v1.4rc1

This is a release candidate. Upgrade at your own risk.

Fixes:

• Fix boost icon: center vertically (#2690)
• Fix to completely hide NSFW-tagged images (#2724)
• Fix width of .confirmation-modal on narrow screens (#2743)
• Always respond with 200 to PuSH payloads (#2733)
• Language improvements, replace whatlanguage with CLD (#2753, #2949)
• Handle out-of-order deletes for statuses (#2734)
• Replace best_in_place editor on admin settings page (#2789)
• Performance: Delete records in smaller transaction (#2802)
• More robust PuSH subscription refreshes (#2799)
• Use Twitter::Extractor for creating links (#2502)
• Performance: Optimize follower_accounts and following_accounts (#2820)
• Performance: Fix slow query in notifications api (#2851)
• Performance: Add asynchronous emojione-picker (code-splitting) (#2863)
• Fix a aspect ratio for the embedded video (#2872)
• Fix local fonts and change font-face values (#2877)
• Add content-type in pubsubhubhub request header (#2943)
• Disabled auto focus on toot form when search results are shown. (#2942)
• Performance: Add account_id DESC to optimize PrecomputeFeedService (#2967)
• Send HEAD request ahead of GET when fetching URL previews (#2972)
• Fix mention regex to support unicode (#2420)
• When avatar/header are missing, do not include the missing file into Atom (#2988)
• Accept own ID for remote follow with and without preceding @ (#2991)
• Delete associated notifications when a status is deleted (#2994)
• Trim long usernames in public follower/following lists (#2993)
• Fix not rejecting remote URIs when parsing out local IDs (#3012)
• Prepend reblogs' wrapper content with "RT @original_author", (#3013)
• Do not cancel PuSH subscriptions after encountering "permanent" error (#3046)
• Do not override ctrl/cmd+click on permalinks (#3073)
• Hide signup path unless the instance allows registration. (#3055)
• Performance: Optimize Status#permitted_for 24x (#3069)
• Performance: Improve Account#triadic_closures (#3079)
• Performance: Make faster ProcessFeedService (#3080)
• Enable to handle app immediately after closing modal (#3082)
• Performance: Make .column-collapse animation simple (#3086)
• Resolve preview cards for remote statuses as well as local ones (#3088)
• Do not hardcode the exclamation in "toot!", wrap it in an extra locale key (#3089)
• Performance: Avoid useless renders (#3141)
• Performance: Improvements (#3168)
• Run processes in Docker as non-root user (#3159)
• Performance: Use joins for account properties (#3167)
• Performance: Remove unnecessary div (#3172)
• Performance: Faster boot time (#3176)
• Replace mastodon:media:clear and mastodon:feeds:clear rake tasks with sidekiq scheduler (#3180)
• Add boop sounds in Vorbis format (#2963)
• Focus tab of Mastodon when clicking notification (#2989)

Features:

• Filter out languages from public timelines based on preferences (#2361, #3175)
• Admins can disable 2FA for users (#2584)
• Webpack (#2617)
• Show boosted user's avatar (#2518)
• Show emoji shortname in a tooltip (#2784)
• Decode IDN URLs in PreviewCard (#2781)
• When streaming API is disconnected, poll home/notifications (#2776)
• Replace ws with uws (#2807)
• Sidekiq dashboard displays scheduled tasks (#2898)
• Add <ostatus:conversation /> to Atom feeds (#3016)
• Make direct statuses stand out more (#3025)
• Ability to mute notifications for an entire conversation (#3017)
• Admins can filter accounts based on username/display name/e-mail/IP (#2968)
• Ability to hide all content from a domain (#2381)
• Media gallery view on profiles (#3120)

Upgrade notes:

Non-Docker only:

• This release switches the minimum supported Node.js version from 4 to 6
• Three additional system packages are required: pkg-config libprotobuf-dev protobuf-compiler
• Dependency updates: bundle install and yarn install

Docker-only:

• Processes inside Docker no longer run as root. Existing installations will require you to change directory ownership of the uploads volume to a different UID/GID: something like sudo chown -R 991:991 public/system (the default UID/GID of the new in-Docker user is 991/991)

Both Docker and non-Docker:

• If you have CDN_HOST set, make sure it contains the protocol part (http:// or https://), if it does not, adjust it before doing the next step
• This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)
• Generated assets now live under public/packs instead of public/assets. This is mostly irrelevant but might affect some custom proxying configurations.
• This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)

Contributors to this release:

