Changelog
All notable changes to this project will be documented in this file.
[2.9.4] - 2020-02-27
Security
- Fix leak of arbitrary statuses through unfavourite action in REST API (Gargron)
[2.9.3] - 2019-08-10
Added
- Add GIF and WebP support for custom emojis (Gargron)
- Add logout link to dropdown menu in web UI (koyuawsmbrtn)
- Add indication that text search is unavailable in web UI (ThibG, ThibG)
- Add
suffix
to Mastodon::Version
to help forks (clarfon)
- Add on-hover animation to animated custom emoji in web UI (ThibG, ThibG, ThibG)
- Add custom emoji support in profile metadata labels (ThibG)
Changed
- Change default interface of web and streaming from 0.0.0.0 to 127.0.0.1 (Gargron, zunda, Gargron, zunda)
- Change the retry limit of web push notifications (highemerly)
- Change ActivityPub deliveries to not retry HTTP 501 errors (Gargron)
- Change language detection to include hashtags as words (Gargron)
- Change terms and privacy policy pages to always be accessible (Gargron)
- Change robots tag to include
noarchive
when user opts out of indexing (Kjwon15)
Fixed
- Fix account domain block not clearing out notifications (Gargron)
- Fix incorrect locale sometimes being detected for browser (Gargron)
- Fix crash when saving invalid domain name (Gargron)
- Fix pinned statuses REST API returning pagination headers (Gargron)
- Fix "cancel follow request" button having unreadable text in web UI (Gargron)
- Fix image uploads being blank when canvas read access is blocked (ThibG)
- Fix avatars not being animated on hover when not logged in (ThibG)
- Fix overzealous sanitization of HTML lists (ThibG)
- Fix block crashing when a follow request exists (ThibG)
- Fix backup service crashing when an attachment is missing (ThibG)
- Fix account moderation action always sending e-mail notification (Gargron)
- Fix swiping columns on mobile sometimes failing in web UI (ThibG)
- Fix wrong actor URI being serialized into poll updates (ThibG)
- Fix statsd UDP sockets not being cleaned up in Sidekiq (Gargron)
- Fix expiration date of filters being set to "never" when editing them (ThibG)
- Fix support for MP4 files that are actually M4V files (Gargron)
- Fix
alerts
not being typecast correctly in push subscription in REST API (Gargron)
- Fix some notices staying on unrelated pages (ThibG)
- Fix unboosting sometimes preventing a boost from reappearing on feed (ThibG, Gargron)
- Fix only one middle dot being recognized in hashtags (Gargron, ThibG)
- Fix unnecessary SQL query performed on unauthenticated requests (Gargron)
- Fix incorrect timestamp displayed on featured tags (Kjwon15)
- Fix privacy dropdown active state when dropdown is placed on top of it (ThibG)
- Fix filters not being applied to poll options (ThibG)
- Fix keyboard navigation on various dropdowns (ThibG, ThibG, ThibG)
- Fix keyboard navigation in modals (ThibG)
- Fix image conversation being non-deterministic due to timestamps (Gargron)
- Fix web UI performance (ThibG, ThibG)
- Fix scrolling to compose form when not necessary in web UI (ThibG, ThibG)
- Fix save button being enabled when list title is empty in web UI (ThibG)
- Fix poll expiration not being pre-filled on delete & redraft in web UI (ThibG)
- Fix content warning sometimes being set when not requested in web UI (ThibG)
Security
- Fix invites not being disabled upon account suspension (ThibG)
- Fix blocked domains still being able to fill database with account records (Gargron)
[2.9.2] - 2019-06-22
Added
- Add
short_description
and approval_required
to GET /api/v1/instance
(Gargron)
Changed
- Change camera icon to paperclip icon in upload form (koyuawsmbrtn)
Fixed
- Fix audio-only OGG and WebM files not being processed as such (Gargron)
- Fix audio not being downloaded from remote servers (Gargron)
[2.9.1] - 2019-06-22
Added
Changed
- Change domain blocks to automatically support subdomains (Gargron)
- Change Nanobox configuration to bring it up to date (danhunsaker)
Removed
- Remove expensive counters from federation page in admin UI (Gargron)
Fixed
- Fix converted media being saved with original extension and mime type (Gargron)
- Fix layout of identity proofs settings (acid-chicken)
- Fix active scope only returning suspended users (ThibG)
- Fix sanitizer making block level elements unreadable (Gargron)
- Fix label for site theme not being translated in admin UI (palindromordnilap)
- Fix statuses not being filtered irreversibly in web UI under some circumstances (ThibG)
- Fix scrolling behaviour in compose form (ThibG)
[2.9.0] - 2019-06-13
Added
- Add single-column mode in web UI (Gargron, Gargron, Gargron, Gargron, Hanage999, noellabo, abcang, Gargron, Gargron, Gargron, Gargron, noellabo, Hanage999)
