mirror of
https://github.com/lunaisnotaboy/mastodon.git
synced 2024-12-22 13:17:13 +00:00
50 KiB
50 KiB
Changelog
All notable changes to this project will be documented in this file.
[Unreleased]
Added
- Add polls (Gargron, ThibG, Gargron, ThibG, Gargron, ThibG, ThibG, Gargron, Gargron, Gargron, Gargron,Gargron, Gargron, Gargron, ThibG, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, ThibG, rinsuki, Gargron, Gargron, Gargron, Gargron, ThibG, Gargron, ThibG, ThibG, ThibG, ThibG, ThibG, ThibG, ThibG, ThibG, Gargron, Gargron, ThibG, ThibG, Gargron, ThibG, ThibG)
- Add follows & followers managing UI (Gargron, Gargron, Gargron, Gargron)
- Add identity proof integration with Keybase (Gargron, xgess, Gargron, Gargron, Gargron)
- Add option to overwrite imported data instead of merging (Gargron)
- Add featured hashtags to profiles (Gargron, Gargron, Gargron, ThibG)
- Add admission-based registrations mode (Gargron, ThibG, Gargron, ThibG, Gargron, Gargron)
- Add support for WebP uploads (acid-chicken)
- Add "copy link" item to status action bars in web UI (Gargron)
- Add list title editing in web UI (ThibG)
- Add a "Block & Report" button to the block confirmation dialog in web UI (ThibG)
- Add disappointed elephant when the page crashes in web UI (Gargron)
- Add ability to upload multiple files at once in web UI (tmm576)
- Add indication when you are not allowed to follow an account in web UI (Gargron, Gargron)
- Add validations to admin settings to catch common mistakes (Gargron, ThibG)
- Add
type
,limit
,offset
,min_id
,max_id
,account_id
to search API (Gargron) - Add a preferences API so apps can share basic behaviours (Gargron)
- Add
visibility
param to reblog REST API (Gargron, ThibG) - Add
allowfullscreen
attribute to OEmbed iframe (rinsuki) - Add
blocked_by
relationship to the REST API (Gargron) - Add
tootctl statuses remove
to sweep unreferenced statuses (Gargron) - Add
tootctl search deploy
to avoid ugly rake task syntax (Gargron) - Add
tootctl self-destruct
to shut down server gracefully (Gargron) - Add option to hide application used to toot (ThibG, rinsuki, hinaloe)
- Add
DB_SSLMODE
configuration variable (sascha-sl) - Add click-to-copy UI to invites page (Gargron)
- Add self-replies fetching (ThibG, ThibG, ThibG, ThibG)
- Add rate limit for media proxy requests (Gargron)
- Add
tootctl emoji purge
(Gargron) - Add
tootctl accounts approve
(Gargron) - Add
tootctl accounts reset-relationships
(noellabo)
Changed
- Change design of landing page (Gargron, Gargron, ThibG, ThibG, koyuawsmbrtn, Gargron)
- Change design of profile column in web UI (Gargron, Aditoo17, ThibG, mayaeh, ThibG)
- Change language detector threshold from 140 characters to 4 words (Gargron)
- Change language detector to always kick in for non-latin alphabets (Gargron)
- Change icons of features on admin dashboard (Gargron)
- Change DNS timeouts from 1s to 5s (ThibG)
- Change Docker image to use Ubuntu with jemalloc (Sir-Boops, BenLubar)
- Change public pages to be cacheable by proxies (BenLubar)
- Change the 410 gone response for suspended accounts to be cacheable by proxies (ThibG)
- Change web UI to not not empty timeline of blocked users on block (ThibG)
- Change JSON serializer to remove unused
@context
values (Gargron) - Change GIFV file size limit to be the same as for other videos (rinsuki)
- Change Webpack to not use @babel/preset-env to compile node_modules (ykzts)
- Change web UI to use new Web Share Target API (gol-cha)
- Change ActivityPub reports to have persistent URIs (ThibG)
- Change
tootctl accounts cull --dry-run
to list accounts that would be deleted (BenLubar) - Change format of CSV exports of follows and mutes to include extra settings (ThibG, ThibG)
- Change ActivityPub collections to be cacheable by proxies (ThibG)
- Change REST API and public profiles to not return follows/followers for users that have blocked you (Gargron)
Removed
- Remove zopfli compression to speed up Webpack from 6min to 1min (nolanlawson)
- Remove stats.json generation to speed up Webpack (nolanlawson)
Fixed
- Fix public timelines being broken by new toots when they are not mounted in web UI (Gargron)
- Fix quick filter settings not being saved when selecting a different filter in web UI (ThibG)
