Mastodon - Package Updates

alwynispat

@girish why is this package downgrading Mastodon from 4.0.2 to 4.0?

nebulon

@alwynispat version 4.0.0 is referring to the app base docker image, not the mastodon app itself. Mastodon is still on v4.0.2

itbeard

@girish hello! What does it mean for administrators? Is it nessesary Package Update for stable servers?

murgero

@itbeard All this update was, was an internal cloudron update - you don't need to do anything with Mastodon

"Base Image" in the change log refers to the Cloudron Docker base image.

girish

[1.11.0]

• Update Mastodon to 4.1.0
• Full changelog
• Add support for importing/exporting server-wide domain blocks (enbylenore, ClearlyClaire, dariusk, ClearlyClaire)
• Add listing of followed hashtags (connorshea)
• Add support for editing media description and focus point of already-sent posts (ClearlyClaire)
• Add follow request banner on account header (ClearlyClaire)
• Add confirmation screen when handling reports (ClearlyClaire, Gargron, tribela)
• Add option to make the landing page be /about even when trends are enabled (ClearlyClaire)

nebulon

[1.11.1]

• Update Mastodon to 4.1.1
• Full changelog
• Add redirection from paths with url-encoded @ to their decoded form (thijskh)
• Add lang attribute to native language names in language picker in Web UI (ClearlyClaire)
• Add headers to outgoing mails to avoid auto-replies (ClearlyClaire)
• Add support for refreshing many accounts at once with tootctl accounts refresh (9p4)
• Add confirmation modal when clicking to edit a post with a non-empty compose form (PauloVilarinho)
• Add support for the HAproxy PROXY protocol through the PROXY_PROTO_V1 environment variable (CSDUMMI)
• Add SENDFILE_HEADER environment variable (Gargron)
• Add cache headers to static files served through Rails (Gargron)
• Increase contrast of upload progress bar background (toolmantim)
• Change post auto-deletion throttling constants to better scale with server size (ClearlyClaire)
• Change order of bookmark and favourite sidebar entries in single-column UI for consistency (TerryGarcia)
• Change ActivityPub::DeliveryWorker retries to be spread out more (ClearlyClaire)
• Fix “Remove all followers from the selected domains” also removing follows and notifications (ClearlyClaire)
• Fix streaming metrics format (emilweth, emilweth)
• Fix case-sensitive check for previously used hashtags in hashtag autocompletion (deanveloper)
• Fix focus point of already-attached media not saving after edit (ClearlyClaire)
• Fix sidebar behavior in settings/admin UI on mobile (wxt2005)
• Fix inefficiency when searching accounts per username in admin interface (ClearlyClaire)
• Fix duplicate “Publish” button on mobile (ClearlyClaire)
• Fix server error when failing to follow back followers from /relationships (ClearlyClaire)
• Fix server error when attempting to display the edit history of a trendable post in the admin interface (ClearlyClaire)
• Fix tootctl accounts migrate crashing because of a typo (ClearlyClaire)
• Fix original account being unfollowed on migration before the follow request to the new account could be sent (ClearlyClaire)
• Fix the “Back” button in column headers sometimes leaving Mastodon (c960657)
• Fix pgBouncer resetting application name on every transaction (Gargron)
• Fix unconfirmed accounts being counted as active users (ClearlyClaire)
• Fix /api/v1/streaming sub-paths not being redirected (ClearlyClaire)
• Fix drag'n'drop upload area text that spans multiple lines not being centered (vintprox)
• Fix sidekiq jobs not triggering Elasticsearch index updates (ClearlyClaire)
• Fix tags being unnecessarily stripped from plain-text short site description (c960657)
• Fix HTML entities not being un-escaped in extracted plain-text from remote posts (c960657)
• Fix dashboard crash on ElasticSearch server error (ClearlyClaire)
• Fix incorrect post links in strikes when the account is remote (ClearlyClaire)
• Fix misleading error code when receiving invalid WebAuthn credentials (ClearlyClaire)
• Fix duplicate mails being sent when the SMTP server is too slow to close the connection (ClearlyClaire)
• Change user backups to use expiring URLs for download when possible (Gargron)
• Add warning for object storage misconfiguration (ClearlyClaire)

girish

[1.11.2]

