Mastodon - Package Updates

Package Updates

[1.16.7]

• Update mastodon to 4.4.7
• Full Changelog
• Fix forwarder being called with nil status when quote post is soft-deleted (#36463 by @ClearlyClaire)
• Fix moderation warning e-mails that include posts (#36462 by @ClearlyClaire)
• Fix allow_referrer_origin typo (#36460 by @ShadowJonathan)

Package Updates

[1.16.8]

• Update mastodon to 4.4.8
• Full Changelog
• Fix quote control bypass (GHSA-8h43-rcqj-wpc6)

Package Updates

[1.17.0]

• Update mastodon to 4.5.0
• Full Changelog
• Add support for allowing and authoring quotes (#35355, #35578, #35614, #35618, #35624, #35626, #35652, #35629, #35665, #35653, #35670, #35677, #35690, #35697, #35689, #35699, #35700, #35701, #35709, #35714, #35713, #35715, #35725, #35749, #35769, #35780, #35762, #35804, #35808, #35805, #35819, #35824, #35828, #35822, #35835, #35865, #35860, #35832, #35891, #35894, #35895, #35820, #35917, #35924, #35925, #35914, #35930, #35941, #35939, #35948, #35955, #35967, #35990, #35991, #35975, #35971, #36002, #35986, #36031, #36034, #36038, #36054, #36052, #36055, #36065, #36068, #36083, #36087, #36080, #36091, #36090, #36118, #36119, #36128, #36094, #36129, #36138, #36132, #36151, #36158, #36171, #36194, #36220, #36169, #36130, #36249, #36153, #36299, #36291, #36301, #36315, #36317, #36364, #36383, #36381, #36459, #36464, #36461, #36516, #36528, #36549, #36550, #36559, #36693, #36704, #36690, #36689, #36696, #36721, #36695 and #36736 by @ChaosExAnima, @ClearlyClaire, @Lycolia, @diondiondion, and @tribela)
• Add support for fetching and refreshing replies to the web UI (#35210, #35496, #35575, #35500, #35577, #35602, #35603, #35654, #36141, #36237, #36172, #36256, #36271, #36334, #36382, #36239, #36484, #36481, #36583, #36627 and #36547 by @ClearlyClaire, @diondiondion, @Gargron and @renchap)
• Add ability to block words in usernames (#35407, #35655, and #35806 by @ClearlyClaire and @Gargron)
• Add ability to individually disable local or remote feeds for visitors or logged-in users disabled value to server setting for live and topic feeds, as well as user permission to bypass that (#36338, #36467, #36497, #36563, #36577, #36585, #36607 and #36703 by @ClearlyClaire)
• Add support for displaying of quote posts in Moderator UI (#35964 by @ThisIsMissEm)
• Add support for displaying link previews for Admin UI (#35958 by @ThisIsMissEm)
• Add a new server setting to choose the server landing page (#36588 and #36602 by @ClearlyClaire and @renchap)
• Add support for Update activities on converted object types (#36322 by @ClearlyClaire)
• Add support for dynamic viewport height (#36272 by @e1berd)
• Add support for numeric-based URIs for new local accounts (#32724, #36304, #36316, and #36365 by @ClearlyClaire)

Package Updates

[1.17.1]

• Update mastodon to 4.5.1
• Full Changelog
• Fix Cmd/Ctrl + Enter not submitting Alt text modal on some browsers (#36866 by @diondiondion)
• Fix posts coming from public/hashtag streaming being marked as unquotable (#36860 and #36869 by @ClearlyClaire)
• Fix old previously-undiscovered posts being treated as new when receiving an Update (#36848 by @ClearlyClaire)
• Fix blank screen in browsers that don't support Intl.DisplayNames (#36847 by @diondiondion)
• Fix filters not being applied to quotes in detailed view (#36843 by @ClearlyClaire)
• Fix scroll shift caused by fetch-all-replies alerts (#36807 by @diondiondion)
• Fix dropdown menu not focusing first item when opened via keyboard (#36804 by @diondiondion)
• Fix assets build issue on arch64 (#36781 by @ClearlyClaire)
• Fix /api/v1/statuses/:id/context sometimes returing Mastodon-Async-Refresh without result_count (#36779 by @ClearlyClaire)
• Fix prepared quote not being discarded with contents when replying (#36778 by @ClearlyClaire)