- Fix remote interaction dialogs being indexed by search engines (Gargron)
- Fix maxed-out invites not showing up as expired in UI (Gargron)
- Fix scrollbar styles on compose textarea (Gargron)
- Fix timeline merge workers being queued for remote users (Gargron)
- Fix alternative relay support regression (Gargron)
- Fix trying to fetch keys of unknown accounts on a self-delete from them (ThibG)
- Fix CAS
:service_validate_url
option (enewhuis) - Fix race conditions when creating backups (ThibG)
- Fix whitespace not being stripped out of username before validation (aurelien-reeves)
- Fix n+1 query when deleting status (Gargron)
- Fix exiting follows not being rejected when suspending a remote account (ThibG)
- Fix the underlying button element in a disabled icon button not being disabled (ThibG)
- Fix race condition when streaming out deleted statuses (ThibG)
- Fix performance of admin federation UI by caching account counts (Gargron)
- Fix JS error on pages that don't define a CSRF token (hinaloe)
- Fix
tootctl accounts cull
sometimes removing accounts that are temporarily unreachable (BenLubar)
[2.7.4] - 2019-03-05
Fixed
- Fix web UI not cleaning up notifications after block (Gargron)
- Fix redundant HTTP requests when resolving private statuses (ThibG)
- Fix performance of account media query (abcang)
- Fix mention processing for unknown accounts (ThibG)
- Fix getting started column not scrolling on short screens (trwnh)
- Fix direct messages pagination in the web UI (ThibG)
- Fix serialization of Announce activities (ThibG)
- Fix home timeline perpetually reloading when empty in web UI (Gargron)
- Fix lists export (ThibG)
- Fix edit profile page crash for suspended-then-unsuspended users (ThibG)
[2.7.3] - 2019-02-23
Added
- Add domain filter to the admin federation page (ThibG)
- Add quick link from admin account view to block/unblock instance (ThibG)
Fixed
- Fix video player width not being updated to fit container width (ThibG)
- Fix domain filter being shown in admin page when local filter is active (ThibG)
- Fix crash when conversations have no valid participants (ThibG)
- Fix error when performing admin actions on no statuses (ThibG)
Changed
- Change custom emojis to randomize stored file name (hinaloe)
[2.7.2] - 2019-02-17
Added
- Add support for IPv6 in e-mail validation (zoc)
- Add record of IP address used for signing up (ThibG)
- Add tight rate-limit for API deletions (30 per 30 minutes) (Gargron)
- Add support for embedded
Announce
objects attributed to the same actor (ThibG, Gargron) - Add spam filter for
Create
andAnnounce
activities (Gargron, Gargron, Gargron) - Add
registrations
attribute toGET /api/v1/instance
(Gargron) - Add
vapid_key
toPOST /api/v1/apps
andGET /api/v1/apps/verify_credentials
(Gargron)
Fixed
- Fix link color and add link underlines in high-contrast theme (Gargron, Gargron)
- Fix unicode characters in URLs not being linkified (JMendyk, hinaloe)
- Fix URLs linkifier grabbing ending quotation as part of the link (Gargron)
- Fix authorized applications page design (rinsuki)
- Fix custom emojis not showing up in share page emoji picker (rinsuki)
- Fix too liberal application of whitespace in toots (trwnh)
- Fix misleading e-mail hint being displayed in admin view (ThibG)
- Fix tombstones not being cleared out (abcang)
- Fix some timeline jumps (ThibG, ThibG, rinsuki)
- Fix content warning input taking keyboard focus even when hidden (hinaloe)
- Fix hashtags select styling in default and high-contrast themes (Gargron)
- Fix style regressions on landing page (Gargron)
- Fix hashtag column not subscribing to stream on mount (Gargron)
- Fix relay enabling/disabling not resetting inbox availability status (Gargron)
- Fix mutes, blocks, domain blocks and follow requests not paginating (Gargron)
- Fix crash on public hashtag pages when streaming fails (ThibG)
Changed
- Change icon for unlisted visibility level (clarcharr)
- Change queue of actor deletes from push to pull for non-follower recipients (ThibG)
- Change robots.txt to exclude media proxy URLs (nightpool)
- Change upload description input to allow line breaks (BenLubar)
- Change
dist/mastodon-streaming.service
to recommend running node without intermediary npm command (nolanlawson) - Change conversations to always show names of other participants (Gargron)
