Skip to content
Snippets Groups Projects
To find the state of this project's repository at the time of any of these versions, check out the tags.
CHANGELOG.md 199.19 KiB

Changelog

All notable changes to this project will be documented in this file.

[3.4.1] - 2021-06-03

Added

  • Add new emoji assets from Twemoji 13.1.0 (Gargron)

Fixed

  • Fix some ActivityPub identifiers in server actor outbox (ClearlyClaire)
  • Fix custom CSS path setting cookies and being uncacheable due to it (tribela)
  • Fix unread notification count when polling in web UI (ClearlyClaire)
  • Fix health check not being accessible through localhost (ClearlyClaire)
  • Fix some redis locks auto-releasing too fast (ClearlyClaire, ClearlyClaire)
  • Fix e-mail confirmations API not working correctly (Gargron)
  • Fix migration script not being able to run if it fails midway (ClearlyClaire)
  • Fix account deletion sometimes failing because of optimistic locks (ClearlyClaire)
  • Fix deprecated slash as division in SASS files (ClearlyClaire)
  • Fix tootctl search deploy compatibility error on Ruby 3 (ClearlyClaire)
  • Fix mailer jobs for deleted notifications erroring out (ClearlyClaire)

[3.4.0] - 2021-05-16

Added

  • Add follow recommendations for onboarding (Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, noellabo, noellabo, Gargron, Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire)
    • Tutorial on first web UI launch has been replaced with follow suggestions
    • Follow suggestions take user locale into account and are a mix of accounts most followed by currently active local users, and accounts that wrote the most shared/favourited posts in the last 30 days
    • Only accounts that have opted-in to being discoverable from their profile settings, and that do not require follow requests, will be suggested
    • Moderators can review suggestions for every supported locale and suppress specific suggestions from appearing and admins can ensure certain accounts always show up in suggestions from the settings area
    • New users no longer automatically follow admins
  • Add server rules (Gargron, ClearlyClaire)
    • Admins can create and edit itemized server rules
    • They are available through the REST API and on the about page
  • Add canonical e-mail blocks for suspended accounts (Gargron)
    • Normally, people can make multiple accounts using the same e-mail address using the + trick or by inserting or removing . characters from the first part of their address
    • Once an account is suspended, it will no longer be possible for the e-mail address used by that account to be used for new sign-ups in any of its forms
  • Add management of delivery availability in admin UI (noellabo)
  • Add system checks to dashboard in admin UI (Gargron, ClearlyClaire, ClearlyClaire)
    • The dashboard will now warn you if you some Sidekiq queues are not being processed, if you have not defined any server rules, or if you forgot to run database migrations from the latest Mastodon upgrade
  • Add inline description of moderation actions in admin UI (ClearlyClaire)
  • Add "recommended" label to activity/peers API toggles in admin UI (Gargron)
  • Add joined date to profiles in web UI (Gargron, rinsuki)
  • Add transition to media modal background in web UI (mkljczk)
  • Add option to opt-out of unread notification markers in web UI (ClearlyClaire)
  • Add borders to 📱, 🚲, and 📲 emojis in web UI (ClearlyClaire, ClearlyClaire)
  • Add dropdown for boost privacy in boost confirmation modal in web UI (ClearlyClaire)
  • Add support for Ruby 3.0 (ClearlyClaire, ClearlyClaire)
  • Add Message-ID header to outgoing emails (ClearlyClaire)
    • Some e-mail spam filters penalize e-mails that have a Message-ID header that uses a different domain name than the sending e-mail address. Now, the same domain will be used
  • Add af, gd and si locales (Gargron)
  • Add guard against DNS rebinding attacks (noellabo, noellabo)
  • Add HTTP header to explicitly opt-out of FLoC by default (ClearlyClaire)
  • Add missing push notification title for polls and statuses (ClearlyClaire, mkljczk, ClearlyClaire)
  • Add POST /api/v1/emails/confirmations to REST API (Gargron, Gargron)
    • This method allows an app through which a user signed-up to request a new confirmation e-mail to be sent, or to change the e-mail of the account before it is confirmed
  • Add GET /api/v1/accounts/lookup to REST API (Gargron, ClearlyClaire)
    • This method allows to quickly convert a username of a known account to an ID that can be used with the REST API, or to check if a username is available for sign-up
  • Add policy param to POST /api/v1/push/subscriptions in REST API (Gargron)
    • This param allows an app to control from whom notifications should be delivered as push notifications to the app
  • Add details to error response for POST /api/v1/accounts in REST API (Gargron)
    • This attribute allows an app to display more helpful information to the user about why the sign-up did not succeed
  • Add SIDEKIQ_REDIS_URL and related environment variables to optionally use a separate Redis server for Sidekiq (noellabo)

