mastodon/mastodon v3.3.0rc1

on GitHub

Note: This is a release candidate. It is intended to be stable, but not guaranteed.

Changelog

Added

• Add hotkeys for audio/video control in web UI (Gargron, Gargron)
  • Space and k to toggle playback
  • m to toggle mute
  • f to toggle fullscreen
  • j and l to go back and forward by 10 seconds
  • . and , to go back and forward by a frame (video only)
• Add expand/compress button on media modal in web UI (mashirozx, mashirozx, mashirozx)
• Add border around 🕺 emoji in web UI (ThibG)
• Add border around 🐞 emoji in web UI (ThibG)
• Add home link to the getting started column when home isn't mounted (ThibG)
• Add option to disable swiping motions across the web UI (ThibG)
• Add pop-out player for audio/video in web UI (Gargron, Gargron, Gargron)
  • Continue watching/listening when you scroll away
  • Action bar to interact with/open toot from the pop-out player
• Add unread notification markers in web UI (ThibG, ThibG, ThibG, noellabo, noellabo)
• Add paragraph about browser add-ons when encountering errors in web UI (ThibG)
• Add import and export for bookmarks (ThibG)
• Add cache buster feature for media files (Gargron)
  • If you have a proxy cache in front of object storage, deleted files will persist until the cache expires
  • If enabled, cache buster will make a special request to the proxy to signal a cache reset
• Add duration option to the mute function (aquarla)
• Add replies policy option to the list function (ThibG)
• Add og:published_time OpenGraph tags on toots (nornagon)
• Add option to be notified when a followed user posts (Gargron, ThibG, Gargron)
  • If you don't want to miss a toot, click the bell button!
• Add client-side validation in password change forms (ThibG)
• Add client-side validation in the registration form (ThibG, ThibG)
• Add support for Gemini URLs (joshleeb)
• Add WebAuthn as an alternative 2FA method (santiagorodriguez96, jiikko)
• Add icon for mutual relationships in relationship manager (noellabo)
• Add follow selected followers button in relationship manager (noellabo)
• Add subresource integrity for JS and CSS assets (Gargron)
  • If you use a CDN for static assets (JavaScript, CSS, and so on), you have to trust that the CDN does not modify the assets maliciously
  • Subresource integrity compares server-generated asset digests with what's actually served from the CDN and prevents such attacks
• Add ku, sa, sc, zgh to available locales (ykzts)
• Add ability to force an account to mark media as sensitive (noellabo)
• Add ability to block access or limit sign-ups from chosen IPs (Gargron)
  • Add rules for IPs or CIDR ranges that automatically expire after a configurable amount of time
  • Choose the severity of the rule, either blocking all access or merely limiting sign-ups
• Add support for reversible suspensions through ActivityPub (Gargron)
  • Servers can signal that one of their accounts has been suspended
  • During suspension, the account can only delete its own content
  • A reversal of the suspension can be signalled the same way
  • A local suspension always overrides a remote one
• Add ActivityPub follower synchronization mechanism (ThibG, ThibG)
• Add outbox attribute to instance actor (ThibG)
• Add featured hashtags as an ActivityPub collection (Gargron)
• Add support for dereferencing objects through bearcaps (Gargron, noellabo)
• Add S3_READ_TIMEOUT environment variable (tateisu)
• Add ALLOWED_PRIVATE_ADDRESSES environment variable (ThibG)
• Add --fix-permissions option to tootctl media remove-orphans (Gargron, uist1idrju3i)
• Add tootctl accounts merge (Gargron)
  • Has someone changed their domain or subdomain thereby creating two accounts where there should be one?
  • This command will fix it on your end
• Add tootctl maintenance fix-duplicates (ThibG, Gargron)
  • Index corruption in the database?
  • This command is for you
• Add support for managing multiple stream subscriptions in a single connection (Gargron, Gargron, mfmfuyu, zunda)
  • Previously, getting live updates for multiple timelines required opening a HTTP or WebSocket connection for each
  • More connections means more resource consumption on both ends, not to mention the (ever so slight) delay when establishing a new connection
  • Now, with just a single WebSocket connection you can subscribe and unsubscribe to and from multiple streams
• Add support for limiting results by both min_id and max_id at the same time in REST API (tateisu)
• Add GET /api/v1/accounts/:id/featured_tags to REST API (noellabo)
• Add optional tootctl remove media cronjob in Helm chart (dunn)

Changed

• Change media modals look in web UI (Gargron, Gargron)
  • Background of the overlay matches the color of the image
  • Action bar to interact with or open the toot from the modal
• Change order of announcements in admin UI to be newest-first (ThibG)
• Change account suspensions to be reversible by default (Gargron, ThibG, ThibG, ThibG, ThibG, noellabo)
  • Suspensions no longer equal deletions
  • A suspended account can be unsuspended with minimal consequences for 30 days
  • Immediate deletion of data is still available as an explicit option
  • Suspended accounts can request an archive of their data through the UI
• Change REST API to return empty data for suspended accounts (Gargron)
• Change web UI to show empty profile for suspended accounts (Gargron)
• Change featured hashtag suggestions to be recently used instead of most used (abcang)
• Change direct toots to appear in the home feed again (Gargron, ThibG, noellabo)
  • Return to treating all toots the same instead of trying to retrofit direct visibility into an instant messaging model
• Change email address validation to return more specific errors (ThibG)
• Change HTTP signature requirements to include Digest header on POST requests (ThibG)
• Change click area of video/audio player buttons to be bigger in web UI (ariasuni)
• Change order of filters by alphabetic by "keyword or phrase" (ariasuni)
• Change suspension of remote accounts to also undo outgoing follows (ThibG)
• Change string "Home" to "Home and lists" in the filter creation screen (ariasuni)
• Change string "Boost to original audience" to "Boost with original visibility" in web UI (3n-k1)
• Change string "Show more" to "Show newer" and "Show older" on public pages (ariasuni)
• Change order of announcements to be reverse chronological in web UI (dariusk, dariusk)
• Change visibility icon next to timestamp to be clickable in web UI (ariasuni, mayaeh)

