First release candidate for GoToSocial v0.19.0! Woah! Hey now!
Please read the migration notes carefully for instructions on how to upgrade to this version. This version contains several database migrations so you will need to be patient when upgrading, and backup your database first!!
Release highlights
- OAuth token scope enforcement: Token scopes (
read,writeetc) now actually do stuff! So we removed the big "scopes don't do stuff!" warning in the docs. The enforced scopes match the Mastodon API token scopes, so there shouldn't be any surprises for bot owners / app developers.
See https://docs.gotosocial.org/en/latest/api/swagger/ for more info. - Token review / invalidation: You can now review and invalidate tokens issued for your account in the settings panel, to help keep your account secure.
Docs: https://docs.gotosocial.org/en/latest/user_guide/settings/#access-tokens - Create and manage applications in the settings panel: Handy for people who want to run bots and applications with GoToSocial!
Docs: https://docs.gotosocial.org/en/latest/user_guide/settings/#applications - Gallery-style profile layout option: You can now choose to lay out the web view of your profile in a 'gram style gallery. Good for people who mostly post media and want to put that at the forefront.
Docs: https://docs.gotosocial.org/en/latest/user_guide/settings/#select-layout - Support for two-factor authentication (aka 2FA): If your instance isn't configured to use an OIDC provider, you can now secure your account with 2FA via a QR code and an authenticator app. When logging in with 2FA enabled, you will have to provide a time-based one-time password. Security!
Docs: https://docs.gotosocial.org/en/latest/user_guide/settings/#two-factor-authentication - Lots of web view tweaks including nicer media rendering on chrome, proper blurhash support, much better support for keyboard-based page navigation, wider font support for different scripts, and more.
Migration notes
Upgrading
To upgrade to v0.19.0-rc1 from a previous release:
Binary/tar
- Stop GoToSocial.
- Back up your database! If you're running on SQLite, this is as simple as copying your
sqlite.dbfile, eg.,cp sqlite.db sqlite.db.backup. - Download and untar the new release, including the web assets and html templates.
- Edit your config.yaml file if necessary (see below).
- Start GoToSocial.
- Wait patiently for any migrations to run, do not interrupt migrations or you could leave your db in a broken state and will have to restore from backup!
- Enjoy your updated instance.
Docker
- Stop GoToSocial.
- Back up your database! If you're running on SQLite, this is as simple as copying your
sqlite.dbfile, eg.,cp sqlite.db sqlite.db.backup. - Pull the new docker container (
superseriousbusiness/gotosocial:0.19.0-rc1orsuperseriousbusiness/gotosocial:latest) - Edit your config.yaml file or environment variables if necessary (see below).
- Start GoToSocial.
- Wait patiently for any migrations to run, do not interrupt migrations or you could leave your db in a broken state and will have to restore from backup!
- Enjoy your updated instance.
config.yaml
No changes since 0.18.3.
Database Migrations
⚠️⚠️⚠️
This release contains database migrations which will run the first time you start up this new version.
Be sure not to interrupt this migration process.
This will take anywhere between a couple seconds and ten minutes or more (on slower hardware).
Please be patient!
⚠️⚠️⚠️
Which release archive/container should I use?
GoToSocial releases binary builds for 64-bit Linux, FreeBSD, and NetBSD operating systems. We also release Docker builds for 64-bit Linux.
| OS | Architecture | Support level | Binary archive | Docker |
|---|---|---|---|---|
| Linux | x86-64/AMD64 (64-bit) | 🟢 Full | linux_amd64.tar.gz | superseriousbusiness/gotosocial:0.19.0-rc1
|
| Linux | Armv8/ARM64 (64-bit) | 🟢 Full | linux_arm64.tar.gz | superseriousbusiness/gotosocial:0.19.0-rc1
|
| FreeBSD | x86-64/AMD64 (64-bit) | 🟢 Full | freebsd_amd64.tar.gz | Not provided |
| FreeBSD | Armv8/ARM64 (64-bit) | 🟢 Full | freebsd_arm64.tar.gz | Not provided |
| NetBSD | x86-64/AMD64 (64-bit) | 🟢 Full | netbsd_amd64.tar.gz | Not provided |
| NetBSD | Armv8/ARM64 (64-bit) | 🟢 Full | netbsd_arm64.tar.gz | Not provided |
nowasm
For your convenience, we also provide UNSUPPORTED, EXPERIMENTAL BUILDS, created using the nowasm tag, in the downloads list below. There is no Docker build for nowasm.
GoToSocial releases built with nowasm use the Go-native, modernc version of SQLite instead of the WASM one, and will use on-system ffmpeg and ffprobe binaries for media processing.