- Add waiting time to the list of pending accounts in admin UI (Gargron)
- Add a keyboard shortcut to hide/show media in web UI (ThibG, Gargron, ThibG)
- Add
account_id
param to GET /api/v1/notifications
(pwoolcoc)
- Add confirmation modal for unboosting toots in web UI (aurelien-reeves)
- Add emoji suggestions to content warning and poll option fields in web UI (ThibG)
- Add
source
attribute to response of DELETE /api/v1/statuses/:id
(ThibG)
- Add some caching for HTML versions of public status pages (ThibG)
- Add button to conveniently copy OAuth code (ThibG)
Changed
- Change default layout to single column in web UI (Gargron)
- Change light theme (Gargron, Gargron, yuzulabo, Gargron)
- Change preferences page into appearance, notifications, and other (Gargron, Gargron)
- Change priority of delete activity forwards for replies and reblogs (Gargron)
- Change Mastodon logo to use primary text color of the given theme (Gargron)
- Change reblogs counter to be updated when boosted privately (Gargron)
- Change bio limit from 160 to 500 characters (trwnh)
- Change API rate limiting to reduce allowed unauthenticated requests (ThibG, hinaloe, mayaeh)
- Change help text of
tootctl emoji import
command to specify a gzipped TAR archive is required (dariusk)
- Change web UI to hide poll options behind content warnings (ThibG)
- Change silencing to ensure local effects and remote effects are the same for silenced local users (ThibG)
- Change
tootctl domains purge
to remove custom emoji as well (Kjwon15)
- Change Docker image to keep
apt
working (SuperSandro2000)
Removed
Fixed
- Fix RTL layout not being RTL within the columns area in web UI (Gargron)
- Fix display of alternative text when a media attachment is not available in web UI (ThibG)
- Fix not being able to directly switch between list timelines in web UI (Gargron)
- Fix media sensitivity not being maintained in delete & redraft in web UI (ThibG)
- Fix emoji picker being always displayed in web UI (noellabo, yuzulabo, wcpaez)
- Fix potential private status leak through caching (ThibG)
- Fix refreshing featured toots when the new collection is empty in web UI (ThibG)
- Fix undoing domain block also undoing individual moderation on users from before the domain block (ThibG)
- Fix time not being local in the audit log (yuzulabo)
- Fix statuses removed by moderation re-appearing on subsequent fetches (Kjwon15)
- Fix misattribution of inlined announces if
attributedTo
isn't present in ActivityPub (ThibG)
- Fix
GET /api/v1/polls/:id
not requiring authentication for non-public polls (Gargron)
- Fix handling of blank poll options in ActivityPub (ThibG)
- Fix avatar preview aspect ratio on edit profile page (Kjwon15)
- Fix web push notifications not being sent for polls (ThibG)
- Fix cut off letters in last paragraph of statuses in web UI (ariasuni)
- Fix list not being automatically unpinned when it returns 404 in web UI (Gargron)
- Fix login sometimes redirecting to paths that are not pages (Gargron)
[2.8.4] - 2019-05-24
Fixed
- Fix delivery not retrying on some inbox errors that should be retriable (ThibG)
- Fix unnecessary 5 minute cooldowns on signature verifications in some cases (ThibG)
- Fix possible race condition when processing statuses (ThibG)
Security
- Require specific OAuth scopes for specific endpoints of the streaming API, instead of merely requiring a token for all endpoints, and allow using WebSockets protocol negotiation to specify the access token instead of using a query string (ThibG)
[2.8.3] - 2019-05-19
Added
- Add
og:image:alt
OpenGraph tag (BenLubar)
- Add clickable area below avatar in statuses in web UI (Dar13)
- Add crossed-out eye icon on account gallery in web UI (Kjwon15)
- Add media description tooltip to thumbnails in web UI (ThibG)
Changed
- Change "mark as sensitive" button into a checkbox for clarity (ThibG)
Fixed
- Fix bug allowing users to publicly boost their private statuses (ThibG, ThibG)
- Fix performance in formatter by a little (ThibG)
- Fix some colors in the light theme (yuzulabo)
- Fix some colors of the high contrast theme (yuzulabo)
- Fix ambivalent active state of poll refresh button in web UI (MaciekBaron)
- Fix duplicate posting being possible from web UI (hinaloe)
- Fix "invited by" not showing up in admin UI (ThibG)
[2.8.2] - 2019-05-05
Added
Fixed
- Fix cropped hero image on frontpage (BaptisteGelez)
- Fix blurhash gem not compiling on some operating systems (Gargron)
- Fix unexpected CSS animations in some browsers (ThibG)
- Fix closing video modal scrolling timelines to top (ThibG)
