19 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
This changelog covers changes since Misskey v12.111.1, the version prior to the FoundKey fork. For older Misskey versions, see CHANGELOG-OLD.md.
Unreleased changes should not be listed in this file.
Instead, run git shortlog --format='%h %s' --group=trailer:changelog <last tag>..
to see unreleased changes; replace <last tag>
with the tag you wish to compare from.
If you are a contributor, please read CONTRIBUTING.md, section "Changelog Trailer" on what to do instead.
13.0.0-preview6 - 2023-07-02
Added
- BREAKING activitypub: validate fetch signatures Fetching the ActivityPub representation of something now requires a valid HTTP signature.
- client: add MFM functions
position
,scale
,fg
,bg
- server: add webhook stat to nodeinfo
- activitypub: handle incoming Update Note activities
Changed
- client: change followers only icon to closed lock
- client: disable sound for received note by default
- client: always forbid MFM overflow
- make mutes case insensitive
- activitypub: improve JSON-LD context
The context now properly notes the
@type
s of defined attributes. - docker: only publish port on localhost
Fixed
- server: fix internal download in emoji import
- server: replace unzipper with decompress
Removed
- migrate note favorites to clips If you previously had favorites they will now be in a clip called "⭐". If you want to add a note as a "favorite" you can use the menu item "Clip".
13.0.0-preview5 - 2023-05-23
This release contains 6 breaking changes and 1 security update.
Security
- client: check input for aiscript
- server: validate filenames and emoji names on emoji import
- server: check URL schema of ActivityPub URIs
- server: check schema for URL previews
- server: update summaly dependency
Added
- client: impolement filtering and sorting in drive
- client: add "nobody" follower/following visibility
- client: re-add flag to require approval for bot follows
- client: show waveform on audio player
- client: add new deepl languages
- client: add instructions on remote interaction (when signed out)
- client: show follow button when not logged in
- server: show worker mode in process names
- server: drive endpoint to fetch files and folders combined
- activitypub: implement receiving account moves
Changed
- BREAKING server: restructure endpoints related to user administration
- BREAKING server: refactor streaming API data structures
- BREAKING server: rename configuration environment variables
The environment variables that could be used for configuration which were previously prefixed with
MK_
are now prefixed withFK_
instead. - server: improve error message for invalidating follows
- server: add pagination to file attachment timeline
Fixed
- BREAKING server: properly respect follower/following visibility setting on statistics endpoint
This affects the endpoint
/api/users/stats
. - improve documentation for
fetch-rss
endpoint - client: fix authentication error in RSS widget
- client: fix attached files and account switcher combination in new note form
- client: improved module tracker file detection
- client: fix follow requests pagination
- client: Theme creator breaks after creating a theme
- client: replace error UUIDs with error codes
- client: allow opening links in new tab The usual 3rd button click (usually mouse wheel) or Ctrl+Click should now work to open a link in a new tab.
- client: fix drive item updates inserting duplicate entries
- client: improve error messages for failed uploads
- client: stop unnecessary network congestion by websocket ping mechanism
- server: don't fail if a system user was already created
- server: better matching for MFM mentions
- server: fix rate limit for adding reactions
- server: check instance description length limit
- server: dont error on generating RSS feeds for profiles without public posts
- server: group delivering
Delete
activities to improve performance - server: fix drive quota for remote users
- server: user deletion race condition (again)
Removed
- BREAKING server: remove unused API parameters
sinceId
anduntilId
from/api/notes/reactions
. - BREAKING server: remove syslog integration
If you used syslog before, the syslog protocoll will no longer be connected to.
The configuration entries for
syslog
will be ignored, you should remove them if they are set. - client: remove
driveFolderBg
theme colour - activitypub: remove
_misskey_content
attribute - activitypub: remove
_misskey_reaction
attribute - activitypub: remove
_misskey_votes
attribute - foundkey-js: remove unused definitions for Ads and detailed instance metadata
13.0.0-preview4 - 2023-02-05
This release contains 6 breaking changes, including changes to the configuration file format.
