2019-04-12 21:31:18 +00:00
# Changelog
2020-11-17 12:10:58 +00:00
2019-04-12 21:31:18 +00:00
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog ](https://keepachangelog.com/en/1.0.0/ ).
2025-01-05 16:23:09 +00:00
## 2025.01
2024-12-15 23:36:24 +00:00
2024-06-03 21:07:10 +00:00
## Added
- New config option `:instance, :cleanup_attachments_delay`
2024-10-10 00:22:40 +00:00
- It is now possible to display custom source URLs in akkoma-fe;
the settings are part of the frontend configuration
2024-06-03 21:07:10 +00:00
2024-12-15 23:36:24 +00:00
## Fixed
- Media proxy no longer attempts to proxy embedded images
2024-06-02 19:42:36 +00:00
- Fix significant uneccessary overhead of attachment cleanup;
it no longer attempts to cleanup attachments of deleted remote posts
2024-06-03 21:07:10 +00:00
- Fix “Delete & Redraft” often losing attachments if attachment cleanup was enabled
2025-01-03 19:33:41 +00:00
- ObjectAge policy no longer lets unlisted posts slip through
- ObjectAge policy no longer leaks belated DMs and follower-only posts
- the NodeINfo endpoint now uses the correct content type
## Changed
- Anonymous objects now federate completely without an id
adopting a proposed AP spec errata and restoring federation
with e.g. IceShrimp.NET and fedify-based implementations
2024-12-15 23:36:24 +00:00
2024-11-26 09:49:37 +00:00
## 3.13.3
Restrict media usage to owners
In Mastodon media can only be used by owners and only be associated with
a single post. We currently allow media to be associated with several
posts and until now did not limit their usage in posts to media owners.
However, media update and GET lookup was already limited to owners.
(In accordance with allowing media reuse, we also still allow GET
lookups of media already used in a post unlike Mastodon)
Allowing reuse isn’t problematic per se, but allowing use by non-owners
can be problematic if media ids of private-scoped posts can be guessed
since creating a new post with this media id will reveal the uploaded
file content and alt text.
Given media ids are currently just part of a sequentieal series shared
with some other objects, guessing media ids is with some persistence
indeed feasible.
E.g. sampline some public media ids from a real-world
instance with 112 total and 61 monthly-active users:
17.465.096 at t0
17.472.673 at t1 = t0 + 4h
17.473.248 at t2 = t1 + 20min
This gives about 30 new ids per minute of which most won't be
local media but remote and local posts, poll answers etc.
Assuming the default ratelimit of 15 post actions per 10s, scraping all
media for the 4h interval takes about 84 minutes and scraping the 20min
range mere 6.3 minutes. (Until the preceding commit, post updates were
not rate limited at all, allowing even faster scraping.)
If an attacker can infer (e.g. via reply to a follower-only post not
accessbile to the attacker) some sensitive information was uploaded
during a specific time interval and has some pointers regarding the
nature of the information, identifying the specific upload out of all
scraped media for this timerange is not impossible.
Thus restrict media usage to owners.
Checking ownership just in ActivitDraft would already be sufficient,
since when a scheduled status actually gets posted it goes through
ActivityDraft again, but would erroneously return a success status
when scheduling an illegal post.
Independently discovered and fixed by mint in Pleroma
https://git.pleroma.social/pleroma/pleroma/-/commit/1afde067b12ad0062c1820091ea9b0a680819281
2024-04-24 15:46:18 +00:00
2024-05-02 19:52:09 +00:00
## BREAKING
- Minimum PostgreSQL version is raised to 12
2024-06-20 17:53:03 +00:00
- Swagger UI moved from `/akkoma/swaggerui/` to `/pleroma/swaggerui/`
2024-05-02 19:52:09 +00:00
2024-05-16 19:05:01 +00:00
## Added
- Implement [FEP-67ff ](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md ) (federation documentation)
2024-05-15 05:05:28 +00:00
- Meilisearch: it is now possible to use separate keys for search and admin actions
2024-06-18 02:41:40 +00:00
- New standalone `prune_orphaned_activities` mix task with configurable batch limit
- The `prune_objects` mix task now accepts a `--limit` parameter for initial object pruning
2024-05-15 05:05:28 +00:00
2024-05-02 20:44:48 +00:00
## Fixed
- Meilisearch: order of results returned from our REST API now actually matches how Meilisearch ranks results
2024-06-23 18:46:58 +00:00
- Emoji are now federated as anonymous objects, fixing issues with
some strict servers e.g. rejecting e.g. remote emoji reactions
2024-06-20 17:52:43 +00:00
- AP objects with additional JSON-LD profiles beyond ActivityStreams can now be fetched
2024-06-20 17:52:47 +00:00
- Single-selection polls no longer expose the voter_count; MastoAPI demands it be null
and this confused some clients leading to vote distributions >100%
2024-05-02 20:44:48 +00:00
2024-06-09 17:28:00 +00:00
## Changed
- Refactored Rich Media to cache the content in the database. Fetching operations that could block status rendering have been eliminated.
2024-05-22 18:42:25 +00:00
## 2024.04.1 (Security)
2022-10-11 10:40:43 +00:00
Restrict media usage to owners
In Mastodon media can only be used by owners and only be associated with
a single post. We currently allow media to be associated with several
posts and until now did not limit their usage in posts to media owners.
However, media update and GET lookup was already limited to owners.
(In accordance with allowing media reuse, we also still allow GET
lookups of media already used in a post unlike Mastodon)
Allowing reuse isn’t problematic per se, but allowing use by non-owners
can be problematic if media ids of private-scoped posts can be guessed
since creating a new post with this media id will reveal the uploaded
file content and alt text.
Given media ids are currently just part of a sequentieal series shared
with some other objects, guessing media ids is with some persistence
indeed feasible.
E.g. sampline some public media ids from a real-world
instance with 112 total and 61 monthly-active users:
17.465.096 at t0
17.472.673 at t1 = t0 + 4h
17.473.248 at t2 = t1 + 20min
This gives about 30 new ids per minute of which most won't be
local media but remote and local posts, poll answers etc.
Assuming the default ratelimit of 15 post actions per 10s, scraping all
media for the 4h interval takes about 84 minutes and scraping the 20min
range mere 6.3 minutes. (Until the preceding commit, post updates were
not rate limited at all, allowing even faster scraping.)
If an attacker can infer (e.g. via reply to a follower-only post not
accessbile to the attacker) some sensitive information was uploaded
during a specific time interval and has some pointers regarding the
nature of the information, identifying the specific upload out of all
scraped media for this timerange is not impossible.
Thus restrict media usage to owners.
Checking ownership just in ActivitDraft would already be sufficient,
since when a scheduled status actually gets posted it goes through
ActivityDraft again, but would erroneously return a success status
when scheduling an illegal post.