@AA4ch1
@abcang
@akihikodaki
@Aldarone
@alpaca-tc
@ayumin
@beatrix-bitrot
@BoFFire
@bzg
@dikky1218
@docjkl
@esetomo
@Gargron
@gentarok
@geta6
@haoyayoi
@harukasan
@h-izumi
@jackjennings
@jeroenpraat
@Jnsll
@kaniini
@loomchild
@m4sk1n
@marrus-sh
@masarakki
@mikoim
@mjankowski
@nolanlawson
@ozcanzaferayan
@Pangoraw
@pfm-eyesightjp
@potato4d
@Quent-in
@ramlmn
@rch850
@rkarabut
@rtucker
@salvadorpla
@seefood
@sorin-davidoi
@sossii
@stephenburgess8
@sterbfly
@treby
@unarist
@Wonderfall
@xqus
@yhirano55
@yiskah
@ykzts
@yookoala
@znz
@zunda

v1.3.3

This is a patch release that backports a few important improvements from the upcoming v1.4 release which is still a work in progress.

PuSH subscriptions is how Mastodon instances send each other statuses of followed accounts. They have to be periodically renewed (by default they run for around 30 days). Because Scalingo does not support cronjobs, and Heroku requires a separate scheduler setup, those installations are in most dire need of this update, which moves the renewal code into the Sidekiq process instead. But everyone else will also benefit from the renewals being more efficient and failure-resistant. Previous behaviour did not have retries, so if a subscription request failed, it would only be retried when you next ran the cronjob, which meant gaps in followed people's timelines for days or longer.

Fixes:

• PuSH subscriptions refresh now run through Sidekiq, it no longer requires cronjobs (old mastodon:push:refresh rake task becomes no-op), more efficient/less hard-hitting order in which subscription requests are sent, better handling of errors and retrial in case of temporary failures (#2799)
• Handle out-of-order delete events (e.g. when delete arrives before original status - future original status will get ignored now) (#2734)
• Always respond with 200 to PuSH deliveries instead of 201/202, check Salmon verification synchronously to return useful error to remote server (#2733)

Upgrade notes:

• This release includes dependency updates, that means you need to run bundle install (not required in Docker deployments)

Contributors:

@Gargron

v1.3.2

Stabilized release. Fixes:

• Fix templating error in reports (#2546)
• Fix templating error in remote follows (#2547)
• Fix templating error on public page when hashtag doesn't exist (#2563)
• Fix Mastodon version not being returned correctly from API (#2590)
• Fix incorrect attachment type being set for reject_media-blocked domains (#2599)
• Remove unneeded order clause on public follower/following pages (#2615)
• Fix more style regressions from CSS/BEM refactor (#2608)

Upgrade notes:

• This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
• This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors:

@alpaca-tc
@Artoria2e5
@ashfurrow
@BoFFire
@Gargron
@JoelQ
@mjankowski
@PatF
@rkarabut
@stephenburgess8
@S-YOU
@Wonderfall
@yiskah
@ykzts
@y-temp4

v1.3.1

Immediate hotfix for obscure formatting issue that slipped through review and testing.

v1.3

This update includes important security fixes.

Fixes:

• Textarea height reset on submission (#2236)
• Fixed mistakes in onboarding modal (#1964)
• Improve bio compatibility with GNU social (#2278)
• Adjust boost icon tooltip according to visibility (#1754)
• Support for IDN (utf8/punycode) URLs (#2363, #2370)
• Fix e-mail whitelist rules (#2213)
• Fix hashtags in private toots listing the toot on public hashtag pages (#2182)
• Fix status being available in public timelines before images finished attaching (#2426)
• Add shared status tampering verification (#2525)
• Hide redundant links on small screens (#2175)
• Fix mangling of ##tags (#2247)
• Various performance improvements, bug fixes

Features:

• Version now returned in API (#2181)
• Display remaining characters when editing profile (2219)
• Display local time rather than UTC through JS (#2174)
• API for single notification dismissal (#2251)
• Emoji picker can now be localized (#2294, #2302)
• Improve aria support (#2299, #1424, #2516)
• Confirmation modals for deleting, blocking and muting (#2279)
• Private toots now federate out to remote followers (#2111)
• Improved reports admin UI (#2349)
• Switching the context column in web UI made faster (#2271)
• Right-to-left design for the UI (#2378)
• API support for idempotency header to prevent duplicate toots via network failures (#2419)
• Save media dimensions for media attachments (#2448)
• Link preview cards now support OEmbed, e.g. YouTube, Vimeo, Flickr embeds (#2337)
• Mastodon self-identifies when doing HTTP requests (#2073, #2253)

Various improved localizations and new translations.

