CHANGELOG.md



To find the state of this project's repository at the time of any of these versions, check out the tags.


Changelog
All notable changes to this project will be documented in this file.

[3.3.0] - 2020-12-27

Added


Add hotkeys for audio/video control in web UI (Gargron, Gargron)


Space and k to toggle playback

m to toggle mute

f to toggle fullscreen

j and l to go back and forward by 10 seconds

. and , to go back and forward by a frame (video only)


Add expand/compress button on media modal in web UI (mashirozx, mashirozx, mashirozx)
Add border around 🕺 emoji in web UI (ThibG)
Add border around 🐞 emoji in web UI (ThibG)
Add home link to the getting started column when home isn't mounted (ThibG)
Add option to disable swiping motions across the web UI (ThibG)

Add pop-out player for audio/video in web UI (Gargron, Gargron, Gargron, noellabo)

Continue watching/listening when you scroll away
Action bar to interact with/open toot from the pop-out player


Add unread notification markers in web UI (ThibG, ThibG, ThibG, noellabo, noellabo)
Add paragraph about browser add-ons when encountering errors in web UI (ThibG)
Add import and export for bookmarks (ThibG)
Add cache buster feature for media files (Gargron)

If you have a proxy cache in front of object storage, deleted files will persist until the cache expires
If enabled, cache buster will make a special request to the proxy to signal a cache reset


Add duration option to the mute function (aquarla)
Add replies policy option to the list function (ThibG, trwnh)
Add og:published_time OpenGraph tags on toots (nornagon)

Add option to be notified when a followed user posts (Gargron, ThibG, Gargron)

If you don't want to miss a toot, click the bell button!


Add client-side validation in password change forms (ThibG)
Add client-side validation in the registration form (ThibG, ThibG)
Add support for Gemini URLs (joshleeb)
Add app shortcuts to web app manifest (mkljczk)
Add WebAuthn as an alternative 2FA method (santiagorodriguez96, jiikko)
Add honeypot fields and minimum fill-out time for sign-up form (ThibG)
Add icon for mutual relationships in relationship manager (noellabo)
Add follow selected followers button in relationship manager (noellabo)

Add subresource integrity for JS and CSS assets (Gargron)

If you use a CDN for static assets (JavaScript, CSS, and so on), you have to trust that the CDN does not modify the assets maliciously
Subresource integrity compares server-generated asset digests with what's actually served from the CDN and prevents such attacks


Add ku, sa, sc, zgh to available locales (ykzts)
Add ability to force an account to mark media as sensitive (noellabo)

Add ability to block access or limit sign-ups from chosen IPs (Gargron, ThibG)

Add rules for IPs or CIDR ranges that automatically expire after a configurable amount of time
Choose the severity of the rule, either blocking all access or merely limiting sign-ups


Add support for reversible suspensions through ActivityPub (Gargron)

Servers can signal that one of their accounts has been suspended
During suspension, the account can only delete its own content
A reversal of the suspension can be signalled the same way
A local suspension always overrides a remote one


Add indication to admin UI of whether a report has been forwarded (ThibG)
Add display of reasons for joining of an account in admin UI (mashirozx)
Add option to obfuscate domain name in public list of domain blocks (Gargron)
Add option to make reasons for joining required on sign-up (ThibG, ThibG, ThibG, ThibG)
Add ActivityPub follower synchronization mechanism (ThibG, ThibG)
Add outbox attribute to instance actor (ThibG)
Add featured hashtags as an ActivityPub collection (Gargron, noellabo)
Add support for dereferencing objects through bearcaps (Gargron, noellabo)
Add S3_READ_TIMEOUT environment variable (tateisu)
Add ALLOWED_PRIVATE_ADDRESSES environment variable (ThibG)
Add --fix-permissions option to tootctl media remove-orphans (Gargron, uist1idrju3i)
Add tootctl accounts merge (Gargron, ThibG, ThibG)

Has someone changed their domain or subdomain thereby creating two accounts where there should be one?
This command will fix it on your end


Add tootctl maintenance fix-duplicates (ThibG, Gargron, ThibG)

Index corruption in the database?
This command is for you


Add support for managing multiple stream subscriptions in a single connection (Gargron, Gargron, mfmfuyu, zunda)

Previously, getting live updates for multiple timelines required opening a HTTP or WebSocket connection for each
More connections means more resource consumption on both ends, not to mention the (ever so slight) delay when establishing a new connection
Now, with just a single WebSocket connection you can subscribe and unsubscribe to and from multiple streams


Add support for limiting results by both min_id and max_id at the same time in REST API (tateisu)
Add GET /api/v1/accounts/:id/featured_tags to REST API (noellabo, noellabo)
Add stoplight for object storage failures, return HTTP 503 in REST API (Gargron)
Add optional tootctl remove media cronjob in Helm chart (dunn)
Add clean error message when RAILS_ENV is unset (ThibG)


Changed


Change media modals look in web UI (Gargron, Gargron, Gargron, Gargron, Kjwon15, noellabo, ThibG)

Background of the overlay matches the color of the image
Action bar to interact with or open the toot from the modal


Change order of announcements in admin UI to be newest-first (ThibG)

Change account suspensions to be reversible by default (Gargron, ThibG, ThibG, ThibG, ThibG, noellabo, ThibG, Gargron, Gargron)

Suspensions no longer equal deletions
A suspended account can be unsuspended with minimal consequences for 30 days
Immediate deletion of data is still available as an explicit option
Suspended accounts can request an archive of their data through the UI


Change REST API to return empty data for suspended accounts (14765)
Change web UI to show empty profile for suspended accounts (Gargron, Gargron)
Change featured hashtag suggestions to be recently used instead of most used (abcang)
Change direct toots to appear in the home feed again (Gargron, ThibG, noellabo)

Return to treating all toots the same instead of trying to retrofit direct visibility into an instant messaging model


Change email address validation to return more specific errors (ThibG)
Change HTTP signature requirements to include Digest header on POST requests (ThibG)
Change click area of video/audio player buttons to be bigger in web UI (ariasuni)
Change order of filters by alphabetic by "keyword or phrase" (ariasuni)
Change suspension of remote accounts to also undo outgoing follows (ThibG)
Change string "Home" to "Home and lists" in the filter creation screen (ariasuni)
Change string "Boost to original audience" to "Boost with original visibility" in web UI (3n-k1)
Change string "Show more" to "Show newer" and "Show older" on public pages (ariasuni)
Change order of announcements to be reverse chronological in web UI (dariusk, dariusk)
Change RTL detection to rely on unicode-bidi paragraph by paragraph in web UI (Gargron)
Change visibility icon next to timestamp to be clickable in web UI (ariasuni, mayaeh)
Change public thread view to hide "Show thread" link (ThibG)
Change number format on about page from full to shortened (Gargron)
Change how scheduled tasks run in multi-process environments (noellabo)

New dedicated queue scheduler

Runs by default when Sidekiq is executed with no options
Has to be added manually in a multi-process environment


Removed

Remove fade-in animation from modals in web UI (Gargron)
Remove auto-redirect to direct messages in web UI (Gargron)
Remove obsolete IndexedDB operations from web UI (Gargron)
Remove dependency on unused and unmaintained http_parser.rb gem (ThibG)


Fixed

Fix layout on about page when contact account has a long username (ThibG)
Fix follow limit preventing re-following of a moved account (Gargron, ThibG)

Fix deletes not reaching every server that interacted with toot (Gargron)

Previously, delete of a toot would be primarily sent to the followers of its author, people mentioned in the toot, and people who reblogged the toot
Now, additionally, it is ensured that it is sent to people who replied to it, favourited it, and to the person it replies to even if that person is not mentioned


