Releases: glitch-soc/mastodon
v4.3.3
Changelog
Security
- Fix insufficient validation of account URIs (GHSA-5wxh-3p65-r4g6)
- Update dependencies
Fixed
- Fix
libyaml
missing fromDockerfile
build stage (mastodon#33591 by @vmstan) - Fix incorrect notification settings migration for non-followers (mastodon#33348 by @ClearlyClaire)
- Fix down clause for notification policy v2 migrations (mastodon#33340 by @jesseplusplus)
- Fix error decrementing status count when
FeaturedTags#last_status_at
isnil
(mastodon#33320 by @ClearlyClaire) - Fix last paginated notification group only including data on a single notification (mastodon#33271 by @ClearlyClaire)
- Fix processing of mentions for post edits with an existing corresponding silent mention (mastodon#33227 by @ClearlyClaire)
- Fix deletion of unconfirmed users with Webauthn set (mastodon#33186 by @ClearlyClaire)
- Fix empty authors preview card serialization (mastodon#33151, mastodon#33466 by @mjankowski and @ClearlyClaire)
Upgrade notes
To get the code for v4.3.3, use git fetch && git checkout v4.3.3
.
Note
As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump
Dependencies
External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:
- Ruby: 3.1 or newer
- PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
- Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
- LibreTranslate (optional, for translations): 1.3.3 or newer
- Redis: 4 or newer
- Node: 18 or newer
- ImageMagick (optional if using libvips): 6.9.7-7 or newer
- libvips (optional, instead of ImageMagick): 8.13 or newer
Update steps
The following instructions are for updating from 4.3.2.
If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.
Non-docker
Tip
The charlock_holmes
gem may fail to build on some systems with recent versions of gcc
.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install
.
- Install dependencies with
bundle install
- Restart all Mastodon processes.
When using docker
- Restart all Mastodon processes.
v4.3.2
Changelog
Added
- Add
tootctl feeds vacuum
(mastodon#33065 by @ClearlyClaire) - Add error message when user tries to follow their own account (mastodon#31910 by @lenikadali)
- Add client_secret_expires_at to OAuth Applications (mastodon#30317 by @ThisIsMissEm)
Changed
- Change design of Content Warnings and filters (mastodon#32543 by @ClearlyClaire)
Fixed
- Fix processing incoming post edits with mentions to unresolvable accounts (mastodon#33129 by @ClearlyClaire)
- Fix error when including multiple instances of
embed.js
(mastodon#33107 by @YKWeyer) - Fix inactive users' timelines being backfilled on follow and unsuspend (mastodon#33094 by @ClearlyClaire)
- Fix direct inbox delivery pushing posts into inactive followers' timelines (mastodon#33067 by @ClearlyClaire)
- Fix
TagFollow
records not being correctly handled in account operations (mastodon#33063 by @ClearlyClaire) - Fix pushing hashtag-followed posts to feeds of inactive users (mastodon#33018 by @Gargron)
- Fix duplicate notifications in notification groups when using slow mode (mastodon#33014 by @ClearlyClaire)
- Fix posts made in the future being allowed to trend (mastodon#32996 by @ClearlyClaire)
- Fix uploading higher-than-wide GIF profile picture with libvips enabled (mastodon#32911 by @ClearlyClaire)
- Fix domain attribution field having autocorrect and autocapitalize enabled (mastodon#32903 by @ClearlyClaire)
- Fix titles being escaped twice (mastodon#32889 by @ClearlyClaire)
- Fix list creation limit check (mastodon#32869 by @ClearlyClaire)
- Fix error in
tootctl email_domain_blocks
when supplying--with-dns-records
(mastodon#32863 by @mjankowski) - Fix
min_id
andmax_id
causing error in search API (mastodon#32857 by @Gargron) - Fix inefficiencies when processing removal of posts that use featured tags (mastodon#32787 by @ClearlyClaire)
- Fix alt-text pop-in not using the translated description (mastodon#32766 by @ClearlyClaire)
- Fix preview cards with long titles erroneously causing layout changes (mastodon#32678 by @ClearlyClaire)
- Fix embed modal layout on mobile (mastodon#32641 by @DismalShadowX)
- Fix and improve batch attachment deletion handling when using OpenStack Swift (mastodon#32637 by @hugogameiro)
- Fix blocks not being applied on link timeline (mastodon#32625 by @tribela)
- Fix follow counters being incorrectly changed (mastodon#32622 by @oneiros)
- Fix 'unknown' media attachment type rendering (mastodon#32613 and mastodon#32713 by @ThisIsMissEm and @renatolond)
- Fix tl language native name (mastodon#32606 by @seav)
Security
- Update dependencies
Upgrade notes
To get the code for v4.3.2, use git fetch && git checkout v4.3.2
.