Changed

  • Change trending hashtags to be affected be reblogs (Gargron)
    • Previously, only original posts contributed to a hashtag's trending score
    • Now, reblogs of posts will also contribute to that hashtag's trending score
  • Change e-mail confirmation link to always redirect to web UI (ClearlyClaire)
  • Change log level of worker lifecycle to WARN in streaming API (Gargron)
    • Since running with INFO log level in production is not always desirable, it is easy to miss when a worker is shutdown and a new one is started
  • Change the nouns "toot" and "status" to "post" in web UI (Gargron, Gargron)
    • To be clear, the button still says "Toot!"
  • Change order of dropdown menu on posts to be more intuitive in web UI (ariasuni)
  • Change description of keyboard shortcuts in web UI (ariasuni)
  • Change option labels on edit profile page (Gargron)
    • "Lock account" is now "Require follow requests"
    • "List this account on the directory" is now "Suggest account to others"
    • "Hide your network" is now "Hide your social graph"
  • Change newly generated account IDs to not be enumerable (ClearlyClaire)
  • Change Web Push API deliveries to use request pooling (Gargron)
  • Change multiple mentions with same username to render with domain (Gargron, noellabo)
    • When a post contains mentions of two or more users who have the same username, but on different domains, render their names with domain to help disambiguate them
    • Always render the domain of usernames used in profile metadata
  • Change health check endpoint to reveal less information (Gargron)
  • Change account counters to use upsert (requires Postgres >= 9.5) (ClearlyClaire)
  • Change mastodon:setup to not call assets:precompile in Docker (ClearlyClaire)
  • Change max. image dimensions to 1920x1080px (1080p) (Gargron)
    • Previously, this was 1280x1280px
    • This is the amount of pixels that original images get downsized to
  • Change custom emoji to be animated when hovering container in web UI (ClearlyClaire)
  • Change streaming API from deprecated ClusterWS/cws to ws (ClearlyClaire)
  • Change systemd configuration to add sandboxing features (Izorkin, Izorkin, Izorkin)
  • Change nginx configuration to make running Onion service easier (cohosh)
  • Change Helm configuration (dunn, dunn, dunn, dunn, dunn)
  • Change Docker configuration (SuperSandro2000, mashirozx)

Removed

  • Remove PubSubHubbub-related columns from accounts table (Gargron, ClearlyClaire)
  • Remove dependency on @babel/plugin-proposal-class-properties (ykzts)
  • Remove dependency on pluck_each gem (Gargron)
  • Remove spam check and dependency on nilsimsa gem (Gargron)
  • Remove MySQL-specific code from Mastodon::MigrationHelpers (ClearlyClaire)
  • Remove IE11 from supported browsers target (gol-cha)

