MbinOrg/mbin v1.9.0-rc2

v1.9.0 Release Candidate 2

on GitHub

This is our v1.9.0 Release Candidate 2 (also known as a pre-release) of Mbin. This release includes security patches of upstream dependencies, documentation improvements, various performance improvements, new features, bug fixes, design improvements, Docker improvements and so much more...

Comparison to previous stable version v1.8.4 (ignoring the previous RC1):

We have 3 different summaries below. One for end-users, one for server admins, and finally a summary for Mbin developers.

Below the summaries you will find the upgrade instructions. Please read the instructions very carefully, since we did introduce backwards incomparable changes.

Summary for Users

This release contains numerous improvements and changes that we can't list everything here, so we'll stick to the highlights (in random order).

We enhanced security so that after a user changes their password or 2FA, all the current sessions of that user will be invalid and the user will need to log in again.

A new combined front page. You could make the combined front page the default in your profile settings. Which means you see both threads and microblogs combined on the homepage.

We also introduced a new feature under general settings, where you can select "Who can send you a direct message" (defaults to everybody).

We added support for magazine banners in Mbin (which is also compatible with Lemmy Communities).

Mbin combines the thread form into just one form (instead of having article, link, and photo having a separate form). Mbin now also federates bans correctly (both incoming and outgoing bans).

Global mods can now manage (view, approve and/or deny) account signups. Global mods can now also receive signup notifications, which will also come with a new menu item in the drop-down menu.

Plus various other bug fixes and CSS layout improvements, ban notification fixes, and too many other fixes to mention here.

Summary for Admins

Multiple Docker setup enhancements, we upgraded to Debian Trixie images. We also upgraded to use Node v24 (current LTS release) within our Mbin Docker images. Plus we added a new amqproxy service to the docker compose file. See upgrade instructions for Docker below for more info.

We now added two different server settings:

• Restrict "Random Threads/Posts" sidebar sections to local only
• Restrict "Active people" sidebar section to local only

The first option has been known to cause SQL performance issues (we recommended NOT enabling this first option), hence we gave you the two options. The second option shows local only active users, which does NOT impact performance (so feel free to enable that option if you wish).

Mbin now comes with new moderation log filter capabilities.

We also documented Anubis setup for Mbin, setup is optional. However, Anubis could protect your server from DDoS attacks or other unwanted traffic towards your server.

Mbin now also has a command to rotate the private keys for one user or all the local users.

We renamed an existing environment variable: MAX_IMAGE_BYTES to: MBIN_MAX_IMAGE_BYTES, please rename the variable if you have set it. On top of that we also added a new environment variable: MBIN_USE_FEDERATION_ALLOW_LIST (default value: false) for in the .env file. We also added MBIN_NEW_USERS_NEED_APPROVAL (also default value: false) several months ago, in case you didn't added that variable yet. Although both variables are optional to add. See the latest .env.example file.

Finally, we upgraded several Composer dependency packages plus Symfony recipe updates as well as NPM package updates. So like always be sure to run: ./bin/post-upgrade to install all the updated Composer packages (on bare metal). Which should fix security vulnerabilities in our composer & npm depedency packages. And clear all caches.

Summary for developers

We extended and improved the getting started guide, documenting how to leverage dev containers to get started. Please follow the full "Docker as a dev server" guide if you wish to help with development.

We also created a new Fediverse developer page that lists all our ActivityPub messages.

Upgrade Instructions

For Docker

Changes to Docker compose.yaml file (ATTENTION!)

Take a look at the latest compose.yaml file and compare it with your local version:

1. We added a new amqproxy service, do not forget to add depends_on amqproxy. AMQProxy will improve performance and reduce TCP overhead of the AMQ protocol, used by RabbitMQ.
2. After that, you will need to update your .env file to use the host amqproxy:5673 (instead of rabbitmq:5672) in your MESSENGER_TRANSPORT_DSN variable.
3. We upgraded the Debian version used in the Docker images from bookworm to trixie.
4. We renamed MAX_IMAGE_BYTES to MBIN_MAX_IMAGE_BYTES in the .env file. Please change this variable in case you are using it.

Docker Instructions

1. Get the official image or check out the code and build it locally
2. Stop all containers docker compose down
3. Start all containers docker compose up -d
4. Since the Debian version of the PostgreSQL Docker image was upgraded, you will need to run the command below to get rid of the "collation version mismatch" warning. Note that re-indexing your entire database could take a very long time, depending on the size of your database.

docker compose exec -it postgres psql mbin mbin -c \
'REINDEX DATABASE mbin; ALTER DATABASE mbin REFRESH COLLATION VERSION;'

For Bare Metal

Admin guide changes (ATTENTION!)