Note
As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump
Dependencies
External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:
- Ruby: 3.1 or newer
- PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
- Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
- LibreTranslate (optional, for translations): 1.3.3 or newer
- Redis: 4 or newer
- Node: 18 or newer
- ImageMagick (optional if using libvips): 6.9.7-7 or newer
- libvips (optional, instead of ImageMagick): 8.13 or newer
Update steps
The following instructions are for updating from 4.3.1.
If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.
Non-docker
Tip
The charlock_holmes
gem may fail to build on some systems with recent versions of gcc
.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install
.
- Install dependencies with
bundle install
andyarn install --immutable
- Precompile the assets:
RAILS_ENV=production bundle exec rails assets:precompile
- Restart all Mastodon processes.
When using docker
- Restart all Mastodon processes.
v4.3.1
Changelog
Added
- Add more explicit explanations about author attribution and
fediverse:creator
(mastodon#32383 by @ClearlyClaire) - Add ability to group follow notifications in WebUI, can be disabled in the column settings (mastodon#32520 by @renchap)
- Add back a 6 hours mute duration option (mastodon#32522 by @renchap)
- Add note about not changing ActiveRecord encryption secrets once they are set (mastodon#32413, mastodon#32476, mastodon#32512, and mastodon#32537 by @ClearlyClaire and @mjankowski)
Changed
- Change translation feature to translate to selected regional variant (e.g. pt-BR) if available (mastodon#32428 by @c960657)
Removed
- Remove ability to get embed code for remote posts (mastodon#32578 by @ClearlyClaire)
Getting the embed code is only reliable for local posts.
It never worked for non-Mastodon servers, and stopped working correctly with the changes made in 4.3.0.
We have therefore decided to remove the menu entry while we investigate solutions.
Fixed
- Fix follow recommendation moderation page default language when using regional variant (mastodon#32580 by @ClearlyClaire)
- Fix column-settings spacing in local timeline in advanced view (mastodon#32567 by @lindwurm)
- Fix broken i18n in text welcome mailer tags area (mastodon#32571 by @mjankowski)
- Fix missing or incorrect cache-control headers for Streaming server (mastodon#32551 by @ThisIsMissEm)
- Fix only the first paragraph being displayed in some notifications (mastodon#32348 by @ClearlyClaire)
- Fix reblog icons on account media view (mastodon#32506 by @tribela)
- Fix Content-Security-Policy not allowing OpenStack SWIFT object storage URI (mastodon#32439 by @kenkiku1021)
- Fix back arrow pointing to the incorrect direction in RTL languages (mastodon#32485 by @renchap)
- Fix streaming server using
REDIS_USERNAME
instead ofREDIS_USER
(mastodon#32493 by @ThisIsMissEm) - Fix follow recommendation carrousel scrolling on RTL layouts (mastodon#32462 and mastodon#32505 by @ClearlyClaire)
- Fix follow recommendation suppressions not applying immediately (mastodon#32392 by @ClearlyClaire)
- Fix language of push notifications (mastodon#32415 by @ClearlyClaire)
- Fix mute duration not being shown in list of muted accounts in web UI (mastodon#32388 by @ClearlyClaire)
- Fix βMark every notification as readβ not updating the read marker if scrolled down (mastodon#32385 by @ClearlyClaire)
- Fix βMentionβ appearing for otherwise filtered posts (mastodon#32356 by @ClearlyClaire)
- Fix notification requests from suspended accounts still being listed (mastodon#32354 by @ClearlyClaire)
- Fix list edition modal styling (mastodon#32358 and mastodon#32367 by @ClearlyClaire and @vmstan)
- Fix 4 columns barely not fitting on 1920px screen (mastodon#32361 by @ClearlyClaire)
- Fix icon alignment in applications list (mastodon#32293 by @mjankowski)
Upgrade notes
To get the code for v4.3.1, use git fetch && git checkout v4.3.1
.