Independently discovered and fixed by mint in Pleroma
https://git.pleroma.social/pleroma/pleroma/-/commit/1afde067b12ad0062c1820091ea9b0a680819281
2024-04-24 15:46:18 +00:00
## Fixed
- Issue allowing non-owners to use media objects in posts
2024-04-25 16:16:21 +00:00
- Issue allowing use of non-media objects as attachments and crashing timeline rendering
2024-05-22 18:42:25 +00:00
- Issue allowing webfinger spoofing in certain situations
2022-10-11 10:40:43 +00:00
2024-04-27 14:08:21 +00:00
## 2024.04
2024-02-25 22:27:10 +00:00
## Added
2024-04-12 17:50:57 +00:00
- Support for [FEP-fffd ](https://codeberg.org/fediverse/fep/src/branch/main/fep/fffd/fep-fffd.md ) (proxy objects)
2024-04-12 18:13:33 +00:00
- Verified support for elixir 1.16
2024-04-14 18:31:33 +00:00
- Uploadfilter `Pleroma.Upload.Filter.Exiftool.ReadDescription` returns description values to the FE so they can pre fill the image description field
2024-04-25 22:01:13 +00:00
NOTE: this filter MUST be placed before `Exiftool.StripMetadata` to work
2024-04-12 18:13:33 +00:00
2024-02-25 22:27:10 +00:00
## Changed
2024-04-16 01:35:59 +00:00
- Inbound pipeline error handing was modified somewhat, which should lead to less incomprehensible log spam. Hopefully.
2024-04-18 18:05:29 +00:00
- Uploadfilter `Pleroma.Upload.Filter.Exiftool` was replaced by `Pleroma.Upload.Filter.Exiftool.StripMetadata` ;
the latter strips all non-essential metadata by default but can be configured.
To regain the old behaviour of only stripping GPS data set `purge: ["gps:all"]` .
2024-04-16 18:37:00 +00:00
- Uploadfilter `Pleroma.Upload.Filter.Exiftool` has been renamed to `Pleroma.Upload.Filter.Exiftool.StripMetadata`
2024-04-25 21:35:20 +00:00
- MRF.InlineQuotePolicy now prefers to insert display URLs instead of ActivityPub IDs
- Old accounts are no longer listed in WebFinger as aliases; this was breaking spec
2024-02-25 22:27:10 +00:00
## Fixed
- Issue preventing fetching anything from IPv6-only instances
2024-04-12 04:16:47 +00:00
- Issue allowing post content to leak via opengraph tags despite :estrict\_unauthenticated being set
2024-04-25 21:35:20 +00:00
- Move activities no longer operate on stale user data
- Missing definitions in our JSON-LD context
- Issue mangling newlines in code blocks for RSS/Atom feeds
2024-04-26 17:43:39 +00:00
- static\_fe squeezing non-square avatars and emoji
2024-04-25 21:35:20 +00:00
- Issue leading to properly JSON-LD compacted emoji reactions being rejected
- We now use a standard-compliant Accept header when fetching ActivityPub objects
2024-04-26 17:43:39 +00:00
- /api/pleroma/notification\_settings was rejecting body parameters;
2024-04-25 21:35:20 +00:00
this also broke changing this setting via akkoma-fe
- Issue leading to Mastodon bot accounts being rejected
2024-01-23 19:10:01 +00:00
- Scope misdetection of remote posts resulting from not recognising
JSON-LD-compacted forms of public scope; affected e.g. federation with bovine
2024-04-26 18:10:17 +00:00
- Ratelimits encountered when fetching objects are now respected; 429 responses will cause a backoff when we get one.
2024-04-25 21:35:20 +00:00
## Removed
- ActivityPub Client-To-Server write API endpoints have been disabled;
read endpoints are planned to be removed next release unless a clear need is demonstrated
2024-02-25 22:27:10 +00:00
2024-03-30 11:44:34 +00:00
## 2024.03
Sanitise Content-Type of uploads
The lack thereof enables spoofing ActivityPub objects.
A malicious user could upload fake activities as attachments
and (if having access to remote search) trick local and remote
fedi instances into fetching and processing it as a valid object.
If uploads are hosted on the same domain as the instance itself,
it is possible for anyone with upload access to impersonate(!)
other users of the same instance.
If uploads are exclusively hosted on a different domain, even the most
basic check of domain of the object id and fetch url matching should
prevent impersonation. However, it may still be possible to trick
servers into accepting bogus users on the upload (sub)domain and bogus
notes attributed to such users.
Instances which later migrated to a different domain and have a
permissive redirect rule in place can still be vulnerable.
If — like Akkoma — the fetching server is overly permissive with
redirects, impersonation still works.
This was possible because Plug.Static also uses our custom
MIME type mappings used for actually authentic AP objects.
Provided external storage providers don’t somehow return ActivityStream
Content-Types on their own, instances using those are also safe against
their users being spoofed via uploads.
Akkoma instances using the OnlyMedia upload filter
cannot be exploited as a vector in this way — IF the
fetching server validates the Content-Type of
fetched objects (Akkoma itself does this already).
However, restricting uploads to only multimedia files may be a bit too
heavy-handed. Instead this commit will restrict the returned
Content-Type headers for user uploaded files to a safe subset, falling
back to generic 'application/octet-stream' for anything else.
This will also protect against non-AP payloads as e.g. used in
past frontend code injection attacks.
It’s a slight regression in user comfort, if say PDFs are uploaded,
but this trade-off seems fairly acceptable.
(Note, just excluding our own custom types would offer no protection
against non-AP payloads and bear a (perhaps small) risk of a silent
regression should MIME ever decide to add a canonical extension for
ActivityPub objects)
Now, one might expect there to be other defence mechanisms
besides Content-Type preventing counterfeits from being accepted,
like e.g. validation of the queried URL and AP ID matching.
Inserting a self-reference into our uploads is hard, but unfortunately
*oma does not verify the id in such a way and happily accepts _anything_
from the same domain (without even considering redirects).
E.g. Sharkey (and possibly other *keys) seem to attempt to guard
against this by immediately refetching the object from its ID, but
this is easily circumvented by just uploading two payloads with the
ID of one linking to the other.
Unfortunately *oma is thus _both_ a vector for spoofing and
vulnerable to those spoof payloads, resulting in an easy way
to impersonate our users.
Similar flaws exists for emoji and media proxy.
Subsequent commits will fix this by rigorously sanitising
content types in more areas, hardening our checks, improving
the default config and discouraging insecure config options.
2024-03-04 16:50:21 +00:00
## Added
2024-03-28 21:24:02 +00:00
- CLI tasks best-effort checking for past abuse of the recent spoofing exploit
- new `:mrf_steal_emoji, :download_unknown_size` option; defaults to `false`
Sanitise Content-Type of uploads
The lack thereof enables spoofing ActivityPub objects.
