Changelog ========= All notable changes to this project will be documented in this file. ## [Unreleased] ### Added - Add link for adding a user to a list from their profile (#9062) - Add joining several hashtags in a single column (#8904) - Add volume sliders for videos (#9366) - Add a tooltip explaining what a locked account is (#9403) - Add preloaded cache for common JSON-LD contexts (#9412) - Add profile directory (#9427) - Add setting to not group reblogs in home feed (#9248) - Add admin ability to remove a user's header image (#9495) - Add account hashtags to ActivityPub actor JSON (#9450) - Add error message for avatar image that's too large (#9518) - Add notification quick-filter bar (#9399) - Add new first-time tutorial (#9531) - Add moderation warnings (#9519) - Add emoji codepoint mappings for v11.0 (#9618) - Add REST API for creating an account (#9572) - Add support for Malayalam in language filter (#9624) - Add exclude_reblogs option to account statuses API (#9640) - Add local followers page to admin account UI (#9610) - Add healthcheck commands to docker-compose.yml (#9143) - Add handler for Move activity to migrate followers (#9629) - Add CSV export for lists and domain blocks (#9677) - Add `tootctl accounts follow ACCT` (#9414) - Add scheduled statuses (#9706) - Add immutable caching for S3 objects (#9722) - Add cache to custom emojis API (#9732) - Add preview cards to non-detailed statuses on public pages (#9714) - Add `mod` and `moderator` to list of default reserved usernames (#9713) - Add quick links to the admin interface in the web UI (#8545) - Add `tootctl domains crawl` (#9809) - Add attachment list fallback to public pages (#9780) - Add `tootctl --version` (#9835) - Add information about how to opt-in to the directory on the directory (#9834) - Add timeouts for S3 (#9842) - Add support for non-public reblogs from ActivityPub (#9841) - Add sending of `Reject` activity when sending a `Block` activity (#9811) ### Changed - Temporarily pause timeline if mouse moved recently (#9200) - Change the password form order (#9267) - Redesign admin UI for accounts (#9340, #9643) - Redesign admin UI for instances/domain blocks (#9645) - Swap avatar and header input fields in profile page (#9271) - When posting in mobile mode, go back to previous history location (#9502) - Split out is_changing_upload from is_submitting (#9536) - Back to the getting-started when pins the timeline. (#9561) - Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (#9573) - Limit maximum visibility of local silenced users to unlisted (#9583) - Change API error message for unconfirmed accounts (#9625) - Change the icon to "reply-all" when it's a reply to other accounts (#9378) - Do not ignore federated reports targetting already-reported accounts (#9534) - Upgrade default Ruby version to 2.6.0 (#9688) - Change e-mail digest frequency (#9689) - Change Docker images for Tor support in docker-compose.yml (#9438) - Display fallback link card thumbnail when none is given (#9715) - Change account bio length validation to ignore mention domains and URLs (#9717) - Use configured contact user for "anonymous" federation activities (#9661) - Change remote interaction dialog to use specific actions instead of generic "interact" (#9743) - Always re-fetch public key when signature verification fails to support blind key rotation (#9667) - Make replies to boosts impossible, connect reply to original status instead (#9129) - Change e-mail MX validation to check both A and MX records against blacklist (#9489) - Hide floating action button on search and getting started pages (#9826) - Redesign public hashtag page to use a masonry layout (#9822) - Use `summary` as summary instead of content warning for converted ActivityPub objects (#9823) - Display a double reply arrow on public pages for toots that are replies (#9808) - Change admin UI right panel size to be wider (#9768) ### Removed - Remove links to bridge.joinmastodon.org (non-functional) (#9608) - Remove LD-Signatures from activities that do not need them (#9659) ### Fixed - Remove unused computation of reblog references from updateTimeline (#9244) - Fix loaded embeds resetting if a status arrives from API again (#9270) - Fix race condition causing shallow status with only a "favourited" attribute (#9272) - Remove intermediary arrays when creating hash maps from results (#9291) - Extract counters from accounts table to account_stats table to improve performance (#9295) - Change identities id column to a bigint (#9371) - Fix conversations API pagination (#9407) - Improve account suspension speed and completeness (#9290) - Fix thread depth computation in statuses_controller (#9426) - Fix database deadlocks by moving account stats update outside transaction (#9437) - Escape HTML in profile name preview in profile settings (#9446) - Use same CORS policy for /@:username and /users/:username (#9485) - Make custom emoji domains case insensitive (#9474) - Various fixes to scrollable lists and media gallery (#9501) - Fix bootsnap cache directory being declared relatively (#9511) - Fix timeline pagination in the web UI (#9516) - Fix padding on dropdown elements in preferences (#9517) - Make avatar and headers respect GIF autoplay settings (#9515) - Do no retry Web Push workers if the server returns a 4xx response (#9434) - Minor