[2.8.1] - 2019-05-04
Added
- Add link to existing domain block when trying to block an already-blocked domain (ThibG)
- Add button to view context to media modal when opened from account gallery in web UI (Gargron)
- Add ability to create multiple-choice polls in web UI (ThibG)
- Add
GITHUB_REPOSITORY
and SOURCE_BASE_URL
environment variables (rosylilly)
- Add
/interact/
paths to robots.txt
(ThibG)
- Add
blurhash
to the Attachment entity in the REST API (Gargron)
Changed
- Change hidden media to be shown as a blurhash-based colorful gradient instead of a black box in web UI (Gargron)
- Change rejected media to be shown as a blurhash-based gradient instead of a list of filenames in web UI (Gargron)
- Change e-mail whitelist/blacklist to not be checked when invited (Gargron)
- Change cache header of REST API results to no-cache (ThibG)
- Change the "mark media as sensitive" button to be more obvious in web UI (Gargron, Gargron)
- Change account gallery in web UI to display 3 columns, open media modal (Gargron, Gargron)
Fixed
- Fix LDAP/PAM/SAML/CAS users not being pre-approved (Gargron)
- Fix accounts created through tootctl not being always pre-approved (Gargron)
- Fix Sidekiq retrying ActivityPub processing jobs that fail validation (ThibG)
- Fix toots not being scrolled into view sometimes through keyboard selection (ThibG)
- Fix expired invite links being usable to bypass approval mode (ThibG)
- Fix not being able to save e-mail preference for new pending accounts (Gargron)
- Fix upload progressbar when image resizing is involved (ThibG)
- Fix block action not automatically cancelling pending follow request (ThibG)
- Fix stoplight logging to stderr separate from Rails logger (Gargron)
- Fix sign up button not saying sign up when invite is used (Gargron)
- Fix health checks in Docker Compose configuration (fabianonline)
- Fix modal items not being scrollable on touch devices (kedamaDQ)
- Fix Keybase configuration using wrong domain when a web domain is used (BenLubar)
- Fix avatar GIFs not being animated on-hover on public profiles (hyenagirl64)
- Fix OpenGraph parser not understanding some valid property meta tags (da2x)
- Fix wrong fonts being displayed when Roboto is installed on user's machine (ThibG)
- Fix confirmation modals being too narrow for a secondary action button (ThibG)
[2.8.0] - 2019-04-10
Added
- Add polls (Gargron, ThibG, Gargron, ThibG, Gargron, ThibG, ThibG, Gargron, Gargron, Gargron, Gargron,Gargron, Gargron, Gargron, ThibG, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, ThibG, rinsuki, Gargron, Gargron, Gargron, Gargron, ThibG, Gargron, ThibG, ThibG, ThibG, ThibG, ThibG, ThibG, ThibG, ThibG, Gargron, Gargron, ThibG, ThibG, Gargron, ThibG, ThibG)
- Add follows & followers managing UI (Gargron, Gargron, Gargron, Gargron)
- Add identity proof integration with Keybase (Gargron, xgess, Gargron, Gargron, Gargron)
- Add option to overwrite imported data instead of merging (Gargron)
- Add featured hashtags to profiles (Gargron, Gargron, Gargron, ThibG)
- Add admission-based registrations mode (Gargron, ThibG, Gargron, ThibG, Gargron, Gargron)
- Add support for WebP uploads (acid-chicken)
- Add "copy link" item to status action bars in web UI (Gargron)
- Add list title editing in web UI (ThibG)
- Add a "Block & Report" button to the block confirmation dialog in web UI (ThibG)
- Add disappointed elephant when the page crashes in web UI (Gargron)
- Add ability to upload multiple files at once in web UI (tmm576)
- Add indication when you are not allowed to follow an account in web UI (Gargron, Gargron)
- Add validations to admin settings to catch common mistakes (Gargron, ThibG)
- Add
type
, limit
, offset
, min_id
, max_id
, account_id
to search API (Gargron)
- Add a preferences API so apps can share basic behaviours (Gargron)
- Add
visibility
param to reblog REST API (Gargron, ThibG)
- Add
allowfullscreen
attribute to OEmbed iframe (rinsuki)
- Add
blocked_by
relationship to the REST API (Gargron)
- Add
tootctl statuses remove
to sweep unreferenced statuses (Gargron)
- Add
tootctl search deploy
to avoid ugly rake task syntax (Gargron)
- Add
tootctl self-destruct
to shut down server gracefully (Gargron)
- Add option to hide application used to toot (ThibG, rinsuki, hinaloe)
- Add
DB_SSLMODE
configuration variable (sascha-sl)
- Add click-to-copy UI to invites page (Gargron)
- Add self-replies fetching (ThibG, ThibG, ThibG, ThibG)
- Add rate limit for media proxy requests (Gargron)
- Add
tootctl emoji purge
(Gargron)
- Add
tootctl accounts approve
(Gargron)
- Add
tootctl accounts reset-relationships
(noellabo)
Changed