Fix resolving an account through its non-canonical form (i.e. alternate domain) (ThibG)
Fix sending redundant ActivityPub events when processing remote account deletion (ThibG)
Fix Move handler not being triggered when failing to fetch target account (ThibG)
Fix downloading remote media files when server returns empty filename (ThibG)
Fix account processing failing because of large collections (ThibG)
Fix not being able to unfavorite toots one has lost access to (ThibG)
Fix not being able to unbookmark toots one has lost access to (ThibG)
Fix possible casing inconsistencies in hashtag search (ThibG)
Fix updating account counters when association is not yet created (Gargron)
Fix cookies not having a SameSite attribute (Gargron)
Fix poll ending notifications being created for each vote (ThibG)
Fix multiple boosts of a same toot erroneously appearing in TL (ThibG)
Fix asset builds not picking up CDN_HOST change (ThibG)
Fix desktop notifications permission prompt in web UI (Gargron, Gargron, ThibG, ThibG)

Some time ago, browsers added a requirement that desktop notification prompts could only be displayed in response to a user-generated event (such as a click)
This means that for some time, users who haven't already given the permission before were not getting a prompt and as such were not receiving desktop notifications


Fix "Mark media as sensitive" string not supporting pluralizations in other languages in web UI (ariasuni)
Fix glitched image uploads when canvas read access is blocked in web UI (ThibG)
Fix some account gallery items having empty labels in web UI (ThibG)
Fix alt-key hotkeys activating while typing in a text field in web UI (ThibG)
Fix wrong seek bar width on media player in web UI (mfmfuyu)
Fix logging out on mobile in web UI (ThibG)
Fix wrong click area for GIFVs in media modal in web UI (noellabo)
Fix unreadable placeholder text color in high contrast theme in web UI (Gargron)
Fix scrolling issues when closing some dropdown menus in web UI (ThibG)
Fix notification filter bar incorrectly filtering gaps in web UI (ThibG)
Fix disabled boost icon being replaced by private boost icon on hover in web UI (ThibG)
Fix hashtag detection in compose form being different to server-side in web UI (kedamaDQ, ThibG)
Fix home last read marker mishandling gaps in web UI (ThibG)
Fix unnecessary re-rendering of various components when typing in web UI (Gargron)
Fix notifications being unnecessarily re-rendered in web UI (ThibG)
Fix column swiping animation logic in web UI (ThibG)
Fix inefficiency when fetching hashtag timeline (noellabo, akihikodaki)
Fix inefficiency when fetching bookmarks (akihikodaki)
Fix inefficiency when fetching favourites (akihikodaki)
Fix inefficiency when fetching media-only account timeline (akihikodaki)
Fix inefficieny when deleting accounts (Gargron, ThibG, ThibG, ThibG, ThibG, ThibG, Gargron)
Fix redundant query when processing batch actions on custom emojis (niwatori24)
Fix slow distinct queries where grouped queries are faster (Gargron)
Fix performance on instances list in admin UI (Gargron)
Fix server actor appearing in list of accounts in admin UI (ThibG)
Fix "bootstrap timeline accounts" toggle in site settings in admin UI (ThibG)
Fix PostgreSQL secret name for cronjob in Helm chart (metal3d)
Fix Procfile not being compatible with herokuish (acuteaura)
Fix installation of tini being split into multiple steps in Dockerfile (ryncsn)


Security

Fix streaming API allowing connections to persist after access token invalidation (Gargron)
Fix 2FA/sign-in token sessions being valid after password change (Gargron)
Fix resolving accounts sometimes creating duplicate records for a given ActivityPub identifier (ThibG)


[3.2.2] - 2020-12-19

Added

Add tootctl maintenance fix-duplicates (ThibG, Gargron)

Index corruption in the database?
This command is for you


Removed

Remove dependency on unused and unmaintained http_parser.rb gem (ThibG)


Fixed

Fix Move handler not being triggered when failing to fetch target account (ThibG)
Fix downloading remote media files when server returns empty filename (ThibG)
Fix possible casing inconsistencies in hashtag search (ThibG)
Fix updating account counters when association is not yet created (Gargron)
Fix account processing failing because of large collections (ThibG)
Fix resolving an account through its non-canonical form (i.e. alternate domain) (ThibG)
Fix slow distinct queries where grouped queries are faster (Gargron)


Security

Fix 2FA/sign-in token sessions being valid after password change (Gargron)
Fix resolving accounts sometimes creating duplicate records for a given ActivityPub identifier (ThibG)


[3.2.1] - 2020-10-19

Added

Add support for latest HTTP Signatures spec draft (ThibG)
Add support for inlined objects in ActivityPub to/cc (ThibG)


Changed

Change actors to not be served at all without authentication in limited federation mode (ThibG)

Previously, a bare version of an actor was served when not authenticated, i.e. username and public key
Because all actor fetch requests are signed using a separate system actor, that is no longer required


Fixed

Fix tootctl media commands not recognizing very large IDs (ThibG)
Fix crash when failing to load emoji picker in web UI (ThibG)
Fix contrast requirements in thumbnail color extraction (ThibG)
Fix audio/video player not using CDN_HOST on public pages (ThibG)
Fix private boost icon not being used on public pages (OmmyZhang)
Fix audio player on Safari in web UI (ThibG, ThibG)
Fix dereferencing remote statuses not using the correct account for signature when receiving a targeted inbox delivery (ThibG)
Fix nil error in tootctl media remove (noellabo)
Fix videos with near-60 fps being rejected (Gargron)
Fix reported statuses not being included in warning e-mail (Gargron)
Fix Reject activities of Follow objects not correctly destroying a follow relationship (ThibG)
Fix inefficiencies in fan-out-on-write service (Gargron, noellabo)
Fix timeout errors when trying to webfinger some IPv6 configurations (Gargron)
Fix files served as application/octet-stream being rejected without attempting mime type detection (ThibG)


[3.2.0] - 2020-07-27

Added

Add SMTP_SSL environment variable (OmmyZhang)
Add hotkey for toggling content warning input in web UI (ThibG)

Add e-mail-based sign in challenge for users with disabled 2FA (Gargron)

If user tries signing in after:

Being inactive for a while
With a previously unknown IP
Without 2FA being enabled


Require to enter a token sent via e-mail before sigining in


Add limit param to RSS feeds (noellabo)
Add visibility param to share page (noellabo)
Add blurhash to link previews (ThibG, ThibG, ThibG, Sasha-Sorokin, Sasha-Sorokin, ThibG, ThibG, ThibG)

In web UI, toots cannot be marked as sensitive unless there is media attached
However, it's possible to do via API or ActivityPub
Thumnails of link previews of such posts now use blurhash in web UI
The Card entity in REST API has a new blurhash attribute


Add support for summary field for media description in ActivityPub (ThibG)
Add hints about incomplete remote content to web UI (Gargron, noellabo)

Add personal notes for accounts (ThibG, Gargron, Sasha-Sorokin)

To clarify, these are notes only you can see, to help you remember details
Notes can be viewed and edited from profiles in web UI
New REST API: POST /api/v1/accounts/:id/note with comment param
The Relationship entity in REST API has a new note attribute


Add Helm chart (dunn, dunn, dunn)

Add customizable thumbnails for audio and video attachments (Gargron, Gargron, Gargron, Gargron, ThibG, ThibG, noellabo, noellabo)

Metadata (album, artist, etc) is no longer stripped from audio files
Album art is automatically extracted from audio files
Thumbnail can be manually uploaded for both audio and video attachments
Media upload APIs now support thumbnail param

On POST /api/v1/media and POST /api/v2/media

And on PUT /api/v1/media/:id


ActivityPub representation of media attachments represents custom thumbnails with an icon attribute
The Media Attachment entity in REST API now has a preview_remote_url to its preview_url, equivalent to remote_url to its url


Add color extraction for thumbnails (Gargron, ThibG)

The meta attribute on the Media Attachment entity in REST API can now have a colors attribute which in turn contains three hex colors: background, foreground, and accent

The background color is chosen from the most dominant color around the edges of the thumbnail
The foreground and accent colors are chosen from the colors that are the most different from the background color using the CIEDE2000 algorithm
The most satured color of the two is designated as the accent color
The one with the highest W3C contrast is designated as the foreground color
If there are not enough colors in the thumbnail, new ones are generated using a monochrome pattern