- Change buttons on timeline preview to open the interaction dialog (Gargron)
- Change error graphic to hover-to-play (Gargron)
[2.7.1] - 2019-01-28
Fixed
- Fix SSO authentication not working due to missing agreement boolean (Gargron)
- Fix slow fallback of CopyAccountStats migration setting stats to 0 (Gargron)
- Fix wrong command in migration error message (angristan)
- Fix initial value of volume slider in video player and handle volume changes (ThibG)
- Fix missing hotkeys for notifications (ThibG)
- Fix being able to attach unattached media created by other users (ThibG)
- Fix unrescued SSL error during link verification (renatolond)
- Fix Firefox scrollbar color regression (trwnh)
- Fix scheduled status with media immediately creating a status (ThibG)
- Fix missing strong style for landing page description (Kjwon15)
[2.7.0] - 2019-01-20
Added
- Add link for adding a user to a list from their profile (namelessGonbai)
- Add joining several hashtags in a single column (gdpelican)
- Add volume sliders for videos (sumdog)
- Add a tooltip explaining what a locked account is (pawelngei)
- Add preloaded cache for common JSON-LD contexts (ThibG)
- Add profile directory (Gargron)
- Add setting to not group reblogs in home feed (ThibG)
- Add admin ability to remove a user's header image (ThibG)
- Add account hashtags to ActivityPub actor JSON (Gargron)
- Add error message for avatar image that's too large (sumdog)
- Add notification quick-filter bar (pawelngei)
- Add new first-time tutorial (Gargron)
- Add moderation warnings (Gargron)
- Add emoji codepoint mappings for v11.0 (Gargron)
- Add REST API for creating an account (Gargron)
- Add support for Malayalam in language filter (tachyons)
- Add exclude_reblogs option to account statuses API (Gargron)
- Add local followers page to admin account UI (chr-1x)
- Add healthcheck commands to docker-compose.yml (BenLubar)
- Add handler for Move activity to migrate followers (Gargron)
- Add CSV export for lists and domain blocks (Gargron)
- Add
tootctl accounts follow ACCT
(Gargron) - Add scheduled statuses (Gargron)
- Add immutable caching for S3 objects (nolanlawson)
- Add cache to custom emojis API (Gargron)
- Add preview cards to non-detailed statuses on public pages (Gargron)
- Add
mod
andmoderator
to list of default reserved usernames (Gargron) - Add quick links to the admin interface in the web UI (ThibG)
- Add
tootctl domains crawl
(Gargron) - Add attachment list fallback to public pages (ThibG)
- Add
tootctl --version
(Gargron) - Add information about how to opt-in to the directory on the directory (Gargron)
- Add timeouts for S3 (Gargron)
- Add support for non-public reblogs from ActivityPub (Gargron)
- Add sending of
Reject
activity when sending aBlock
activity (ThibG)
Changed
- Temporarily pause timeline if mouse moved recently (lmorchard)
- Change the password form order (mayaeh)
- Redesign admin UI for accounts (Gargron, Gargron)
- Redesign admin UI for instances/domain blocks (Gargron)
- Swap avatar and header input fields in profile page (ThibG)
- When posting in mobile mode, go back to previous history location (ThibG)
- Split out is_changing_upload from is_submitting (ThibG)
- Back to the getting-started when pins the timeline. (kedamaDQ)
- Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (Gargron)
- Limit maximum visibility of local silenced users to unlisted (ThibG)
- Change API error message for unconfirmed accounts (noellabo)
- Change the icon to "reply-all" when it's a reply to other accounts (mayaeh)
- Do not ignore federated reports targetting already-reported accounts (ThibG)
- Upgrade default Ruby version to 2.6.0 (Gargron)
- Change e-mail digest frequency (Gargron)
- Change Docker images for Tor support in docker-compose.yml (Sir-Boops)
- Display fallback link card thumbnail when none is given (Gargron)
- Change account bio length validation to ignore mention domains and URLs (Gargron)
- Use configured contact user for "anonymous" federation activities (yukimochi)
- Change remote interaction dialog to use specific actions instead of generic "interact" (Gargron)
- Always re-fetch public key when signature verification fails to support blind key rotation (ThibG)