A malicious user could upload fake activities as attachments
and (if having access to remote search) trick local and remote
fedi instances into fetching and processing it as a valid object.
If uploads are hosted on the same domain as the instance itself,
it is possible for anyone with upload access to impersonate(!)
other users of the same instance.
If uploads are exclusively hosted on a different domain, even the most
basic check of domain of the object id and fetch url matching should
prevent impersonation. However, it may still be possible to trick
servers into accepting bogus users on the upload (sub)domain and bogus
notes attributed to such users.
Instances which later migrated to a different domain and have a
permissive redirect rule in place can still be vulnerable.
If — like Akkoma — the fetching server is overly permissive with
redirects, impersonation still works.
This was possible because Plug.Static also uses our custom
MIME type mappings used for actually authentic AP objects.
Provided external storage providers don’t somehow return ActivityStream
Content-Types on their own, instances using those are also safe against
their users being spoofed via uploads.
Akkoma instances using the OnlyMedia upload filter
cannot be exploited as a vector in this way — IF the
fetching server validates the Content-Type of
fetched objects (Akkoma itself does this already).
However, restricting uploads to only multimedia files may be a bit too
heavy-handed. Instead this commit will restrict the returned
Content-Type headers for user uploaded files to a safe subset, falling
back to generic 'application/octet-stream' for anything else.
This will also protect against non-AP payloads as e.g. used in
past frontend code injection attacks.
It’s a slight regression in user comfort, if say PDFs are uploaded,
but this trade-off seems fairly acceptable.
(Note, just excluding our own custom types would offer no protection
against non-AP payloads and bear a (perhaps small) risk of a silent
regression should MIME ever decide to add a canonical extension for
ActivityPub objects)
Now, one might expect there to be other defence mechanisms
besides Content-Type preventing counterfeits from being accepted,
like e.g. validation of the queried URL and AP ID matching.
Inserting a self-reference into our uploads is hard, but unfortunately
*oma does not verify the id in such a way and happily accepts _anything_
from the same domain (without even considering redirects).
E.g. Sharkey (and possibly other *keys) seem to attempt to guard
against this by immediately refetching the object from its ID, but
this is easily circumvented by just uploading two payloads with the
ID of one linking to the other.
Unfortunately *oma is thus _both_ a vector for spoofing and
vulnerable to those spoof payloads, resulting in an easy way
to impersonate our users.
Similar flaws exists for emoji and media proxy.
Subsequent commits will fix this by rigorously sanitising
content types in more areas, hardening our checks, improving
the default config and discouraging insecure config options.
2024-03-04 16:50:21 +00:00
## Changed
2024-03-28 21:24:02 +00:00
- `Pleroma.Upload, :base_url` now MUST be configured explicitly if used;
2024-03-04 16:50:22 +00:00
use of the same domain as the instance is **strongly** discouraged
2024-03-28 21:24:02 +00:00
- `:media_proxy, :base_url` now MUST be configured explicitly if used;
use of the same domain as the instance is **strongly** discouraged
- StealEmoji:
- now uses the pack.json format;
existing users must migrate with an out-of-band script (check release notes)
- only steals shortcodes recognised as valid
- URLs of stolen emoji is no longer predictable
2024-03-04 17:39:08 +00:00
- The `Dedupe` upload filter is now always active;
`AnonymizeFilenames` is again opt-in
2024-03-28 21:24:02 +00:00
- received AP data is sanity checked before we attempt to parse it as a user
- Uploads, emoji and media proxy now restrict Content-Type headers to a safe subset
- Akkoma will no longer fetch and parse objects hosted on the same domain
Sanitise Content-Type of uploads
The lack thereof enables spoofing ActivityPub objects.
A malicious user could upload fake activities as attachments
and (if having access to remote search) trick local and remote
fedi instances into fetching and processing it as a valid object.
If uploads are hosted on the same domain as the instance itself,
it is possible for anyone with upload access to impersonate(!)
other users of the same instance.
If uploads are exclusively hosted on a different domain, even the most
basic check of domain of the object id and fetch url matching should
prevent impersonation. However, it may still be possible to trick
servers into accepting bogus users on the upload (sub)domain and bogus
notes attributed to such users.
Instances which later migrated to a different domain and have a
permissive redirect rule in place can still be vulnerable.
If — like Akkoma — the fetching server is overly permissive with
redirects, impersonation still works.
This was possible because Plug.Static also uses our custom
MIME type mappings used for actually authentic AP objects.
Provided external storage providers don’t somehow return ActivityStream
Content-Types on their own, instances using those are also safe against
their users being spoofed via uploads.
Akkoma instances using the OnlyMedia upload filter
cannot be exploited as a vector in this way — IF the
fetching server validates the Content-Type of
fetched objects (Akkoma itself does this already).
However, restricting uploads to only multimedia files may be a bit too
heavy-handed. Instead this commit will restrict the returned
Content-Type headers for user uploaded files to a safe subset, falling
back to generic 'application/octet-stream' for anything else.
This will also protect against non-AP payloads as e.g. used in
past frontend code injection attacks.
It’s a slight regression in user comfort, if say PDFs are uploaded,
but this trade-off seems fairly acceptable.
(Note, just excluding our own custom types would offer no protection
against non-AP payloads and bear a (perhaps small) risk of a silent
regression should MIME ever decide to add a canonical extension for
ActivityPub objects)
Now, one might expect there to be other defence mechanisms
besides Content-Type preventing counterfeits from being accepted,
like e.g. validation of the queried URL and AP ID matching.
Inserting a self-reference into our uploads is hard, but unfortunately
*oma does not verify the id in such a way and happily accepts _anything_
from the same domain (without even considering redirects).
E.g. Sharkey (and possibly other *keys) seem to attempt to guard
against this by immediately refetching the object from its ID, but
this is easily circumvented by just uploading two payloads with the
ID of one linking to the other.
Unfortunately *oma is thus _both_ a vector for spoofing and
vulnerable to those spoof payloads, resulting in an easy way
to impersonate our users.
Similar flaws exists for emoji and media proxy.
Subsequent commits will fix this by rigorously sanitising
content types in more areas, hardening our checks, improving
the default config and discouraging insecure config options.
2024-03-04 16:50:21 +00:00
## Fixed
- Critical security issue allowing Akkoma to be used as a vector for
(depending on configuration) impersonation of other users or creation
of bogus users and posts on the upload domain
2024-03-28 21:24:02 +00:00
- Critical security issue letting Akkoma fall for the above impersonation
payloads due to lack of strict id checking
- Critical security issue allowing domains redirect to to pose as the initial domain
(e.g. with media proxy's fallback redirects)
- refetched objects can no longer attribute themselves to third-party actors
(this had no externally visible effect since actor info is read from the Create activity)
- our litepub JSON-LD schema is now served with the correct content type
- remote APNG attachments are now recognised as images
Sanitise Content-Type of uploads
The lack thereof enables spoofing ActivityPub objects.