Upgrade notes:

• This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
• This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)
• This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors:

@178inaba
@akihikodaki
@Aldarone
@alpaca-tc
@ameliavoncat
@anon5r
@Artoria2e5
@ashfurrow
@benediktg
@blinry
@camponez
@codl
@diomed
@DoubleMalt
@esetomo
@evanminto
@expenses
@Fiaxhs
@Gargron
@ik11235
@ineffyble
@j0k3r
@jeroenpraat
@JoelQ
@jpdevries
@kayleej
@kodnaplakal
@LindseyB
@mabkenar
@magurotabetai
@masarakki
@mecab
@michaeljdeeb
@mig5
@mjankowski
@mtparet
@Naouak
@nolanlawson
@orzFly
@Quent-in
@rainyday
@ramlmn
@saper
@shnjp
@siuying
@stephenburgess8
@STJrInuyasha
@suzukaze
@tahnok
@takp
@ThibG
@tsuwatch
@unarist
@walf443
@Wonderfall
@yhirano55
@yiskah
@ykzts
@ymmtmdk
@yookoala

1.2.2

This release includes important security improvements and fixes.

Fixes:

• Remove unneeded query when posting toot without attachments (#1907)
• Long statuses in boost dialog scroll again (#1710)
• Fix unreblog/unfavourite API returning stale boolean result (#1989)
• Fix treatment of special characters in XML (#1988)
• Skip posting to the API if text is empty (#1962)
• Optimized logo to look sharper (#2020)
• Cache account IDs to be excluded from public timelines (blocked, blocking, muted accounts) for faster queries (#1858)
• Fix multiple load-more requests being fired on account timelines (#2066)
• Ensure that uploaded files are saved with a file extension (#2078)
• Remove unused fonts (#2103)
• Language detection falls back to user's selected locale, otherwise to default locale (#2099)
• Hide link preview if there is a content warning (#1617)
• Fix broken URLs due to HTML escaping (#2138)
• Use confirmed users in about/more stats instead of all (#2127)
• Fix potential for webfinger redirect misuse (#2147)
• Uncached attachments now have type unknown (instead of image, video etc) and no longer transparently hotlink to the remote URL. In the web UI, they are now displayed as a list of links, instead of preview (#2110)
• Fix gif uploads (#2172)

Features:

• Streaming API server now can run in a cluster mode (i.e. multiple processes kickstarted by one master process) (#1970)
• Preferred user locale assigned on sign-up (#1982)
• When over the character limit, character counter goes red (#1980)
• Disable toot button when over character limit (#2088)
• Option to disable all GIF autoplay in the web UI (#1991)
• List of known instances in admin UI (#2095)
• Filter reports by accounts/target accounts (#2092)
• API to retrieve status no longer requires authentication (similar to public timelines APIs) (#1919)
• Rate limits on login attempts, sign-up attemps, and forgotten password attempts (#2079)
• Automatically expand textarea (#2128)
• OpenGraph tags on public followers/following pages (#2052)

There are also various localization additions and improvements, as well as refactors and new test suites.

Upgrade notes:

• This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)
• This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@8398a7
@857b
@abcang
@alpaca-tc
@anon5r
@Artoria2e5
@ashfurrow
@blackle
@bradurani
@chrolis
@cyweo
@d6rkaiz
@daprice
@dar5hak
@diomed
@dunn
@eramdam
@evilny0
@expenses
@fsubal
@Gargron
@geta6
@happycoloredbanana
@hugogameiro
@ian-kelling
@iblech
@ik11235
@ikasoumen
@ineffyble
@iwaim
@jeroenpraat
@JoelQ
@jpdevries
@k0ta0uchi
@kodnaplakal
@kuro5hin
@matsurai25
@matteoaquila
@mig5
@mistydemeo
@mjankowski
@Moosh-be
@PatF
@reedcourty
@rkarabut
@SansPseudoFix
@saper
@saturday06
@snwh
@tmyt
@tomfhowe
@tototoshi
@trebmuh
@tsuwatch
@usagi-f
@walf443
@ykzts
@yookoala
@zacanger