- Make replies to boosts impossible, connect reply to original status instead (valerauko)
- Change e-mail MX validation to check both A and MX records against blacklist (Gargron)
- Hide floating action button on search and getting started pages (tmm576)
- Redesign public hashtag page to use a masonry layout (Gargron)
- Use
summary
as summary instead of content warning for converted ActivityPub objects (Gargron) - Display a double reply arrow on public pages for toots that are replies (ThibG)
- Change admin UI right panel size to be wider (Kjwon15)
Removed
- Remove links to bridge.joinmastodon.org (non-functional) (Gargron)
- Remove LD-Signatures from activities that do not need them (ThibG)
Fixed
- Remove unused computation of reblog references from updateTimeline (ThibG)
- Fix loaded embeds resetting if a status arrives from API again (ThibG)
- Fix race condition causing shallow status with only a "favourited" attribute (ThibG)
- Remove intermediary arrays when creating hash maps from results (Gargron)
- Extract counters from accounts table to account_stats table to improve performance (Gargron)
- Change identities id column to a bigint (Gargron)
- Fix conversations API pagination (ThibG)
- Improve account suspension speed and completeness (Gargron)
- Fix thread depth computation in statuses_controller (ThibG)
- Fix database deadlocks by moving account stats update outside transaction (ThibG)
- Escape HTML in profile name preview in profile settings (pawelngei)
- Use same CORS policy for /@:username and /users/:username (ThibG)
- Make custom emoji domains case insensitive (Esteth)
- Various fixes to scrollable lists and media gallery (ThibG)
- Fix bootsnap cache directory being declared relatively (Gargron)
- Fix timeline pagination in the web UI (ThibG)
- Fix padding on dropdown elements in preferences (ThibG)
- Make avatar and headers respect GIF autoplay settings (ThibG)
- Do no retry Web Push workers if the server returns a 4xx response (Gargron)
- Minor scrollable list fixes (ThibG)
- Ignore low-confidence CharlockHolmes guesses when parsing link cards (ThibG)
- Fix
tootctl accounts rotate
not updating public keys (Gargron) - Fix CSP / X-Frame-Options for media players (jomo)
- Fix unnecessary loadMore calls when the end of a timeline has been reached (ThibG)
- Skip mailer job retries when a record no longer exists (Gargron)
- Fix composer not getting focus after reply confirmation dialog (ThibG)
- Fix signature verification stoplight triggering on non-timeout errors (Gargron)
- Fix ThreadResolveWorker getting queued with invalid URLs (Gargron)
- Fix crash when clearing uninitialized timeline (ThibG)
- Avoid duplicate work by merging ReplyDistributionWorker into DistributionWorker (ThibG)
- Skip full text search if it fails, instead of erroring out completely (Kjwon15)
- Fix profile metadata links not verifying correctly sometimes (shrft)
- Ensure blocked user unfollows blocker if Block/Undo-Block activities are processed out of order (ThibG)
- Fix unreadable text color in report modal for some statuses (Gargron)
- Stop GIFV timeline preview explicitly when it's opened in modal (kedamaDQ)
- Fix scrollbar width compensation (ThibG)
- Fix race conditions when processing deleted toots (ThibG)
- Fix SSO issues on WebKit browsers by disabling Same-Site cookie again (moritzheiber)
- Fix empty OEmbed error (renatolond)
- Fix drag & drop modal not disappearing sometimes (hinaloe)
- Fix statuses with content warnings being displayed in web push notifications sometimes (ThibG)
- Fix scroll-to-detailed status not working on public pages (ThibG)
- Fix media modal loading indicator (ThibG)
- Fix hashtag search results not having a permalink fallback in web UI (ThibG)
- Fix slightly cropped font on settings page dropdowns when using system font (ariasuni)
- Fix not being able to drag & drop text into forms (tmm576)
Security
- Sanitize and sandbox toot embeds in web UI (ThibG)
- Add tombstones for remote statuses to prevent replay attacks (ThibG)
[2.6.5] - 2018-12-01
Changed
- Change lists to display replies to others on the list and list owner (ThibG)
Fixed
- Fix failures caused by commonly-used JSON-LD contexts being unavailable (ThibG)
[2.6.4] - 2018-11-30
Fixed
- Fix yarn dependencies not installing due to yanked event-stream package (Gargron)