Add a visibility indicator to toots in web UI (noellabo, highemerly)
Add tootctl email_domain_blocks (tateisu, Gargron)
Add "Add new domain block" to header of federation page in admin UI (ariasuni)
Add ability to keep emoji picker open with ctrl+click in web UI (bclindner, noellabo)
Add custom icon for private boosts in web UI (ThibG)
Add support for Create and Update activities that don't inline objects in ActivityPub (ThibG)
Add support for Undo activities that don't inline activities in ActivityPub (ThibG)


Changed

Change .env.production.sample to be leaner and cleaner (Gargron)

It was overloaded as de-facto documentation and getting quite crowded
Defer to the actual documentation while still giving a minimal example


Change tootctl search deploy to work faster and display progress (Gargron)
Change User-Agent of link preview fetching service to include "Bot" (Gargron)

Some websites may not render OpenGraph tags into HTML if that's not the case


Change behaviour to carry blocks over when someone migrates their followers (ThibG)
Change volume control and download buttons in web UI (Gargron)

Change design of audio players in web UI (Gargron, ThibG, Gargron, ThibG, Gargron, ThibG)
Change reply filter to never filter own toots in web UI (ThibG)
Change boost button to no longer serve as visibility indicator in web UI (noellabo, ThibG)
Change contrast of flash messages (cchoi12)
Change wording from "Hide media" to "Hide image/images" in web UI (ariasuni)
Change appearence of settings pages to be more consistent (ariasuni)
Change "Add media" tooltip to not include long list of formats in web UI (ariasuni)
Change how badly contrasting emoji are rendered in web UI (leo60228, ThibG, mfmfuyu, ThibG)
Change structure of unavailable content section on about page (ariasuni)
Change behaviour to accept ActivityPub activities relayed through group actor (noellabo)
Change amount of processing retries for ActivityPub activities (noellabo)


Removed

Remove the terms "blacklist" and "whitelist" from UX (Gargron, mayaeh)

Environment variables changed (old versions continue to work):


WHITELIST_MODE → LIMITED_FEDERATION_MODE


EMAIL_DOMAIN_BLACKLIST → EMAIL_DOMAIN_DENYLIST


EMAIL_DOMAIN_WHITELIST → EMAIL_DOMAIN_ALLOWLIST


CLI option changed:


tootctl domains purge --whitelist-mode → tootctl domains purge --limited-federation-mode


Remove some unnecessary database indices (lfuelling, noellabo)
Remove unnecessary Node.js version upper bound (ykzts)


Fixed

Fix following param not working when exact match is found in account search (noellabo)
Fix sometimes occuring duplicate mention notifications (noellabo)
Fix RSS feeds not being cachable (ThibG)
Fix lack of locking around processing of Announce activities in ActivityPub (noellabo)
Fix boosted toots from blocked account not being retroactively removed from TL (ThibG)
Fix large shortened numbers (like 1.2K) using incorrect pluralization (Sasha-Sorokin)
Fix streaming server trying to use empty password to connect to Redis when REDIS_PASSWORD is given but blank (ThibG)
Fix being unable to unboost posts when blocked by their author (ThibG)
Fix account domain block not properly unfollowing accounts from domain (Gargron)
Fix removing a domain allow wiping known accounts in open federation mode (ThibG)
Fix blocks and mutes pagination in web UI (ThibG)
Fix new posts pushing down origin of opened dropdown in web UI (ThibG, ThibG)
Fix timeline markers not being saved sometimes (ThibG, ThibG, ThibG)
Fix CSV uploads being rejected (noellabo)
Fix incompatibility with ElasticSearch 7.x (noellabo)
Fix being able to search posts where you're in the target audience but not actively mentioned (noellabo)
Fix non-local posts appearing on local-only hashtag timelines in web UI (noellabo)
Fix tootctl media remove-orphans choking on unknown files in storage (Gargron)
Fix tootctl upgrade storage-schema misbehaving (Gargron, angristan)

Fix it marking records as upgraded even though no files were moved
Fix it not working with S3 storage
Fix it not working with custom emojis


Fix GIF reader raising incorrect exceptions (ThibG)
Fix hashtag search performing account search as well (ThibG)
Fix Webfinger returning wrong status code on malformed or missing param (ThibG)
Fix rake mastodon:setup error when some environment variables are set (ThibG)
Fix admin page crashing when trying to block an invalid domain name in admin UI (ThibG)
Fix unsent toot confirmation dialog not popping up in single column mode in web UI (ThibG)
Fix performance of follow import (noellabo)

Reduce timeout of Webfinger requests to that of other requests
Use circuit breakers to stop hitting unresponsive servers
Avoid hitting servers that are already known to be generally unavailable


Fix filters ignoring media descriptions (BenLubar)
Fix some actions on custom emojis leading to cryptic errors in admin UI (ThibG)
Fix ActivityPub serialization of replies when some of them are URIs (ThibG)
Fix rake mastodon:setup choking on environment variables containing % (ThibG)
Fix account redirect confirmation message talking about moved followers (ThibG)
Fix avatars having the wrong size on public detailed status pages (ThibG)
Fix various issues around OpenGraph representation of media (Gargron)

Pages containing audio no longer say "Attached: 1 image" in description
Audio attachments now represented as OpenGraph og:audio

The twitter:player page now uses Mastodon's proper audio/video player
Audio/video buffered bars now display correctly in audio/video player
Volume and progress bars now respond to movement/move smoother


Fix audio/video/images/cards not reacting to window resizes in web UI (Gargron)
Fix very wide media attachments resulting in too thin a thumbnail in web UI (ThibG)
Fix crash when merging posts into home feed after following someone (ThibG)
Fix unique username constraint for local users not being enforced in database (ThibG)
Fix unnecessary gap under video modal in web UI (mfmfuyu)
Fix 2FA and sign in token pages not respecting user locale (mfmfuyu)
Fix unapproved users being able to view profiles when in limited-federation mode and requiring approval for sign-ups (ThibG)
Fix initial audio volume not corresponding to what's displayed in audio player in web UI (ThibG)
Fix timelines sometimes jumping when closing modals in web UI (ThibG)
Fix memory usage of downloading remote files (Gargron, Gargron, noellabo)

Don't read entire file (up to 40 MB) into memory
Read and write it to temp file in small chunks


Fix inconsistent account header padding in web UI (trwnh)
Fix Thai being skipped from language detection (Sasha-Sorokin)

Since Thai has its own alphabet, it can be detected more reliably


Fix broken hashtag column options styling in web UI (ThibG)
Fix pointer cursor being shown on toots that are not clickable in web UI (arielrodrigues)
Fix lock icon not being shown when locking account in profile settings (ThibG)
Fix domain blocks doing work the wrong way around (ThibG)

Instead of suspending accounts one by one, mark all as suspended first (quick)
Only then proceed to start removing their data (slow)
Clear out media attachments in a separate worker (slow)


[3.1.5] - 2020-07-07

Security

Fix media attachment enumeration (ThibG)
Change rate limits for various paths (Gargron)
Fix other sessions not being logged out on password change (Gargron)


[3.1.4] - 2020-05-14

Added

Add vi to available locales (taicv)
Add ability to remove identity proofs from account (Gargron)
Add ability to exclude local content from federated timeline (noellabo, noellabo)

Add remote param to GET /api/v1/timelines/public REST API
Add public/remote / public:remote variants to streaming API
"Remote only" option in federated timeline column settings in web UI


Add ability to exclude remote content from hashtag timelines in web UI (noellabo)

No changes to REST API
"Local only" option in hashtag column settings in web UI


Add Capistrano tasks that reload the services after deploying (berkes)
Add invites_enabled attribute to GET /api/v1/instance in REST API (ThibG)
Add tootctl emoji export command (lfuelling)
Add separate cache directory for non-local uploads (Gargron, Hanage999, mayaeh)

Add tootctl upgrade storage-schema command to move old non-local uploads to the cache directory


Add buttons to delete header and avatar from profile settings (sternenseemann)
Add emoji graphics and shortcodes from Twemoji 12.1.5 (DeeUnderscore)