Using a nowasm build is currently the only way to run GoToSocial on a 32-bit system.
For more information on running a nowasm build, see the nowasm documentation page.
Changelog
Features and performance
- eb72024: [feature] Enforce OAuth token scopes (#3835) (@tsmethurst)
- 4686217: [feature] Added an extra CSS class name to the About This Instance and Register an Account sections in the root index template to allow for easier targeting with custom CSS. (#3843) (@VirtualWolf)
- 0118e03: [feature] Implement CSV import for mutes (#3696) (@xvello)
- b4bb972: [feature/frontend] use localized time string in status & poll info page (#3821) (@cdn0x12)
- e78e817: [feature] add microformat support (#3848) (@AnInternetTroll)
- 1b37944: [feature] Refactor tokens, allow multiple app redirect_uris (#3849) (@tsmethurst)
- 829143d: [feature] Add token review / delete to backend + settings panel (#3845) (@tsmethurst)
- d8113c1: [feature] Parse content warning to HTML, serialize via client API as plaintext (#3876) (@tsmethurst)
- 0c72282: [performance] Optimize local timeline + local status count queries (#3892) (@tsmethurst)
- d3c3d34: [feature/frontend] Add visibility icon for posts (#3908) (@tsmethurst)
- d5847e2: [feature] Application creation + management via API + settings panel (#3906) (@tsmethurst)
- 59aac29: [performance] reindex public timeline + tinker with query a bit (#3918) (@tsmethurst)
- 27171a7: [feature] Parse funkwhale
Albumas Statusable to allow barebones interacting with bandwagon (#3931) (@tsmethurst) - b6e481d: [feature] Allow user to choose "gallery" style layout for web view of profile (#3917) (@tsmethurst)
- 3949117: [feature] Use blurhashes in frontend, tidy up gallery view a bit (#3948) (@tsmethurst)
- b184432: [feature] Allow editing domain blocks/allows, fix comment import (#3967) (@tsmethurst)
- 650be1e: [feature] Allow deleting avatar + header via settings panel (#3970) (@tsmethurst)
- 365b575: [feature] add TOTP two-factor authentication (2FA) (#3960) (@tsmethurst)
- e032c95: [feature] Implement /oauth/revoke for token revocation (#3983) (@tsmethurst)
- 6ff0d33: [feature/frontend] Add visibility icon for posts (#4005) (@tsmethurst)
Bug fixes
- 24da574: [bugfix] fix refreshed additional media info being ignored (#3867) (@NyaaaWhatsUpDoc)
- ab7ec43: [bugfix] Fix app migration (#3868) (@tsmethurst)
- 69461c4: [bugfix] Return useful err on
server startfailure (#3879) (@tsmethurst) - 424f62d: [bugfix] Store and expose status content type (#3870) (@ewwwin)
- 35e94c8: [bugfix] Fix
length for type varchar must be at least 1on Postgres (#3885) (@tsmethurst) - 0c49d5a: [bugfix] Fix panic when opening instance actor in web view (#3898) (@tsmethurst)
- 657e064: [bugfix] Avoid nil ptr if maintenance router can't be started (#3919) (@tsmethurst)
- cecb1fd: [bugfix] Fix set obfuscate = null error in adoptPerm (#3922) (@tsmethurst)
- 57c5f68: [bugfix] Fix update users query in migration (#3963) (@tsmethurst)
- 6473886: [bugfix] Fix Atkinson Hyperlegible font embedding on Ecks Pee theme. (#3964) (@kvibber)
- e263d23: [bugfix] Change email
Dateheader to use RFC2822 (#3972) (@tsmethurst) - 6f24205: [bugfix] Don't assume
"manuallyApprovesFollowers": trueif not set (#3978) (@tsmethurst) - 19cfa8d: [bugfix] Fix a couple accessibility issues with
:focuselements (#3979) (@tsmethurst) - c8a780e: [bugfix] Fix setting bot on/off (#3986) (@tsmethurst)
- 36758ea: [bugfix] media v2 endpoint fix unset url (#4008) (@NyaaaWhatsUpDoc)
- f5ce219: [bugfix] websocket header token not always returned (#4009) (@NyaaaWhatsUpDoc)