Added
- new Foundkey logo
- client: add button to unrenote/remove all own renotes
- client: add mod tracker
- client: add button to delete all files of a user for moderators
- server: implement OAuth 2.0 Authorization Code grant
- server: add config for error images
- server: expire notifications after 3 months
- server: start adding /api/v2 routes
- server: indicate Retry-After when rate limiting
- docs: show rate limit information
Changed
- BREAKING server: implement separate web workers
The configuration file format has been changed: The
clusterLimit
item has been removed andclusterLimits
has been added instead. Check the example configuration file. - BREAKING server: remove wildcard blocking and instead block subdomains (#269) As an administrator you may need to check the list of blocked instances.
- BREAKING server: disable deliver rate limit by default
We found that the deliver rate limit causes a lot of load for no real benefit. Because of this,
it will be disabled by default. The default value of
deliverJobPerSec
is set to disable this rate limit. - server: adjust permissions for
/api/admin/accounts/delete
The admin/accounts/delete endpoint now requries administrator privileges instead of just moderator privileges. - server: increase nodeinfo caching
- client: headlines in queue widget are links
- client: add tooltips to visibility icons
- server: improve error messages
- server: change default value for
/api/admin/show-users
origin param - server: lower rate limit for deletion activities
Deleting things that result in federating a delete activity have a more strict rate limit.
This affects the following endpoints:
/api/notes/delete
/api/notes/reactions/delete
/api/notes/unrenote
- server: improve OpenGraph data
- properly render note attachments as RDFa
- add more metadata about e.g. author
- proper OpenGraph data replaces custom
misskey:
RDFa tags
- activitypub: implement FEP-e232 qoutes
- activitypub: use
quoteUri
instead ofquoteUrl
Fixed
- client: fix layout of app authorization page
- client: unify different error dialogs
- client: set display name limit same as server
- client: dont display instance banner tooltip if software name is unknown
- client: fix 500 error in notifications
- client: fix some tooltips not closing
- client: fix issue of search only working once
- client: check
quoteId
for canPost computation - client: fix quotes with only a CW
- server: fix thread mutes not applying to renotes
- server: fix ReferenceError: meta is undefined
- server: fix TypeError in registerOrFetchInstanceDoc
- server: fix ratelimit in
/api/i/import-following
- server: handle redirects in signed get
- server: remove reversi database tables
- server: set file permissions after copy
- server: also use human readable URL in search
- server: fix user deletion race condition
- server: add websocket ping mechanism This should help keep websocket connections alive even if there are no events for prolonged time periods. This should also fix issues where the "connection has been lost" dialog appeared despite the connection being fine.
- activitypub: properly parse incoming hashtags
- activitypub: Do block checks more globally
- activitypub: properly render CW only quotes
Removed:
- BREAKING server: remove Twitter, Github and Discord integrations
- BREAKING server: remove
api/admin/delete-account
, You should use the API endpointadmin/accounts/delete
instead. It has the same parameter and the same behaviour. - BREAKING remove galleries
Galleries have been removed because low usage and duplication of other behaviour.
Existing gallery posts will be turned into ordinary notes.
If a user had any gallery posts, a new clip called "Gallery" will be created containing
all of the former gallery posts that are now notes.
This affects the following endpoints:
/api/gallery/featured
/api/gallery/popular
/api/gallery/posts
/api/gallery/posts/create
/api/gallery/posts/delete
/api/gallery/posts/like
/api/gallery/posts/show
/api/gallery/posts/unlike
/api/i/gallery/likes
/api/i/gallery/posts
/api/users/gallery/posts
- server: remove bios and cli
- server: remove avatarColor and bannerColor properties
- server: remove application level websocket ping
This pinging mechanism was unused in
foundkey-js
, and we expect other usage to be low. You can use the pinging mechanism built into the websocket protocol if you wish. Note that the Server will now also send pings on its own (see Fixed section).