- Change design of landing page (Gargron, Gargron, ThibG, ThibG, koyuawsmbrtn, Gargron)
- Change design of profile column in web UI (Gargron, Aditoo17, ThibG, mayaeh, ThibG)
- Change language detector threshold from 140 characters to 4 words (Gargron)
- Change language detector to always kick in for non-latin alphabets (Gargron)
- Change icons of features on admin dashboard (Gargron)
- Change DNS timeouts from 1s to 5s (ThibG)
- Change Docker image to use Ubuntu with jemalloc (Sir-Boops, BenLubar)
- Change public pages to be cacheable by proxies (BenLubar)
- Change the 410 gone response for suspended accounts to be cacheable by proxies (ThibG)
- Change web UI to not not empty timeline of blocked users on block (ThibG)
- Change JSON serializer to remove unused
@context
values (Gargron)
- Change GIFV file size limit to be the same as for other videos (rinsuki)
- Change Webpack to not use @babel/preset-env to compile node_modules (ykzts)
- Change web UI to use new Web Share Target API (gol-cha)
- Change ActivityPub reports to have persistent URIs (ThibG)
- Change
tootctl accounts cull --dry-run
to list accounts that would be deleted (BenLubar)
- Change format of CSV exports of follows and mutes to include extra settings (ThibG, ThibG)
- Change ActivityPub collections to be cacheable by proxies (ThibG)
- Change REST API and public profiles to not return follows/followers for users that have blocked you (Gargron)
- Change the groupings of menu items in settings navigation (Gargron)
Removed
- Remove zopfli compression to speed up Webpack from 6min to 1min (nolanlawson)
- Remove stats.json generation to speed up Webpack (nolanlawson)
Fixed
- Fix public timelines being broken by new toots when they are not mounted in web UI (Gargron)
- Fix quick filter settings not being saved when selecting a different filter in web UI (ThibG)
- Fix remote interaction dialogs being indexed by search engines (Gargron)
- Fix maxed-out invites not showing up as expired in UI (Gargron)
- Fix scrollbar styles on compose textarea (Gargron)
- Fix timeline merge workers being queued for remote users (Gargron)
- Fix alternative relay support regression (Gargron)
- Fix trying to fetch keys of unknown accounts on a self-delete from them (ThibG)
- Fix CAS
:service_validate_url
option (enewhuis)
- Fix race conditions when creating backups (ThibG)
- Fix whitespace not being stripped out of username before validation (aurelien-reeves)
- Fix n+1 query when deleting status (Gargron)
- Fix exiting follows not being rejected when suspending a remote account (ThibG)
- Fix the underlying button element in a disabled icon button not being disabled (ThibG)
- Fix race condition when streaming out deleted statuses (ThibG)
- Fix performance of admin federation UI by caching account counts (Gargron)
- Fix JS error on pages that don't define a CSRF token (hinaloe)
- Fix
tootctl accounts cull
sometimes removing accounts that are temporarily unreachable (BenLubar)
[2.7.4] - 2019-03-05
Fixed
- Fix web UI not cleaning up notifications after block (Gargron)
- Fix redundant HTTP requests when resolving private statuses (ThibG)
- Fix performance of account media query (abcang)
- Fix mention processing for unknown accounts (ThibG)
- Fix getting started column not scrolling on short screens (trwnh)
- Fix direct messages pagination in the web UI (ThibG)
- Fix serialization of Announce activities (ThibG)
- Fix home timeline perpetually reloading when empty in web UI (Gargron)
- Fix lists export (ThibG)
- Fix edit profile page crash for suspended-then-unsuspended users (ThibG)
[2.7.3] - 2019-02-23
Added
- Add domain filter to the admin federation page (ThibG)
- Add quick link from admin account view to block/unblock instance (ThibG)
Fixed
- Fix video player width not being updated to fit container width (ThibG)
- Fix domain filter being shown in admin page when local filter is active (ThibG)
- Fix crash when conversations have no valid participants (ThibG)
- Fix error when performing admin actions on no statuses (ThibG)
Changed
- Change custom emojis to randomize stored file name (hinaloe)
[2.7.2] - 2019-02-17
Added
- Add support for IPv6 in e-mail validation (zoc)
- Add record of IP address used for signing up (ThibG)
- Add tight rate-limit for API deletions (30 per 30 minutes) (Gargron)
- Add support for embedded
Announce
objects attributed to the same actor (ThibG, Gargron)
- Add spam filter for
Create
and Announce
activities (Gargron, Gargron, Gargron)
- Add
registrations
attribute to GET /api/v1/instance
(Gargron)
- Add
vapid_key
to POST /api/v1/apps
and GET /api/v1/apps/verify_credentials
(Gargron)
Fixed