A malicious user could upload fake activities as attachments
and (if having access to remote search) trick local and remote
fedi instances into fetching and processing it as a valid object.
If uploads are hosted on the same domain as the instance itself,
it is possible for anyone with upload access to impersonate(!)
other users of the same instance.
If uploads are exclusively hosted on a different domain, even the most
basic check of domain of the object id and fetch url matching should
prevent impersonation. However, it may still be possible to trick
servers into accepting bogus users on the upload (sub)domain and bogus
notes attributed to such users.
Instances which later migrated to a different domain and have a
permissive redirect rule in place can still be vulnerable.
If — like Akkoma — the fetching server is overly permissive with
redirects, impersonation still works.
This was possible because Plug.Static also uses our custom
MIME type mappings used for actually authentic AP objects.
Provided external storage providers don’t somehow return ActivityStream
Content-Types on their own, instances using those are also safe against
their users being spoofed via uploads.
Akkoma instances using the OnlyMedia upload filter
cannot be exploited as a vector in this way — IF the
fetching server validates the Content-Type of
fetched objects (Akkoma itself does this already).
However, restricting uploads to only multimedia files may be a bit too
heavy-handed. Instead this commit will restrict the returned
Content-Type headers for user uploaded files to a safe subset, falling
back to generic 'application/octet-stream' for anything else.
This will also protect against non-AP payloads as e.g. used in
past frontend code injection attacks.
It’s a slight regression in user comfort, if say PDFs are uploaded,
but this trade-off seems fairly acceptable.
(Note, just excluding our own custom types would offer no protection
against non-AP payloads and bear a (perhaps small) risk of a silent
regression should MIME ever decide to add a canonical extension for
ActivityPub objects)
Now, one might expect there to be other defence mechanisms
besides Content-Type preventing counterfeits from being accepted,
like e.g. validation of the queried URL and AP ID matching.
Inserting a self-reference into our uploads is hard, but unfortunately
*oma does not verify the id in such a way and happily accepts _anything_
from the same domain (without even considering redirects).
E.g. Sharkey (and possibly other *keys) seem to attempt to guard
against this by immediately refetching the object from its ID, but
this is easily circumvented by just uploading two payloads with the
ID of one linking to the other.
Unfortunately *oma is thus _both_ a vector for spoofing and
vulnerable to those spoof payloads, resulting in an easy way
to impersonate our users.
Similar flaws exists for emoji and media proxy.
Subsequent commits will fix this by rigorously sanitising
content types in more areas, hardening our checks, improving
the default config and discouraging insecure config options.
2024-03-04 16:50:21 +00:00
2024-04-02 09:20:59 +00:00
## Upgrade Notes
- As mentioned in "Changed", `Pleroma.Upload, :base_url` **MUST** be configured. Uploads will fail without it.
2024-04-02 10:36:26 +00:00
- Akkoma will refuse to start if this is not set.
2024-04-02 09:20:59 +00:00
- Same with media proxy.
2024-02-24 13:54:21 +00:00
## 2024.02
2023-08-07 15:17:17 +00:00
## Added
2023-08-07 15:27:23 +00:00
- Full compatibility with Erlang OTP26
2023-08-12 14:03:43 +00:00
- handling of GET /api/v1/preferences
2024-01-28 18:49:20 +00:00
- Akkoma API is now documented
2024-01-17 19:13:29 +00:00
- ability to auto-approve follow requests from users you are already following
2024-02-10 16:27:11 +00:00
- The SimplePolicy MRF can now strip user backgrounds from selected remote hosts
2023-08-07 15:17:17 +00:00
2023-08-09 13:39:28 +00:00
## Changed
- OTP builds are now built on erlang OTP26
2023-08-15 10:22:18 +00:00
- The base Phoenix framework is now updated to 1.7
2023-12-15 16:32:41 +00:00
- An `outbox` field has been added to actor profiles to comply with AP spec
2024-02-09 20:03:02 +00:00
- User profile backgrounds do now federate with other Akkoma instances and Sharkey
2023-08-15 22:12:04 +00:00
## Fixed
2023-08-15 10:22:18 +00:00
- Documentation issue in which a non-existing nginx file was referenced
2023-08-15 22:12:04 +00:00
- Issue where a bad inbox URL could break federation
2023-09-15 11:00:45 +00:00
- Issue where hashtag rel values would be scrubbed
2024-01-28 21:15:54 +00:00
- Issue where short domains listed in `transparency_obfuscate_domains` were not actually obfuscated
2023-08-15 22:12:04 +00:00
2023-08-05 12:26:42 +00:00
## 2023.08
2023-06-26 13:18:31 +00:00
2023-07-17 17:24:53 +00:00
## Added
2023-06-26 13:18:31 +00:00
- Added a new configuration option to the MediaProxy feature that allows the blocking of specific domains from using the media proxy or being explicitly allowed by the Content-Security-Policy.
- Please make sure instances you wanted to block media from are not in the MediaProxy `whitelist` , and instead use `blocklist` .
2023-06-26 14:07:07 +00:00
- `OnlyMedia` Upload Filter to simplify restricting uploads to audio, image, and video types
2023-07-27 13:41:18 +00:00
- ARM64 OTP builds
- Ubuntu22 builds are available for develop and stable
- other distributions are stable only
2023-08-01 10:43:50 +00:00
- Support for Elixir 1.15
- 1.14 is still supported
2023-08-04 14:37:15 +00:00
- OTP26 is currently "unsupported". It will probably work, but due to the way
it handles map ordering, the test suite will not pass for it as yet.
2023-07-27 13:41:18 +00:00
## Changed
2023-08-04 11:02:57 +00:00
- Alpine OTP builds are now from alpine 3.18, which is OpenSSLv3 compatible.
2023-07-27 13:41:18 +00:00
If you use alpine OTP builds you will have to update your local system.
2023-08-04 11:02:57 +00:00
- Debian OTP builds are now from a base of bookworm, which is OpenSSLv3 compatible.
2023-08-01 10:43:50 +00:00
If you use debian OTP builds you will have to update your local system to
bookworm (currently: stable).
2023-08-04 19:37:17 +00:00
- Ubuntu and debian builds are compatible again! (for now...)
2023-08-04 14:19:06 +00:00
- Blocks/Mutes now return from max ID to min ID, in line with mastodon.
2023-08-04 14:37:15 +00:00
- The AnonymizeFilename filter is now enabled by default.