[2.6.3] - 2018-11-30
Added
- Add hyphen to characters allowed in remote usernames (ThibG)
Changed
- Change server user count to exclude suspended accounts (Gargron)
Fixed
- Fix ffmpeg processing sometimes stalling due to overfilled stdout buffer (hugogameiro)
- Fix missing DNS records raising the wrong kind of exception (Gargron)
- Fix already queued deliveries still trying to reach inboxes marked as unavailable (Gargron)
Security
- Fix TLS handshake timeout not being enforced (Gargron)
[2.6.2] - 2018-11-23
Added
- Add Page to whitelisted ActivityPub types (mbajur)
- Add 20px to column width in web UI (Gargron)
- Add amount of freed disk space in
tootctl media remove
(Gargron, Gargron, mayaeh) - Add "Show thread" link to self-replies (Gargron)
Changed
- Change order of Atom and RSS links so Atom is first (Alkarex)
- Change Nginx configuration for Nanobox apps (danhunsaker)
- Change the follow action to appear instant in web UI (Gargron)
- Change how the ActiveRecord connection is instantiated in on_worker_boot (Gargron)
- Change
tootctl accounts cull
to always touch accounts so they can be skipped (renatolond) - Change mime type comparison to ignore JSON-LD profile (valerauko)
Fixed
- Fix web UI crash when conversation has no last status (sammy8806)
- Fix follow limit validator reporting lower number past threshold (Gargron)
- Fix form validation flash message color and input borders (Gargron)
- Fix invalid twitter:player cards being displayed (ThibG)
- Fix emoji update date being processed incorrectly (ThibG)
- Fix playing embed resetting if status is reloaded in web UI (ThibG, Gargron)
- Fix web UI crash when favouriting a deleted status (ThibG)
- Fix intermediary arrays being created for hash maps (Gargron)
- Fix filter ID not being a string in REST API (Gargron)
Security
- Fix multiple remote account deletions being able to deadlock the database (Gargron)
- Fix HTTP connection timeout of 10s not being enforced (Gargron)
[2.6.1] - 2018-10-30
Fixed
- Fix resolving resources by URL not working due to a regression in valerauko (Gargron)
- Fix reducer error in web UI when a conversation has no last status (Gargron)
[2.6.0] - 2018-10-30
Added
- Add link ownership verification (Gargron)
- Add conversations API (Gargron)
- Add limit for the number of people that can be followed from one account (Gargron)
- Add admin setting to customize mascot (ashleyhull-versent)
- Add support for more granular ActivityPub audiences from other software, i.e. circles (Gargron, Gargron, Gargron)
- Add option to block all reports from a domain (Gargron)
- Add user preference to always expand toots marked with content warnings (webroo)
- Add user preference to always hide all media (fvh-P)
- Add
force_login
param to OAuth authorize page (Gargron) - Add
tootctl accounts backup
(Gargron, Gargron) - Add
tootctl accounts create
(Gargron, Gargron) - Add
tootctl accounts cull
(Gargron, Gargron) - Add
tootctl accounts delete
(Gargron, Gargron) - Add
tootctl accounts modify
(Gargron, Gargron) - Add
tootctl accounts refresh
(Gargron, Gargron) - Add
tootctl feeds build
(Gargron, Gargron) - Add
tootctl feeds clear
(Gargron, Gargron) - Add
tootctl settings registrations open
(Gargron, Gargron) - Add
tootctl settings registrations close
(Gargron, Gargron) - Add
min_id
param to REST API to support backwards pagination (Gargron) - Add a confirmation dialog when hitting reply and the compose box isn't empty (ThibG)
- Add PostgreSQL disk space growth tracking in PGHero (Gargron)
- Add button for disabling local account to report quick actions bar (Gargron)
- Add Czech language (Aditoo17)
- Add
same-site
(lax
) attribute to cookies (sorin-davidoi) - Add support for styled scrollbars in Firefox Nightly (sorin-davidoi)
- Add highlight to the active tab in web UI profiles (rhoio)
- Add auto-focus for comment textarea in report modal (ThibG)
- Add auto-focus for emoji picker's search field (ThibG)
- Add nginx and systemd templates to
dist/
directory (Gargron) - Add support for
/.well-known/change-password
(Gargron) - Add option to override FFMPEG binary path (sascha-sl)
- Add
dns-prefetch
tag when using different host for assets or uploads (Gargron) - Add
description
meta tag (Gargron) - Add
