Hiromi Kai
  • Ian Kelling
  • Isabelle Knott
  • Joachim Viide
  • JP DeVries
  • Kazuhiro NISHIYAMA
  • Keiji, Yoshimi
  • Koala Yeung
  • Les Orchard
  • Luc Didry
  • luigi
  • Marcin Cieślak
  • Matt Jankowski
  • maxypy
  • mshrtkch
  • Naouak
  • oliverkeeble
  • Olivier Humbert
  • Patrick Figel
  • Pierre Ozoux
  • Ratmir Karabut
  • rysiekpl
  • Setuu
  • Shel Raphen
  • Shouko Yu
  • tackeyy
  • Takayuki KUSANO
  • ThibG
  • Thor Harald Johansen
  • Valentin Lorentz
  • Wonderfall
  • Yuki Nakagawa
  • Zac Anger
  • 新都心(Neet Shin)
  • 西小倉宏信

1.1 branch

1 year, 4 months ago
View release notes
  • Improved emoji picker (#1395, #1403, #1464)
  • Improved scrolling performance (#1415)
  • Can type while image is uploading (#1429)
  • Filtered notifications column now paginates properly (#1341)
  • Recommended Ruby version bumped to 2.4.1 (#1159)
  • GIF avatars are now hover-to-play (#1428)
  • Optional (off by default) boost confirmation dialog (Shift+Boost to skip) (#1507, #1638)
  • Default log level is now INFO instead of DEBUG (#1579)
  • Fixed wrong SMTP default breaking e-mail sending (#1563)
  • Focus textarea after image finished uploading (#1320)
  • Better microformats markup on public pages (#1063)
  • Clear spoiler text when replying to toot without spoiler text (#1662)
  • Videos can be expanded (#1688)
  • Overlay icon button style that is easier to see
  • Convert emoji shortcodes into UTF8 when posting (#1666)
  • Fix report comments being reset while typing (#1699)
  • Ensure all attachments get an extension in their filename based on content type (#1718)
  • Fix drag & drop area not appearing in Firefox (#1721)

Localizations fixes, improvements or additions:

  • Russian
  • Finnish
  • Norwegian
  • Dutch
  • French
  • Japanese
  • Spanish
  • Italian
  • Bulgarian
  • Portuguese

Upgrade notes:

  • An upgrade to Ruby 2.4.1 means having to install Ruby 2.4.1 and reinstalling the bundler gem as a minimum: rbenv install 2.4.1; gem install bundler --no-ri (not required in Docker deployments)
  • This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
  • Most importantly, the hover-to-play update for GIF avatars means static versions of GIF avatars need to be generated, or else they wouldn't show up. A rake task has been added for this one-time occasion: rake mastodon:maintenance:add_static_avatars (This will iterate over all accounts who have GIF avatars or headers, and re-process them to generate a static non-GIF version. Please mind that this means downloading and uploading data if your files are stored in the cloud like Amazon S3 or GCS, which could incur costs. If you don't run this task, users with GIF avatars will simply have to re-upload theirs manually)

Contributors to this release:

  • Alexander Mankuta
  • Alexsander Akers
  • Alyssa Ross
  • Ash Furrow
  • Ben Roberts
  • blackle
  • Carlos A. Escobar
  • CgX
  • Chris Martin
  • Christopher Su
  • Corey Dutson
  • d0p1
  • Daijiro Wachi
  • David Libeau
  • Effy Elden
  • Eric Blade
  • Eugen Rochko
  • Gavin Mogan
  • goofy-bz
  • Henry Smith
  • Hugo Gameiro
  • INAGAKI Hiroshi
  • Isabelle Knott
  • James Moore
  • Jantso Porali
  • Jessica Stokes
  • jukper
  • Julien Deswaef
  • karlyeurl
  • Knut Erik
  • Koala Yeung
  • Komic
  • lindwurm
  • Lukas Burk
  • Manato Kameya
  • matteoaquila
  • Matteo Aquila
  • Matthias Jouan
  • Matt Jankowski
  • May Kittens Devour Your Soul
  • Musee U
  • pinfort
  • Rachel H
  • Ram Lmn
  • Ratmir Karabut
  • R Tucker
  • Ryan Freebern
  • Shel R
  • spf
  • Stephen Burgess
  • Svetlozar Todorov
  • Thomas Citharel
  • Thor Harald Johansen
  • tom
  • Valentin Ouvrard
  • Yann GUERN
  • YOSHIOKA Eiichiro
  • Yusuke Abe
  • 新都心(Neet Shin)
1 year, 4 months ago
View release notes
  • Webfinger query's canonical username/domain are used instead of initial user input, which may have wrong casing
  • Fixed regression that broke form submissions with a 422 error page
  • Fixed a situation in which a profile update job was queued with a nil account ID
  • Fixed wrongfully skipped profile update jobs
  • More Finnish localizations
  • More French localizations
  • More German localizations
  • More Portuguese localizations
  • Column header icons now have descriptive tooltips
  • Two factor authentication now requires OTP token confirmation before being enabled
  • Public timeline APIs are now public (require no registered app/user)
  • Added API for profile updating: PATCH /api/v1/accounts/update_credentials
  • HTTP Accept-Language header used to determine UI language if no other preferences set by user
  • Added env variable to control which is the instance's default locale (DEFAULT_LOCALE)
  • Added env variable to disable usage of SQL prepared statements, e.g. when you want to use pgbouncer in transaction pooling mode (PREPARED_STATEMENTS=false)
  • Added env variable to change Rails log level (e.g. RAILS_LOG_LEVEL=debug by default)
  • Fix "last visited" URLs that are used to redirect back from sign-in wrongfully including API URLs
  • Fixed titles in Atom feeds being unsemantic