Fixed

  • Fix "You might be interested in" flashing while searching in web UI (Gargron)
  • Fix display of posts without text content in web UI (ClearlyClaire)
  • Fix Google Translate breaking web UI (ClearlyClaire, ClearlyClaire)
  • Fix web UI crashing when SVG support is disabled (ClearlyClaire)
  • Fix web UI crash when a status opened in the media modal is deleted (kaias1jp)
  • Fix OCR language data failing to load in web UI (ClearlyClaire)
  • Fix footer links not being clickable in Safari in web UI (noellabo)
  • Fix autofocus/autoselection not working on mobile in web UI (ClearlyClaire, ClearlyClaire)
  • Fix media redownload worker retrying on unexpected response codes (Gargron)
  • Fix thread resolve worker retrying when status no longer exists (Gargron)
  • Fix n+1 queries when rendering statuses in REST API (abcang)
  • Fix n+1 queries when rendering notifications in REST API (abcang)
  • Fix delete of local reply to local parent not being forwarded (Gargron)
  • Fix remote reporters not receiving suspend/unsuspend activities (Gargron)
  • Fix understanding (not fully qualified) as:Public and Public (ClearlyClaire)
  • Fix actor update not being distributed on profile picture deletion (ClearlyClaire)
  • Fix processing of incoming Delete activities (ClearlyClaire)
  • Fix processing of incoming Block activities (ClearlyClaire)
  • Fix processing of incoming Update activities of unknown accounts (ClearlyClaire)
  • Fix URIs of repeat follow requests not being recorded (ClearlyClaire)
  • Fix error on requests with no Digest header (ClearlyClaire)
  • Fix activity object not requiring signature in secure mode (ClearlyClaire)
  • Fix database serialization failure returning HTTP 500 (Gargron)
  • Fix media processing getting stuck on too much stdin/stderr (Gargron)
  • Fix some inefficient array manipulations (007lva, 007lva)
  • Fix some inefficient regex matching (007lva)
  • Fix some inefficient SQL queries (abcang, abcang, abcang)
  • Fix trying to fetch key from empty URI when verifying HTTP signature (Gargron)
  • Fix tootctl maintenance fix-duplicates failures (ClearlyClaire, ClearlyClaire)
  • Fix error when removing status caused by race condition (Gargron)
  • Fix blocking someone not clearing up list feeds (ClearlyClaire)
  • Fix misspelled URLs character counting (ClearlyClaire)
  • Fix Sidekiq hanging forever due to a Resolv bug in Ruby 2.7.3 (ClearlyClaire)
  • Fix edge case where follow limit interferes with accepting a follow (ClearlyClaire)
  • Fix inconsistent lead text style in admin UI (Gargron, ClearlyClaire)
  • Fix reports of already suspended accounts being recorded (Gargron)
  • Fix sign-up restrictions based on IP addresses not being enforced (ClearlyClaire)
  • Fix YouTube embeds failing due to YouTube serving wrong OEmbed URLs (Gargron)
  • Fix error when rendering public pages with media without meta (Gargron)
  • Fix misaligned logo on follow button on public pages (noellabo)
  • Fix video modal not working on public pages (noellabo)
  • Fix race conditions on account migration creation (ClearlyClaire)
  • Fix not being able to change world filter expiration back to “Never” (ClearlyClaire)
  • Fix .env.vagrant not setting RAILS_ENV variable (chandrn7)
  • Fix error when muting users with duration in REST API (Tak)
  • Fix border padding on front page in light theme (ClearlyClaire)
  • Fix wrong URL to custom CSS when CDN_HOST is used (ClearlyClaire)
  • Fix tootctl accounts unfollow (ClearlyClaire)
  • Fix tootctl emoji import wasting time on MacOS shadow files (cortices)
  • Fix tootctl emoji import not treating shortcodes as case-insensitive (angristan)
  • Fix some issues with SAML account creation (Gargron, kaiyou)
  • Fix MX validation applying for explicitly allowed e-mail domains (ClearlyClaire)
  • Fix share page not using configured custom mascot (tribela)
  • Fix instance actor not being automatically created if it wasn't seeded properly (ClearlyClaire)
  • Fix HTTPS enforcement preventing Mastodon from being run as an Onion service (cohosh, jtracey, ClearlyClaire, cohosh)
  • Fix app name, website and redirect URIs not having a maximum length (Gargron)