Content-Security-Policy
header (ThibG) - Add cache for the instance info API (ykzts)
- Add suggested follows to search screen in mobile layout (Gargron)
- Add CORS header to
/.well-known/*
routes (BenLubar) - Add
card
attribute to statuses returned from REST API (Gargron) - Add in-stream link preview (Gargron)
- Add support for ActivityPub
Page
objects (mbajur)
Changed
- Change forms design (Gargron)
- Change reports overview to group by target account (Gargron)
- Change web UI to show "read more" link on overly long in-stream statuses (lanodan)
- Change design of direct messages column (Gargron, Gargron)
- Change home timelines to exclude DMs (Gargron)
- Change list timelines to exclude all replies (cbayerlein)
- Change admin accounts UI default sort to most recent (Gargron)
- Change documentation URL in the UI (Gargron)
- Change style of success and failure messages (Gargron)
- Change DM filtering to always allow DMs from staff (qguv)
- Change recommended Ruby version to 2.5.3 (zunda)
- Change docker-compose default to persist volumes in current directory (Gargron)
- Change character counters on edit profile page to input length limit (Gargron)
- Change notification filtering to always let through messages from staff (Gargron)
- Change "hide boosts from user" function also hiding notifications about boosts (ThibG)
- Change CSS
detailed-status__wrapper
class actually wrap the detailed status (trwnh)
Deprecated
GET /api/v1/timelines/direct
→GET /api/v1/conversations
(Gargron)POST /api/v1/notifications/dismiss
→POST /api/v1/notifications/:id/dismiss
(Gargron)GET /api/v1/statuses/:id/card
→card
attributed included in status (Gargron)
Removed
- Remove "on this device" label in column push settings (rhoio)
- Remove rake tasks in favour of tootctl commands (Gargron)
Fixed
- Fix remote statuses using instance's default locale if no language given (Kjwon15)
- Fix streaming API not exiting when port or socket is unavailable (Gargron)
- Fix network calls being performed in database transaction in ActivityPub handler (Gargron)
- Fix dropdown arrow position (ThibG)
- Fix first element of dropdowns being focused even if not using keyboard (ThibG)
- Fix tootctl requiring
bundle exec
invocation (abcang) - Fix public pages not using animation preference for avatars (renatolond)
- Fix OEmbed/OpenGraph cards not understanding relative URLs (ThibG)
- Fix some dark emojis not having a white outline (ThibG)
- Fix media description not being displayed in various media modals (ThibG)
- Fix generated URLs of desktop notifications missing base URL (GenbuHase)
- Fix RTL styles (mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar, mabkenar)
- Fix crash in streaming API when tag param missing (Gargron)
- Fix hotkeys not working when no element is focused (ThibG)
- Fix some hotkeys not working on detailed status view (ThibG)
- Fix og:url on status pages (ThibG)
- Fix upload option buttons only being visible on hover (Gargron)
- Fix tootctl not returning exit code 1 on wrong arguments (sascha-sl)
- Fix preview cards for appearing for profiles mentioned in toot (ThibG, ThibG)
- Fix local accounts sometimes being duplicated as faux-remote (Gargron)
- Fix emoji search when the shortcode has multiple separators (ThibG)
- Fix dropdowns sometimes being partially obscured by other elements (kedamaDQ)
- Fix cache not updating when reply/boost/favourite counters or media sensitivity update (Gargron)
- Fix empty display name precedence over username in web UI (Gargron)
- Fix td instead of th in sessions table header (Gargron)
- Fix handling of content types with profile (valerauko)
[2.5.2] - 2018-10-12
Security
- Fix XSS vulnerability (Gargron)
[2.5.1] - 2018-10-07
Fixed
- Fix database migrations for PostgreSQL below 9.5 (Gargron)
- Fix class autoloading issue in ActivityPub Create handler (Gargron)
- Fix cache statistics not being sent via statsd when statsd enabled (ykzts)
- Bump puma from 3.11.4 to 3.12.0 (dependabot[bot])
Security
- Fix some local images not having their EXIF metadata stripped on upload (ThibG)
- Fix being able to enable a disabled relay via ActivityPub Accept handler (ThibG)
- Bump nokogiri from 1.8.4 to 1.8.5 (dependabot[bot])
- Fix being able to report statuses not belonging to the reported account (ThibG)