Many documentation pages have also been updated. Also, reminder that since v1.1 there are four Sidekiq queue types:

  • default: local toot distribution and other local tasks
  • push: delivery of toots to remote servers, processing of remote toot payloads
  • pull (this is new since v1.1): fetching of data from remote servers, e.g. resolving threads, updating profile data like avatars
  • mailers: e-mail delivery

Contributors to this release:

  • Aguay-val
  • Alda Marteau-Hardi
  • Amanda Visconti
  • André Lewin
  • Ash Furrow
  • ava
  • awea
  • axolotl
  • Ben Field
  • benklop
  • Blake
  • Brad Janke
  • Brian Mock
  • Chad Pytel
  • Chris Heninger
  • Christopher Gilbert
  • David Authier
  • David Celis
  • David Huerta
  • Derek Lewis
  • Ed Knutson
  • Effy Elden
  • Elizabeth Myers
  • Erwan Leboucher
  • Eugen Rochko
  • Florian Maunier
  • foxiehkins
  • Guewen FAIVRE
  • Hugo Gameiro
  • isati
  • Jack Michaud
  • James Smith
  • Jantso Porali
  • Jason Rhodes
  • Joël Quenneville
  • Jonathan Klee
  • Julien
  • kadiix
  • Kody
  • Korbinian
  • Kurtis Rainbolt-Greene
  • Lukas Fülling
  • Markus Amalthea Magnuson
  • Markus R
  • Matt Jankowski
  • Milton Mazzarri
  • Mouse Reeve
  • Nick Gerakines
  • Nicolai von Neudeck
  • Ninetailed
  • Olivier Humbert
  • Ornithologist Coder
  • Pavel Djundik
  • Rachel H
  • Ray Alez
  • rbaumert
  • R Tucker
  • Sebastian Hübner
  • seekr
  • Sergei Č
  • Shel R
  • spf
  • StefOfficiel
  • Technowix
  • Thibaut (Eychics)
  • ThibG
  • Thomas Alberola
  • Thomas Citharel
  • Toby Deshane
  • tom
  • Tristan Mahé
  • Valentin_NC
  • Valentin Ouvrard
  • VirtuBox
  • Vladimir Mincev
  • Yann GUERN
  • YDrogen
  • ZiiX
1.1
1 year, 4 months ago
View release notes

Regular iterative release in a stable state.

Contributors to this release:

  • Adam Thurlow
  • Aesen
  • Alexander Acevedo
  • Alex Gleason
  • Alice
  • Angristan
  • Ash Furrow
  • blackle
  • Brad Urani
  • Cédric Levieux
  • Christopher Kolstad
  • Clément D
  • Damien Erambert
  • David Baumgold
  • Drew DeVault
  • Effy Elden
  • Eugen Rochko
  • Evan Minto
  • Florian Maunier
  • Florian Piesche
  • halna_Tanaguru
  • Ian McDowell
  • Isabelle Knott
  • James Moore
  • JantsoP
  • Jantso Porali
  • Jason Snell
  • jenn kaplan
  • Jessica Stokes
  • Jo Decker
  • Jonathan Hurter
  • Jordan Guerder
  • Kazhnuz
  • Kibigo
  • Kibigo!
  • Kit Redgrave
  • Korbinian
  • Kurtis Rainbolt-Greene
  • leopku
  • Leo Wzukw
  • Lorenz Diener
  • Markus Amalthea Magnuson
  • Marvin Kopf
  • Matt Jankowski
  • Maxime BORGES
  • Michael Vieira
  • Neville Park
  • Niclas Darville
  • nicobz25
  • nicolas
  • Nope Nope
  • Olivia Mossberg
  • Padraig Fahy
  • Pete Keen
  • Pierre Ozoux
  • Rakib Hasan
  • Ryan Wade
  • Samy KACIMI
  • scriptjunkie
  • Sébastien Santoro
  • shel
  • Sina Mashek
  • TheKinrar
  • Thibaut (Eychics)
  • Tobias Merkle
  • Tom McAtee
  • Udo Kramer
  • undrskr
  • Valentin Lorentz
  • walfie
  • Wonderfall
  • wxcafé
  • Your Name

1.0 branch

1.0
1 year, 6 months ago
View release notes

First major stable release of Mastodon! Mastodon translated literally means "nipple tooth"