- Fix link color and add link underlines in high-contrast theme (Gargron, Gargron)
- Fix unicode characters in URLs not being linkified (JMendyk, hinaloe)
- Fix URLs linkifier grabbing ending quotation as part of the link (Gargron)
- Fix authorized applications page design (rinsuki)
- Fix custom emojis not showing up in share page emoji picker (rinsuki)
- Fix too liberal application of whitespace in toots (trwnh)
- Fix misleading e-mail hint being displayed in admin view (ThibG)
- Fix tombstones not being cleared out (abcang)
- Fix some timeline jumps (ThibG, ThibG, rinsuki)
- Fix content warning input taking keyboard focus even when hidden (hinaloe)
- Fix hashtags select styling in default and high-contrast themes (Gargron)
- Fix style regressions on landing page (Gargron)
- Fix hashtag column not subscribing to stream on mount (Gargron)
- Fix relay enabling/disabling not resetting inbox availability status (Gargron)
- Fix mutes, blocks, domain blocks and follow requests not paginating (Gargron)
- Fix crash on public hashtag pages when streaming fails (ThibG)
Changed
- Change icon for unlisted visibility level (clarcharr)
- Change queue of actor deletes from push to pull for non-follower recipients (ThibG)
- Change robots.txt to exclude media proxy URLs (nightpool)
- Change upload description input to allow line breaks (BenLubar)
- Change
dist/mastodon-streaming.service
to recommend running node without intermediary npm command (nolanlawson)
- Change conversations to always show names of other participants (Gargron)
- Change buttons on timeline preview to open the interaction dialog (Gargron)
- Change error graphic to hover-to-play (Gargron)
[2.7.1] - 2019-01-28
Fixed
- Fix SSO authentication not working due to missing agreement boolean (Gargron)
- Fix slow fallback of CopyAccountStats migration setting stats to 0 (Gargron)
- Fix wrong command in migration error message (angristan)
- Fix initial value of volume slider in video player and handle volume changes (ThibG)
- Fix missing hotkeys for notifications (ThibG)
- Fix being able to attach unattached media created by other users (ThibG)
- Fix unrescued SSL error during link verification (renatolond)
- Fix Firefox scrollbar color regression (trwnh)
- Fix scheduled status with media immediately creating a status (ThibG)
- Fix missing strong style for landing page description (Kjwon15)
[2.7.0] - 2019-01-20
Added
- Add link for adding a user to a list from their profile (namelessGonbai)
- Add joining several hashtags in a single column (gdpelican)
- Add volume sliders for videos (sumdog)
- Add a tooltip explaining what a locked account is (pawelngei)
- Add preloaded cache for common JSON-LD contexts (ThibG)
- Add profile directory (Gargron)
- Add setting to not group reblogs in home feed (ThibG)
- Add admin ability to remove a user's header image (ThibG)
- Add account hashtags to ActivityPub actor JSON (Gargron)
- Add error message for avatar image that's too large (sumdog)
- Add notification quick-filter bar (pawelngei)
- Add new first-time tutorial (Gargron)
- Add moderation warnings (Gargron)
- Add emoji codepoint mappings for v11.0 (Gargron)
- Add REST API for creating an account (Gargron)
- Add support for Malayalam in language filter (tachyons)
- Add exclude_reblogs option to account statuses API (Gargron)
- Add local followers page to admin account UI (chr-1x)
- Add healthcheck commands to docker-compose.yml (BenLubar)
- Add handler for Move activity to migrate followers (Gargron)
- Add CSV export for lists and domain blocks (Gargron)
- Add
tootctl accounts follow ACCT
(Gargron)
- Add scheduled statuses (Gargron)
- Add immutable caching for S3 objects (nolanlawson)
- Add cache to custom emojis API (Gargron)
- Add preview cards to non-detailed statuses on public pages (Gargron)
- Add
mod
and moderator
to list of default reserved usernames (Gargron)
- Add quick links to the admin interface in the web UI (ThibG)
- Add
tootctl domains crawl
(Gargron)
- Add attachment list fallback to public pages (ThibG)
- Add
tootctl --version
(Gargron)
- Add information about how to opt-in to the directory on the directory (Gargron)
- Add timeouts for S3 (Gargron)
- Add support for non-public reblogs from ActivityPub (Gargron)
- Add sending of
Reject
activity when sending a Block
activity (ThibG)
Changed
- Temporarily pause timeline if mouse moved recently (lmorchard)
- Change the password form order (mayaeh)
- Redesign admin UI for accounts (Gargron, Gargron)
- Redesign admin UI for instances/domain blocks (Gargron)
- Swap avatar and header input fields in profile page (ThibG)
- When posting in mobile mode, go back to previous history location (ThibG)