Changed

Change error message when trying to migrate to an account that does not have current account set as an alias to be more clear (TheEvilSkeleton)
Change delivery failure tracking to work with hostnames instead of URLs (Gargron, noellabo, noellabo, noellabo)
Change Content-Security-Policy to not need unsafe-inline style-src (ThibG, ThibG, ThibG, ThibG, ThibG)
Change how RSS items are titled and formatted (ThibG, ykzts)


Fixed

Fix dropdown of muted and followed accounts offering option to hide boosts in web UI (ThibG)
Fix "You are already signed in" alert being shown at wrong times (ThibG)
Fix retrying of failed-to-download media files not actually working (noellabo)
Fix first poll option not being focused when adding a poll in web UI (ThibG)
Fix sr locale being selected over sr-Latn (ThibG)
Fix error within error when limiting backtrace to 3 lines (Gargron)
Fix tootctl media remove-orphans crashing on "Import" files (ThibG)
Fix regression in tootctl media remove-orphans (Gargron)
Fix old unique jobs digests not having been cleaned up (Gargron)
Fix own following/followers not showing muted users (ThibG)
Fix list of followed people ignoring sorting on Follows & Followers page  (taras2358)
Fix wrong pgHero Content-Security-Policy when CDN_HOST is set (ThibG)
Fix needlessly deduplicating usernames on collisions with remote accounts when signing-up through SAML/CAS (kaiyou)
Fix page incorrectly scrolling when bringing up dropdown menus in web UI (ThibG)
Fix messed up z-index when NoScript blocks media/previews in web UI (ThibG)
Fix "See what's happening" page showing public instead of local timeline for logged-in users (ThibG)
Fix not being able to resolve public resources in development environment (Gargron)
Fix uninformative error message when uploading unsupported image files (ThibG)
Fix expanded video player issues in web UI (ThibG, eai04191)
Fix and refactor keyboard navigation in dropdown menus in web UI (ThibG)
Fix uploaded image orientation being messed up in some browsers in web UI (ThibG)
Fix actions log crash when displaying updates of deleted announcements in admin UI (ThibG)
Fix search not working due to proxy settings when using hidden services (Gargron)
Fix poll refresh button not being debounced in web UI (rasjonell, ThibG)
Fix confusing error when failing to add an alias to an unknown account (ThibG)
Fix "Email changed" notification sometimes having wrong e-mail (ThibG)
Fix varioues issues on the account aliases page (ThibG)
Fix API footer link in web UI (bubblineyuri)
Fix pagination of following, followers, follow requests, blocks and mutes lists in web UI (ThibG)
Fix styling of polls in JS-less fallback on public pages (ThibG)
Fix trying to delete already deleted file when post-processing (Gargron)


Security

Fix Doorkeeper vulnerability that exposed app secret to users who authorized the app and reset secret of the web UI that could have been exposed (dependabot-preview[bot], Gargron)

For apps that self-register on behalf of every individual user (such as most mobile apps), this is a non-issue
The issue only affects developers of apps who are shared between multiple users, such as server-side apps like cross-posters


[3.1.3] - 2020-04-05

Added

Add ability to filter audit log in admin UI (Gargron)
Add titles to warning presets in admin UI (Gargron)
Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (Gargron)
Add ability to delete files uploaded for settings in admin UI (ThibG)
Add sorting by username, creation and last activity in admin UI (ThibG)
Add explanation as to why unlocked accounts may have follow requests in web UI (ThibG)
Add link to bookmarks to dropdown in web UI (mayaeh)
Add support for links to statuses in announcements to be opened in web UI (ThibG, ThibG)
Add tooltips to audio/video player buttons in web UI (ariasuni)
Add submit button to the top of preferences pages (guigeekz)
Add specific rate limits for posting, following and reporting (Gargron, Gargron)

300 posts every 3 hours
400 follows or follow requests every 24 hours
400 reports every 24 hours


Add federation support for the "hide network" preference (ThibG)
Add --skip-media-remove option to tootctl statuses remove (tateisu)


Changed


Change design of polls in web UI (Sasha-Sorokin, ThibG)
Change status click areas in web UI to be bigger (ariasuni)

Change tootctl media remove-orphans to work for all classes (Gargron)

Change local media attachments to perform heavy processing asynchronously (Gargron)
Change video uploads to always be converted to H264/MP4 (Gargron, ThibG, ThibG)
Change video uploads to enforce certain limits (Gargron)

Dimensions smaller than 1920x1200px
Frame rate at most 60fps


Change the tooltip "Toggle visibility" to "Hide media" in web UI (ariasuni)
Change description of privacy levels to be more intuitive in web UI (ariasuni)
Change GIF label to be displayed even when autoplay is enabled in web UI (koyuawsmbrtn)
Change the string "Hide everything from …" to "Block domain …" in web UI (ThibG, mayaeh)
Change wording of media display preferences to be more intuitive (ariasuni)


Deprecated


POST /api/v1/media → POST /api/v2/media (Gargron)


Fixed

Fix tootctl media remove-orphans ignoring PAPERCLIP_ROOT_PATH (Gargron)
Fix returning results when searching for URL with non-zero offset (Gargron)
Fix pinning a column in web UI sometimes redirecting out of web UI (Gargron)
Fix background jobs not using locks like they are supposed to (Gargron)
Fix content warning being unnecessarily cleared when hiding content warning input in web UI (ThibG)
Fix "Show more" not switching to "Show less" on public pages (ThibG)
Fix import overwrite option not being selectable (noellabo)
Fix wrong color for ellipsis in boost confirmation dialog in web UI (ariasuni)
Fix unnecessary unfollowing when importing follows with overwrite option (noellabo)
Fix 404 and 410 API errors being silently discarded in web UI (ThibG)
Fix OCR not working on Safari because of unsupported worker-src CSP (ThibG)
Fix media not being marked sensitive when a content warning is set with no text (ThibG)
Fix crash after deleting announcements in web UI (codesections, ThibG)
Fix bookmarks not being searchable (Kjwon15, noellabo)
Fix reported accounts not being whitelisted from further spam checks when resolving a spam check report (ThibG)
Fix web UI crash in single-column mode on prehistoric browsers (ThibG)
Fix some timeouts when searching for URLs (ThibG)
Fix detailed view of direct messages displaying a 0 boost count in web UI (ThibG)
Fix regression in “Edit media” modal in web UI (ThibG)
Fix public posts from silenced accounts not being changed to unlisted visibility (ThibG)
Fix error when searching for URLs that contain the mention syntax (ThibG)
Fix text area above/right of emoji picker being accidentally clickable in web UI (ariasuni)
Fix too large announcements not being scrollable in web UI (ThibG)
Fix tootctl media remove-orphans crashing when encountering invalid media (ThibG)
Fix installation failing when Redis password contains special characters (ThibG)
Fix announcements with fully-qualified mentions to local users crashing web UI (ThibG)


Security

Fix re-sending of e-mail confirmation not being rate limited (Gargron)


[v3.1.2] - 2020-02-27

Added

Add --reset-password option to tootctl accounts modify (ThibG)
Add source-mapped stacktrace to error message in web UI (ThibG)


Fixed

Fix dismissing an announcement twice raising an obscure error (ThibG)
Fix misleading error when attempting to re-send a pending follow request (ThibG)
Fix backups failing when files are missing from media attachments (ThibG)
Fix duplicate accounts being created when fetching an account for its key only (ThibG)
Fix /web redirecting to /web/web in web UI (ThibG)
Fix previously OStatus-based accounts not being detected as ActivityPub (ThibG)
Fix account JSON/RSS not being cacheable due to wrong mime type comparison (ThibG)
Fix old browsers crashing because of missing finally polyfill in web UI (ThibG)
Fix account's bio not being shown if there are no proofs/fields in admin UI (ThibG)
Fix sign-ups without checked user agreement being accepted through the web form (ThibG)
Fix non-x64 architectures not being able to build Docker image because of hardcoded Node.js architecture (SaraSmiseth)
Fix invite request input not being shown on sign-up error if left empty (ThibG)
Fix some migration hints mentioning GitLab instead of Mastodon (saper)


Security

Fix leak of arbitrary statuses through unfavourite action in REST API (Gargron)


[3.1.1] - 2020-02-10

Fixed

Fix yanked dependency preventing installation (mayaeh)