2023-06-26 13:18:31 +00:00
2023-07-17 17:24:53 +00:00
## Fixed
- Deactivated users can no longer show up in the emoji reaction list
2023-07-17 18:19:03 +00:00
- Embedded posts can no longer bypass `:restrict\_unauthenticated`
2023-08-01 10:26:59 +00:00
- GET/HEAD requests will now work when requesting AWS-based instances.
2023-07-17 17:24:53 +00:00
2023-06-29 06:15:32 +00:00
## Security
- Add `no_new_privs` hardening to OpenRC and systemd service files
2023-08-05 12:29:29 +00:00
- XML parsers cannot load any entities (thanks @Mae@is .badat.dev!)
2023-06-21 23:00:25 +00:00
- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
2023-06-29 06:15:32 +00:00
2023-08-01 10:43:50 +00:00
## Removed
- Builds for debian oldstable (bullseye)
- If you are on oldstable you should NOT attempt to update OTP builds without
first updating your machine.
2023-05-23 13:10:01 +00:00
## 2023.05
2023-04-25 12:30:20 +00:00
2023-05-23 12:16:20 +00:00
## Added
- Custom options for users to accept/reject private messages
- options: everybody, nobody, people\_i\_follow
- MRF to reject notes from accounts newer than a given age
- this will have the side-effect of rejecting legitimate messages if your
post gets boosted outside of your local bubble and people your instance
does not know about reply to it.
2023-04-25 12:30:20 +00:00
## Fixed
- Support for `streams` public key URIs
2023-05-23 12:16:20 +00:00
- Bookmarks are cleaned up on DB prune now
2023-04-25 12:30:20 +00:00
2023-05-26 10:46:18 +00:00
## Security
- Fixed mediaproxy being a bit of a silly billy
2023-04-14 17:00:59 +00:00
## 2023.04
2023-03-15 22:20:32 +00:00
## Added
- Nodeinfo keys for unauthenticated timeline visibility
2023-03-17 15:33:28 +00:00
- Option to disable federated timeline
- Option to make the bubble timeline publicly accessible
2023-04-14 15:56:51 +00:00
- Ability to swap between installed standard frontends
- *mastodon frontends are still not counted as standard frontends due to the complexity in serving them correctly*.
2023-03-15 22:20:32 +00:00
2023-04-14 17:00:59 +00:00
### Upgrade Notes
- Elixir 1.14 is now required. If your distribution does not package this, you can
use [asdf ](https://asdf-vm.com/ ). At time of writing, elixir 1.14.3 / erlang 25.3
is confirmed to work.
2023-03-11 17:26:21 +00:00
## 2023.03
2023-02-23 11:07:59 +00:00
## Fixed
- Allowed contentMap to be updated on edit
2023-03-11 17:26:21 +00:00
- Filter creation now accepts expires\_at
2023-02-23 11:07:59 +00:00
2023-01-27 15:20:34 +00:00
### Changed
- Restoring the database from a dump now goes much faster without need for work-arounds
2023-03-11 17:26:21 +00:00
- Misskey reaction matching uses `content` parameter now
2023-01-27 15:20:34 +00:00
2023-01-23 08:43:16 +00:00
### Added
- Extend the mix task `prune_objects` with option `--prune-orphaned-activities` to also prune orphaned activities, allowing to reclaim even more database space
2023-02-26 22:12:31 +00:00
### Removed
- Possibility of using the `style` parameter on `span` elements. This will break certain MFM parameters.
2023-03-06 11:04:35 +00:00
- Option for "default" image description.
2023-02-26 22:12:31 +00:00
2023-02-11 11:19:33 +00:00
## 2023.02
2022-12-11 19:26:21 +00:00
2022-12-16 11:57:19 +00:00
### Added
- Prometheus metrics exporting from `/api/v1/akkoma/metrics`
2022-12-16 18:33:00 +00:00
- Ability to alter http pool size
2022-12-19 13:06:39 +00:00
- Translation of statuses via ArgosTranslate
2022-12-30 02:46:58 +00:00
- Argon2 password hashing
2022-12-29 20:56:06 +00:00
- Ability to "verify" links in profile fields via rel=me
- Mix tasks to dump/load config to/from json for bulk editing
2022-12-31 18:05:21 +00:00
- Followed hashtag list at /api/v1/followed\_tags, API parity with mastodon
2023-01-15 18:05:02 +00:00
- Ability to set posting language in the post form, API parity with mastodon
2023-01-15 19:02:58 +00:00
- Ability to match domains in MRF by a trailing wildcard
- Currently supported formats:
- `example.com` (implicitly matches `*.example.com` )
- `*.example.com`
- `example.*` (implicitly matches `*.example.*` )
2022-12-16 11:57:19 +00:00
2022-12-11 22:57:43 +00:00
### Removed
2022-12-11 19:26:21 +00:00
- Non-finch HTTP adapters
2022-12-14 12:38:48 +00:00
- Legacy redirect from /api/pleroma/admin to /api/v1/pleroma/admin
2022-12-16 13:20:48 +00:00
- Legacy redirects from /api/pleroma to /api/v1/pleroma
2022-12-30 02:46:58 +00:00
- :crypt dependency
2022-12-14 12:38:48 +00:00
2022-12-11 22:57:43 +00:00
### Changed
- Return HTTP error 413 when uploading an avatar or banner that's above the configured upload limit instead of a 500.
2022-12-16 11:57:19 +00:00
- Non-admin users now cannot register `admin` scope tokens (not security-critical, they didn't work before, but you _could_ create them)
2022-12-17 23:14:49 +00:00
- Admin scopes will be dropped on create
2022-12-16 17:31:04 +00:00
- Rich media will now backoff for 20 minutes after a failure
2022-12-31 18:09:27 +00:00
- Quote posts are now considered as part of the same thread as the post they are quoting
Prune Objects --keep-threads option (#350)
This adds an option to the prune_objects mix task.
The original way deleted all non-local public posts older than a certain time frame.
Here we add a different query which you can call using the option --keep-threads.
We query from the activities table all context id's where
1. the newest activity with this context is still old
2. none of the activities with this context is is local
3. none of the activities with this context is bookmarked
and delete all objects with these contexts.
The idea is that posts with local activities (posts, replies, likes, repeats...) may be interesting to keep.
Besides that, a post lives in a certain context (the thread), so we keep the whole thread as well.
Caveats:
* ~~Quotes have a different context. Therefore, when someone quotes a post, it's possible the quoted post will still be deleted.~~ fixed in https://akkoma.dev/AkkomaGang/akkoma/pulls/379
* Although undocumented (in docs/docs/administration/CLI_tasks/database.md/#prune-old-remote-posts-from-the-database), the 'normal' delete action still kept old remote non-public posts. I added an option to keep this behaviour, but this also means that you now have to explicitly provide that option. **This could be considered a breaking change!**
* ~~Note that this removes from the objects table, but not from the activities.~~ See https://akkoma.dev/AkkomaGang/akkoma/pulls/427 for that.
