Johann150
77358c8f4b
Some checks failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/tag/build Pipeline was successful
ci/woodpecker/tag/lint-client Pipeline was successful
ci/woodpecker/tag/lint-foundkey-js Pipeline was successful
ci/woodpecker/tag/lint-sw Pipeline was successful
ci/woodpecker/tag/test Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/tag/lint-backend Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/test Pipeline failed
423 lines
19 KiB
Markdown
423 lines
19 KiB
Markdown
# Changelog
|
|
All notable changes to this project will be documented in this file.
|
|
|
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
|
|
This changelog covers changes since Misskey v12.111.1, the version prior to the FoundKey fork.
|
|
For older Misskey versions, see [CHANGELOG-OLD.md](./CHANGELOG-OLD.md).
|
|
|
|
Unreleased changes should not be listed in this file.
|
|
Instead, run `git shortlog --format='%h %s' --group=trailer:changelog <last tag>..` to see unreleased changes; replace `<last tag>` with the tag you wish to compare from.
|
|
If you are a contributor, please read [CONTRIBUTING.md, section "Changelog Trailer"](./CONTRIBUTING.md#changelog-trailer) on what to do instead.
|
|
|
|
## 13.0.0-preview6 - 2023-07-02
|
|
|
|
## Added
|
|
- **BREAKING** activitypub: validate fetch signatures
|
|
Fetching the ActivityPub representation of something now requires a valid HTTP signature.
|
|
- client: add MFM functions `position`, `scale`, `fg`, `bg`
|
|
- server: add webhook stat to nodeinfo
|
|
- activitypub: handle incoming Update Note activities
|
|
|
|
## Changed
|
|
- client: change followers only icon to closed lock
|
|
- client: disable sound for received note by default
|
|
- client: always forbid MFM overflow
|
|
- make mutes case insensitive
|
|
- activitypub: improve JSON-LD context
|
|
The context now properly notes the `@type`s of defined attributes.
|
|
- docker: only publish port on localhost
|
|
|
|
## Fixed
|
|
- server: fix internal download in emoji import
|
|
- server: replace unzipper with decompress
|
|
|
|
## Removed
|
|
- migrate note favorites to clips
|
|
If you previously had favorites they will now be in a clip called "⭐".
|
|
If you want to add a note as a "favorite" you can use the menu item "Clip".
|
|
|
|
## 13.0.0-preview5 - 2023-05-23
|
|
This release contains 6 breaking changes and 1 security update.
|
|
|
|
### Security
|
|
- client: check input for aiscript
|
|
- server: validate filenames and emoji names on emoji import
|
|
- server: check URL schema of ActivityPub URIs
|
|
- server: check schema for URL previews
|
|
- server: update summaly dependency
|
|
|
|
### Added
|
|
- client: impolement filtering and sorting in drive
|
|
- client: add "nobody" follower/following visibility
|
|
- client: re-add flag to require approval for bot follows
|
|
- client: show waveform on audio player
|
|
- client: add new deepl languages
|
|
- client: add instructions on remote interaction (when signed out)
|
|
- client: show follow button when not logged in
|
|
- server: show worker mode in process names
|
|
- server: drive endpoint to fetch files and folders combined
|
|
- activitypub: implement receiving account moves
|
|
|
|
### Changed
|
|
- **BREAKING** server: restructure endpoints related to user administration
|
|
- **BREAKING** server: refactor streaming API data structures
|
|
- **BREAKING** server: rename configuration environment variables
|
|
The environment variables that could be used for configuration which were previously prefixed with `MK_`
|
|
are now prefixed with `FK_` instead.
|
|
- server: improve error message for invalidating follows
|
|
- server: add pagination to file attachment timeline
|
|
|
|
### Fixed
|
|
- **BREAKING** server: properly respect follower/following visibility setting on statistics endpoint
|
|
This affects the endpoint `/api/users/stats`.
|
|
- improve documentation for `fetch-rss` endpoint
|
|
- client: fix authentication error in RSS widget
|
|
- client: fix attached files and account switcher combination in new note form
|
|
- client: improved module tracker file detection
|
|
- client: fix follow requests pagination
|
|
- client: Theme creator breaks after creating a theme
|
|
- client: replace error UUIDs with error codes
|
|
- client: allow opening links in new tab
|
|
The usual 3rd button click (usually mouse wheel) or Ctrl+Click should now work to open a link in a new tab.
