Mastodon - Package Updates
Pinned
Mastodon
-
@girish hello! What does it mean for administrators? Is it nessesary Package Update for stable servers?
-
G girish forked this topic on Jan 12, 2023, 12:02 AM
-
[1.11.0]
- Update Mastodon to 4.1.0
- Full changelog
- Add support for importing/exporting server-wide domain blocks (enbylenore, ClearlyClaire, dariusk, ClearlyClaire)
- Add listing of followed hashtags (connorshea)
- Add support for editing media description and focus point of already-sent posts (ClearlyClaire)
- Add follow request banner on account header (ClearlyClaire)
- Add confirmation screen when handling reports (ClearlyClaire, Gargron, tribela)
- Add option to make the landing page be /about even when trends are enabled (ClearlyClaire)
-
[1.11.1]
- Update Mastodon to 4.1.1
- Full changelog
- Add redirection from paths with url-encoded @ to their decoded form (thijskh)
- Add lang attribute to native language names in language picker in Web UI (ClearlyClaire)
- Add headers to outgoing mails to avoid auto-replies (ClearlyClaire)
- Add support for refreshing many accounts at once with tootctl accounts refresh (9p4)
- Add confirmation modal when clicking to edit a post with a non-empty compose form (PauloVilarinho)
- Add support for the HAproxy PROXY protocol through the PROXY_PROTO_V1 environment variable (CSDUMMI)
- Add SENDFILE_HEADER environment variable (Gargron)
- Add cache headers to static files served through Rails (Gargron)
- Increase contrast of upload progress bar background (toolmantim)
- Change post auto-deletion throttling constants to better scale with server size (ClearlyClaire)
- Change order of bookmark and favourite sidebar entries in single-column UI for consistency (TerryGarcia)
- Change ActivityPub::DeliveryWorker retries to be spread out more (ClearlyClaire)
- Fix “Remove all followers from the selected domains” also removing follows and notifications (ClearlyClaire)
- Fix streaming metrics format (emilweth, emilweth)
- Fix case-sensitive check for previously used hashtags in hashtag autocompletion (deanveloper)
- Fix focus point of already-attached media not saving after edit (ClearlyClaire)
- Fix sidebar behavior in settings/admin UI on mobile (wxt2005)
- Fix inefficiency when searching accounts per username in admin interface (ClearlyClaire)
- Fix duplicate “Publish” button on mobile (ClearlyClaire)
- Fix server error when failing to follow back followers from /relationships (ClearlyClaire)
- Fix server error when attempting to display the edit history of a trendable post in the admin interface (ClearlyClaire)
- Fix tootctl accounts migrate crashing because of a typo (ClearlyClaire)
- Fix original account being unfollowed on migration before the follow request to the new account could be sent (ClearlyClaire)
- Fix the “Back” button in column headers sometimes leaving Mastodon (c960657)
- Fix pgBouncer resetting application name on every transaction (Gargron)
- Fix unconfirmed accounts being counted as active users (ClearlyClaire)
- Fix /api/v1/streaming sub-paths not being redirected (ClearlyClaire)
- Fix drag'n'drop upload area text that spans multiple lines not being centered (vintprox)
- Fix sidekiq jobs not triggering Elasticsearch index updates (ClearlyClaire)
- Fix tags being unnecessarily stripped from plain-text short site description (c960657)
- Fix HTML entities not being un-escaped in extracted plain-text from remote posts (c960657)
- Fix dashboard crash on ElasticSearch server error (ClearlyClaire)
- Fix incorrect post links in strikes when the account is remote (ClearlyClaire)
- Fix misleading error code when receiving invalid WebAuthn credentials (ClearlyClaire)
- Fix duplicate mails being sent when the SMTP server is too slow to close the connection (ClearlyClaire)
- Change user backups to use expiring URLs for download when possible (Gargron)
- Add warning for object storage misconfiguration (ClearlyClaire)
-
[1.11.3]
- Update Mastodon to 4.1.2
- Full changelog
- Fix crash in tootctl commands making use of parallelization when Elasticsearch is enabled (ClearlyClaire, ClearlyClaire)