[3.1.0] - 2020-02-09

Added

Add bookmarks (ThibG, Gargron, Gomasy)
Add announcements (Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, ThibG, ThibG, Gargron, ThibG, ThibG)
Add number animations in web UI (Gargron, Gargron)
Add kab, is, kn, mr, ur to available locales (Gargron, BoFFire, Gargron)
Add profile filter category (ThibG)
Add ability to add oneself to lists (ThibG)
Add hint how to contribute translations to preferences page (Sasha-Sorokin)
Add signatures to statuses in archive takeout (noellabo)
Add support for magnet: and xmpp links (ThibG, ThibG)
Add follow_request notification type (ThibG)
Add ability to filter reports by account domain in admin UI (ThibG)
Add link to search for users connected from the same IP address to admin UI (ThibG)
Add link to reports targeting a specific domain in admin view (ThibG)
Add support for EventSource streaming in web UI (BenLubar)
Add hotkey for opening media attachments in web UI (ThibG, Kjwon15)
Add relationship-based options to status dropdowns in web UI (Gargron, ThibG, Gargron)
Add support for submitting media description with ctrl+enter in web UI (ThibG)
Add download button to audio and video players in web UI (NimaBoscarino)
Add setting for whether to crop images in timelines in web UI (duxovni)
Add support for Event activities (tcitworld)
Add basic support for Group actors (noellabo)
Add S3_OVERRIDE_PATH_STYLE environment variable (Gargron)
Add S3_OPEN_TIMEOUT environment variable (tateisu)
Add LDAP_MAIL environment variable (madmath03)
Add LDAP_UID_CONVERSION_ENABLED environment variable (madmath03)
Add --remote-only option to tootctl emoji purge (ThibG)
Add tootctl media remove-orphans (Gargron, Gargron)
Add tootctl media lookup command (irlcatgirl)
Add cache for OEmbed endpoints to avoid extra HTTP requests (Gargron)
Add support for KaiOS arrow navigation to public pages (nolanlawson)
Add discoverable to accounts in REST API (trwnh)
Add admin setting to disable default follows (ArisuOngaku)
Add support for LDAP and PAM in the OAuth password grant strategy (ntl-purism, Gargron)
Allow support for Accept/Reject activities with a non-embedded object (puckipedia)
Add "Show thread" button to public profiles (Sasha-Sorokin)


Changed

Change last_status_at to be a date, not datetime in REST API (ThibG)
Change followers page to relationships page in admin UI (Gargron, Gargron)
Change reported media attachments to always be hidden in admin UI (Gargron, ThibG)
Change string from "Disable" to "Disable login" in admin UI (nileshkumar)
Change report page structure in admin UI (Sasha-Sorokin)
Change swipe sensitivity to be lower on small screens in web UI (umonaca)
Change audio/video playback to stop playback when out of view in web UI (Gargron)
Change media description label based on upload type in web UI (ThibG)
Change large numbers to render without decimal units in web UI (noellabo)
Change "Add a choice" button to be disabled rather than hidden when poll limit reached in web UI (ThibG, hinaloe)
Change tootctl statuses remove to keep statuses favourited or bookmarked by local users (ThibG, Gomasy)
Change domain block behavior to update user records (fast) before deleting data (slower) (ThibG)
Change behaviour to strip audio metadata on uploads (hugogameiro)
Change accepted length of remote media descriptions from 420 to 1,500 characters (ThibG)
Change preferences pages structure (Sasha-Sorokin, mayaeh, Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin)
Change format of titles in RSS (devkral)
Change favourite icon animation from spring-based motion to CSS animation in web UI (ThibG)
Change minimum required Node.js version to 10, and default to 12 (Shleeble, mkody, Shleeble)
Change spam check to exempt server staff (ThibG)
Change to fallback to to Create audience when object has no defined audience (ThibG)
Change Twemoji library to 12.1.3 in web UI (koyuawsmbrtn)
Change blocked users to be hidden from following/followers lists (ThibG)
Change signature verification to ignore signatures with invalid host (Gargron)


Removed

Remove unused dependencies (ykzts, mayaeh, ThibG, ykzts)


Fixed

Fix some translatable strings being used wrongly (Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin, mayaeh)
Fix headline of public timeline page when set to local-only (ykzts)
Fix space between tabs not being spread evenly in web UI (Sasha-Sorokin, Sasha-Sorokin, Sasha-Sorokin)
Fix interactive delays in database migrations with no TTY (Gargron)
Fix status overflowing in report dialog in web UI (ThibG)
Fix unlocalized dropdown button title in web UI (Sasha-Sorokin)
Fix media attachments without file being uploadable (Gargron)
Fix unfollow confirmations in profile directory in web UI (ThibG)
Fix duplicate description meta tag on accounts public pages (ThibG)
Fix slow query of federated timeline (notozeki)
Fix not all of account's active IPs showing up in admin UI (Gargron, Gargron)
Fix search by IP not using alternative browser sessions in admin UI (Gargron)
Fix “X new items” not showing up for slow mode on empty timelines in web UI (ThibG)
Fix OEmbed endpoint being inaccessible in secure mode (Gargron)
Fix proofs API being inaccessible in secure mode (Gargron)
Fix Ruby 2.7 incompatibilities (ThibG, ThibG, Shleeble, zunda)
Fix invalid poll votes being accepted in REST API (ThibG)
Fix old migrations failing because of strong migrations update (ThibG, ThibG)
Fix reuse of detailed status components in web UI (ThibG)
Fix base64-encoded file uploads not being possible in REST API (Gargron, Gargron)
Fix error due to missing authentication call in filters controller (Gargron)
Fix uncaught unknown format error in host meta controller (Gargron)
Fix URL search not returning private toots user has access to (ThibG, ThibG)
Fix cache digesting log noise on status embeds (Gargron)
Fix slowness due to layout thrashing when reloading a large set of statuses in web UI (panarom, panarom, Gargron)
Fix error when fetching followers/following from REST API when user has network hidden (Gargron)
Fix IDN mentions not being processed, IDN domains not being rendered (Gargron, Gargron, Gargron)
Fix error when searching for empty phrase (Gargron)
Fix backups stopping due to read timeouts (chr-1x)
Fix batch actions on non-pending tags in admin UI (ThibG)
Fix sample SAML_ACS_URL, SAML_ISSUER (orlea)
Fix manual scrolling issue on Firefox/Windows in web UI (ThibG)
Fix archive takeout failing if total dump size exceeds 2GB (scd31, Gargron)
Fix custom emoji category creation silently erroring out on duplicate category (ThibG)
Fix link crawler not specifying preferred content type (ThibG)
Fix featured hashtag setting page erroring out instead of rejecting invalid tags (ThibG)
Fix tooltip messages of single/multiple-choice polls switcher being reversed in web UI (acid-chicken)
Fix typo in help text of tootctl statuses remove (trwnh)
Fix generic HTTP 500 error on duplicate records (Gargron)
Fix old migration failing with new status default scope (ThibG)
Fix errors when using search API with no query (Gargron, trwnh)
Fix poll options not being selectable via keyboard in web UI (ThibG)
Fix conversations not having an unread indicator in web UI (Gargron)
Fix lost focus when modals open/close in web UI (ThibG)
Fix pending upload count not being decremented on error in web UI (ThibG)
Fix empty poll options not being removed on remote poll update (ThibG)
Fix OCR with delete & redraft in web UI (ThibG)
Fix blur behind closed registration message (ThibG)
Fix OEmbed discovery not handling different URL variants in query (Gargron)
Fix link crawler crashing on <a> tags without href (ThibG)
Fix whitelisted subdomains being ignored in whitelist mode (noiob)
Fix broken audit log in whitelist mode in admin UI (ThibG)
Fix unread indicator not honoring "Only media" option in local and federated timelines in web UI (ThibG)
Fix error when rebuilding home feeds (dariusk)
Fix relationship caches being broken as result of a follow request (ThibG)
Fix more items than the limit being uploadable in web UI (ThibG)
Fix various issues with account migration (ThibG)
Fix filtered out items being counted as pending items in slow mode in web UI (ThibG)
Fix notification filters not applying to poll options (ThibG)
Fix notification message for user's own poll saying it's a poll they voted on in web UI (ykzts)
Fix polls with an expiration not showing up as expired in web UI (noellabo)
Fix volume slider having an offset between cursor and slider in Chromium in web UI (ThibG)
Fix Vagrant image not accepting connections (shrft)
Fix batch actions being hidden on small screens in admin UI (ThibG)
Fix incoming federation not working in whitelist mode (ThibG)
Fix error when passing empty source param to PUT /api/v1/accounts/update_credentials (jglauche)
Fix HTTP-based streaming API being cacheable by proxies (BenLubar)
Fix users being able to register while tootctl self-destruct is in progress (Kjwon15)
Fix microformats detection in link crawler not ignoring h-card links (nightpool)
Fix outline on full-screen video in web UI (hinaloe)
Fix TLD domain blocks not being editable (ThibG)
Fix Nanobox deploy hooks (danhunsaker)
Fix needlessly complicated SQL query when performing account search amongst followings (ThibG)
Fix favourites count not updating when unfavouriting in web UI (NimaBoscarino)
Fix occasional crash on scroll in Chromium in web UI (hinaloe)
Fix intersection observer not working in single-column mode web UI (panarom)
Fix voting issue with remote polls that contain trailing spaces (ThibG)
Fix dynamic elements not working in pgHero due to CSP rules (ykzts)
Fix overly verbose backtraces when delivering ActivityPub payloads (zunda)
Fix rendering <a> without href when scheme unsupported (Gargron)
Fix unfiltered params error when generating ActivityPub tag pagination (Gargron)
Fix malformed HTML causing uncaught error (Gargron)
Fix native share button not being displayed for unlisted toots (ThibG)
Fix remote convertible media attachments (e.g. GIFs) not being saved (Gargron)
Fix account query not using faster index (abcang)
Fix error when sending moderation notification (renatolond)