|
|
- client: fix drive item updates inserting duplicate entries
|
|
- client: improve error messages for failed uploads
|
|
- client: stop unnecessary network congestion by websocket ping mechanism
|
|
- server: don't fail if a system user was already created
|
|
- server: better matching for MFM mentions
|
|
- server: fix rate limit for adding reactions
|
|
- server: check instance description length limit
|
|
- server: dont error on generating RSS feeds for profiles without public posts
|
|
- server: group delivering `Delete` activities to improve performance
|
|
- server: fix drive quota for remote users
|
|
- server: user deletion race condition (again)
|
|
|
|
### Removed
|
|
- **BREAKING** server: remove unused API parameters `sinceId` and `untilId` from `/api/notes/reactions`.
|
|
- **BREAKING** server: remove syslog integration
|
|
If you used syslog before, the syslog protocoll will no longer be connected to.
|
|
The configuration entries for `syslog` will be ignored, you should remove them if they are set.
|
|
- client: remove `driveFolderBg` theme colour
|
|
- activitypub: remove `_misskey_content` attribute
|
|
- activitypub: remove `_misskey_reaction` attribute
|
|
- activitypub: remove `_misskey_votes` attribute
|
|
- foundkey-js: remove unused definitions for Ads and detailed instance metadata
|
|
|
|
## 13.0.0-preview4 - 2023-02-05
|
|
This release contains 6 breaking changes, including changes to the configuration file format.
|
|
|
|
### Added
|
|
- new Foundkey logo
|
|
- client: add button to unrenote/remove all own renotes
|
|
- client: add mod tracker
|
|
- client: add button to delete all files of a user for moderators
|
|
- server: implement OAuth 2.0 Authorization Code grant
|
|
- server: add config for error images
|
|
- server: expire notifications after 3 months
|
|
- server: start adding /api/v2 routes
|
|
- server: indicate Retry-After when rate limiting
|
|
- docs: show rate limit information
|
|
|
|
### Changed
|
|
- **BREAKING** server: implement separate web workers
|
|
The configuration file format has been changed: The `clusterLimit` item has been removed
|
|
and `clusterLimits` has been added instead. Check the example configuration file.
|
|
- **BREAKING** server: remove wildcard blocking and instead block subdomains (#269)
|
|
As an administrator you may need to check the list of blocked instances.
|
|
- **BREAKING** server: disable deliver rate limit by default
|
|
We found that the deliver rate limit causes a lot of load for no real benefit. Because of this,
|
|
it will be disabled by default. The default value of `deliverJobPerSec` is set to
|
|
disable this rate limit.
|
|
- server: adjust permissions for `/api/admin/accounts/delete`
|
|
The admin/accounts/delete endpoint now requries administrator privileges
|
|
instead of just moderator privileges.
|
|
- server: increase nodeinfo caching
|
|
- client: headlines in queue widget are links
|
|
- client: add tooltips to visibility icons
|
|
- server: improve error messages
|
|
- server: change default value for `/api/admin/show-users` origin param
|
|
- server: lower rate limit for deletion activities
|
|
Deleting things that result in federating a delete activity have a more strict rate limit.
|
|
This affects the following endpoints:
|
|
- `/api/notes/delete`
|
|
- `/api/notes/reactions/delete`
|
|
- `/api/notes/unrenote`
|
|
- server: improve OpenGraph data
|
|
- properly render note attachments as RDFa
|
|
- add more metadata about e.g. author
|
|
- proper OpenGraph data replaces custom `misskey:` RDFa tags
|
|
- activitypub: implement [FEP-e232](https://codeberg.org/fediverse/fep/src/branch/main/feps/fep-e232.md) qoutes
|
|
- activitypub: use `quoteUri` instead of `quoteUrl`
|
|
|
|
### Fixed
|
|
- client: fix layout of app authorization page
|
|
- client: unify different error dialogs
|
|
- client: set display name limit same as server
|
|
- client: dont display instance banner tooltip if software name is unknown
|
|
- client: fix 500 error in notifications
|
|
- client: fix some tooltips not closing
|
|
- client: fix issue of search only working once
|
|
- client: check `quoteId` for canPost computation
|
|
- client: fix quotes with only a CW
|
|
- server: fix thread mutes not applying to renotes
|
|
- server: fix ReferenceError: meta is undefined
|
|
- server: fix TypeError in registerOrFetchInstanceDoc
|
|
- server: fix ratelimit in `/api/i/import-following`
|
|
- server: handle redirects in signed get
|
|
- server: remove reversi database tables
|
|
- server: set file permissions after copy
|
|
- server: also use human readable URL in search
|
|
- server: fix user deletion race condition
|
|
- server: add websocket ping mechanism
|
|
This should help keep websocket connections alive even if there are no events for
|
|
prolonged time periods. This should also fix issues where the "connection has been lost"
|
|
dialog appeared despite the connection being fine.