- b510f3c: [bugfix/frontend] Fix photoswipe layout issues, keyboard shortcuts (#4010) (@tsmethurst)
Chores & version bumps
- d8f96f8: [chore] Fix typo in common.tsx (#3834) (@PrivacyDragon)
- d2cf9de: [chore]: Bump github.com/tetratelabs/wazero from 1.8.2 to 1.9.0 (#3827) (@dependabot[bot])
- e1ec904: [chore]: Bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#3826) (@dependabot[bot])
- f734a94: [chore]: Bump golang.org/x/crypto from 0.33.0 to 0.34.0 (#3824) (@dependabot[bot])
- 8bc502b: [chore] Update KimMachineGun/automemlimit (#3841) (@tsmethurst)
- 1f38b7b: [chore] Remove duplicate swagger docs build in Dockerfile (#3842) (@tsmethurst)
- a7485ae: [chore]: Bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 (#3831) (@dependabot[bot])
- 4c9901f: [chore] little frontend tweaks (#3852) (@tsmethurst)
- e2e185d: [chore] github.com/superseriousbusiness/activity -> codeberg.org/superseriousbusiness/activity (#3853) (@tsmethurst)
- 5d0e3d9: [chore] github.com/superseriousbusiness/httpsig -> codeberg.org/superseriousbusiness/httpsig (#3854) (@tsmethurst)
- d8bb1c3: [chore] Update exif terminator version with codeberg libraries (#3855) (@tsmethurst)
- 49c1263: [chore] go-swagger -> codeberg (#3856) (@tsmethurst)
- 8488ac9: [chore] migrate oauth2 -> codeberg (#3857) (@tsmethurst)
- 0e2e8e5: [chore]: Bump github.com/ncruces/go-sqlite3 from 0.23.0 to 0.24.0 (#3862) (@dependabot[bot])
- ddd9210: [chore]: Bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 (#3860) (@dependabot[bot])
- ee60732: [chore] fixed email template to align with the new "Log in" button + separate page (#3871) (@wolfyjade)
- 98c4cae: [chore] update links in CONTRIBUTING.md (#3881) (@cdn0x12)
- 719c925: [chore]: Bump golang.org/x/crypto from 0.35.0 to 0.36.0 (#3887) (@dependabot[bot])
- 85e17b3: [chore]: Bump github.com/prometheus/client_golang from 1.21.0 to 1.21.1 (#3890) (@dependabot[bot])
- 252a17a: [chore]: Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#3888) (@dependabot[bot])
- 95f88e5: [chore] add warning message when wazero compiler not supported (#3894) (@NyaaaWhatsUpDoc)
- da462af: [chore]: Bump golang.org/x/net from 0.35.0 to 0.36.0 (#3905) (@dependabot[bot])
- 85ee7cc: [chore] Tweak "nothing here!" message (#3907) (@tsmethurst)
- 808031c: [chore] Add extra
org.opencontainers.imagelabels to docker build (#3930) (@tsmethurst) - a2caa5f: [chore]: Bump golang.org/x/net from 0.36.0 to 0.37.0 (#3934) (@dependabot[bot])
- 18c8f85: [chore]: Bump github.com/jackc/pgx/v5 from 5.7.2 to 5.7.3 (#3935) (@dependabot[bot])
- a844f32: [chore]: Bump github.com/miekg/dns from 1.1.63 to 1.1.64 (#3936) (@dependabot[bot])
- f7e5f31: [chore]: Bump github.com/tdewolff/minify/v2 from 2.21.3 to 2.22.3 (#3933) (@dependabot[bot])
- 4af8d1a: [chore]: Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (#3927) (@dependabot[bot])
- f46e490: [chore] bumps our spf13/viper version (#3943) (@NyaaaWhatsUpDoc)
- b087397: [chore] bump golang.org/x/net@v0.38.0, github.com/gin-contrib/cors@v1.7.4, github.com/spf13/viper@v1.20.1, github.com/tdewolff/minify/v2@v2.22.4 (#3959) (@NyaaaWhatsUpDoc)
- db4b857: [chore] bump ncruces/go-sqlite3 to v0.25.0 (#3966) (@NyaaaWhatsUpDoc)
- 8ae2440: [chore] Migrate accounts to new table, relax uniqueness constraint of actor
urland collections (#3928) (@tsmethurst) - 2cc5d62: [chore]: Bump codeberg.org/gruf/go-structr from 0.9.0 to 0.9.6 (#3973) (@dependabot[bot])
- 4232d61: [chore]: Bump codeberg.org/gruf/go-mutexes from 1.5.1 to 1.5.2 (#3976) (@dependabot[bot])
- 920e20c: [chore]: Bump golang.org/x/crypto from 0.36.0 to 0.37.0 (#3975) (@dependabot[bot])