• Update nginx config

nebulon

[1.11.3]

• Update Mastodon to 4.1.2
• Full changelog
• Fix crash in tootctl commands making use of parallelization when Elasticsearch is enabled (ClearlyClaire, ClearlyClaire)
• Fix crash in db:setup when Elasticsearch is enabled (rrgeorge)
• Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (ClearlyClaire)
• Fix invalid/expired invites being processed on sign-up (ClearlyClaire)
• Update Ruby to 3.0.6 due to ReDoS vulnerabilities (saizai)
• Fix unescaped user input in LDAP query (ClearlyClaire)

nebulon

[1.11.4]

• Allow to customize cache retention days
• Cleanup accounts cache

girish

[1.11.5]

• Update Mastodon to 4.1.3
• Full changelog
• fixing multiple critical security issues (CVE-2023-36460, CVE-2023-36459)
• Change OpenGraph-based embeds to allow fullscreen (ClearlyClaire)
• Change AccessTokensVacuum to also delete expired tokens (ClearlyClaire)
• Change profile updates to be sent to recently-mentioned servers (ClearlyClaire)
• Change automatic post deletion thresholds and load detection (ClearlyClaire)

girish

[1.11.6]

• Update Mastodon to 4.1.4
• Full changelog
• Fix branding:generate_app_icons failing because of disallowed ICO coder (ClearlyClaire)
• Fix crash in admin interface when viewing a remote user with verified links (ClearlyClaire)
• Fix processing of media files with unusual names (ClearlyClaire)

nebulon

[1.11.7]

• Update Mastodon to 4.1.5
• Full changelog
• Add check preventing Sidekiq workers from running with Makara configured (ClearlyClaire)
• Change request timeout handling to use a longer deadline (ClearlyClaire)
• Fix moderation interface for remote instances with a .zip TLD (ClearlyClaire)
• Fix remote accounts being possibly persisted to database with incomplete protocol values (ClearlyClaire)
• Fix trending publishers table not rendering correctly on narrow screens (vmstan)
• Fix CSP headers being unintentionally wide (ClearlyClaire)

nebulon

[1.11.8]

• Update Mastodon to 4.1.6
• Full changelog
• Fix memory leak in streaming server (ThisIsMissEm)
• Fix wrong filters sometimes applying in streaming (ClearlyClaire, ThisIsMissEm, renchap)
• Fix incorrect connect timeout in outgoing requests (ClearlyClaire)

girish

[1.11.9]

• Update Mastodon to 4.1.7
• Full changelog
• Change remote report processing to accept reports with long comments, but truncate them (ThisIsMissEm)
• Fix blocking subdomains of an already-blocked domain (ClearlyClaire)
• Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (danielmbrasil)
• Fix inefficiencies in PlainTextFormatter (ClearlyClaire)

girish

[1.11.10]

• Update Mastodon to 4.1.8
• Full changelog
• This release is an important security release fixing major security issues (CVE-2023-42451, CVE-2023-42452).
• Fix post edits not being forwarded as expected (ClearlyClaire)
• Fix moderator rights inconsistencies (ClearlyClaire)
• Fix crash when encountering invalid URL (ClearlyClaire)
• Fix cached posts including stale stats (ClearlyClaire)

nebulon

[1.11.11]