Some statistics from explain analyse:
(cost=1402845.92..1933782.00 rows=3810907 width=62) (actual time=2562455.486..2562455.495 rows=0 loops=1)
Planning Time: 505.327 ms
Trigger for constraint chat_message_references_object_id_fkey: time=651939.797 calls=921740
Trigger for constraint deliveries_object_id_fkey: time=52036.009 calls=921740
Trigger for constraint hashtags_objects_object_id_fkey: time=20665.778 calls=921740
Execution Time: 3287933.902 ms
***
**TODO**
1. [x] **Question:** Is it OK to keep it like this in regard to quote posts? If not (ie post quoted by local users should also be kept), should we give quotes the same context as the post they are quoting? (If we don't want to give them the same context, I'll have to see how/if I can do it without being too costly)
* See https://akkoma.dev/AkkomaGang/akkoma/pulls/379
2. [x] **Question:** the "original" query only deletes public posts (this is undocumented, but you can check the code). This new one doesn't care for scope. From the docs I get that the idea is that posts can be refetched when needed. But I have from a trusted source that Pleroma can't refetch non-public posts. I assume that's the reason why they are kept here. I see different options to deal with this
1. ~~We keep it as currently implemented and just don't care about scope with this option~~
2. ~~We add logic to not delete non-public posts either (I'll have to see how costly that becomes)~~
3. We add an extra --keep-non-public parameter. This is technically speaking breakage (you didn't have to provide a param before for this, now you do), but I'm inclined to not care much because it wasn't documented nor tested in the first place.
3. [x] See if we can do the query using Elixir
4. [x] Test on a bigger DB to see that we don't run into a timeout
5. [x] Add docs
Co-authored-by: ilja <git@ilja.space>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/350
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2023-01-09 22:15:41 +00:00
- Extend the mix task `prune_objects` with options to keep more relevant posts
2022-12-19 20:41:48 +00:00
- Simplified HTTP signature processing
2022-12-31 03:52:52 +00:00
- Rich media will now hard-exit after 5 seconds, to prevent timeline hangs
2023-01-02 15:21:19 +00:00
- HTTP Content Security Policy is now far more strict to prevent any potential XSS/CSS leakages
2023-02-04 20:51:17 +00:00
- Follow requests are now paginated, matches mastodon API spec, so use the Link header to paginate.
2022-12-11 19:26:21 +00:00
2022-12-19 20:32:16 +00:00
### Fixed
- /api/v1/accounts/lookup will now respect restrict\_unauthenticated
2022-12-21 00:16:39 +00:00
- Unknown atoms in the config DB will no longer crash akkoma on boot
2022-12-19 20:32:16 +00:00
2022-12-14 12:38:48 +00:00
### Upgrade notes
- Ensure `config :tesla, :adapter` is either unset, or set to `{Tesla.Adapter.Finch, name: MyFinch}` in your .exs config
2022-12-16 13:20:48 +00:00
- Pleroma-FE will need to be updated to handle the new /api/v1/pleroma endpoints for custom emoji
2022-12-14 12:38:48 +00:00
2022-12-10 14:50:02 +00:00
## 2022.12
2022-11-24 11:27:01 +00:00
2022-11-24 12:27:16 +00:00
## Added
- Config: HTTP timeout options, :pool\_timeout and :receive\_timeout
2022-11-26 20:45:47 +00:00
- Added statistic gathering about instances which do/don't have signed fetches when they request from us
2022-11-28 13:34:54 +00:00
- Ability to set a default post expiry time, after which the post will be deleted. If used in concert with ActivityExpiration MRF, the expiry which comes _sooner_ will be applied.
2022-12-01 15:00:53 +00:00
- Regular task to prune local transient activities
- Task to manually run the transient prune job (pleroma.database prune\_task)
2022-12-04 18:35:04 +00:00
- Ability to follow hashtags
2022-12-09 19:57:29 +00:00
- Option to extend `reject` in MRF-Simple to apply to entire threads, where the originating instance is rejected
2022-12-09 20:13:31 +00:00
- Extra information to failed HTTP requests
2022-11-24 12:27:16 +00:00
2022-11-24 11:27:01 +00:00
## Changed
- MastoAPI: Accept BooleanLike input on `/api/v1/accounts/:id/follow` (fixes follows with mastodon.py)
2022-11-26 20:45:47 +00:00
- Relays from akkoma are now off by default
2022-11-26 21:06:20 +00:00
- NormalizeMarkup MRF is now on by default
2022-11-27 21:45:41 +00:00
- Follow/Block/Mute imports now spin off into *n* tasks to avoid the oban timeout
2022-12-01 15:00:53 +00:00
- Transient activities recieved from remote servers are no longer persisted in the database
2022-12-07 11:20:53 +00:00
- Overhauled static-fe view for logged-out users
2022-12-10 00:09:45 +00:00
- Blocked instances will now not be sent _any_ requests, even fetch ones that would get rejected by MRF anyhow
2022-12-01 15:00:53 +00:00
2022-12-09 19:59:27 +00:00
## Removed
- FollowBotPolicy
2022-12-09 20:01:38 +00:00
- Passing of undo/block into MRF
2022-12-09 19:59:27 +00:00
2022-12-01 15:00:53 +00:00
## Upgrade Notes
- If you have an old instance, you will probably want to run `mix pleroma.database prune_task` in the foreground to catch it up with the history of your instance.
2022-11-24 11:27:01 +00:00
2022-11-11 16:12:04 +00:00
## 2022.11
2022-10-11 10:40:43 +00:00
2022-10-16 19:25:54 +00:00
## Added
- Officially supported docker release
2022-10-19 10:01:14 +00:00
- Ability to remove followers unilaterally without a block
2022-11-06 22:50:11 +00:00
- Scraping of nodeinfo from remote instances to display instance info
2022-11-10 03:17:00 +00:00
- `requested_by` in relationships when the user has requested to follow you
2022-10-11 10:40:43 +00:00
2022-11-24 11:27:01 +00:00
## Changed
2022-10-11 10:40:43 +00:00
- Follows no longer override domain blocks, a domain block is final
2022-10-11 13:30:08 +00:00
- Deletes are now the lowest priority to publish and will be handled after creates
2022-11-06 23:50:32 +00:00
- Domain blocks are now subdomain-matches by default
2022-10-11 10:40:43 +00:00
2022-11-01 14:21:35 +00:00
## Fixed
- Registrations via ldap are now compatible with the latest OTP24
2022-11-11 16:12:04 +00:00
## Update notes
- If you use LDAP and run from source, please update your elixir/erlang
to the latest. The changes in OTP24.3 are breaking.