- Fix crash in db:setup when Elasticsearch is enabled (rrgeorge)
- Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (ClearlyClaire)
- Fix invalid/expired invites being processed on sign-up (ClearlyClaire)
- Update Ruby to 3.0.6 due to ReDoS vulnerabilities (saizai)
- Fix unescaped user input in LDAP query (ClearlyClaire)
-
G girish forked this topic on Jul 6, 2023, 1:40 PM
-
[1.11.5]
- Update Mastodon to 4.1.3
- Full changelog
- fixing multiple critical security issues (CVE-2023-36460, CVE-2023-36459)
- Change OpenGraph-based embeds to allow fullscreen (ClearlyClaire)
- Change AccessTokensVacuum to also delete expired tokens (ClearlyClaire)
- Change profile updates to be sent to recently-mentioned servers (ClearlyClaire)
- Change automatic post deletion thresholds and load detection (ClearlyClaire)
-
[1.11.6]
- Update Mastodon to 4.1.4
- Full changelog
- Fix branding:generate_app_icons failing because of disallowed ICO coder (ClearlyClaire)
- Fix crash in admin interface when viewing a remote user with verified links (ClearlyClaire)
- Fix processing of media files with unusual names (ClearlyClaire)
-
[1.11.7]
- Update Mastodon to 4.1.5
- Full changelog
- Add check preventing Sidekiq workers from running with Makara configured (ClearlyClaire)
- Change request timeout handling to use a longer deadline (ClearlyClaire)
- Fix moderation interface for remote instances with a .zip TLD (ClearlyClaire)
- Fix remote accounts being possibly persisted to database with incomplete protocol values (ClearlyClaire)
- Fix trending publishers table not rendering correctly on narrow screens (vmstan)
- Fix CSP headers being unintentionally wide (ClearlyClaire)
-
[1.11.8]
- Update Mastodon to 4.1.6
- Full changelog
- Fix memory leak in streaming server (ThisIsMissEm)
- Fix wrong filters sometimes applying in streaming (ClearlyClaire, ThisIsMissEm, renchap)
- Fix incorrect connect timeout in outgoing requests (ClearlyClaire)
-
[1.11.9]
- Update Mastodon to 4.1.7
- Full changelog
- Change remote report processing to accept reports with long comments, but truncate them (ThisIsMissEm)
- Fix blocking subdomains of an already-blocked domain (ClearlyClaire)
- Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (danielmbrasil)
- Fix inefficiencies in PlainTextFormatter (ClearlyClaire)
-
[1.11.10]
- Update Mastodon to 4.1.8
- Full changelog
- This release is an important security release fixing major security issues (CVE-2023-42451, CVE-2023-42452).
- Fix post edits not being forwarded as expected (ClearlyClaire)
- Fix moderator rights inconsistencies (ClearlyClaire)
- Fix crash when encountering invalid URL (ClearlyClaire)
- Fix cached posts including stale stats (ClearlyClaire)
-
[1.11.11]
- Update Mastodon to 4.1.9
- Full changelog
- Fix post translation erroring out (ClearlyClaire)
- Fix post edits not being forwarded as expected (ClearlyClaire)
- Fix moderator rights inconsistencies (ClearlyClaire)
- Fix crash when encountering invalid URL (ClearlyClaire)
- Fix cached posts including stale stats (ClearlyClaire)
- Fix uploading of video files for which ffprobe reports 0/0 average framerate (NicolaiSoeborg)
- Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (yufushiro)
- Fix missing HTML sanitization in translation API (CVE-2023-42452, GHSA-2693-xr3m-jhqr)
- Fix incorrect domain name normalization (CVE-2023-42451, GHSA-v3xf-c9qf-j667)
-
[1.12.0]
- Update Mastodon to 4.2.0
- Full changelog
- Add “Privacy and reach” tab in profile settings (Gargron, ClearlyClaire)
- This reorganized scattered privacy and reach settings to a single place, as well as improve their wording.
- Add display of out-of-band hashtags in the web interface (Gargron, arbolitoloco1, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron, ClearlyClaire)
- Add role badges to the web interface (ClearlyClaire, Gargron)
- Add ability to pick domains to forward reports to using the forward_to_domains parameter in POST /api/v1/reports (ClearlyClaire, ClearlyClaire)
- The forward_to_domains REST API parameter is a list of strings. If it is empty or omitted, the previous behavior is maintained.