Security

Fix OEmbed leaking information about existence of non-public statuses (Gargron)
Fix password change/reset not immediately invalidating other sessions (Gargron)
Fix settings pages being cacheable by the browser (Gargron)


[3.0.1] - 2019-10-10

Added

Add tootctl media usage command (Gargron)
Add admin setting to auto-approve trending hashtags (Gargron, Gargron)


Changed

Change tootctl media refresh to skip already downloaded attachments (Gargron)


Removed

Remove auto-silence behaviour from spam check (Gargron)
Remove HTML lang attribute from individual statuses in web UI (Gargron)
Remove fallback to long description on sidebar and meta description (Gargron)


Fixed

Fix preloaded JSON-LD context for identity not being used (Gargron)
Fix media editing modal changing dimensions once the image loads (Gargron)
Fix not showing whether a custom emoji has a local counterpart in admin UI (Gargron)
Fix attachment not being re-downloaded even if file is not stored (Gargron)
Fix old migration trying to use new column due to default status scope (Gargron)
Fix column back button missing for not found accounts (trwnh)
Fix issues with tootctl's parallelization and progress reporting (Gargron, Gargron)
Fix existing user records with now-renamed pt locale (Gargron)
Fix hashtag timeline REST API accepting too many hashtags (Gargron)
Fix GET /api/v1/instance REST APIs being unavailable in secure mode (Gargron)
Fix performance of home feed regeneration and merging (Gargron)
Fix ffmpeg performance issues due to stdout buffer overflow (hugogameiro)
Fix S3 adapter retrying failing uploads with exponential backoff (Gargron)
Fix tootctl accounts cull advertising unused option flag (Kjwon15)


[3.0.0] - 2019-10-03

Added

Add "not available" label to unloaded media attachments in web UI (Gargron, Gargron)

Add profile directory to web UI (Gargron, mayaeh)

Add profile directory opt-in federation
Add profile directory REST API


Add special alert for throttled requests in web UI (ThibG)
Add confirmation modal when logging out from the web UI (ThibG)

Add audio player in web UI (Gargron, Gargron, Gargron, ThibG, Gargron)

Add autosuggestions for hashtags in web UI (Gargron, ThibG, Gargron, Gargron, Gargron)

Add media editing modal with OCR tool in web UI (Gargron, Gargron, ThibG, ThibG, Gargron, Gargron, Gargron)
Add indicator of unread notifications to window title when web UI is out of focus (Gargron, Gargron)
Add indicator for which options you voted for in a poll in web UI (ThibG)

Add search results pagination to web UI (Gargron, ThibG)

Add option to disable real-time updates in web UI ("slow mode") (Gargron, ykzts, ThibG, Gargron, ThibG)
Add option to disable blurhash previews in web UI (ThibG)
Add native smooth scrolling when supported in web UI (ThibG)
Add scrolling to the search bar on focus in web UI (Kjwon15)
Add refresh button to list of rebloggers/favouriters in web UI (Gargron)
Add error description and button to copy stack trace to web UI (Gargron)
Add search and sort functions to hashtag admin UI (mayaeh, Gargron, mayaeh)
Add setting for default search engine indexing in admin UI (brortao)
Add account bio to account view in admin UI (ThibG)

Add option to include reported statuses in warning e-mail from admin UI (Gargron, Gargron, Gargron, Gargron, mayaeh)
Add number of pending accounts and pending hashtags to dashboard in admin UI (Gargron)

Add account migration UI (Gargron, noellabo, noellabo, noellabo, noellabo)

Add table of contents to about page (Gargron, ykzts, ykzts, Kjwon15)

Add password challenge to 2FA settings, e-mail notifications (Gargron)

Add optional public list of domain blocks with comments (ThibG, ThibG, Gargron)
Add an RSS feed for featured hashtags (noellabo)
Add explanations to featured hashtags UI and profile (Gargron)

Add hashtag trends with admin and user settings (Gargron, Gargron, Gargron, Gargron, Gargron, mayaeh, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, ThibG, Sasha-Sorokin, Gargron, Gargron)

Add hashtag usage breakdown to admin UI
Add batch actions for hashtags to admin UI
Add trends to web UI
Add trends to public pages
Add user preference to hide trends
Add admin setting to disable trends


Add categories for custom emojis (Gargron, Gargron, Gargron, highemerly)

Add custom emoji categories to emoji picker in web UI
Add category to custom emojis in REST API
Add batch actions for custom emojis in admin UI


Add max image dimensions to error message (raboof)
Add aac, m4a, 3gp, amr, wma to allowed audio formats (Gargron, umonaca)

Add search syntax for operators and phrases (Gargron)

Add REST API for managing featured hashtags (noellabo)

Add REST API for managing timeline read markers (Gargron)
Add exclude_unreviewed param to GET /api/v2/search REST API (Gargron)
Add reason param to POST /api/v1/accounts REST API (Gargron)

Add ActivityPub secure mode (Gargron, ThibG, ThibG)
Add HTTP signatures to all outgoing ActivityPub GET requests (Gargron, ThibG)
Add support for ActivityPub Audio activities (ThibG)
Add ActivityPub actor representing the entire server (ThibG, rtucker, ThibG, Gargron)

Add whitelist mode (Gargron, mayaeh)
Add config of multipart threshold for S3 (ykzts, ykzts)
Add health check endpoint for web (ykzts, ykzts)
Add HTTP signature keyId to request log (Gargron)
Add SMTP_REPLY_TO environment variable (hugogameiro)
Add tootctl preview_cards remove command (mayaeh)
Add tootctl media refresh command (Gargron)
Add tootctl cache recount command (Gargron)
Add option to exclude suspended domains from tootctl domains crawl (dariusk)
Add parallelization to tootctl search deploy (noellabo)
Add soft delete for statuses for instant deletes through API (Gargron, Gargron)
Add rails-level JSON caching (Gargron, Gargron)

Add request pool to improve delivery performance (Gargron, ykzts)
Add concurrent connection attempts to resolved IP addresses (ThibG)
Add index for remember_token to improve login performance (abcang)

Add more accurate hashtag search (Gargron, Gargron, Gargron)

Add more accurate account search (Gargron, Gargron)