|
|
- activitypub: properly parse incoming hashtags
|
|
- activitypub: Do block checks more globally
|
|
- activitypub: properly render CW only quotes
|
|
|
|
### Removed:
|
|
- **BREAKING** server: remove Twitter, Github and Discord integrations
|
|
- **BREAKING** server: remove `api/admin/delete-account`,
|
|
You should use the API endpoint `admin/accounts/delete` instead.
|
|
It has the same parameter and the same behaviour.
|
|
- **BREAKING** remove galleries
|
|
Galleries have been removed because low usage and duplication of other behaviour.
|
|
Existing gallery posts will be turned into ordinary notes.
|
|
If a user had any gallery posts, a new clip called "Gallery" will be created containing
|
|
all of the former gallery posts that are now notes.
|
|
This affects the following endpoints:
|
|
- `/api/gallery/featured`
|
|
- `/api/gallery/popular`
|
|
- `/api/gallery/posts`
|
|
- `/api/gallery/posts/create`
|
|
- `/api/gallery/posts/delete`
|
|
- `/api/gallery/posts/like`
|
|
- `/api/gallery/posts/show`
|
|
- `/api/gallery/posts/unlike`
|
|
- `/api/i/gallery/likes`
|
|
- `/api/i/gallery/posts`
|
|
- `/api/users/gallery/posts`
|
|
- server: remove bios and cli
|
|
- server: remove avatarColor and bannerColor properties
|
|
- server: remove application level websocket ping
|
|
This pinging mechanism was unused in `foundkey-js`, and we expect other usage to be low.
|
|
You can use the pinging mechanism built into the websocket protocol if you wish.
|
|
Note that the Server will now also send pings on its own (see *Fixed* section).
|
|
|
|
## 13.0.0-preview3 - 2022-12-02
|
|
This release contains 1 urgent security fix necessitated by `misskey-forkbomb`.
|
|
This release contains 1 breaking change.
|
|
If you are a 3rd party client developer please see the "Intended future changes" section at the end.
|
|
|
|
### Security
|
|
- activitypub: add recursion limit to resolver
|
|
|
|
### Added
|
|
- server: make max note length configurable
|
|
- server: LibreTranslate support
|
|
- activitypub: not forwarding block activities
|
|
This can be configured per user.
|
|
- client: add "follows you" hint to user profile popup
|
|
- client: improved search page for notes and users
|
|
- client: ability to delete webhooks
|
|
- client: put back button to let admin remove all followings from an instance
|
|
|
|
### Changed
|
|
- **BREAKING** server: remove support for node 16.x.
|
|
Since 2022-10-18, Node.js 16.x is out of Long Term Support and has entered the Maintenance phase.
|
|
The new Long Term Support version since 2022-10-25 is Node.js 18.x.
|
|
Foundkey now requires at least Node.js 18.7.0.
|
|
- updated documentation
|
|
- client: updated translations
|
|
- client: update emoji list
|
|
- client: autocomplete flag emoji
|
|
- client: autocompletion for emoji is case insensitive
|
|
- client: use browser native notifications
|
|
- client: close webhook settings page automatically after saving
|
|
- client: remove hostname from signup and signin forms
|
|
- server: increase user profile description length limit to 2048
|
|
- server: always enable push notifications
|
|
- server: allow to like own pages
|
|
- server: allow to like own gallery pages
|
|
- server: produce error when trying to unclip note that was not clipped
|
|
- server: stricter API permissions, more endpoints require authentication
|
|
This affects the following endpoints:
|
|
- `/api/federation/instances`
|
|
- `/api/federation/show-instance`
|
|
- `/api/federation/stats`
|
|
- `/api/federation/users`
|
|
- `/api/federation/followers`
|
|
- `/api/federation/following`
|
|
- `/api/fetch-rss`
|
|
- server: stricter rate limiting for password reset
|
|
- server: refactor API errors and improve documentation
|
|
This affects all API endpoints.