Package Updates

[1.17.2]

• Update mastodon to 4.5.2
• Full Changelog
• Change private quote education modal to not show up on self-quotes (#36926 by @ClearlyClaire)
• Fix missing fallback link in CW-only quote posts (#36963 by @ClearlyClaire)
• Fix statuses without text being hidden while loading (#36962 by @ClearlyClaire)
• Fix g + h keyboard shortcut not working when a post is focused (#36935 by @diondiondion)
• Fix quoting overwriting current content warning (#36934 by @ClearlyClaire)
• Fix scroll-to-status in threaded view being unreliable (#36927 by @ClearlyClaire)
• Fix path resolution for emoji worker (#36897 by @ChaosExAnima)
• Fix tootctl upgrade storage-schema failing with ArgumentError (#36914 by @shugo)
• Fix cross-origin handling of CSS modules (#36890 by @ClearlyClaire)
• Fix error with remote tags including percent signs (#36886 and #36925 by @ChaosExAnima and @ClearlyClaire)

Package Updates

[1.17.3]

• Update mastodon to 4.5.3
• Full Changelog
• Fix inconsistent error handling leaking information on existence of private posts (GHSA-gwhw-gcjx-72v8)
• Fix Delete and Redraft on a non-quote being treated as a quote post in some cases (#37140 by @ClearlyClaire)
• Fix YouTube embeds by sending referer (#37126 by @ChaosExAnima)
• Fix streamed quoted polls not being hydrated correctly (#37118 by @ClearlyClaire)
• Fix creation of duplicate conversations (#37108 by @oneiros)
• Fix extraneous noreferrer in external links (#37107 by @ChaosExAnima)
• Fix edge case error handling in some database migrations (#37079 by @ClearlyClaire)
• Fix error handling when re-fetching already-known statuses (#37077 by @ClearlyClaire)
• Fix post navigation in single-column mode when Advanced UI is enabled (#37044 by @diondiondion)
• Fix tootctl status remove removing quoted posts and remote quotes of local posts (#37009 by @ClearlyClaire)

Package Updates

[1.17.4]

• Update mastodon to 4.5.4
• Full Changelog
• Fix custom emojis not being rendered in profile fields (#37365 by @ClearlyClaire)
• Fix serialization of context pages (#37376 by @ClearlyClaire)
• Fix quotes with CWs but no text not having fallback link (#37361 by @ClearlyClaire)
• Fix outdated link target for locked warning (#37366 by @ClearlyClaire)
• Fix local custom emojis sometimes being rendered in remote posts (#37284 by @ChaosExAnima)
• Fix some assets not being loaded from configured CDN (#37310 by @ChaosExAnima)
• Fix notifications page error in Tor browser (#37285 by @diondiondion)
• Fix custom emojis not being displayed in CWs and fav/boost notifications (#37272 and #37306 by @ChaosExAnima and @ClearlyClaire)
• Fix default Admin role not including view_feeds permission (#37301 by @ClearlyClaire)
• Fix hashtag autocomplete replacing suggestion's first characters with input (#37281 by @ClearlyClaire)

Package Updates

[1.17.7]

• Update mastodon to 4.5.7
• Full Changelog
• Add --suspended-only option to tootctl emoji purge (#​37828 and #​37861 by @​ClearlyClaire and @​mjankowski)
• Fix emoji data not being properly cached (#​37858 by @​ChaosExAnima)
• Fix delete & redraft of pending posts (#​37839 by @​ClearlyClaire)
• Fix processing separate key documents without the ActivityStreams context (#​37826 by @​ClearlyClaire)
• Fix custom emojis not being purged on domain suspension (#​37808 by @​ClearlyClaire)
• Fix users without special permissions being able to stream disabled timelines (#​37791 by @​ClearlyClaire)
• Fix processing of object updates with duplicate hashtags (#​37756 by @​ClearlyClaire)