- e0ea77b: [chore]: Bump github.com/tdewolff/minify/v2 from 2.22.4 to 2.23.0 (#3974) (@dependabot[bot])
- bce6432: [chore]: Bump github.com/minio/minio-go/v7 from 7.0.85 to 7.0.89 (#3977) (@dependabot[bot])
- b1a4d54: [chore] add IPPrefixes type so we don't need separate rate limit parsed field (#3982) (@NyaaaWhatsUpDoc)
- be9e307: [chore] render avatar in photoswipe slide, remove repeated alt text (#3985) (@tsmethurst)
- eb4114b: [chore] Fix header insets (#3987) (@tsmethurst)
- 51b9ef5: [chore]: Bump github.com/gin-contrib/gzip from 1.2.2 to 1.2.3 (#4000) (@dependabot[bot])
- 94963b0: [chore]: Bump github.com/jackc/pgx/v5 from 5.7.3 to 5.7.4 (#4002) (@dependabot[bot])
- df5d8b4: [chore]: Bump github.com/miekg/dns from 1.1.64 to 1.1.65 (#4001) (@dependabot[bot])
- f8d17a7: [chore]: Bump github.com/prometheus/client_golang from 1.21.1 to 1.22.0 (#4003) (@dependabot[bot])
- a440657: [chore] Update + add fonts for additional scripts, use locally installed font if available (#3997) (@tsmethurst)
- 5b2fe1f: [chore/performance] Reuse Intl.DateTimeFormat for formatting times (#4013) (@tsmethurst)
- 2b98432: [chore] Change "federating with" to "knows of" (#4014) (@tsmethurst)
- 0ce9bed: [chore/frontend] Fix id on recent posts/media heading (#4015) (@tsmethurst)
- 245d6db: [chore/bugfix] fix import file on click (#4016) (@tsmethurst)
- d694666: [chore] Don't push
latestDocker image on prerelease (#4017) (@tsmethurst)
Documentation
- 1c049ba: [docs] correct docker version format (#3832) (@elliotblackburn)
- 96d3915: [docs] Fix swagger operation descriptions (#3830) (@mkljczk)
- 3db5bfa: [docs/zh] update zh docs: synced to 98c4cae + fix typo (#3884) (@cdn0x12)
- 6c5d369: [docs] Update swagger docs command (#3897) (@tsmethurst)
- 85fb63f: [docs] Fix Swagger URL for the "edit status" operation (#3932) (@leonid-shevtsov)
- 0850a8f: [docs] NLnet Grant Application - NGI Zero Commons 2025 (#3954) (@tsmethurst)
- 1e59795: [docs] add instruction about postgres permission (#3981) (@heddxh)
- b51aa23: [docs] add a command to know if the system is compatible with the standard builds (#3980) (@OniriCorpe)
- c803620: [docs] Remind the user that password resets don't work without restarting. (#3998) (@technomancy)
Other
- d73acc7: Document importing posts (#3844) (@VyrCossont)
- 861b5cd: bump our fork of modernc.org/sqlite to tag v1.36.0-concurrency-workaround (#3864) (@NyaaaWhatsUpDoc)
- 67a2b36: bumps our uptrace/bun dependencies to v1.2.10 (#3865) (@NyaaaWhatsUpDoc)
- c80810e: bumps go-ffmpreg to v0.6.6 (#3866) (@NyaaaWhatsUpDoc)
- bad12a6: bumps our uptrace/bun dependencies to v1.2.11 (#3895) (@NyaaaWhatsUpDoc)
- f30bb54: update go-structr to v0.9.0 with new Timeline{} cache type (#3903) (@NyaaaWhatsUpDoc)
- daf60f6: Bump @babel/helpers from 7.23.1 to 7.26.10 in /web/source (#3901) (@dependabot[bot])
- e7b4690: bumps modernc.org/sqlite to v1.36.1-concurrency-workaround (#3926) (@NyaaaWhatsUpDoc)
- 1bf40e7: feat: Relax URL matching (#3925) (@daenney)
- d49abd7: bump modernc.org/sqlite to v1.36.2-concurrency-workaround (#3945) (@NyaaaWhatsUpDoc)
- 13e7ac3: bump ffmpreg to v0.6.7 (#3947) (@NyaaaWhatsUpDoc)
- 9c31e21: add a security.md stub, until (if) we determine a fancier security process :waves hands like a ghost: (#3955) (@NyaaaWhatsUpDoc)
- fdf23a9: update modernc.org/sqlite to v1.37.0-concurrrency-workaround (#3958) (@NyaaaWhatsUpDoc)
- a07ca92: don't panic on non-fully populated status edits, it may not always be possible (#4006) (@NyaaaWhatsUpDoc)
- 67fc1fd: ensure 'none' gets included in serializable visibilities (#4007) (@NyaaaWhatsUpDoc)