[3.3.0] - 2020-12-27

Added

  • Add hotkeys for audio/video control in web UI (Gargron, Gargron)
    • Space and k to toggle playback
    • m to toggle mute
    • f to toggle fullscreen
    • j and l to go back and forward by 10 seconds
    • . and , to go back and forward by a frame (video only)
  • Add expand/compress button on media modal in web UI (mashirozx, mashirozx, mashirozx)
  • Add border around 🕺 emoji in web UI (ThibG)
  • Add border around 🐞 emoji in web UI (ThibG)
  • Add home link to the getting started column when home isn't mounted (ThibG)
  • Add option to disable swiping motions across the web UI (ThibG)
  • Add pop-out player for audio/video in web UI (Gargron, Gargron, Gargron, noellabo)
    • Continue watching/listening when you scroll away
    • Action bar to interact with/open toot from the pop-out player
  • Add unread notification markers in web UI (ThibG, ThibG, ThibG, noellabo, noellabo)
  • Add paragraph about browser add-ons when encountering errors in web UI (ThibG)
  • Add import and export for bookmarks (ThibG)
  • Add cache buster feature for media files (Gargron)
    • If you have a proxy cache in front of object storage, deleted files will persist until the cache expires
    • If enabled, cache buster will make a special request to the proxy to signal a cache reset
  • Add duration option to the mute function (aquarla)
  • Add replies policy option to the list function (ThibG, trwnh)
  • Add og:published_time OpenGraph tags on toots (nornagon)
  • Add option to be notified when a followed user posts (Gargron, ThibG, Gargron)
    • If you don't want to miss a toot, click the bell button!
  • Add client-side validation in password change forms (ThibG)
  • Add client-side validation in the registration form (ThibG, ThibG)
  • Add support for Gemini URLs (joshleeb)
  • Add app shortcuts to web app manifest (mkljczk)
  • Add WebAuthn as an alternative 2FA method (santiagorodriguez96, jiikko)
  • Add honeypot fields and minimum fill-out time for sign-up form (ThibG)
  • Add icon for mutual relationships in relationship manager (noellabo)
  • Add follow selected followers button in relationship manager (noellabo)
  • Add subresource integrity for JS and CSS assets (Gargron)
    • If you use a CDN for static assets (JavaScript, CSS, and so on), you have to trust that the CDN does not modify the assets maliciously
    • Subresource integrity compares server-generated asset digests with what's actually served from the CDN and prevents such attacks
  • Add ku, sa, sc, zgh to available locales (ykzts)
  • Add ability to force an account to mark media as sensitive (noellabo)
  • Add ability to block access or limit sign-ups from chosen IPs (Gargron, ThibG)
    • Add rules for IPs or CIDR ranges that automatically expire after a configurable amount of time
    • Choose the severity of the rule, either blocking all access or merely limiting sign-ups
  • Add support for reversible suspensions through ActivityPub (Gargron)
    • Servers can signal that one of their accounts has been suspended
    • During suspension, the account can only delete its own content
    • A reversal of the suspension can be signalled the same way
    • A local suspension always overrides a remote one
  • Add indication to admin UI of whether a report has been forwarded (ThibG)
  • Add display of reasons for joining of an account in admin UI (mashirozx)
  • Add option to obfuscate domain name in public list of domain blocks (Gargron)
  • Add option to make reasons for joining required on sign-up (ThibG, ThibG, ThibG, ThibG)
  • Add ActivityPub follower synchronization mechanism (ThibG, ThibG)
  • Add outbox attribute to instance actor (ThibG)
  • Add featured hashtags as an ActivityPub collection (Gargron, noellabo)
  • Add support for dereferencing objects through bearcaps (Gargron, noellabo)
  • Add S3_READ_TIMEOUT environment variable (tateisu)
  • Add ALLOWED_PRIVATE_ADDRESSES environment variable (ThibG)
  • Add --fix-permissions option to tootctl media remove-orphans (Gargron, uist1idrju3i)
  • Add tootctl accounts merge (Gargron, ThibG, ThibG)
    • Has someone changed their domain or subdomain thereby creating two accounts where there should be one?
    • This command will fix it on your end
  • Add tootctl maintenance fix-duplicates (ThibG, Gargron, ThibG)
    • Index corruption in the database?
    • This command is for you
  • Add support for managing multiple stream subscriptions in a single connection (Gargron, Gargron, mfmfuyu, zunda)
    • Previously, getting live updates for multiple timelines required opening a HTTP or WebSocket connection for each
    • More connections means more resource consumption on both ends, not to mention the (ever so slight) delay when establishing a new connection
    • Now, with just a single WebSocket connection you can subscribe and unsubscribe to and from multiple streams
  • Add support for limiting results by both min_id and max_id at the same time in REST API (tateisu)
  • Add GET /api/v1/accounts/:id/featured_tags to REST API (noellabo, noellabo)
  • Add stoplight for object storage failures, return HTTP 503 in REST API (Gargron)
  • Add optional tootctl remove media cronjob in Helm chart (dunn)
  • Add clean error message when RAILS_ENV is unset (ThibG)