Package Updates

[1.17.9]

• Update mastodon to 4.5.9
• Full Changelog
• Insufficient verification of email addresses (GHSA-5r37-qpwq-2jhh)
• Updated dependencies
• Add trademark warning to mastodon:setup task (#38548 by @ClearlyClaire)
• Fix definition for quote in JSON-LD context (#38686 by @ClearlyClaire)
• Fix being unable to disable sound for quote update notification (#38537 by @ClearlyClaire)
• Fix being able to quote someone you blocked (#38608 by @ClearlyClaire)

Package Updates

[1.17.10]

• fix: update doc links from /apps/ to /packages/

Package Updates

[1.17.11]

• Update mastodon to 4.5.10
• Full Changelog
• Fix SSRF protection bypass (GHSA-crr4-7rm4-8gpw, GHSA-xx55-4rrg-8xg6)
• Fix Linked-Data Signature bypass through JSON-LD graph restructuring features (GHSA-53m7-2wrh-q839, GHSA-chgx-jx3p-rf73)
• Updated dependencies
• Fix type of interactingObject, interactionTarget and add missing QuoteAuthorization (#38940 by @ClearlyClaire)
• Remove unused devise strategies (#38795 by @ClearlyClaire)

Package Updates

[1.17.12]

• Update mastodon to 4.5.11
• Full Changelog
• Fix allowed attribution domains spoofing (GHSA-rwcw-vq68-g34p)
• Fix uncaught exception in message sanitization causing Denial of Service (GHSA-qrgq-9fx2-vf2r)
• Update dependencies
• Fix remote statuses with large media descriptions being rejected (#39135 by @ClearlyClaire)

Package Updates

[1.18.0]

• Update mastodon to 4.6.0
• Full Changelog
• Add collections (#37992 and others) - Create collections with up to 25 accounts each, then share them with others.
• Add email subscriptions (#38163 and others) - Admins can allow specific roles to enable email subscriptions on their profile.
• Add new overview landing page setting (#39074 and others) - Admins can choose a new frontpage for anonymous visitors.
• Add ability to require 2FA for specific roles (including Everybody) (#37701 and others)
• Remove support for EOL Node version 20 (#38926 by @mjankowski)
• Remove support for Ruby 3.2 (#37476 by @mjankowski)
• Remove support for ImageMagick (#37488 by @mjankowski)
• Change invitations to only bypass sign-up approval setting when the issuer of the invitation has the invite_bypass_approval permission (#38278 by @ClearlyClaire)
• Fix filters not being applied to search results in web UI (#36346 by @ClearlyClaire)
• Fix remote posts with large media descriptions being rejected (#39135 by @ClearlyClaire)

Package Updates

[1.18.1]

• Update mastodon to 4.6.1
• Full Changelog
• Add avatar_description and header_description to /api/v1/accounts/update_credentials (#39547 and #39574 by @ClearlyClaire and @mkljczk)
• Fix combobox menu not closing after a selection (#39595 by @diondiondion)
• Fix Emoji IndexedDB upgrades when multiple tabs are open (#39576 by @ChaosExAnima)
• Fix combobox listbox not scrolling up when new suggestions have loaded (#39588 by @diondiondion)
• Fix media modal navigation in RTL languages (#39587 by @diondiondion)
• Fix accounts not visible in collection editor in advanced web interface (#39586 by @diondiondion)
• Fix error on login with certain LDAP configurations (#39571 by @oneiros)
• Fix simplified layout applying to other pages in web UI (#39570 by @Gargron)
• Fix emoji database loading in web worker (#39558 and #39562 by @ChaosExAnima)
• Fix display name length limit being incorrectly enforced in web UI (#39499 by @shleeable)

Package Updates

[1.18.2]

• Update mastodon to 4.6.2
• Full Changelog
• Update FFMpeg version used in the container image to fix CVE-2026-8461 (critical severity)