- Split out is_changing_upload from is_submitting (ThibG)
- Back to the getting-started when pins the timeline. (kedamaDQ)
- Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (Gargron)
- Limit maximum visibility of local silenced users to unlisted (ThibG)
- Change API error message for unconfirmed accounts (noellabo)
- Change the icon to "reply-all" when it's a reply to other accounts (mayaeh)
- Do not ignore federated reports targetting already-reported accounts (ThibG)
- Upgrade default Ruby version to 2.6.0 (Gargron)
- Change e-mail digest frequency (Gargron)
- Change Docker images for Tor support in docker-compose.yml (Sir-Boops)
- Display fallback link card thumbnail when none is given (Gargron)
- Change account bio length validation to ignore mention domains and URLs (Gargron)
- Use configured contact user for "anonymous" federation activities (yukimochi)
- Change remote interaction dialog to use specific actions instead of generic "interact" (Gargron)
- Always re-fetch public key when signature verification fails to support blind key rotation (ThibG)
- Make replies to boosts impossible, connect reply to original status instead (valerauko)
- Change e-mail MX validation to check both A and MX records against blacklist (Gargron)
- Hide floating action button on search and getting started pages (tmm576)
- Redesign public hashtag page to use a masonry layout (Gargron)
- Use
summary
as summary instead of content warning for converted ActivityPub objects (Gargron)
- Display a double reply arrow on public pages for toots that are replies (ThibG)
- Change admin UI right panel size to be wider (Kjwon15)
Removed
- Remove links to bridge.joinmastodon.org (non-functional) (Gargron)
- Remove LD-Signatures from activities that do not need them (ThibG)
Fixed
- Remove unused computation of reblog references from updateTimeline (ThibG)
- Fix loaded embeds resetting if a status arrives from API again (ThibG)
- Fix race condition causing shallow status with only a "favourited" attribute (ThibG)
- Remove intermediary arrays when creating hash maps from results (Gargron)
- Extract counters from accounts table to account_stats table to improve performance (Gargron)
- Change identities id column to a bigint (Gargron)
- Fix conversations API pagination (ThibG)
- Improve account suspension speed and completeness (Gargron)
- Fix thread depth computation in statuses_controller (ThibG)
- Fix database deadlocks by moving account stats update outside transaction (ThibG)
- Escape HTML in profile name preview in profile settings (pawelngei)
- Use same CORS policy for /@:username and /users/:username (ThibG)
- Make custom emoji domains case insensitive (Esteth)
- Various fixes to scrollable lists and media gallery (ThibG)
- Fix bootsnap cache directory being declared relatively (Gargron)
- Fix timeline pagination in the web UI (ThibG)
- Fix padding on dropdown elements in preferences (ThibG)
- Make avatar and headers respect GIF autoplay settings (ThibG)
- Do no retry Web Push workers if the server returns a 4xx response (Gargron)
- Minor scrollable list fixes (ThibG)
- Ignore low-confidence CharlockHolmes guesses when parsing link cards (ThibG)
- Fix
tootctl accounts rotate
not updating public keys (Gargron)
- Fix CSP / X-Frame-Options for media players (jomo)
- Fix unnecessary loadMore calls when the end of a timeline has been reached (ThibG)
- Skip mailer job retries when a record no longer exists (Gargron)
- Fix composer not getting focus after reply confirmation dialog (ThibG)
- Fix signature verification stoplight triggering on non-timeout errors (Gargron)
- Fix ThreadResolveWorker getting queued with invalid URLs (Gargron)
- Fix crash when clearing uninitialized timeline (ThibG)
- Avoid duplicate work by merging ReplyDistributionWorker into DistributionWorker (ThibG)
- Skip full text search if it fails, instead of erroring out completely (Kjwon15)
- Fix profile metadata links not verifying correctly sometimes (shrft)
- Ensure blocked user unfollows blocker if Block/Undo-Block activities are processed out of order (ThibG)
- Fix unreadable text color in report modal for some statuses (Gargron)
- Stop GIFV timeline preview explicitly when it's opened in modal (kedamaDQ)
- Fix scrollbar width compensation (ThibG)
- Fix race conditions when processing deleted toots (ThibG)
- Fix SSO issues on WebKit browsers by disabling Same-Site cookie again (moritzheiber)
- Fix empty OEmbed error (renatolond)
- Fix drag & drop modal not disappearing sometimes (hinaloe)
- Fix statuses with content warnings being displayed in web push notifications sometimes (ThibG)