Removed

• Remove fade-in animation from modals in web UI (Gargron)
• Remove auto-redirect to direct messages in web UI (Gargron)
• Remove obsolete IndexedDB operations from web UI (Gargron)
• Remove dependency on unused and unmaintained http_parser.rb gem (ThibG)

Fixed

• Fix deletes not reaching every server that interacted with toot (Gargron)
  • Previously, delete of a toot would be primarily sent to the followers of its author, people mentioned in the toot, and people who reblogged the toot
  • Now, additionally, it is ensured that it is sent to people who replied to it, favourited it, and to the person it replies to even if that person is not mentioned
• Fix resolving an account through its non-canonical form (i.e. alternate domain) (ThibG)
• Fix sending redundant ActivityPub events when processing remote account deletion (ThibG)
• Fix Move handler not being triggered when failing to fetch target account (ThibG)
• Fix downloading remote media files when server returns empty filename (ThibG)
• Fix account processing failing because of large collections (ThibG)
• Fix not being able to unfavorite toots one has lost access to (ThibG)
• Fix not being able to unbookmark toots one has lost access to (ThibG)
• Fix possible casing inconsistencies in hashtag search (ThibG)
• Fix updating account counters when association is not yet created (Gargron)
• Fix cookies not having a SameSite attribute (Gargron)
• Fix poll ending notifications being created for each vote (ThibG)
• Fix multiple boosts of a same toot erroneously appearing in TL (ThibG)
• Fix asset builds not picking up CDN_HOST change (ThibG)
• Fix desktop notifications permission prompt in web UI (Gargron, Gargron, ThibG)
  • Some time ago, browsers added a requirement that desktop notification prompts could only be displayed in response to a user-generated event (such as a click)
  • This means that for some time, users who haven't already given the permission before were not getting a prompt and as such were not receiving desktop notifications
• Fix "Mark media as sensitive" string not supporting pluralizations in other languages in web UI (ariasuni)
• Fix glitched image uploads when canvas read access is blocked in web UI (ThibG)
• Fix some account gallery items having empty labels in web UI (ThibG)
• Fix alt-key hotkeys activating while typing in a text field in web UI (ThibG)
• Fix wrong seek bar width on media player in web UI (mfmfuyu)
• Fix logging out on mobile in web UI (ThibG)
• Fix wrong click area for GIFVs in media modal in web UI (noellabo)
• Fix unreadable placeholder text color in high contrast theme in web UI (Gargron)
• Fix scrolling issues when closing some dropdown menus in web UI (ThibG)
• Fix notification filter bar incorrectly filtering gaps in web UI (ThibG)
• Fix disabled boost icon being replaced by private boost icon on hover in web UI (ThibG)
• Fix hashtag detection in compose form being different to server-side in web UI (kedamaDQ, ThibG)
• Fix home last read marker mishandling gaps in web UI (ThibG)
• Fix inefficiency when fetching hashtag timeline (noellabo, akihikodaki)
• Fix inefficiency when fetching bookmarks (akihikodaki)
• Fix inefficiency when fetching favourites (akihikodaki)
• Fix inefficiency when fetching media-only account timeline (akihikodaki)
• Fix redundant query when processing batch actions on custom emojis (niwatori24)
• Fix PostgreSQL secret name for cronjob in Helm chart (metal3d)
• Fix Procfile not being compatible with herokuish (acuteaura)
• Fix installation of tini being split into multiple steps in Dockerfile (ryncsn)

Security

• Fix streaming API allowing connections to persist after access token invalidation (Gargron)
• Fix 2FA/sign-in token sessions being valid after password change (Gargron)

Upgrade notes

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Non-Docker only:

• The recommended Ruby version has been bumped to 2.7.2. You can upgrade, or you can continue using the old version by overwriting the .ruby-version file with e.g. 2.6.6 which was recommended previously
• Install dependencies: bundle install and yarn install

Both Docker and non-Docker:

1. Run the pre-deployment database migrations by specifying the SKIP_POST_DEPLOYMENT_MIGRATIONS=true environment variable:
   • Non-Docker: SKIP_POST_DEPLOYMENT_MIGRATIONS=true RAILS_ENV=production bundle exec rails db:migrate
   • Docker: docker-compose run --rm -e SKIP_POST_DEPLOYMENT_MIGRATIONS=true web rails db:migrate
2. Precompile the assets:
   • Non-Docker: RAILS_ENV=production bundle exec rails assets:precompile
   • Docker: The assets are already precompiled during the build step
3. Restart all Mastodon processes
4. Clear cache:
   • Non-Docker: RAILS_ENV=production bin/tootctl cache clear
   • Docker: docker-compose run --rm web bin/tootctl cache clear
5. Now that the new code is running, we can finish the database migrations. This will run the post-deployment ones:
   • Non-Docker: RAILS_ENV=production bundle exec rails db:migrate
   • Docker: docker-compose run --rm web rails db:migrate
6. Restart all Mastodon processes

Translators

TBA