• Update Mastodon to 4.1.9
• Full changelog
• Fix post translation erroring out (ClearlyClaire)
• Fix post edits not being forwarded as expected (ClearlyClaire)
• Fix moderator rights inconsistencies (ClearlyClaire)
• Fix crash when encountering invalid URL (ClearlyClaire)
• Fix cached posts including stale stats (ClearlyClaire)
• Fix uploading of video files for which ffprobe reports 0/0 average framerate (NicolaiSoeborg)
• Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (yufushiro)
• Fix missing HTML sanitization in translation API (CVE-2023-42452, GHSA-2693-xr3m-jhqr)
• Fix incorrect domain name normalization (CVE-2023-42451, GHSA-v3xf-c9qf-j667)

girish

[1.12.0]

• Update Mastodon to 4.2.0
• Full changelog
• Add “Privacy and reach” tab in profile settings (Gargron, ClearlyClaire)
• This reorganized scattered privacy and reach settings to a single place, as well as improve their wording.
• Add display of out-of-band hashtags in the web interface (Gargron, arbolitoloco1, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron, ClearlyClaire)
• Add role badges to the web interface (ClearlyClaire, Gargron)
• Add ability to pick domains to forward reports to using the forward_to_domains parameter in POST /api/v1/reports (ClearlyClaire, ClearlyClaire)
• The forward_to_domains REST API parameter is a list of strings. If it is empty or omitted, the previous behavior is maintained.
• The forward parameter still needs to be set for forward_to_domains to be taken into account.
• The forwarded-to domains can only include that of the original author and people being replied to.
• Add forwarding of reported replies to servers being replied to (Gargron, ClearlyClaire)
• Add ONE_CLICK_SSO_LOGIN environment variable to directly link to the Single-Sign On provider if there is only one sign up method available (CSDUMMI, ClearlyClaire, CSDUMMI, ClearlyClaire)
• Add webhook templating (Gargron)
• Add webhooks for local status.created, status.updated, account.updated and report.updated (VyrCossont, VyrCossont, VyrCossont)

girish

[1.12.1]

• Update Mastodon to 4.2.1
• Full changelog
• Add redirection on /deck URLs for logged-out users (ClearlyClaire)
• Add support for v4.2.0 migrations to tootctl maintenance fix-duplicates (ClearlyClaire)
• Change some worker lock TTLs to be shorter-lived (ClearlyClaire)
• Change user archive export allowed period from 7 days to 6 days (suddjian)

nebulon

[1.12.2]

• Update Mastodon to 4.2.2
• Full changelog
• Change dismissed banners to be stored server-side (ClearlyClaire)
• Change GIF max matrix size error to explicitly mention GIF files (ClearlyClaire)
• Change Follow activities delivery to bypass availability check (ShadowJonathan)
• Change single-column navigation notice to be displayed outside of the logo container (renchap, renchap)
• Change Content-Security-Policy to be tighter on media paths (ClearlyClaire)
• Change post language code to include country code when relevant (gunchleoc, ClearlyClaire)
• Fix upper border radius of onboarding columns (ClearlyClaire)
• Fix incoming status creation date not being restricted to standard ISO8601 (ClearlyClaire, ClearlyClaire)
• Fix some posts from threads received out-of-order sometimes not being inserted into timelines (ClearlyClaire)
• Fix posts from force-sensitized accounts being able to trend (ClearlyClaire)
• Fix error when trying to delete already-deleted file with OpenStack Swift (ClearlyClaire)
• Fix batch attachment deletion when using OpenStack Swift (ClearlyClaire)
• Fix processing LDSigned activities from actors with unknown public keys (ClearlyClaire)
• Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (ClearlyClaire)
• Fix report processing notice not mentioning the report number when performing a custom action (ClearlyClaire)
• Fix handling of inLanguage attribute in preview card processing (ClearlyClaire)
• Fix own posts being removed from home timeline when unfollowing a used hashtag (kmycode)
• Fix some link anchors being recognized as hashtags (ClearlyClaire, ClearlyClaire)
• Fix format-dependent redirects being cached regardless of requested format (ClearlyClaire)

nebulon

[1.12.3]

• Update Mastodon to 4.2.3
• Full changelog
• Fix dependency on json-canonicalization version that has been made unavailable since last release