- Fix scroll-to-detailed status not working on public pages (ThibG)
- Fix media modal loading indicator (ThibG)
- Fix hashtag search results not having a permalink fallback in web UI (ThibG)
- Fix slightly cropped font on settings page dropdowns when using system font (ariasuni)
- Fix not being able to drag & drop text into forms (tmm576)
Security
- Sanitize and sandbox toot embeds in web UI (ThibG)
- Add tombstones for remote statuses to prevent replay attacks (ThibG)
[2.6.5] - 2018-12-01
Changed
- Change lists to display replies to others on the list and list owner (ThibG)
Fixed
- Fix failures caused by commonly-used JSON-LD contexts being unavailable (ThibG)
[2.6.4] - 2018-11-30
Fixed
- Fix yarn dependencies not installing due to yanked event-stream package (Gargron)
[2.6.3] - 2018-11-30
Added
- Add hyphen to characters allowed in remote usernames (ThibG)
Changed
- Change server user count to exclude suspended accounts (Gargron)
Fixed
- Fix ffmpeg processing sometimes stalling due to overfilled stdout buffer (hugogameiro)
- Fix missing DNS records raising the wrong kind of exception (Gargron)
- Fix already queued deliveries still trying to reach inboxes marked as unavailable (Gargron)
Security
- Fix TLS handshake timeout not being enforced (Gargron)
[2.6.2] - 2018-11-23
Added
- Add Page to whitelisted ActivityPub types (mbajur)
- Add 20px to column width in web UI (Gargron)
- Add amount of freed disk space in
tootctl media remove
(Gargron, Gargron, mayaeh)
- Add "Show thread" link to self-replies (Gargron)
Changed
- Change order of Atom and RSS links so Atom is first (Alkarex)
- Change Nginx configuration for Nanobox apps (danhunsaker)
- Change the follow action to appear instant in web UI (Gargron)
- Change how the ActiveRecord connection is instantiated in on_worker_boot (Gargron)
- Change
tootctl accounts cull
to always touch accounts so they can be skipped (renatolond)
- Change mime type comparison to ignore JSON-LD profile (valerauko)
Fixed
- Fix web UI crash when conversation has no last status (sammy8806)
- Fix follow limit validator reporting lower number past threshold (Gargron)
- Fix form validation flash message color and input borders (Gargron)
- Fix invalid twitter:player cards being displayed (ThibG)
- Fix emoji update date being processed incorrectly (ThibG)
- Fix playing embed resetting if status is reloaded in web UI (ThibG, Gargron)
- Fix web UI crash when favouriting a deleted status (ThibG)
- Fix intermediary arrays being created for hash maps (Gargron)
- Fix filter ID not being a string in REST API (Gargron)
Security
- Fix multiple remote account deletions being able to deadlock the database (Gargron)
- Fix HTTP connection timeout of 10s not being enforced (Gargron)
[2.6.1] - 2018-10-30
Fixed
- Fix resolving resources by URL not working due to a regression in valerauko (Gargron)
- Fix reducer error in web UI when a conversation has no last status (Gargron)
[2.6.0] - 2018-10-30
Added
- Add link ownership verification (Gargron)
- Add conversations API (Gargron)
- Add limit for the number of people that can be followed from one account (Gargron)
- Add admin setting to customize mascot (ashleyhull-versent)
- Add support for more granular ActivityPub audiences from other software, i.e. circles (Gargron, Gargron, Gargron)
- Add option to block all reports from a domain (Gargron)
- Add user preference to always expand toots marked with content warnings (webroo)
- Add user preference to always hide all media (fvh-P)
- Add
force_login
param to OAuth authorize page (Gargron)
- Add
tootctl accounts backup
(Gargron, Gargron)
- Add
tootctl accounts create
(Gargron, Gargron)
- Add
tootctl accounts cull
(Gargron, Gargron)
- Add
tootctl accounts delete
(Gargron, Gargron)
- Add
tootctl accounts modify
(Gargron, Gargron)
- Add
tootctl accounts refresh
(Gargron, Gargron)
- Add
tootctl feeds build
(Gargron, Gargron)
- Add
tootctl feeds clear
(Gargron, Gargron)
- Add
tootctl settings registrations open
(Gargron, Gargron)
- Add
tootctl settings registrations close
(Gargron, Gargron)
- Add
min_id
param to REST API to support backwards pagination (Gargron)
- Add a confirmation dialog when hitting reply and the compose box isn't empty (ThibG)
- Add PostgreSQL disk space growth tracking in PGHero (Gargron)
- Add button for disabling local account to report quick actions bar (Gargron)
- Add Czech language (Aditoo17)
- Add
same-site
(lax
) attribute to cookies (sorin-davidoi)
- Add support for styled scrollbars in Firefox Nightly (sorin-davidoi)
- Add highlight to the active tab in web UI profiles (rhoio)