Note
As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump
Dependencies
External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:
- Ruby: 3.1 or newer
- PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
- Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
- LibreTranslate (optional, for translations): 1.3.3 or newer
- Redis: 4 or newer
- Node: 18 or newer
- ImageMagick (optional if using libvips): 6.9.7-7 or newer
- libvips (optional, instead of ImageMagick): 8.13 or newer
Update steps
The following instructions are for updating from 4.3.0.
If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.
Non-docker
Tip
The charlock_holmes
gem may fail to build on some systems with recent versions of gcc
.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install
.
- Install dependencies with
bundle install
andyarn install --immutable
- Precompile the assets:
RAILS_ENV=production bundle exec rails assets:precompile
- Restart all Mastodon processes.
When using docker
- Restart all Mastodon processes.
v4.3.0
This is the first tagged glitch-soc release, corresponding to Mastodon's v4.3.0, which release notes are reproduced below.
Upgrade overview
This release contains upgrade notes that deviate from the norm:
βΉοΈ Requires streaming API restart
βΉοΈ Requires database migrations
βΉοΈ The logging format of the streaming server has changed
For more information, scroll down to the upgrade instructions section.
Changelog
The following changelog entries focus on changes visible to users, administrators, client developers or federated software developers, but there has also been a lot of code modernization, refactoring, and tooling work, in particular by @mjankowski.
Security
- Add confirmation interstitial instead of silently redirecting logged-out visitors to remote resources (mastodon#27792, mastodon#28902, and mastodon#30651 by @ClearlyClaire and @Gargron)
This fixes a longstanding open redirect in Mastodon, at the cost of added friction when local links to remote resources are shared. - Fix ReDoS vulnerability on some Ruby versions (GHSA-jpxp-r43f-rhvx)
- Change
form-action
Content-Security-Policy directive to be more restrictive (mastodon#26897 and mastodon#32241 by @ClearlyClaire) - Update dependencies
Added
-
Add server-side notification grouping (mastodon#29889, mastodon#30576, mastodon#30685, mastodon#30688, mastodon#30707, mastodon#30776, mastodon#30779, mastodon#30781, mastodon#30440, mastodon#31062, mastodon#31098, mastodon#31076, mastodon#31111, mastodon#31123, mastodon#31223, mastodon#31214, mastodon#31224, mastodon#31299, mastodon#31325, mastodon#31347, mastodon#31304, mastodon#31326, mastodon#31384, mastodon#31403, mastodon#31433, mastodon#31509, mastodon#31486, mastodon#31513, mastodon#31592, mastodon#31594, mastodon#31638, mastodon#31746, mastodon#31652, mastodon#31709, mastodon#31725, mastodon#31745, mastodon#31613, mastodon#31657, mastodon#31840, mastodon#31610, mastodon#31929, mastodon#32089, mastodon#32085, mastodon#32243, mastodon#32179 and mastodon#32254 by @ClearlyClaire, @Gargron, @mgmn, and @renchap)
Group notifications of the same type for the same target, so that your notifications no longer get cluttered by boost and favorite notifications as soon as a couple of your posts get traction.