13.0.0-preview3 - 2022-12-02
This release contains 1 urgent security fix necessitated by misskey-forkbomb
.
This release contains 1 breaking change.
If you are a 3rd party client developer please see the "Intended future changes" section at the end.
Security
- activitypub: add recursion limit to resolver
Added
- server: make max note length configurable
- server: LibreTranslate support
- activitypub: not forwarding block activities This can be configured per user.
- client: add "follows you" hint to user profile popup
- client: improved search page for notes and users
- client: ability to delete webhooks
- client: put back button to let admin remove all followings from an instance
Changed
- BREAKING server: remove support for node 16.x. Since 2022-10-18, Node.js 16.x is out of Long Term Support and has entered the Maintenance phase. The new Long Term Support version since 2022-10-25 is Node.js 18.x. Foundkey now requires at least Node.js 18.7.0.
- updated documentation
- client: updated translations
- client: update emoji list
- client: autocomplete flag emoji
- client: autocompletion for emoji is case insensitive
- client: use browser native notifications
- client: close webhook settings page automatically after saving
- client: remove hostname from signup and signin forms
- server: increase user profile description length limit to 2048
- server: always enable push notifications
- server: allow to like own pages
- server: allow to like own gallery pages
- server: produce error when trying to unclip note that was not clipped
- server: stricter API permissions, more endpoints require authentication
This affects the following endpoints:
/api/federation/instances
/api/federation/show-instance
/api/federation/stats
/api/federation/users
/api/federation/followers
/api/federation/following
/api/fetch-rss
- server: stricter rate limiting for password reset
- server: refactor API errors and improve documentation
This affects all API endpoints.
API errors no longer have a UUID (previous
id
property). Use the propertiescode
andendpoint
instead. - server: avoid adding suspended instances to the delivery queue in the first place
- server: rewrite skipped instances query in raw SQL to improve performance
- activitypub: don't nyaize blockquotes
- server: add wildcard matching to blocked hosts
- server: updated dependencies
Fixed
- client: fix detection of maximum lenght for profile description
- client: editing webhooks
- client: files in some states couldnot be dropped and uploaded
- service worker: don't trigger "push notification have been updated"
- server: properly delete expired password reset requests
- server: skip delivering to instances that proclaim themself dead via HTTP 410
- server: use host parameter in note search even if elasticsearch is not enabled
- activitypub: fix rendering of Follow activity
id
when force-removing a follow - activitypub: remove akkoma quote URLs
Removed
- client: remove user search from explore page You can use the new revamped search page instead.
- server: remove
deeplIsPro
setting This setting can be automatically detected based on the DeepL Auth Key provided. This affects the following endpoints:/api/admin/meta
/api/admin/update-meta
- server: remove unused endpoints
This affects the following endpoints. Expected usage of these endpoints is low.
/api/test
/api/users/get-frequently-replied-users
Intended future changes
This section is intended for 3rd party client developers.
MiAuth will be removed in a future release, most likely in the next release. This affects the follwing endpoints:
/miauth
/api/miauth/:session/check
Thefeatures.miauth
feature flag in/api/meta
will no longer betrue
(set tofalse
or removed entirely).
We would like to clarify that the follwing ndpoints are not part of the public API as they were never part of the documentation generated at /api-doc
.
They may be removed at any point, without notice.