|
|
API errors no longer have a UUID (previous `id` property). Use the properties `code` and `endpoint` instead.
|
|
- server: avoid adding suspended instances to the delivery queue in the first place
|
|
- server: rewrite skipped instances query in raw SQL to improve performance
|
|
- activitypub: don't nyaize blockquotes
|
|
- server: add wildcard matching to blocked hosts
|
|
- server: updated dependencies
|
|
|
|
### Fixed
|
|
- client: fix detection of maximum lenght for profile description
|
|
- client: editing webhooks
|
|
- client: files in some states couldnot be dropped and uploaded
|
|
- service worker: don't trigger "push notification have been updated"
|
|
- server: properly delete expired password reset requests
|
|
- server: skip delivering to instances that proclaim themself dead via HTTP 410
|
|
- server: use host parameter in note search even if elasticsearch is not enabled
|
|
- activitypub: fix rendering of Follow activity `id` when force-removing a follow
|
|
- activitypub: remove akkoma quote URLs
|
|
|
|
### Removed
|
|
- client: remove user search from explore page
|
|
You can use the new revamped search page instead.
|
|
- server: remove `deeplIsPro` setting
|
|
This setting can be automatically detected based on the DeepL Auth Key provided.
|
|
This affects the following endpoints:
|
|
- `/api/admin/meta`
|
|
- `/api/admin/update-meta`
|
|
- server: remove unused endpoints
|
|
This affects the following endpoints. Expected usage of these endpoints is low.
|
|
- `/api/test`
|
|
- `/api/users/get-frequently-replied-users`
|
|
|
|
### Intended future changes
|
|
This section is intended for 3rd party client developers.
|
|
|
|
MiAuth will be removed in a future release, most likely in the next release.
|
|
This affects the follwing endpoints:
|
|
- `/miauth`
|
|
- `/api/miauth/:session/check`
|
|
The `features.miauth` feature flag in `/api/meta` will no longer be `true` (set to `false` or removed entirely).
|
|
|
|
We would like to clarify that the follwing ndpoints are not part of the public API as they were never part of the documentation generated at `/api-doc`.
|
|
They may be removed at any point, without notice.
|
|
- `/api/signup`
|
|
- `/api/signin`
|
|
- `/api/signup-pending`
|
|
|
|
## 13.0.0-preview2 - 2022-10-16
|
|
### Security
|
|
- server: Update `multer` dependency to resolve [CVE-2022-24434](https://nvd.nist.gov/vuln/detail/CVE-2022-24434)
|
|
- server: Update `file-type`, `got`, and `sharp` dependencies to fix various security issues
|
|
|
|
### Added
|
|
- allow to mute only renotes of a user
|
|
- allow to export only selected custom emoji
|
|
- client: improve emoji picker search
|
|
- client: Extend Emoji list
|
|
- client: show alt text in image viewer
|
|
- client: Show instance info in ticker
|
|
- client: Readded group pages
|
|
- client: add re-collapsing to quoted notes
|
|
- server: allow files storage path to be set explicitly
|
|
- server: refactor expiring data and expire signins after 60 days
|
|
- server: send delete activity to all known instances
|
|
- server: add automatic dead instance detection
|
|
|
|
### Changed
|
|
- foundkey-js: Sync possible endpoints from backend
|
|
- foundkey-js: update LiteInstanceMetadata fields
|
|
- meta: use parallel and incremental builds
|
|
- meta: update WORKDIR to foundkey
|
|
- meta: update dependencies
|
|
- client: consolidate about & notifications pages
|
|
- client: include renote in visibility computation
|
|
- client: make emoji amount slider more intuitive
|
|
- client: sort emojis by query similarity in fuzzy picker
|
|
- client: discard drafts that are just the default state
|
|
- client: Use consistent date formatting based on language setting
|
|
- client: Add threshold to reduce occurances of "future" timestamps
|
|
- server: mute notifications in muted threads
|
|
- server: allow for source lang to be overridden in note/translate
|
|
- server: allow redis family to be specified as a string
|
|
- server: increase image description limit to 2048 characters
|
|
- server: Pages have been considerably simplified, several of the very complex features have been removed.
