1.2.2
This release includes important security improvements and fixes.
Fixes:
- Remove unneeded query when posting toot without attachments (#1907)
- Long statuses in boost dialog scroll again (#1710)
- Fix unreblog/unfavourite API returning stale boolean result (#1989)
- Fix treatment of special characters in XML (#1988)
- Skip posting to the API if text is empty (#1962)
- Optimized logo to look sharper (#2020)
- Cache account IDs to be excluded from public timelines (blocked, blocking, muted accounts) for faster queries (#1858)
- Fix multiple load-more requests being fired on account timelines (#2066)
- Ensure that uploaded files are saved with a file extension (#2078)
- Remove unused fonts (#2103)
- Language detection falls back to user's selected locale, otherwise to default locale (#2099)
- Hide link preview if there is a content warning (#1617)
- Fix broken URLs due to HTML escaping (#2138)
- Use confirmed users in about/more stats instead of all (#2127)
- Fix potential for webfinger redirect misuse (#2147)
- Uncached attachments now have type
unknown
(instead ofimage
,video
etc) and no longer transparently hotlink to the remote URL. In the web UI, they are now displayed as a list of links, instead of preview (#2110) - Fix gif uploads (#2172)
Features:
- Streaming API server now can run in a cluster mode (i.e. multiple processes kickstarted by one master process) (#1970)
- Preferred user locale assigned on sign-up (#1982)
- When over the character limit, character counter goes red (#1980)
- Disable toot button when over character limit (#2088)
- Option to disable all GIF autoplay in the web UI (#1991)
- List of known instances in admin UI (#2095)
- Filter reports by accounts/target accounts (#2092)
- API to retrieve status no longer requires authentication (similar to public timelines APIs) (#1919)
- Rate limits on login attempts, sign-up attemps, and forgotten password attempts (#2079)
- Automatically expand textarea (#2128)
- OpenGraph tags on public followers/following pages (#2052)
There are also various localization additions and improvements, as well as refactors and new test suites.
Upgrade notes:
- This release includes database migrations, that means you need to run
RAILS_ENV=production bundle exec rails db:migrate
(in Docker:docker-compose run --rm web rails db:migrate
) - This release includes changes to assets, that means you need to run
RAILS_ENV=production bundle exec rails assets:precompile
(in Docker:docker-compose run --rm web rails assets:precompile
)
Contributors to this release:
@8398a7
@857b
@abcang
@alpaca-tc
@anon5r
@Artoria2e5
@ashfurrow
@blackle
@bradurani
@chrolis
@cyweo
@d6rkaiz
@daprice
@dar5hak
@diomed
@dunn
@eramdam
@evilny0
@expenses
@fsubal
@Gargron
@geta6
@happycoloredbanana
@hugogameiro
@ian-kelling
@iblech
@ik11235
@ikasoumen
@ineffyble
@iwaim
@jeroenpraat
@JoelQ
@jpdevries
@k0ta0uchi
@kodnaplakal
@kuro5hin
@matsurai25
@matteoaquila
@mig5
@mistydemeo
@mjankowski
@Moosh-be
@PatF
@reedcourty
@rkarabut
@SansPseudoFix
@saper
@saturday06
@snwh
@tmyt
@tomfhowe
@tototoshi
@trebmuh
@tsuwatch
@usagi-f
@walf443
@ykzts
@yookoala
@zacanger