Add a spam check (Gargron, Gargron, ThibG)
Add new languages (Gargron)

Breton
Spanish (Argentina)
Estonian
Macedonian
New Norwegian


Add NodeInfo endpoint (Gargron, Gargron)


Changed


Change conversations UI (Gargron)
Change dashboard to short number notation (noellabo, noellabo)
Change REST API GET /api/v1/timelines/public to require authentication when public preview is off (ThibG)
Change REST API POST /api/v1/follow_requests/:id/(approve|reject) to return relationship (ThibG)
Change rate limit for media proxy (ykzts)
Change unlisted custom emoji to not appear in autosuggestions (Gargron)
Change max length of media descriptions from 420 to 1500 characters (Gargron, ThibG)

Change deletes to preserve soft-deleted statuses in unresolved reports (Gargron)

Change tootctl to use inline parallelization instead of Sidekiq (Gargron)

Change account deletion page to have better explanations (Gargron, Gargron)
Change hashtag component in web UI to show numbers for 2 last days (Gargron, Gargron, Gargron)
Change OpenGraph description on sign-up page to reflect invite (Gargron)
Change layout of public profile directory to be the same as in web UI (Gargron)
Change detailed status child ordering to sort self-replies on top (ThibG)
Change window resize handler to switch to/from mobile layout as soon as needed (ThibG)
Change icon button styles to make hover/focus states more obvious (ThibG)
Change contrast of status links that are not mentions or hashtags (ThibG)

Change hashtags to preserve first-used casing (Gargron, Gargron, Gargron, Gargron, Gargron)

Change unconfirmed user login behaviour (Gargron, ThibG, Gargron)

Change single-column mode to scroll the whole page (Gargron, Gargron, Gargron, ThibG, Gargron, Gargron, ThibG, Gargron)
Change tootctl accounts follow to only work with local accounts (angristan)
Change Dockerfile (Shleeble, ykzts, Shleeble)
Change supported Node versions to include v12 (abcang)
Change Portuguese language from pt to pt-PT (Gargron)
Change domain block silence to always require approval on follow (ThibG)
Change link preview fetcher to not perform a HEAD request first (Gargron)
Change tootctl domains purge to accept multiple domains at once (Gargron)


Removed


Remove OStatus support (Gargron, Gargron, Gargron, ThibG, ThibG)
Remove Atom feeds and old URLs in the form of GET /:username/updates/:id (Gargron)
Remove WebP support (angristan)
Remove deprecated config options from Heroku and Scalingo (ykzts)
Remove deprecated REST API GET /api/v1/search API (Gargron)
Remove deprecated REST API GET /api/v1/statuses/:id/card (Gargron)
Remove deprecated REST API POST /api/v1/notifications/dismiss?id=:id (Gargron)
Remove deprecated REST API GET /api/v1/timelines/direct (Gargron)


Fixed

Fix manifest warning (ykzts)
Fix admin UI for custom emoji not respecting GIF autoplay preference (ThibG)
Fix page body not being scrollable in admin/settings layout (Gargron)
Fix placeholder colors for inputs not being explicitly defined (Gargron)
Fix incorrect enclosure length in RSS (tsia)
Fix TOTP codes not being filtered from logs during enabling/disabling (Gargron)
Fix webfinger response not returning 410 when account is suspended (Gargron)
Fix ActivityPub Move handler queuing jobs that will fail if account is suspended (Gargron)
Fix SSO login not using existing account when e-mail is verified (Gargron)
Fix web UI allowing uploads past status limit via drag & drop (Gargron)
Fix expiring polls not being displayed as such in web UI (ThibG)
Fix 2FA challenge and password challenge for non-database users (Gargron, Gargron)
Fix profile fields overflowing page width in web UI (Gargron)
Fix web push subscriptions being deleted on rate limit or timeout (Gargron)
Fix display of long poll options in web UI (ThibG, ThibG)
Fix search API not resolving URL when type is given (Gargron)
Fix hashtags being split by ZWNJ character (Gargron)
Fix scroll position resetting when opening media modals in web UI (Gargron)
Fix duplicate HTML IDs on about page (ThibG)
Fix admin UI showing superfluous reject media/reports on suspended domain blocks (ThibG)
Fix ActivityPub context not being dynamically computed (ThibG)
Fix Mastodon logo style on hover on public pages' footer (ThibG)
Fix height of dashboard counters (ThibG)
Fix custom emoji animation on hover in web UI directory bios (ThibG)
Fix non-numbers being passed to Redis and causing an error (Gargron)
Fix error in REST API for an account's statuses (Gargron)
Fix uncaught error when resource param is missing in Webfinger request (Gargron)
Fix uncaught domain normalization error in remote follow (Gargron)
Fix uncaught 422 and 500 errors (Gargron, Gargron)
Fix uncaught parameter missing exceptions and missing error templates (Gargron)
Fix encoding error when checking e-mail MX records (Gargron)
Fix items in StatusContent render list not all having a key (ThibG)
Fix remote and staff-removed statuses leaving media behind for a day (Gargron)
Fix CSP needlessly allowing blob URLs in script-src (ThibG)
Fix ignoring whole status because of one invalid hashtag (Gargron)
Fix hidden statuses losing focus (ThibG)
Fix loading bar being obscured by other elements in web UI (Gargron)
Fix multiple issues with replies collection for pages further than self-replies (ThibG)
Fix blurhash and autoplay not working on public pages (Gargron)
Fix 422 being returned instead of 404 when POSTing to unmatched routes (Gargron, Gargron)
Fix client-side resizing of image uploads (ThibG)
Fix short number formatting for numbers above million in web UI (Gargron)
Fix ActivityPub and REST API queries setting cookies and preventing caching (ThibG, ThibG, ThibG, ThibG)
Fix some emojis in profile metadata labels are not emojified. (kedamaDQ)
Fix account search always returning exact match on paginated results (Gargron)
Fix acct URIs with IDN domains not being resolved (Gargron)
Fix admin dashboard missing latest features (Gargron)
Fix jumping of toot date when clicking spoiler button (ariasuni)
Fix boost to original audience not working on mobile in web UI (ThibG)
Fix handling of webfinger redirects in ResolveAccountService (ThibG)
Fix URLs appearing twice in errors of ActivityPub::DeliveryWorker (Gargron)
Fix support for HTTP proxies (ThibG)
Fix HTTP requests to IPv6 hosts (ThibG)
Fix error in ElasticSearch index import (mayaeh)
Fix duplicate account error when seeding development database (ysksn)
Fix performance of session clean-up scheduler (abcang)
Fix older migrations not running (zunda)
Fix URLs counting towards RTL detection (ahangarha)
Fix unnecessary status re-rendering in web UI (ThibG)
Fix http_parser.rb gem not being compiled when no network available (petabyteboy)
Fix muted text color not applying to all text (trwnh)
Fix follower/following lists resetting on back-navigation in web UI (Gargron)
Fix n+1 query when approving multiple follow requests (abcang)
Fix records not being indexed into ElasticSearch sometimes (Gargron)
Fix needlessly indexing unsearchable statuses into ElasticSearch (Gargron)
Fix new user bootstrapping crashing when to-be-followed accounts are invalid (ThibG)
Fix featured hashtag URL being interpreted as media or replies tab (Gargron)
Fix account counters being overwritten by parallel writes (Gargron)


Security

Fix performance of GIF re-encoding and always strip EXIF data from videos (Gargron)


[2.9.3] - 2019-08-10

Added

Add GIF and WebP support for custom emojis (Gargron)
Add logout link to dropdown menu in web UI (koyuawsmbrtn)
Add indication that text search is unavailable in web UI (ThibG, ThibG)
Add suffix to Mastodon::Version to help forks (clarfon)
Add on-hover animation to animated custom emoji in web UI (ThibG, ThibG, ThibG)
Add custom emoji support in profile metadata labels (ThibG)