1.2.1

See 1.2.2

1.2

• JS subresource integrity (#1729)
• Title attribute on URLs (#1755)
• List of muted users in web UI (#1799)
• Ability to run Mastodon on a subdomain while using root domain as identifier (#1267)
• Periodic refreshing of Webfinger-sourced data to help with cases where URLs or public keys of an account have changed (#1323)
• Recovery codes for 2FA (#1773)
• Deployment with single-user mode enabled gives chance for one account to register (#1820)
• Admin function to reset someone's password (#1841)
• Use a slightly different reply icon to indicate when a toot is part of a conversation (#1869)
• Error message if video cannot be played (#1879)
• Atom feeds always have valid title tags (#1875)
• Improved compatibility with Google Cloud Storage instead of S3 (#1886)
• Improved admin domain block UI and functionality (#1865):
  • Ability to undo a domain block
  • Ability to specify an option to block media caching from a domain
  • API returns remote URL for media attachment instead of locally cached one if there is no locally cached copy (i.e. hotlinking)
• Home column regex filter now matches against plain-text instead of HTML markup (#1845)
• Less network requests when processing mentions from Atom (#1938)
• Update OStatus2 dependency to fix incompatibility with Ruby 2.4.1 (#1936)
• Web UI greets new users with a modal explaining first steps (#1883)
• Use heuristics to detect language of toots and return it from the API (#1772)
• You can now put down CSS (SCSS) customizations into a special file that isn't in version control and so will not be overwritten by future updates (#1368)
• Various bug fixes and refactors, special shout out to @mjankowski
• Various improvements to existing localizations
• Rake task to clear out unconfirmed user accounts older than 2 days rake mastodon:users:clear
• Rake task that unites all other mandatory periodic tasks: rake mastodon:daily

Upgrade notes:

• This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
• This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)

Contributors to this release:

• abcang
• Akihiko Odaki
• Alda Marteau-Hardi
• Alex Dunn
• alpaca-tc
• Amakasu Ryoma
• Andrew
• Ash Furrow
• Ben Roberts
• Bryce Chidester
• Chad Pytel
• Darío Hereñú
• Eduardo Elias
• Effy Elden
• Erwan Leboucher
• Eugen Rochko
• Fjoerfoks
• George Hattori
• goofy-bz
• Henry Smith
• Hiromi Kai
• Ian Kelling
• Isabelle Knott
• Joachim Viide
• JP DeVries
• Kazuhiro NISHIYAMA
• Keiji, Yoshimi
• Koala Yeung
• Les Orchard
• Luc Didry
• luigi
• Marcin Cieślak
• Matt Jankowski
• maxypy
• mshrtkch
• Naouak
• oliverkeeble
• Olivier Humbert
• Patrick Figel
• Pierre Ozoux
• Ratmir Karabut
• rysiekpl
• Setuu
• Shel Raphen
• Shouko Yu
• tackeyy
• Takayuki KUSANO
• ThibG
• Thor Harald Johansen
• Valentin Lorentz
• Wonderfall
• Yuki Nakagawa
• Zac Anger
• 新都心(Neet Shin)
• 西小倉宏信

1.1.2

• Improved emoji picker (#1395, #1403, #1464)
• Improved scrolling performance (#1415)
• Can type while image is uploading (#1429)
• Filtered notifications column now paginates properly (#1341)
• Recommended Ruby version bumped to 2.4.1 (#1159)
• GIF avatars are now hover-to-play (#1428)
• Optional (off by default) boost confirmation dialog (Shift+Boost to skip) (#1507, #1638)
• Default log level is now INFO instead of DEBUG (#1579)
• Fixed wrong SMTP default breaking e-mail sending (#1563)
• Focus textarea after image finished uploading (#1320)
• Better microformats markup on public pages (#1063)
• Clear spoiler text when replying to toot without spoiler text (#1662)
• Videos can be expanded (#1688)
• Overlay icon button style that is easier to see
• Convert emoji shortcodes into UTF8 when posting (#1666)
• Fix report comments being reset while typing (#1699)
• Ensure all attachments get an extension in their filename based on content type (#1718)
• Fix drag & drop area not appearing in Firefox (#1721)

Localizations fixes, improvements or additions:

• Russian
• Finnish
• Norwegian
• Dutch
• French
• Japanese
• Spanish
• Italian
• Bulgarian
• Portuguese

Upgrade notes:

• An upgrade to Ruby 2.4.1 means having to install Ruby 2.4.1 and reinstalling the bundler gem as a minimum: rbenv install 2.4.1; gem install bundler --no-ri (not required in Docker deployments)
• This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
• Most importantly, the hover-to-play update for GIF avatars means static versions of GIF avatars need to be generated, or else they wouldn't show up. A rake task has been added for this one-time occasion: rake mastodon:maintenance:add_static_avatars (This will iterate over all accounts who have GIF avatars or headers, and re-process them to generate a static non-GIF version. Please mind that this means downloading and uploading data if your files are stored in the cloud like Amazon S3 or GCS, which could incur costs. If you don't run this task, users with GIF avatars will simply have to re-upload theirs manually)