- The forward parameter still needs to be set for forward_to_domains to be taken into account.
- The forwarded-to domains can only include that of the original author and people being replied to.
- Add forwarding of reported replies to servers being replied to (Gargron, ClearlyClaire)
- Add ONE_CLICK_SSO_LOGIN environment variable to directly link to the Single-Sign On provider if there is only one sign up method available (CSDUMMI, ClearlyClaire, CSDUMMI, ClearlyClaire)
- Add webhook templating (Gargron)
- Add webhooks for local status.created, status.updated, account.updated and report.updated (VyrCossont, VyrCossont, VyrCossont)
-
[1.12.1]
- Update Mastodon to 4.2.1
- Full changelog
- Add redirection on /deck URLs for logged-out users (ClearlyClaire)
- Add support for v4.2.0 migrations to tootctl maintenance fix-duplicates (ClearlyClaire)
- Change some worker lock TTLs to be shorter-lived (ClearlyClaire)
- Change user archive export allowed period from 7 days to 6 days (suddjian)
-
[1.12.2]
- Update Mastodon to 4.2.2
- Full changelog
- Change dismissed banners to be stored server-side (ClearlyClaire)
- Change GIF max matrix size error to explicitly mention GIF files (ClearlyClaire)
- Change Follow activities delivery to bypass availability check (ShadowJonathan)
- Change single-column navigation notice to be displayed outside of the logo container (renchap, renchap)
- Change Content-Security-Policy to be tighter on media paths (ClearlyClaire)
- Change post language code to include country code when relevant (gunchleoc, ClearlyClaire)
- Fix upper border radius of onboarding columns (ClearlyClaire)
- Fix incoming status creation date not being restricted to standard ISO8601 (ClearlyClaire, ClearlyClaire)
- Fix some posts from threads received out-of-order sometimes not being inserted into timelines (ClearlyClaire)
- Fix posts from force-sensitized accounts being able to trend (ClearlyClaire)
- Fix error when trying to delete already-deleted file with OpenStack Swift (ClearlyClaire)
- Fix batch attachment deletion when using OpenStack Swift (ClearlyClaire)
- Fix processing LDSigned activities from actors with unknown public keys (ClearlyClaire)
- Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (ClearlyClaire)
- Fix report processing notice not mentioning the report number when performing a custom action (ClearlyClaire)
- Fix handling of inLanguage attribute in preview card processing (ClearlyClaire)
- Fix own posts being removed from home timeline when unfollowing a used hashtag (kmycode)
- Fix some link anchors being recognized as hashtags (ClearlyClaire, ClearlyClaire)
- Fix format-dependent redirects being cached regardless of requested format (ClearlyClaire)
-
[1.12.3]
- Update Mastodon to 4.2.3
- Full changelog
- Fix dependency on json-canonicalization version that has been made unavailable since last release
-
[1.12.4]
- Update Mastodon to 4.2.4
- Full changelog
- Add rate-limit of TOTP authentication attempts at controller level (ClearlyClaire)
- Fix error when processing remote files with unusually long names (ClearlyClaire)
- Fix processing of compacted single-item JSON-LD collections (ClearlyClaire)
- Retry 401 errors on replies fetching (ShadowJonathan)
- Fix RecordNotUnique errors in LinkCrawlWorker (tribela)
- Fix Mastodon not correctly processing HTTP Signatures with query strings (ClearlyClaire, ClearlyClaire)
-
[1.12.5]
- Update Mastodon to 4.2.5
- Full changelog
- Fix insufficient origin validation (CVE-2024-23832, GHSA-3fjr-858r-92rw)
-
[1.12.6]
- Update Mastodon to 4.2.6
- This release is an important security release fixing several security issue.
- Full changelog
- Change external authentication behavior to never reattach a new identity to an existing user by default (GHSA-vm39-j3vx-pch3)
- Update the nokogiri dependency (see GHSA-xc9x-jj77-9p9j)
- Disable administrative Doorkeeper routes (ThisIsMissEm)
- Fix ongoing streaming sessions not being invalidated when applications get deleted in some cases (GHSA-7w3c-p9j8-mq3x)
- Update the sidekiq-unique-jobs dependency (see GHSA-cmh9-rx85-xj38)