Changed

Change default interface of web and streaming from 0.0.0.0 to 127.0.0.1 (Gargron, zunda, Gargron, zunda)
Change the retry limit of web push notifications (highemerly)
Change ActivityPub deliveries to not retry HTTP 501 errors (Gargron)
Change language detection to include hashtags as words (Gargron)
Change terms and privacy policy pages to always be accessible (Gargron)
Change robots tag to include noarchive when user opts out of indexing (Kjwon15)


Fixed

Fix account domain block not clearing out notifications (Gargron)
Fix incorrect locale sometimes being detected for browser (Gargron)
Fix crash when saving invalid domain name (Gargron)
Fix pinned statuses REST API returning pagination headers (Gargron)
Fix "cancel follow request" button having unreadable text in web UI (Gargron)
Fix image uploads being blank when canvas read access is blocked (ThibG)
Fix avatars not being animated on hover when not logged in (ThibG)
Fix overzealous sanitization of HTML lists (ThibG)
Fix block crashing when a follow request exists (ThibG)
Fix backup service crashing when an attachment is missing (ThibG)
Fix account moderation action always sending e-mail notification (Gargron)
Fix swiping columns on mobile sometimes failing in web UI (ThibG)
Fix wrong actor URI being serialized into poll updates (ThibG)
Fix statsd UDP sockets not being cleaned up in Sidekiq (Gargron)
Fix expiration date of filters being set to "never" when editing them (ThibG)
Fix support for MP4 files that are actually M4V files (Gargron)
Fix alerts not being typecast correctly in push subscription in REST API (Gargron)
Fix some notices staying on unrelated pages (ThibG)
Fix unboosting sometimes preventing a boost from reappearing on feed (ThibG, Gargron)
Fix only one middle dot being recognized in hashtags (Gargron, ThibG)
Fix unnecessary SQL query performed on unauthenticated requests (Gargron)
Fix incorrect timestamp displayed on featured tags (Kjwon15)
Fix privacy dropdown active state when dropdown is placed on top of it (ThibG)
Fix filters not being applied to poll options (ThibG)
Fix keyboard navigation on various dropdowns (ThibG, ThibG, ThibG)
Fix keyboard navigation in modals (ThibG)
Fix image conversation being non-deterministic due to timestamps (Gargron)
Fix web UI performance (ThibG, ThibG)
Fix scrolling to compose form when not necessary in web UI (ThibG, ThibG)
Fix save button being enabled when list title is empty in web UI (ThibG)
Fix poll expiration not being pre-filled on delete & redraft in web UI (ThibG)
Fix content warning sometimes being set when not requested in web UI (ThibG)


Security

Fix invites not being disabled upon account suspension (ThibG)
Fix blocked domains still being able to fill database with account records (Gargron)


[2.9.2] - 2019-06-22

Added

Add short_description and approval_required to GET /api/v1/instance (Gargron)


Changed

Change camera icon to paperclip icon in upload form (koyuawsmbrtn)


Fixed

Fix audio-only OGG and WebM files not being processed as such (Gargron)
Fix audio not being downloaded from remote servers (Gargron)


[2.9.1] - 2019-06-22

Added

Add moderation API (Gargron)
Add audio uploads (Gargron, Gargron)


Changed

Change domain blocks to automatically support subdomains (Gargron)
Change Nanobox configuration to bring it up to date (danhunsaker)


Removed

Remove expensive counters from federation page in admin UI (Gargron)


Fixed

Fix converted media being saved with original extension and mime type (Gargron)
Fix layout of identity proofs settings (acid-chicken)
Fix active scope only returning suspended users (ThibG)
Fix sanitizer making block level elements unreadable (Gargron)
Fix label for site theme not being translated in admin UI (palindromordnilap)
Fix statuses not being filtered irreversibly in web UI under some circumstances (ThibG)
Fix scrolling behaviour in compose form (ThibG)


[2.9.0] - 2019-06-13

Added


Add single-column mode in web UI (Gargron, Gargron, Gargron, Gargron, Hanage999, noellabo, abcang, Gargron, Gargron, Gargron, Gargron, noellabo, Hanage999)
Add waiting time to the list of pending accounts in admin UI (Gargron)
Add a keyboard shortcut to hide/show media in web UI (ThibG, Gargron, ThibG)
Add account_id param to GET /api/v1/notifications (pwoolcoc)
Add confirmation modal for unboosting toots in web UI (aurelien-reeves)
Add emoji suggestions to content warning and poll option fields in web UI (ThibG)
Add source attribute to response of DELETE /api/v1/statuses/:id (ThibG)
Add some caching for HTML versions of public status pages (ThibG)
Add button to conveniently copy OAuth code (ThibG)


Changed


Change default layout to single column in web UI (Gargron)

Change light theme (Gargron, Gargron, yuzulabo, Gargron)

Change preferences page into appearance, notifications, and other (Gargron, Gargron)
Change priority of delete activity forwards for replies and reblogs (Gargron)
Change Mastodon logo to use primary text color of the given theme (Gargron)
Change reblogs counter to be updated when boosted privately (Gargron)
Change bio limit from 160 to 500 characters (trwnh)
Change API rate limiting to reduce allowed unauthenticated requests (ThibG, hinaloe, mayaeh)
Change help text of tootctl emoji import command to specify a gzipped TAR archive is required (dariusk)
Change web UI to hide poll options behind content warnings (ThibG)
Change silencing to ensure local effects and remote effects are the same for silenced local users (ThibG)
Change tootctl domains purge to remove custom emoji as well (Kjwon15)
Change Docker image to keep apt working (SuperSandro2000)


Removed

Remove dist-upgrade from Docker image (SuperSandro2000)


Fixed

Fix RTL layout not being RTL within the columns area in web UI (Gargron)
Fix display of alternative text when a media attachment is not available in web UI (ThibG)
Fix not being able to directly switch between list timelines in web UI (Gargron)
Fix media sensitivity not being maintained in delete & redraft in web UI (ThibG)
Fix emoji picker being always displayed in web UI (noellabo, yuzulabo, wcpaez)
Fix potential private status leak through caching (ThibG)
Fix refreshing featured toots when the new collection is empty in web UI (ThibG)
Fix undoing domain block also undoing individual moderation on users from before the domain block (ThibG)
Fix time not being local in the audit log (yuzulabo)
Fix statuses removed by moderation re-appearing on subsequent fetches (Kjwon15)
Fix misattribution of inlined announces if attributedTo isn't present in ActivityPub (ThibG)
Fix GET /api/v1/polls/:id not requiring authentication for non-public polls (Gargron)
Fix handling of blank poll options in ActivityPub (ThibG)
Fix avatar preview aspect ratio on edit profile page (Kjwon15)
Fix web push notifications not being sent for polls (ThibG)
Fix cut off letters in last paragraph of statuses in web UI (ariasuni)
Fix list not being automatically unpinned when it returns 404 in web UI (Gargron)
Fix login sometimes redirecting to paths that are not pages (Gargron)


[2.8.4] - 2019-05-24

Fixed

Fix delivery not retrying on some inbox errors that should be retriable (ThibG)
Fix unnecessary 5 minute cooldowns on signature verifications in some cases (ThibG)
Fix possible race condition when processing statuses (ThibG)


Security

Require specific OAuth scopes for specific endpoints of the streaming API, instead of merely requiring a token for all endpoints, and allow using WebSockets protocol negotiation to specify the access token instead of using a query string (ThibG)


[2.8.3] - 2019-05-19

Added

Add og:image:alt OpenGraph tag (BenLubar)
Add clickable area below avatar in statuses in web UI (Dar13)
Add crossed-out eye icon on account gallery in web UI (Kjwon15)
Add media description tooltip to thumbnails in web UI (ThibG)


Changed

Change "mark as sensitive" button into a checkbox for clarity (ThibG)


Fixed

Fix bug allowing users to publicly boost their private statuses (ThibG, ThibG)
Fix performance in formatter by a little (ThibG)
Fix some colors in the light theme (yuzulabo)
Fix some colors of the high contrast theme (yuzulabo)
Fix ambivalent active state of poll refresh button in web UI (MaciekBaron)
Fix duplicate posting being possible from web UI (hinaloe)
Fix "invited by" not showing up in admin UI (ThibG)


[2.8.2] - 2019-05-05

Added