Changed

  • Change media modals look in web UI (Gargron, Gargron, Gargron, Gargron, Kjwon15, noellabo, ThibG)
    • Background of the overlay matches the color of the image
    • Action bar to interact with or open the toot from the modal
  • Change order of announcements in admin UI to be newest-first (ThibG)
  • Change account suspensions to be reversible by default (Gargron, ThibG, ThibG, ThibG, ThibG, noellabo, ThibG, Gargron, Gargron)
    • Suspensions no longer equal deletions
    • A suspended account can be unsuspended with minimal consequences for 30 days
    • Immediate deletion of data is still available as an explicit option
    • Suspended accounts can request an archive of their data through the UI
  • Change REST API to return empty data for suspended accounts (14765)
  • Change web UI to show empty profile for suspended accounts (Gargron, Gargron)
  • Change featured hashtag suggestions to be recently used instead of most used (abcang)
  • Change direct toots to appear in the home feed again (Gargron, ThibG, noellabo)
    • Return to treating all toots the same instead of trying to retrofit direct visibility into an instant messaging model
  • Change email address validation to return more specific errors (ThibG)
  • Change HTTP signature requirements to include Digest header on POST requests (ThibG)
  • Change click area of video/audio player buttons to be bigger in web UI (ariasuni)
  • Change order of filters by alphabetic by "keyword or phrase" (ariasuni)
  • Change suspension of remote accounts to also undo outgoing follows (ThibG)
  • Change string "Home" to "Home and lists" in the filter creation screen (ariasuni)
  • Change string "Boost to original audience" to "Boost with original visibility" in web UI (3n-k1)
  • Change string "Show more" to "Show newer" and "Show older" on public pages (ariasuni)
  • Change order of announcements to be reverse chronological in web UI (dariusk, dariusk)
  • Change RTL detection to rely on unicode-bidi paragraph by paragraph in web UI (Gargron)
  • Change visibility icon next to timestamp to be clickable in web UI (ariasuni, mayaeh)
  • Change public thread view to hide "Show thread" link (ThibG)
  • Change number format on about page from full to shortened (Gargron)
  • Change how scheduled tasks run in multi-process environments (noellabo)
    • New dedicated queue scheduler
    • Runs by default when Sidekiq is executed with no options
    • Has to be added manually in a multi-process environment

Removed

  • Remove fade-in animation from modals in web UI (Gargron)
  • Remove auto-redirect to direct messages in web UI (Gargron)
  • Remove obsolete IndexedDB operations from web UI (Gargron)
  • Remove dependency on unused and unmaintained http_parser.rb gem (ThibG)