This is done server-side so that clients can efficiently get relevant groups without having to go through numerous pages of individual notifications.
As part of this, the visual design of the entire notifications feature has been revamped.
The API consists of:- a new
group_key
attribute toNotification
entities GET /api/v2/notifications
: https://docs.joinmastodon.org/methods/grouped_notifications/#get-groupedGET /api/v2/notifications/:group_key
: https://docs.joinmastodon.org/methods/grouped_notifications/#get-notification-groupGET /api/v2/notifications/:group_key/accounts
: https://docs.joinmastodon.org/methods/grouped_notifications/#get-group-accountsPOST /api/v2/notifications/:group_key/dimsiss
: https://docs.joinmastodon.org/methods/grouped_notifications/#dismiss-groupGET /api/v2/notifications/:unread_count
: https://docs.joinmastodon.org/methods/grouped_notifications/#unread-group-count
- a new
-
Add notification policies, filtered notifications and notification requests (mastodon#29366, mastodon#29529, mastodon#29433, mastodon#29565, mastodon#29567, mastodon#29572, mastodon#29575, mastodon#29588, mastodon#29646, mastodon#29652, mastodon#29658, mastodon#29666, mastodon#29693, mastodon#29699, mastodon#29737, mastodon#29706, mastodon#29570, mastodon#29752, mastodon#29810, mastodon#29826, mastodon#30114, mastodon#30251, mastodon#30559, mastodon#29868, mastodon#31008, mastodon#31011, mastodon#30996, mastodon#31149, mastodon#31220, mastodon#31222, mastodon#31225, mastodon#31242, mastodon#31262, mastodon#31250, mastodon#31273, mastodon#31310, mastodon#31316, mastodon#31322, mastodon#31329, mastodon#31324, mastodon#31331, mastodon#31343, mastodon#31342, mastodon#31309, mastodon#31358, mastodon#31378, mastodon#31406, mastodon#31256, mastodon#31456, mastodon#31419, mastodon#31457, mastodon#31508, mastodon#31540, mastodon#31541, mastodon#31723, mastodon#32062 and mastodon#32281 by @ClearlyClaire, @Gargron, @TheEssem, @mgmn, @oneiros, and @renchap)
The old βBlock notifications from non-followersβ, βBlock notifications from people you don't followβ and βBlock direct messages from people you don't followβ notification settings have been replaced by a new set of settings found directly in the notification column.
You can now separately filter or drop notifications from people you don't follow, people who don't follow you, accounts created within the past 30 days, as well as unsolicited private mentions, and accounts limited by the moderation.
Instead of being outright dropped, notifications that you chose to filter are put in a separate βFiltered notificationsβ box that you can review separately without it clogging your main notifications.
This adds the following REST API endpoints:GET /api/v2/notifications/policy
: https://docs.joinmastodon.org/methods/notifications/#get-policyPATCH /api/v2/notifications/policy
: https://docs.joinmastodon.org/methods/notifications/#update-the-filtering-policy-for-notificationsGET /api/v1/notifications/requests
: https://docs.joinmastodon.org/methods/notifications/#get-requestsGET /api/v1/notifications/requests/:id
: https://docs.joinmastodon.org/methods/notifications/#get-one-requestPOST /api/v1/notifications/requests/:id/accept
: https://docs.joinmastodon.org/methods/notifications/#accept-requestPOST /api/v1/notifications/requests/:id/dismiss
: https://docs.joinmastodon.org/methods/notifications/#dismiss-requestPOST /api/v1/notifications/requests/accept
: https://docs.joinmastodon.org/methods/notifications/#accept-multiple-requestsPOST /api/v1/notifications/requests/dismiss
: https://docs.joinmastodon.org/methods/notifications/#dismiss-multiple-requestsGET /api/v1/notifications/requests/merged
: https://docs.joinmastodon.org/methods/notifications/#requests-merged
In addition, accepting one or more notification requests generates a new streaming event:
notifications_merged
: an event of this type indicates accepted notification requests have finished merging, and the notifications list should be refreshed
-
Add notifications of severed relationships (mastodon#27511, mastodon#29665, mastodon#29668, mastodon#29670, mastodon#29700, mastodon#29714, mastodon#29712, and mastodon#29731 by @ClearlyClaire and @Gargron)
Notify local users when they lose relationships as a result of a local moderator blocking a remote account or server, allowing the affected user to retrieve the list of broken relationships.