scrollable list fixes (#9551) - Ignore low-confidence CharlockHolmes guesses when parsing link cards (#9510) - Fix `tootctl accounts rotate` not updating public keys (#9556) - Fix CSP / X-Frame-Options for media players (#9558) - Fix unnecessary loadMore calls when the end of a timeline has been reached (#9581) - Skip mailer job retries when a record no longer exists (#9590) - Fix composer not getting focus after reply confirmation dialog (#9602) - Fix signature verification stoplight triggering on non-timeout errors (#9617) - Fix ThreadResolveWorker getting queued with invalid URLs (#9628) - Fix crash when clearing uninitialized timeline (#9662) - Avoid duplicate work by merging ReplyDistributionWorker into DistributionWorker (#9660) - Skip full text search if it fails, instead of erroring out completely (#9654) - Fix profile metadata links not verifying correctly sometimes (#9673) - Ensure blocked user unfollows blocker if Block/Undo-Block activities are processed out of order (#9687) - Fix unreadable text color in report modal for some statuses (#9716) - Stop GIFV timeline preview explicitly when it's opened in modal (#9749) - Fix scrollbar width compensation (#9824) - Fix race conditions when processing deleted toots (#9815) - Fix SSO issues on WebKit browsers by disabling Same-Site cookie again (#9819) - Fix empty OEmbed error (#9807) - Fix drag & drop modal not disappearing sometimes (#9797) - Fix statuses with content warnings being displayed in web push notifications sometimes (#9778) - Fix scroll-to-detailed status not working on public pages (#9773) - Fix media modal loading indicator (#9771) - Fix hashtag search results not having a permalink fallback in web UI (#9810) - Fix slightly cropped font on settings page dropdowns when using system font (#9839) - Fix not being able to drag & drop text into forms (#9840) ### Security - Sanitize and sandbox toot embeds in web UI (#9552) - Add tombstones for remote statuses to prevent replay attacks (#9830) ## [2.6.5] - 2018-12-01 ### Changed - Change lists to display replies to others on the list and list owner (#9324) ### Fixed - Fix failures caused by commonly-used JSON-LD contexts being unavailable (#9412) ## [2.6.4] - 2018-11-30 ### Fixed - Fix yarn dependencies not installing due to yanked event-stream package (#9401) ## [2.6.3] - 2018-11-30 ### Added - Add hyphen to characters allowed in remote usernames (#9345) ### Changed - Change server user count to exclude suspended accounts (#9380) ### Fixed - Fix ffmpeg processing sometimes stalling due to overfilled stdout buffer (#9368) - Fix missing DNS records raising the wrong kind of exception (#9379) - Fix already queued deliveries still trying to reach inboxes marked as unavailable (#9358) ### Security - Fix TLS handshake timeout not being enforced (#9381) ## [2.6.2] - 2018-11-23 ### Added - Add Page to whitelisted ActivityPub types (#9188) - Add 20px to column width in web UI (#9227) - Add amount of freed disk space in `tootctl media remove` (#9229, #9239, #9288) - Add "Show thread" link to self-replies (#9228) ### Changed - Change order of Atom and RSS links so Atom is first (#9302) - Change Nginx configuration for Nanobox apps (#9310) - Change the follow action to appear instant in web UI (#9220) - Change how the ActiveRecord connection is instantiated in on_worker_boot (#9238) - Change `tootctl accounts cull` to always touch accounts so they can be skipped (#9293) - Change mime type comparison to ignore JSON-LD profile (#9179) ### Fixed - Fix web UI crash when conversation has no last status (#9207) - Fix follow limit validator reporting lower number past threshold (#9230) - Fix form validation flash message color and input borders (#9235) - Fix invalid twitter:player cards being displayed (#9254) - Fix emoji update date being processed incorrectly (#9255) - Fix playing embed resetting if status is reloaded in web UI (#9270, #9275) - Fix web UI crash when favouriting a deleted status (#9272) - Fix intermediary arrays being created for hash maps (#9291) - Fix filter ID not being a string in REST API (#9303) ### Security - Fix multiple remote account deletions being able to deadlock the database (#9292) - Fix HTTP connection timeout of 10s not being enforced (#9329) ## [2.6.1] - 2018-10-30 ### Fixed - Fix resolving resources by URL not working due to a regression in #9132 (#9171) - Fix reducer error in web UI when a conversation has no last status (#9173) ## [2.6.0] - 2018-10-30 ### Added - Add link ownership verification (#8703) - Add conversations API (#8832) - Add limit for the number of people that can be followed from one account (#8807) - Add admin setting to customize mascot (#8766) - Add support for more granular ActivityPub audiences from other software, i.e. circles (#8950, #9093, #9150) - Add option to block all reports from a domain (#8830) - Add user preference to always expand toots marked with content warnings (#8762) - Add user preference to always hide all media (#8569) - Add `force_login` param to OAuth authorize page (#8655) - Add `tootctl accounts backup` (#8642, #8811) - Add `tootctl accounts create` (#8642, #8811) - Add `tootctl accounts cull` (#8642, #8811) - Add `tootctl accounts delete` (#8642, #8811) - Add `tootctl accounts modify` (#8642, #8811) - Add `tootctl accounts refresh` (#8642, #8811) - Add `tootctl feeds