Fixed

  • Fix layout on about page when contact account has a long username (ThibG)
  • Fix follow limit preventing re-following of a moved account (Gargron, ThibG)
  • Fix deletes not reaching every server that interacted with toot (Gargron)
    • Previously, delete of a toot would be primarily sent to the followers of its author, people mentioned in the toot, and people who reblogged the toot
    • Now, additionally, it is ensured that it is sent to people who replied to it, favourited it, and to the person it replies to even if that person is not mentioned
  • Fix resolving an account through its non-canonical form (i.e. alternate domain) (ThibG)
  • Fix sending redundant ActivityPub events when processing remote account deletion (ThibG)
  • Fix Move handler not being triggered when failing to fetch target account (ThibG)
  • Fix downloading remote media files when server returns empty filename (ThibG)
  • Fix account processing failing because of large collections (ThibG)
  • Fix not being able to unfavorite toots one has lost access to (ThibG)
  • Fix not being able to unbookmark toots one has lost access to (ThibG)
  • Fix possible casing inconsistencies in hashtag search (ThibG)
  • Fix updating account counters when association is not yet created (Gargron)
  • Fix cookies not having a SameSite attribute (Gargron)
  • Fix poll ending notifications being created for each vote (ThibG)
  • Fix multiple boosts of a same toot erroneously appearing in TL (ThibG)
  • Fix asset builds not picking up CDN_HOST change (ThibG)
  • Fix desktop notifications permission prompt in web UI (Gargron, Gargron, ThibG, ThibG)
    • Some time ago, browsers added a requirement that desktop notification prompts could only be displayed in response to a user-generated event (such as a click)
    • This means that for some time, users who haven't already given the permission before were not getting a prompt and as such were not receiving desktop notifications
  • Fix "Mark media as sensitive" string not supporting pluralizations in other languages in web UI (ariasuni)
  • Fix glitched image uploads when canvas read access is blocked in web UI (ThibG)
  • Fix some account gallery items having empty labels in web UI (ThibG)
  • Fix alt-key hotkeys activating while typing in a text field in web UI (ThibG)
  • Fix wrong seek bar width on media player in web UI (mfmfuyu)
  • Fix logging out on mobile in web UI (ThibG)
  • Fix wrong click area for GIFVs in media modal in web UI (noellabo)
  • Fix unreadable placeholder text color in high contrast theme in web UI (Gargron)
  • Fix scrolling issues when closing some dropdown menus in web UI (ThibG)
  • Fix notification filter bar incorrectly filtering gaps in web UI (ThibG)
  • Fix disabled boost icon being replaced by private boost icon on hover in web UI (ThibG)
  • Fix hashtag detection in compose form being different to server-side in web UI (kedamaDQ, ThibG)
  • Fix home last read marker mishandling gaps in web UI (ThibG)
  • Fix unnecessary re-rendering of various components when typing in web UI (Gargron)
  • Fix notifications being unnecessarily re-rendered in web UI (ThibG)
  • Fix column swiping animation logic in web UI (ThibG)
  • Fix inefficiency when fetching hashtag timeline (noellabo, akihikodaki)
  • Fix inefficiency when fetching bookmarks (akihikodaki)
  • Fix inefficiency when fetching favourites (akihikodaki)
  • Fix inefficiency when fetching media-only account timeline (akihikodaki)
  • Fix inefficieny when deleting accounts (Gargron, ThibG, ThibG, ThibG, ThibG, ThibG, Gargron)
  • Fix redundant query when processing batch actions on custom emojis (niwatori24)
  • Fix slow distinct queries where grouped queries are faster (Gargron)
  • Fix performance on instances list in admin UI (Gargron)
  • Fix server actor appearing in list of accounts in admin UI (ThibG)
  • Fix "bootstrap timeline accounts" toggle in site settings in admin UI (ThibG)
  • Fix PostgreSQL secret name for cronjob in Helm chart (metal3d)
  • Fix Procfile not being compatible with herokuish (acuteaura)
  • Fix installation of tini being split into multiple steps in Dockerfile (ryncsn)

Security

  • Fix streaming API allowing connections to persist after access token invalidation (Gargron)
  • Fix 2FA/sign-in token sessions being valid after password change (Gargron)
  • Fix resolving accounts sometimes creating duplicate records for a given ActivityPub identifier (ThibG)