Note that this does not notify remote users.
This adds thesevered_relationships
notification type to the REST API and streaming, with a newrelationship_severance_event
attribute. -
Add hover cards in web UI (mastodon#30754, mastodon#30864, mastodon#30850, mastodon#30879, mastodon#30928, mastodon#30949, mastodon#30948, mastodon#30931, and mastodon#31300 by @ClearlyClaire, @Gargron, and @renchap)
Hovering over an avatar or username will now display a hover card with the first two lines of the user's description and their first two profile fields.
This can be disabled in the βAnimations and accessibilityβ section of the preferences. -
Add "system" theme setting (light/dark theme depending on user system preference) (mastodon#29748, mastodon#29553, mastodon#29795, mastodon#29918, mastodon#30839, and mastodon#30861 by @nshki, @ErikUden, @mjankowski, @renchap, and @vmstan)
Add a βsystemβ theme that automatically switch between default dark and light themes depending on the user's system preferences.
Also changes the default server theme to this new βsystemβ theme so that automatic theme selection happens even when logged out. -
Add timeline of public posts about a trending link (mastodon#30381 and mastodon#30840 by @Gargron)
You can now see public posts mentioning currently-trending articles from people who have opted into discovery features.
This adds a new REST API endpoint:GET /api/v1/timelines/link?url=:url
: https://docs.joinmastodon.org/methods/timelines/#link
-
Add author highlight for news articles whose authors are on the fediverse (mastodon#30398, mastodon#30670, mastodon#30521, mastodon#30846, mastodon#31819, mastodon#31900 and mastodon#32188 by @Gargron, @mjankowski and @oneiros)
This adds a mechanism to highlight the author of news articles shared on Mastodon.
Articles hosted outside the fediverse can indicate a fediverse author with a meta tag:<meta name="fediverse:creator" content="username@domain" />
On the API side, this is represented by a new
authors
attribute to thePreviewCard
entity: https://docs.joinmastodon.org/entities/PreviewCard/#authors\
Users can allow arbitrary domains to usefediverse:creator
to credit them by visiting/settings/verification
.
This is federated as a newattributionDomains
property in thehttp://joinmastodon.org/ns
namespace, containing an array of domain names: https://docs.joinmastodon.org/spec/activitypub/#properties-used-1 -
Add in-app notifications for moderation actions and warnings (mastodon#30065, mastodon#30082, and mastodon#30081 by @ClearlyClaire)
In addition to email notifications, also notify users of moderation actions or warnings against them directly within the app, so they are less likely to miss important communication from their moderators.
This adds themoderation_warning
notification type to the REST API and streaming, with a newmoderation_warning
attribute. -
Add domain information to profiles in web UI (mastodon#29602 by @Gargron)
Clicking the domain ...
v4.3.0-rc.1
This a release candidate, corresponding to upstream's: https://github.com/mastodon/mastodon/releases/tag/v4.3.0-rc.1
v4.3.0-beta.2
This beta release corresponds to upstream's beta: https://github.com/mastodon/mastodon/releases/tag/v4.3.0-beta.2
v4.3.0-beta.1
Let's try and see if making glitch-soc releases works better than having only a rolling-release.
This beta release corresponds to upstream's beta: https://github.com/mastodon/mastodon/releases/tag/v4.3.0-beta.1