- You can now remove the leading `*.` from domain blocks, but you do not have to.
2022-10-11 10:40:43 +00:00
2022-10-06 16:22:15 +00:00
## 2022.10
### Added
- Ability to sync frontend profiles between clients, with a name attached
- Status card generation will now use the media summary if it is available
2022-09-19 17:31:35 +00:00
### Changed
2022-10-06 16:22:15 +00:00
- Emoji updated to latest 15.0 draft
2022-09-19 17:31:35 +00:00
- **Breaking**: `/api/v1/pleroma/backups` endpoints now requires `read:backups` scope instead of `read:accounts`
2022-10-14 11:49:35 +00:00
- Verify that the signature on posts is not domain blocked, and belongs to the correct user
2022-09-19 17:31:35 +00:00
2022-09-20 10:36:21 +00:00
### Fixed
2022-10-06 16:22:15 +00:00
- OAuthPlug no longer joins with the database every call and uses the user cache
- Undo activities no longer try to look up by ID, and render correctly
2022-09-20 10:36:21 +00:00
- prevent false-errors from meilisearch
2022-09-10 14:44:17 +00:00
## 2022.09
2022-07-19 16:22:02 +00:00
2022-08-17 00:22:59 +00:00
### Added
- support for fedibird-fe, and non-breaking API parity for it to function
2022-08-25 16:11:21 +00:00
- support for setting instance languages in metadata
- support for reusing oauth tokens, and not requiring new authorizations
2022-08-27 10:57:57 +00:00
- the ability to obfuscate domains in your MRF descriptions
2022-08-29 19:42:22 +00:00
- automatic translation of statuses via DeepL or LibreTranslate
2022-09-06 19:24:02 +00:00
- ability to edit posts
2022-09-10 14:44:17 +00:00
- ability to react with remote emoji
2022-08-17 00:22:59 +00:00
2022-08-18 03:23:07 +00:00
### Changed
- MFM parsing is now done on the backend by a modified version of ilja's parser -> https://akkoma.dev/AkkomaGang/mfm-parser
2022-09-10 14:44:17 +00:00
- InlineQuotePolicy is now on by default
2022-09-18 03:21:05 +00:00
- Enable remote users to interact with posts
2022-08-18 03:23:07 +00:00
2022-08-16 22:56:49 +00:00
### Fixed
- Compatibility with latest meilisearch
- Resolution of nested mix tasks (i.e search.meilisearch) in OTP releases
2022-08-16 23:24:19 +00:00
- Elasticsearch returning likes and repeats, displaying as posts
2022-08-24 14:38:02 +00:00
- Ensure key generation happens at registration-time to prevent potential race-conditions
2022-08-27 18:12:15 +00:00
- Ensured websockets get closed on logout
- Allowed GoToSocial-style `?query_string` signatures
2022-08-16 22:56:49 +00:00
2022-08-14 23:13:49 +00:00
### Removed
- Non-finch HTTP adapters. `:tesla, :adapter` is now highly recommended to be set to the default.
## 2022.08
2022-07-19 16:22:02 +00:00
2022-08-14 23:13:49 +00:00
### Removed
- Non-finch HTTP adapters. `:tesla, :adapter` is now highly recommended to be set to the default.
## 2022.08
2022-07-24 16:42:43 +00:00
### Added
- extended runtime module support, see config cheatsheet
2022-07-25 16:30:06 +00:00
- quote posting; quotes are limited to public posts
2022-07-24 16:42:43 +00:00
2022-07-26 11:09:13 +00:00
### Changed
- quarantining is now considered absolutely; public activities are no longer
an exception.
2022-08-02 14:19:24 +00:00
- also merged quarantine and mrf reject - quarantine is now deprecated
2022-07-28 10:36:51 +00:00
- flavours:
- amd64 is built for debian stable. Compatible with ubuntu 20.
- ubuntu-jammy is built for... well, ubuntu 22 (LTS)
- amd64-musl is built for alpine 3.16
2022-07-26 11:09:13 +00:00
2022-07-20 20:13:50 +00:00
### Fixed
- Updated mastoFE path, for the newer version
2022-07-19 16:22:02 +00:00
### Removed
- Scrobbling support
2022-07-20 12:00:58 +00:00
- `/api/v1/pleroma/scrobble`
- `/api/v1/pleroma/accounts/{id}/scrobbles`
- Deprecated endpoints
- `/api/v1/pleroma/chats`
- `/api/v1/notifications/dismiss`
- `/api/v1/search`
- `/api/v1/statuses/{id}/card`
2022-07-21 10:29:28 +00:00
- Chats, they were half-baked. Just use PMs.
2022-07-21 11:32:17 +00:00
- Prometheus, it causes massive slowdown
2022-07-19 16:22:02 +00:00
2022-07-15 15:31:28 +00:00
## 2022.07
2022-06-21 07:35:05 +00:00
2022-07-04 16:29:39 +00:00
### Added
- Added move account API
2022-07-06 20:00:43 +00:00
- Added ability to set instance accent-color via theme-color
2022-07-08 13:03:18 +00:00
- A fallback page for when a user does not have a frontend installed
2022-07-14 10:59:21 +00:00
- Support for OTP musl11
2022-07-04 16:29:39 +00:00
2022-06-27 11:32:06 +00:00
### Removed
- SSH frontend, to be potentially re-enabled via a bridge rather than wired into the main system
2022-06-27 16:31:16 +00:00
- Gopher frontend, as above
2022-07-08 13:03:18 +00:00
- All pre-compiled javascript
2022-06-27 11:32:06 +00:00
2022-07-06 18:57:00 +00:00
### Fixed
- ES8 support for bulk indexing activities
2022-07-08 13:03:18 +00:00
### Upgrade Notes
- The bundled frontend has been removed, you will need to run the `pleroma.frontend install` mix task to install your frontend of choice. Configuration by default is set to `pleroma-fe` .
2022-07-15 12:27:16 +00:00
- Admin-FE users will have to ensure that :admin is set _BEFORE_ restart, or
you might end up in a situation where you don't have an ability to get it.