1. For Bare Metal admins, we advise you to look into the RabbitMQ APT sources, since the RabbitMQ team changed their APT repositories recently. Be sure to update your rabbitmq.list file accordingly.
   If you applied the latest change by running the commands mentioned in the guide, be sure to run the APT update command as well as the APT install/upgrade command for the rabbitmq-server package.
   In case of an upgrade, you will need to enable all feature flags after the rabbitmq-server upgrade by executing the following command: sudo rabbitmqctl enable_feature_flag all.
2. We now documented AMQProxy (in case you are not yet using AMQProxy). We strongly advise to install & run AMQProxy (follow this guide) after that you will also need to update the .env file by changing the MESSENGER_TRANSPORT_DSN.
   You will need to update the default RabbitMQ port (5672) to the AMQProxy port of 5673 (keep the rest of the MESSENGER_TRANSPORT_DSN the same, only change the port number).
   In case you have AMQProxy configured and made your changes to the .env file, always remember to run: ./bin/post-upgrade command (which will also execute composer dump-env prod for you).
3. The set_permission command was not correctly documented, please run the following command: sudo rabbitmqctl set_permissions -p / mbin ".*" ".*" ".*" (change mbin to kbin user in case you your rabbitmq user is called kbin).
   Then monitor your messenger logs and if you still experience "channel error: 404" or "message: NOT_FOUND" errors on one or more queues (you will see errors messages if that is the case every ~10 minutes), we recommend removing that queue manually (eg. via the RabbitMQ Web interface). Mbin will then automatically recreate the missing queue with the correct permissions again.
4. We also changed some php.ini configurations, by mainly increasing the memory_limit to 512MB. If you have sufficient RAM available, you can decide to increase the memory limit if you wish (this limit is per child). Again, this is optional but can be part of better fine-tuning of your server, which heavily depends on your server resources.
5. We also updated the Setup Supervisor section of the documentation. You can save storage and reduce disk I/O by adding stdout_logfile=NONE and redirect_stderr=true to your supervisor messenger-worker.conf file. Because most of the messages will be logged to the Mbin production log as well.
6. Finally, we renamed MAX_IMAGE_BYTES to MBIN_MAX_IMAGE_BYTES in the .env configuration. Please rename the variable as well in case you use it.

Bare metal Instructions

1. Login as the mbin/kbin user: su mbin
2. Go to your repo cd /var/www/mbin
3. Get the new release: git fetch && git checkout v1.9.0-rc2
4. Run the update script: bash bin/post-upgrade.
5. Run exit so we are back at the root user (or put a sudo in front of every command)
6. Clear your opcache by reloading php fpm systemctl restart php8.4-fpm (or for PHP 8.3: systemctl restart php8.3-fpm)
7. Restart the messengers: supervisorctl restart messenger:*

What's Changed

• Fix A logged in user is required to resolve the authorization request (500 error) by @melroy89 in #1839
• Use repository-dispatch to dispatch update-docs event to mbin-docs repo by @melroy89 in #1838
• Fix null exception in ban notification by @BentiGorlich in #1848
• Explain how to disable the log files of supervisor jobs by @melroy89 in #1849
• Small fixes bare metal docs by @melroy89 in #1855
• Fix some problems with the emoji and mention autocomplete by @BentiGorlich in #1853
• Translations update from Hosted Weblate by @weblate in #1854
• Small doc fixes in nginx by @melroy89 in #1857
• Improve Performance in the ContentRepository by @BentiGorlich in #1863
• Add magazine followers in cc of Announce activities by @BentiGorlich in #1851
• Use the NativeQueryAdapter instead of fetching everything by @BentiGorlich in #1864
• Fix Undefined array key "path" by @melroy89 in #1866
• WebFingerParameters::getParams(): use !empty() instead of isset() by @blued-gear in #1867
• Add a user setting for the content being displayed by default by @BentiGorlich in #1852
• Translations update from Hosted Weblate by @weblate in #1865
• Improve English default view by @melroy89 in #1870
• Fix z5 focus issue with more button by @melroy89 in #1871
• Add missing new variables to devcontainer by @melroy89 in #1872
• Docs: comment-out options in messenger (for developers) by @melroy89 in #1874
• Increase shared memory size postgresql container by @melroy89 in #1876
• Translations update from Hosted Weblate by @weblate in #1875
• Translations update from Hosted Weblate by @weblate in #1877
• Add user admin panel to more then just the overview.html page by @melroy89 in #1879
• Add 2 settings for the sidebar sections + give performance warning about the random section + fix max_image_bytes by @melroy89 in #1878
• Translations update from Hosted Weblate by @weblate in #1880
• Translations update from Hosted Weblate by @weblate in #1882
• Use the SI standard for getMaxImageByteString by @melroy89 in #1881
• Fix broken combined (homepage) + Fix API endpoints by @melroy89 in #1883
• Translations update from Hosted Weblate by @weblate in #1887
• docs(contributor): contributors readme action update by @github-actions[bot] in #1889
• Translations update from Hosted Weblate by @weblate in #1890
• Add missing migration for front_default_content DB enum by @melroy89 in #1891
• update Devcontainer Docs to use Postgres 18 by @blued-gear in #1893
• icon for url threads by @blued-gear in #1894
• Improve ban notifications by @BentiGorlich in #1850
• 2nd attempt at fixing the notifications from other users by @BentiGorlich in #1856
• Improve performance of the main content query by @BentiGorlich in #1892
• Adapt the AP presentation of an entry with a URL and an image by @BentiGorlich in #1862
• Prepare for RC2 by @melroy89 in #1895

Full Changelog: v1.9.0-rc1...v1.9.0-rc2