[3.2.2] - 2020-12-19

Added

  • Add tootctl maintenance fix-duplicates (ThibG, Gargron)
    • Index corruption in the database?
    • This command is for you

Removed

  • Remove dependency on unused and unmaintained http_parser.rb gem (ThibG)

Fixed

  • Fix Move handler not being triggered when failing to fetch target account (ThibG)
  • Fix downloading remote media files when server returns empty filename (ThibG)
  • Fix possible casing inconsistencies in hashtag search (ThibG)
  • Fix updating account counters when association is not yet created (Gargron)
  • Fix account processing failing because of large collections (ThibG)
  • Fix resolving an account through its non-canonical form (i.e. alternate domain) (ThibG)
  • Fix slow distinct queries where grouped queries are faster (Gargron)

Security

  • Fix 2FA/sign-in token sessions being valid after password change (Gargron)
  • Fix resolving accounts sometimes creating duplicate records for a given ActivityPub identifier (ThibG)

[3.2.1] - 2020-10-19

Added

  • Add support for latest HTTP Signatures spec draft (ThibG)
  • Add support for inlined objects in ActivityPub to/cc (ThibG)

Changed

  • Change actors to not be served at all without authentication in limited federation mode (ThibG)
    • Previously, a bare version of an actor was served when not authenticated, i.e. username and public key
    • Because all actor fetch requests are signed using a separate system actor, that is no longer required

Fixed

  • Fix tootctl media commands not recognizing very large IDs (ThibG)
  • Fix crash when failing to load emoji picker in web UI (ThibG)
  • Fix contrast requirements in thumbnail color extraction (ThibG)
  • Fix audio/video player not using CDN_HOST on public pages (ThibG)
  • Fix private boost icon not being used on public pages (OmmyZhang)
  • Fix audio player on Safari in web UI (ThibG, ThibG)
  • Fix dereferencing remote statuses not using the correct account for signature when receiving a targeted inbox delivery (ThibG)
  • Fix nil error in tootctl media remove (noellabo)
  • Fix videos with near-60 fps being rejected (Gargron)
  • Fix reported statuses not being included in warning e-mail (Gargron)
  • Fix Reject activities of Follow objects not correctly destroying a follow relationship (ThibG)
  • Fix inefficiencies in fan-out-on-write service (Gargron, noellabo)
  • Fix timeout errors when trying to webfinger some IPv6 configurations (Gargron)
  • Fix files served as application/octet-stream being rejected without attempting mime type detection (ThibG)