- Add auto-focus for comment textarea in report modal (ThibG)
- Add auto-focus for emoji picker's search field (ThibG)
- Add nginx and systemd templates to
dist/
directory (Gargron)
- Add support for
/.well-known/change-password
(Gargron)
- Add option to override FFMPEG binary path (sascha-sl)
- Add
dns-prefetch
tag when using different host for assets or uploads (Gargron)
- Add
description
meta tag (Gargron)
- Add
Content-Security-Policy
header (ThibG)
- Add cache for the instance info API (ykzts)
- Add suggested follows to search screen in mobile layout (Gargron)
- Add CORS header to
/.well-known/*
routes (BenLubar)
- Add
card
attribute to statuses returned from REST API (Gargron)
- Add in-stream link preview (Gargron)
- Add support for ActivityPub
Page
objects (mbajur)
Changed
- Change forms design (Gargron)
- Change reports overview to group by target account (Gargron)
- Change web UI to show "read more" link on overly long in-stream statuses (lanodan)
- Change design of direct messages column (Gargron, Gargron)
- Change home timelines to exclude DMs (Gargron)
- Change list timelines to exclude all replies (cbayerlein)
- Change admin accounts UI default sort to most recent (Gargron)
- Change documentation URL in the UI (Gargron)
- Change style of success and failure messages (Gargron)
- Change DM filtering to always allow DMs from staff (qguv)
- Change recommended Ruby version to 2.5.3 (zunda)
- Change docker-compose default to persist volumes in current directory (Gargron)
- Change character counters on edit profile page to input length limit (Gargron)
- Change notification filtering to always let through messages from staff (Gargron)
- Change "hide boosts from user" function also hiding notifications about boosts (ThibG)
- Change CSS
detailed-status__wrapper
class actually wrap the detailed status (trwnh)
Deprecated
GET /api/v1/timelines/direct
→ GET /api/v1/conversations
(Gargron)
POST /api/v1/notifications/dismiss
→ POST /api/v1/notifications/:id/dismiss
(Gargron)
GET /api/v1/statuses/:id/card
→ card
attributed included in status (Gargron)
Removed
- Remove "on this device" label in column push settings (rhoio)
- Remove rake tasks in favour of tootctl commands (Gargron)
Fixed
- Fix remote statuses using instance's default locale if no language given (Kjwon15)
- Fix streaming API not exiting when port or socket is unavailable (Gargron)
- Fix network calls being performed in database transaction in ActivityPub handler (Gargron)
- Fix dropdown arrow position (ThibG)
- Fix first element of dropdowns being focused even if not using keyboard (ThibG)
- Fix tootctl requiring
bundle exec
invocation (abcang)
- Fix public pages not using animation preference for avatars (renatolond)
- Fix OEmbed/OpenGraph cards not understanding relative URLs (ThibG)
- Fix some dark emojis not having a white outline (ThibG)
- Fix media description not being displayed in various media modals (ThibG)
- Fix generated URLs of desktop notifications missing base URL (GenbuHase)
- Fix RTL styles (mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar)
- Fix crash in streaming API when tag param missing (Gargron)
- Fix hotkeys not working when no element is focused (ThibG)
- Fix some hotkeys not working on detailed status view (ThibG)
- Fix og:url on status pages (ThibG)
- Fix upload option buttons only being visible on hover (Gargron)
- Fix tootctl not returning exit code 1 on wrong arguments (sascha-sl)
- Fix preview cards for appearing for profiles mentioned in toot (ThibG, ThibG)
- Fix local accounts sometimes being duplicated as faux-remote (Gargron)
- Fix emoji search when the shortcode has multiple separators (ThibG)
- Fix dropdowns sometimes being partially obscured by other elements (kedamaDQ)
- Fix cache not updating when reply/boost/favourite counters or media sensitivity update (Gargron)
- Fix empty display name precedence over username in web UI (Gargron)
- Fix td instead of th in sessions table header (Gargron)
- Fix handling of content types with profile (valerauko)
[2.5.2] - 2018-10-12
Security
[2.5.1] - 2018-10-07
Fixed
- Fix database migrations for PostgreSQL below 9.5 (Gargron)
- Fix class autoloading issue in ActivityPub Create handler (Gargron)
- Fix cache statistics not being sent via statsd when statsd enabled (ykzts)
- Bump puma from 3.11.4 to 3.12.0 (dependabot[bot])
Security
- Fix some local images not having their EXIF metadata stripped on upload (ThibG)
- Fix being able to enable a disabled relay via ActivityPub Accept handler (ThibG)
- Bump nokogiri from 1.8.4 to 1.8.5 (dependabot[bot])
- Fix being able to report statuses not belonging to the reported account (ThibG)