github bookwyrm-social/bookwyrm v0.8.0
on GitHub

one day ago

Important

This update includes important security fixes.

User exports and imports

User import and export files will now both be saved to /exports in local storage by default. Import files will be deleted once the import is completed.

Instance administrators should manually check your images directory (local and S3 storage) for any user export files (ending in .gz). These should be deleted as a matter of priority as they are publicly available. You are also strongly encouraged to delete any files in S3 exports directories, especially is you are using Backblaze (B2) or Cloudflare (R2) S3-compatible storage as your bucket may be unsecured.

If you wish to use S3 storage for export files instead of local storage, you must set the following values in your .env file:

  • USE_S3_FOR_EXPORTS=true
  • EXPORTS_S3_CUSTOM_DOMAIN
  • EXPORTS_STORAGE_BUCKET_NAME

The following new .env values for are optional, and will default to the equivalent S3 env values if not set:

  • EXPORTS_ACCESS_KEY_ID
  • EXPORTS_SECRET_ACCESS_KEY
  • EXPORTS_S3_REGION_NAME
  • EXPORTS_S3_ENDPOINT_URL

Important

This update changes default values

The default file upload limit is now 100MiB. This can be changed by defining MAX_UPLOAD_MiB in .env, as a number representing mebibytes. This may change again in future after enough time is provided for legacy user export files to be imported to new instances.

User import and export files now default to save to /exports in local storage. If you wish to use S3 storage for user import/export files instead of local storage, you must set USE_S3_FOR_EXPORTS=truein your .env file.

Warning

This version has new minimum versions for dependencies

Postgres version

The minimum Postgres version is now 14 (17 preferred). Follow the BookWyrm upgrade instructions below to ensure a smooth migration.

Django version

The Django version is now 5.2.

Environment variables

New env variables

  • NGINX_SETUP - this actually changed in 0.7.5 but was not mentioned in the release notes. Possible values are reverse-proxy or https. If not set, defaults to https. If you are using a reverse-proxy or working in a development environment (including when using localhost), set this to reverse-proxy.

Changes and deprecations to env values

  • USE_HTTPS is no longer used. HTTPS will now always be assumed unless DOMAIN=localhost. This ensures that it is not possible to run in production on the http protocol. If you were previously running in production with USE_HTTPS set to False (or not set at all) you may have some user and object IDs with http URLs. You should ensure that you have http to https forwarding in place for your IDs work correctly.
  • DEBUG now defaults to false rather than true. This makes production installs more secure by default, but may require adjustment for existing development environments.
  • If not set, PORT will now default to 443 unless DOMAIN is localhost, in which case it will default to 80. This is different to previous behaviour, where if unset, PORT was 1333.

Upgrading to BookWyrm v0.8.0

All environments

  • ALWAYS BACK UP YOUR DATABASE BEFORE UPGRADING and ideally know how you can restore it if something goes wrong.
  • Check the environment variables you have set in .env against the notes above, and make any necessary changes

Docker

  • You will need to stop your containers in order to upgrade: docker compose down
  • Upgrade postgres to version 17: ./bw-dev upgrade_db_version
  • Upgrade BookWyrm: ./bw-dev update (NOTE: if you have previously commented out the docker-compose build stage you must uncomment this first in order to correctly rebuild with Django 5.2)

Non-docker

What's Changed

‼️ Breaking Changes & New Settings ⚙️

Updated Dependencies 🧸

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

Full Changelog: v0.7.5...v0.8.0

Check out latest releases or
releases around bookwyrm-social/bookwyrm v0.8.0

Don't miss a new bookwyrm release

NewReleases is sending notifications on new releases.

Get notifications