build` (#8642, #8811) - Add `tootctl feeds clear` (#8642, #8811) - Add `tootctl settings registrations open` (#8642, #8811) - Add `tootctl settings registrations close` (#8642, #8811) - Add `min_id` param to REST API to support backwards pagination (#8736) - Add a confirmation dialog when hitting reply and the compose box isn't empty (#8893) - Add PostgreSQL disk space growth tracking in PGHero (#8906) - Add button for disabling local account to report quick actions bar (#9024) - Add Czech language (#8594) - Add `same-site` (`lax`) attribute to cookies (#8626) - Add support for styled scrollbars in Firefox Nightly (#8653) - Add highlight to the active tab in web UI profiles (#8673) - Add auto-focus for comment textarea in report modal (#8689) - Add auto-focus for emoji picker's search field (#8688) - Add nginx and systemd templates to `dist/` directory (#8770) - Add support for `/.well-known/change-password` (#8828) - Add option to override FFMPEG binary path (#8855) - Add `dns-prefetch` tag when using different host for assets or uploads (#8942) - Add `description` meta tag (#8941) - Add `Content-Security-Policy` header (#8957) - Add cache for the instance info API (#8765) - Add suggested follows to search screen in mobile layout (#9010) - Add CORS header to `/.well-known/*` routes (#9083) - Add `card` attribute to statuses returned from REST API (#9120) - Add in-stream link preview (#9120) - Add support for ActivityPub `Page` objects (#9121) ### Changed - Change forms design (#8703) - Change reports overview to group by target account (#8674) - Change web UI to show "read more" link on overly long in-stream statuses (#8205) - Change design of direct messages column (#8832, #9022) - Change home timelines to exclude DMs (#8940) - Change list timelines to exclude all replies (#8683) - Change admin accounts UI default sort to most recent (#8813) - Change documentation URL in the UI (#8898) - Change style of success and failure messages (#8973) - Change DM filtering to always allow DMs from staff (#8993) - Change recommended Ruby version to 2.5.3 (#9003) - Change docker-compose default to persist volumes in current directory (#9055) - Change character counters on edit profile page to input length limit (#9100) - Change notification filtering to always let through messages from staff (#9152) - Change "hide boosts from user" function also hiding notifications about boosts (#9147) - Change CSS `detailed-status__wrapper` class actually wrap the detailed status (#8547) ### Deprecated - `GET /api/v1/timelines/direct` → `GET /api/v1/conversations` (#8832) - `POST /api/v1/notifications/dismiss` → `POST /api/v1/notifications/:id/dismiss` (#8905) - `GET /api/v1/statuses/:id/card` → `card` attributed included in status (#9120) ### Removed - Remove "on this device" label in column push settings (#8704) - Remove rake tasks in favour of tootctl commands (#8675) ### Fixed - Fix remote statuses using instance's default locale if no language given (#8861) - Fix streaming API not exiting when port or socket is unavailable (#9023) - Fix network calls being performed in database transaction in ActivityPub handler (#8951) - Fix dropdown arrow position (#8637) - Fix first element of dropdowns being focused even if not using keyboard (#8679) - Fix tootctl requiring `bundle exec` invocation (#8619) - Fix public pages not using animation preference for avatars (#8614) - Fix OEmbed/OpenGraph cards not understanding relative URLs (#8669) - Fix some dark emojis not having a white outline (#8597) - Fix media description not being displayed in various media modals (#8678) - Fix generated URLs of desktop notifications missing base URL (#8758) - Fix RTL styles (#8764, #8767, #8823, #8897, #9005, #9007, #9018, #9021, #9145, #9146) - Fix crash in streaming API when tag param missing (#8955) - Fix hotkeys not working when no element is focused (#8998) - Fix some hotkeys not working on detailed status view (#9006) - Fix og:url on status pages (#9047) - Fix upload option buttons only being visible on hover (#9074) - Fix tootctl not returning exit code 1 on wrong arguments (#9094) - Fix preview cards for appearing for profiles mentioned in toot (#6934, #9158) - Fix local accounts sometimes being duplicated as faux-remote (#9109) - Fix emoji search when the shortcode has multiple separators (#9124) - Fix dropdowns sometimes being partially obscured by other elements (#9126) - Fix cache not updating when reply/boost/favourite counters or media sensitivity update (#9119) - Fix empty display name precedence over username in web UI (#9163) - Fix td instead of th in sessions table header (#9162) - Fix handling of content types with profile (#9132) ## [2.5.2] - 2018-10-12 ### Security - Fix XSS vulnerability (#8959) ## [2.5.1] - 2018-10-07 ### Fixed - Fix database migrations for PostgreSQL below 9.5 (#8903) - Fix class autoloading issue in ActivityPub Create handler (#8820) - Fix cache statistics not being sent via statsd when statsd enabled (#8831) - Bump puma from 3.11.4 to 3.12.0 (#8883) ### Security - Fix some local images not having their EXIF metadata stripped on upload (#8714) - Fix being able to enable a disabled relay via ActivityPub Accept handler (#8864) - Bump nokogiri from 1.8.4 to 1.8.5 (#8881) - Fix being able to report statuses not belonging to the reported account (#8916)