|
|
Pages are now MFM only.
|
|
**For admins:** There is a migration in place to convert page contents to text, but not everything can be migrated.
|
|
You might want to check if you have any more complex pages on your instance and ask users to migrate them by hand.
|
|
Or generally advise all users to simplify their pages to only text.
|
|
|
|
### Fixed
|
|
- client: alt text dialog properly handles non-images
|
|
- client: Fix style scoping in MkMention
|
|
- client: default instance ticker name to instance's domain name
|
|
- client: improve error message for empty gallery posts
|
|
- client: fix default-selected reply scopes
|
|
- client: Make MFM cheatsheet interactive again
|
|
- client: Fix reports not showing in control panel
|
|
- client: make hard coded strings in emoji admin panel internationalized
|
|
- client: Notifications for ended polls can now be turned off
|
|
- client: improve emoji picker performance
|
|
- server: Blocking remote accounts
|
|
- server: fix table name used in toHtml
|
|
- server: Fix appendChildren TypeError
|
|
- server: ensure only own notifications can be marked as read
|
|
- server: render HTML mentions correctly
|
|
- server: increase requestId max size for GNU Social
|
|
- server: fix HTTP GET parameters in OpenAPI docs
|
|
- server: proper error messages for creating accounts
|
|
- server: Fix thread muting queries
|
|
- docker: add built foundkey-js files to container
|
|
- service worker: Remove fetch handler from service worker
|
|
|
|
### Removed
|
|
- remove misskey-assets submodule
|
|
- server: remove room data from user
|
|
- client: remove ai mode
|
|
- client: remove "Disable AiScript on Pages" setting
|
|
- client: acrylic styling
|
|
- client: Twitter embeds, the standard URL preview is used instead.
|
|
- foundkey-js: remove room api endpoints
|
|
- server: remove unusable setting to send error reports
|
|
- server: ignore detail parameter on meta endpoint
|
|
- server: Promotion entities and endpoints
|
|
- server: The configuration item `signToActivityPubGet` has been removed and will be ignored if set explicitly.
|
|
Foundkey will now work as if it was set to `true`.
|
|
|
|
## 13.0.0-preview1 - 2022-08-05
|
|
### Added
|
|
- Server: Replies can now be fetched recursively.
|
|
|
|
### Changed
|
|
- Server: Replies/quotes cannot have a more open visibility than the parent post
|
|
- Server: Allow GET method for some endpoints
|
|
- Server: Add rate limit to i/notifications
|
|
- Server: Improve performance
|
|
- Server: Supports IPv6 on Redis transport
|
|
IPv4/IPv6 is used by default. You can tune this behavior via `redis.family`
|
|
- Server: Mutes and blocks now apply recursively to replies and renotes
|
|
- Server: Admins can now delete accounts
|
|
- Client: Improve control panel
|
|
- Client: Show warning in control panel when there is an unresolved abuse report
|
|
- Client: For notes with specified visibility, show recipients when hovering over visibility symbol.
|
|
- Client: Add rss-ticker widget
|
|
- Client: Removing entries from a clip
|
|
- Client: Searching in the emoji picker is now case insensitive
|
|
- Client: MFM search button changed to a no-op
|
|
- Client: Fix URL-encoded routing
|
|
- Client: Poll highlights in explore page
|
|
- Client: Improve player detection in URL preview
|
|
- Client: Add Badge Image to Push Notification
|
|
- Client: Custom Emoji pages have been merged into the Instance Info page
|
|
|
|
### Removed
|
|
- Server: ID generation methods other than `aid`
|
|
- Client: Ability to show advertisements
|
|
|
|
### Fixed
|
|
- Server: Video thumbnails are now generated properly
|
|
- Server: Ensure temp directory cleanup
|
|
- Client: Favicons of remote instances now show up
|
|
- Client: Fix switch to receive email notifications
|
|
- Client: Page freezes when trying to open configuration page of existing webhooks
|
|
- Client: Fix a bug where new chat messages don't show up
|
|
- Client: Fix collapsing long notes
|
|
- Client: Add padding to pages
|
|
|
|
### Security
|
|
- Server: Hide metadata of private notes
|