/api/signup
/api/signin
/api/signup-pending
13.0.0-preview2 - 2022-10-16
Security
- server: Update
multer
dependency to resolve CVE-2022-24434 - server: Update
file-type
,got
, andsharp
dependencies to fix various security issues
Added
- allow to mute only renotes of a user
- allow to export only selected custom emoji
- client: improve emoji picker search
- client: Extend Emoji list
- client: show alt text in image viewer
- client: Show instance info in ticker
- client: Readded group pages
- client: add re-collapsing to quoted notes
- server: allow files storage path to be set explicitly
- server: refactor expiring data and expire signins after 60 days
- server: send delete activity to all known instances
- server: add automatic dead instance detection
Changed
- foundkey-js: Sync possible endpoints from backend
- foundkey-js: update LiteInstanceMetadata fields
- meta: use parallel and incremental builds
- meta: update WORKDIR to foundkey
- meta: update dependencies
- client: consolidate about & notifications pages
- client: include renote in visibility computation
- client: make emoji amount slider more intuitive
- client: sort emojis by query similarity in fuzzy picker
- client: discard drafts that are just the default state
- client: Use consistent date formatting based on language setting
- client: Add threshold to reduce occurances of "future" timestamps
- server: mute notifications in muted threads
- server: allow for source lang to be overridden in note/translate
- server: allow redis family to be specified as a string
- server: increase image description limit to 2048 characters
- server: Pages have been considerably simplified, several of the very complex features have been removed. Pages are now MFM only. For admins: There is a migration in place to convert page contents to text, but not everything can be migrated. You might want to check if you have any more complex pages on your instance and ask users to migrate them by hand. Or generally advise all users to simplify their pages to only text.
Fixed
- client: alt text dialog properly handles non-images
- client: Fix style scoping in MkMention
- client: default instance ticker name to instance's domain name
- client: improve error message for empty gallery posts
- client: fix default-selected reply scopes
- client: Make MFM cheatsheet interactive again
- client: Fix reports not showing in control panel
- client: make hard coded strings in emoji admin panel internationalized
- client: Notifications for ended polls can now be turned off
- client: improve emoji picker performance
- server: Blocking remote accounts
- server: fix table name used in toHtml
- server: Fix appendChildren TypeError
- server: ensure only own notifications can be marked as read
- server: render HTML mentions correctly
- server: increase requestId max size for GNU Social
- server: fix HTTP GET parameters in OpenAPI docs
- server: proper error messages for creating accounts
- server: Fix thread muting queries
- docker: add built foundkey-js files to container
- service worker: Remove fetch handler from service worker
Removed
- remove misskey-assets submodule
- server: remove room data from user
- client: remove ai mode
- client: remove "Disable AiScript on Pages" setting
- client: acrylic styling
- client: Twitter embeds, the standard URL preview is used instead.
- foundkey-js: remove room api endpoints
- server: remove unusable setting to send error reports
- server: ignore detail parameter on meta endpoint
- server: Promotion entities and endpoints
- server: The configuration item
signToActivityPubGet
has been removed and will be ignored if set explicitly. Foundkey will now work as if it was set totrue
.
13.0.0-preview1 - 2022-08-05
Added
- Server: Replies can now be fetched recursively.
Changed
- Server: Replies/quotes cannot have a more open visibility than the parent post
- Server: Allow GET method for some endpoints
- Server: Add rate limit to i/notifications
- Server: Improve performance
- Server: Supports IPv6 on Redis transport
IPv4/IPv6 is used by default. You can tune this behavior via
redis.family
- Server: Mutes and blocks now apply recursively to replies and renotes
- Server: Admins can now delete accounts
- Client: Improve control panel
- Client: Show warning in control panel when there is an unresolved abuse report
- Client: For notes with specified visibility, show recipients when hovering over visibility symbol.
- Client: Add rss-ticker widget
- Client: Removing entries from a clip
- Client: Searching in the emoji picker is now case insensitive
- Client: MFM search button changed to a no-op
- Client: Fix URL-encoded routing
- Client: Poll highlights in explore page
- Client: Improve player detection in URL preview
- Client: Add Badge Image to Push Notification
- Client: Custom Emoji pages have been merged into the Instance Info page
Removed
- Server: ID generation methods other than
aid
- Client: Ability to show advertisements
Fixed
- Server: Video thumbnails are now generated properly
- Server: Ensure temp directory cleanup
- Client: Favicons of remote instances now show up
- Client: Fix switch to receive email notifications
- Client: Page freezes when trying to open configuration page of existing webhooks
- Client: Fix a bug where new chat messages don't show up
- Client: Fix collapsing long notes
- Client: Add padding to pages
Security
- Server: Hide metadata of private notes