2022-07-08 13:03:18 +00:00
2022-06-21 07:35:05 +00:00
## 2.5.2
### Added
- Allow posting and recieving of misskey markdown (requires text/x.misskeymarkdown in `allowed_post_formats` )
### Changed
- Set frontend URLs to akkoma-maintained ones
### Fixed
- Updated `no_empty` MRF to not error when recieving misskey markdown
2022-06-22 16:10:55 +00:00
### Security
- Ensure local-only statuses do not get leaked
2022-06-21 07:35:05 +00:00
## 2.5.1
### Added
- Elasticsearch Search provider support
- Enabled custom emoji reactions to posts via `/api/v1/pleroma/statuses/:id/reactions/:shortcode:`
- Added continuous integration builds for x86 glibc and musl
### Fixed
- Enabled support for non-standard AP entities, such as those used by bookwyrm
2022-06-12 12:35:14 +00:00
## 2.5.0 - 10/06/2022
2020-09-07 16:22:56 +00:00
2021-04-01 15:09:32 +00:00
### Changed
2021-09-06 00:56:16 +00:00
- Allow users to remove their emails if instance does not need email to register
2021-04-01 15:09:32 +00:00
2021-08-01 05:41:24 +00:00
### Added
2021-11-16 23:39:10 +00:00
- `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object
2021-12-26 16:00:09 +00:00
- Experimental support for Finch. Put `config :tesla, :adapter, {Tesla.Adapter.Finch, name: MyFinch}` in your secrets file to use it. Reverse Proxy will still use Hackney.
2021-12-26 23:27:48 +00:00
- AdminAPI: allow moderators to manage reports, users, invites, and custom emojis
- AdminAPI: restrict moderators to access sensitive data: change user credentials, get password reset token, read private statuses and chats, etc
2021-12-28 21:11:38 +00:00
- PleromaAPI: Add remote follow API endpoint at `POST /api/v1/pleroma/remote_interaction`
- MastoAPI: Add `GET /api/v1/accounts/lookup`
- MastoAPI: Profile Directory support
- MastoAPI: Support v2 Suggestions (handpicked accounts only)
- Ability to log slow Ecto queries by configuring `:pleroma, :telemetry, :slow_queries_logging`
- Added Phoenix LiveDashboard at `/phoenix/live_dashboard`
- Added `/manifest.json` for progressive web apps.
2022-06-12 12:35:14 +00:00
- Readded mastoFE
- Added support for custom emoji reactions
- Added `emoji_url` in notifications to allow for custom emoji rendering
2022-03-02 14:51:46 +00:00
- Make backend-rendered pages translatable. This includes emails. Pages returned as a HTTP response are translated using the language specified in the `userLanguage` cookie, or the `Accept-Language` header. Emails are translated using the `language` field when registering. This language can be changed by `PATCH /api/v1/accounts/update_credentials` with the `language` field.
2021-08-01 05:41:24 +00:00
### Fixed
2021-08-11 17:45:49 +00:00
- Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies
2021-12-17 21:47:48 +00:00
- Handle Reject for already-accepted Follows properly
2021-12-26 01:57:53 +00:00
- Display OpenGraph data on alternative notice routes.
2021-12-28 21:11:38 +00:00
- Fix replies count for remote replies
- ChatAPI: Add link headers
- Limited number of search results to 40 to prevent DoS attacks
- ActivityPub: fixed federation of attachment dimensions
- Fixed benchmarks
- Elixir 1.13 support
- Fixed crash when pinned_objects is nil
- Fixed slow timelines when there are a lot of deactivated users
- Fixed account deletion API
2021-08-01 05:41:24 +00:00
### Removed
2022-06-22 15:25:05 +00:00
### Security
- Private `/objects/` and `/activities/` leaking if cached by authenticated user
- SweetXML library DTD bomb
## 2.4.2 - 2022-01-10
### Fixed
- Federation issues caused by HTTP pool checkout timeouts
- Compatibility with Elixir 1.13
### Upgrade notes
1. Restart Pleroma
2021-08-09 09:03:58 +00:00
2021-04-01 15:09:32 +00:00
### Changed
2021-08-15 17:49:12 +00:00
- Make `mix pleroma.database set_text_search_config` run concurrently and indefinitely
2021-04-01 15:09:32 +00:00
2021-08-14 16:08:39 +00:00
### Added
- AdminAPI: Missing configuration description for StealEmojiPolicy
2021-08-09 09:03:58 +00:00
### Fixed
- MastodonAPI: Stream out Create activities
2021-08-10 05:41:06 +00:00
- MRF ObjectAgePolicy: Fix pattern matching on "published"
2021-08-10 18:33:00 +00:00
- TwitterAPI: Make `change_password` and `change_email` require params on body instead of query
2021-08-11 17:45:49 +00:00
- Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies
2021-08-11 14:38:16 +00:00
- AdminAPI: Fix rendering reports containing a `nil` object
2021-08-12 08:29:53 +00:00
- Mastodon API: Activity Search fallbacks on status fetching after a DB Timeout/Error
2021-08-13 15:25:42 +00:00
- Mastodon API: Fix crash in Streamer related to reblogging
2021-08-14 18:42:12 +00:00
- AdminAPI: List available frontends when `static/frontends` folder is missing
2021-08-28 01:43:50 +00:00
- Make activity search properly use language-aware GIN indexes
2021-08-14 11:42:32 +00:00
- AdminAPI: Fix suggestions for MRF Policies
2021-08-12 08:29:53 +00:00
2021-08-09 09:03:58 +00:00
## 2.4.0 - 2021-08-08
2021-08-01 05:41:24 +00:00
2021-04-01 15:09:32 +00:00
### Changed
2020-08-04 15:42:52 +00:00
- **Breaking:** Configuration: `:chat, enabled` moved to `:shout, enabled` and `:instance, chat_limit` moved to `:shout, limit`
2021-01-16 23:06:04 +00:00
- **Breaking** Entries for simple_policy, transparency_exclusions and quarantined_instances now list both the instance and a reason.
2021-06-04 20:50:10 +00:00
- Support for Erlang/OTP 24
2021-03-03 14:35:25 +00:00
- The `application` metadata returned with statuses is no longer hardcoded. Apps that want to display these details will now have valid data for new posts after this change.
2021-04-19 22:06:19 +00:00
- HTTPSecurityPlug now sends a response header to opt out of Google's FLoC (Federated Learning of Cohorts) targeted advertising.
2021-05-20 17:50:43 +00:00
- Email address is now returned if requesting user is the owner of the user account so it can be exposed in client and FE user settings UIs.
2021-06-09 16:56:54 +00:00
- Improved Twittercard and OpenGraph meta tag generation including thumbnails and image dimension metadata when available.
2021-07-14 02:44:42 +00:00
- AdminAPI: sort users so the newest are at the top.
2020-09-18 12:22:27 +00:00
- ActivityPub Client-to-Server(C2S): Limitation on the type of Activity/Object are lifted as they are now passed through ObjectValidators
2022-05-08 18:10:40 +00:00
- MRF (`AntiFollowbotPolicy`): Bot accounts are now also considered followbots. Users can still allow bots to follow them by first following the bot.
2021-03-03 14:35:25 +00:00
2021-04-01 15:09:32 +00:00