[3.2.0] - 2020-07-27

Added

  • Add SMTP_SSL environment variable (OmmyZhang)
  • Add hotkey for toggling content warning input in web UI (ThibG)
  • Add e-mail-based sign in challenge for users with disabled 2FA (Gargron)
    • If user tries signing in after:
      • Being inactive for a while
      • With a previously unknown IP
      • Without 2FA being enabled
    • Require to enter a token sent via e-mail before sigining in
  • Add limit param to RSS feeds (noellabo)
  • Add visibility param to share page (noellabo)
  • Add blurhash to link previews (ThibG, ThibG, ThibG, Sasha-Sorokin, Sasha-Sorokin, ThibG, ThibG, ThibG)
    • In web UI, toots cannot be marked as sensitive unless there is media attached
    • However, it's possible to do via API or ActivityPub
    • Thumnails of link previews of such posts now use blurhash in web UI
    • The Card entity in REST API has a new blurhash attribute
  • Add support for summary field for media description in ActivityPub (ThibG)
  • Add hints about incomplete remote content to web UI (Gargron, noellabo)
  • Add personal notes for accounts (ThibG, Gargron, Sasha-Sorokin)
    • To clarify, these are notes only you can see, to help you remember details
    • Notes can be viewed and edited from profiles in web UI
    • New REST API: POST /api/v1/accounts/:id/note with comment param
    • The Relationship entity in REST API has a new note attribute
  • Add Helm chart (dunn, dunn, dunn)
  • Add customizable thumbnails for audio and video attachments (Gargron, Gargron, Gargron, Gargron, ThibG, ThibG, noellabo, noellabo)
    • Metadata (album, artist, etc) is no longer stripped from audio files
    • Album art is automatically extracted from audio files
    • Thumbnail can be manually uploaded for both audio and video attachments
    • Media upload APIs now support thumbnail param
      • On POST /api/v1/media and POST /api/v2/media
      • And on PUT /api/v1/media/:id
    • ActivityPub representation of media attachments represents custom thumbnails with an icon attribute
    • The Media Attachment entity in REST API now has a preview_remote_url to its preview_url, equivalent to remote_url to its url
  • Add color extraction for thumbnails (Gargron, ThibG)
    • The meta attribute on the Media Attachment entity in REST API can now have a colors attribute which in turn contains three hex colors: background, foreground, and accent
    • The background color is chosen from the most dominant color around the edges of the thumbnail
    • The foreground and accent colors are chosen from the colors that are the most different from the background color using the CIEDE2000 algorithm
    • The most satured color of the two is designated as the accent color
    • The one with the highest W3C contrast is designated as the foreground color
    • If there are not enough colors in the thumbnail, new ones are generated using a monochrome pattern
  • Add a visibility indicator to toots in web UI (noellabo, highemerly)
  • Add tootctl email_domain_blocks (tateisu, Gargron)
  • Add "Add new domain block" to header of federation page in admin UI (ariasuni)
  • Add ability to keep emoji picker open with ctrl+click in web UI (bclindner, noellabo)
  • Add custom icon for private boosts in web UI (ThibG)
  • Add support for Create and Update activities that don't inline objects in ActivityPub (ThibG)
  • Add support for Undo activities that don't inline activities in ActivityPub (ThibG)

Changed

  • Change .env.production.sample to be leaner and cleaner (Gargron)
    • It was overloaded as de-facto documentation and getting quite crowded
    • Defer to the actual documentation while still giving a minimal example
  • Change tootctl search deploy to work faster and display progress (Gargron)
  • Change User-Agent of link preview fetching service to include "Bot" (Gargron)
    • Some websites may not render OpenGraph tags into HTML if that's not the case
  • Change behaviour to carry blocks over when someone migrates their followers (ThibG)
  • Change volume control and download buttons in web UI (Gargron)
  • Change design of audio players in web UI (Gargron, ThibG, Gargron, ThibG, Gargron, ThibG)
  • Change reply filter to never filter own toots in web UI (ThibG)
  • Change boost button to no longer serve as visibility indicator in web UI (noellabo, ThibG)
  • Change contrast of flash messages (cchoi12)
  • Change wording from "Hide media" to "Hide image/images" in web UI (ariasuni)
  • Change appearence of settings pages to be more consistent (ariasuni)
  • Change "Add media" tooltip to not include long list of formats in web UI (ariasuni)
  • Change how badly contrasting emoji are rendered in web UI (leo60228, ThibG, mfmfuyu, ThibG)
  • Change structure of unavailable content section on about page (ariasuni)
  • Change behaviour to accept ActivityPub activities relayed through group actor (noellabo)
  • Change amount of processing retries for ActivityPub activities (noellabo)

Removed

  • Remove the terms "blacklist" and "whitelist" from UX (Gargron, mayaeh)
    • Environment variables changed (old versions continue to work):
      • WHITELIST_MODELIMITED_FEDERATION_MODE
      • EMAIL_DOMAIN_BLACKLISTEMAIL_DOMAIN_DENYLIST
      • EMAIL_DOMAIN_WHITELISTEMAIL_DOMAIN_ALLOWLIST
    • CLI option changed:
      • tootctl domains purge --whitelist-modetootctl domains purge --limited-federation-mode
  • Remove some unnecessary database indices (lfuelling, noellabo)
  • Remove unnecessary Node.js version upper bound (ykzts)