Contributors to this release:

• Alexander Mankuta
• Alexsander Akers
• Alyssa Ross
• Ash Furrow
• Ben Roberts
• blackle
• Carlos A. Escobar
• CgX
• Chris Martin
• Christopher Su
• Corey Dutson
• d0p1
• Daijiro Wachi
• David Libeau
• Effy Elden
• Eric Blade
• Eugen Rochko
• Gavin Mogan
• goofy-bz
• Henry Smith
• Hugo Gameiro
• INAGAKI Hiroshi
• Isabelle Knott
• James Moore
• Jantso Porali
• Jessica Stokes
• jukper
• Julien Deswaef
• karlyeurl
• Knut Erik
• Koala Yeung
• Komic
• lindwurm
• Lukas Burk
• Manato Kameya
• matteoaquila
• Matteo Aquila
• Matthias Jouan
• Matt Jankowski
• May Kittens Devour Your Soul
• Musee U
• pinfort
• Rachel H
• Ram Lmn
• Ratmir Karabut
• R Tucker
• Ryan Freebern
• Shel R
• spf
• Stephen Burgess
• Svetlozar Todorov
• Thomas Citharel
• Thor Harald Johansen
• tom
• Valentin Ouvrard
• Yann GUERN
• YOSHIOKA Eiichiro
• Yusuke Abe
• 新都心(Neet Shin)

1.1.1

• Webfinger query's canonical username/domain are used instead of initial user input, which may have wrong casing
• Fixed regression that broke form submissions with a 422 error page
• Fixed a situation in which a profile update job was queued with a nil account ID
• Fixed wrongfully skipped profile update jobs
• More Finnish localizations
• More French localizations
• More German localizations
• More Portuguese localizations
• Column header icons now have descriptive tooltips
• Two factor authentication now requires OTP token confirmation before being enabled
• Public timeline APIs are now public (require no registered app/user)
• Added API for profile updating: PATCH /api/v1/accounts/update_credentials
• HTTP Accept-Language header used to determine UI language if no other preferences set by user
• Added env variable to control which is the instance's default locale (DEFAULT_LOCALE)
• Added env variable to disable usage of SQL prepared statements, e.g. when you want to use pgbouncer in transaction pooling mode (PREPARED_STATEMENTS=false)
• Added env variable to change Rails log level (e.g. RAILS_LOG_LEVEL=debug by default)
• Fix "last visited" URLs that are used to redirect back from sign-in wrongfully including API URLs
• Fixed titles in Atom feeds being unsemantic

Many documentation pages have also been updated. Also, reminder that since v1.1 there are four Sidekiq queue types:

• default: local toot distribution and other local tasks
• push: delivery of toots to remote servers, processing of remote toot payloads
• pull (this is new since v1.1): fetching of data from remote servers, e.g. resolving threads, updating profile data like avatars
• mailers: e-mail delivery

Contributors to this release:

• Aguay-val
• Alda Marteau-Hardi
• Amanda Visconti
• André Lewin
• Ash Furrow
• ava
• awea
• axolotl
• Ben Field
• benklop
• Blake
• Brad Janke
• Brian Mock
• Chad Pytel
• Chris Heninger
• Christopher Gilbert
• David Authier
• David Celis
• David Huerta
• Derek Lewis
• Ed Knutson
• Effy Elden
• Elizabeth Myers
• Erwan Leboucher
• Eugen Rochko
• Florian Maunier
• foxiehkins
• Guewen FAIVRE
• Hugo Gameiro
• isati
• Jack Michaud
• James Smith
• Jantso Porali
• Jason Rhodes
• Joël Quenneville
• Jonathan Klee
• Julien
• kadiix
• Kody
• Korbinian
• Kurtis Rainbolt-Greene
• Lukas Fülling
• Markus Amalthea Magnuson
• Markus R
• Matt Jankowski
• Milton Mazzarri
• Mouse Reeve
• Nick Gerakines
• Nicolai von Neudeck
• Ninetailed
• Olivier Humbert
• Ornithologist Coder
• Pavel Djundik
• Rachel H
• Ray Alez
• rbaumert
• R Tucker
• Sebastian Hübner
• seekr
• Sergei Č
• Shel R
• spf
• StefOfficiel
• Technowix
• Thibaut (Eychics)
• ThibG
• Thomas Alberola
• Thomas Citharel
• Toby Deshane
• tom
• Tristan Mahé
• Valentin_NC
• Valentin Ouvrard
• VirtuBox
• Vladimir Mincev
• Yann GUERN
• YDrogen
• ZiiX