13 KiB
13 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
[Unreleased]
[1.22.0] - 2023-04-22
Added
- Added support for content warnings.
- Added
authentication_methods
field toCredentialAccount
object (Mastodon API). - Support integrity proofs with
DataIntegrityProof
type. - Add
federation.i2p_proxy_url
configuration parameter.
Changed
- Ignore errors when importing activities from outbox.
- Make activity limit in outbox fetcher adjustable.
- Changed
reset-subscriptions
command arguments (removes subscription options by default). - Return error if specified Monero account doesn't exist.
- Updated actix to latest version. MSRV changed to 1.57.
- Make
/api/v1/accounts
endpoint accept optionalauthentication_method
parameter. - Make attached subscription links compatible with FEP-0ea0.
- Add replies and reposts to outbox collection.
Deprecated
- Calling
/api/v1/accounts
withoutauthentication_method
parameter.
Fixed
- Make
/api/v1/accounts/{account_id}/follow
work with form-data. - Make
onion_proxy_url
overrideproxy_url
setting if request target is onion.
[1.21.0] - 2023-04-12
Added
- Support Monero Wallet RPC authentication.
- Added
create-user
command. - Added
read-outbox
command.
Changed
- Added emoji count check to profile data validator.
- Check mention and link counts when creating post.
- Disable transaction monitor tasks if blockchain integration is disabled.
- Allow multiple configurations in
blockchains
array. - Re-fetch object if
attributedTo
value doesn't matchactor
ofCreate
activity. - Added actor validation to
Update(Note)
andUndo(Follow)
handlers.
Fixed
- Fixed database query error in
Create
activity handler.
[1.20.0] - 2023-04-07
Added
- Support calling
/api/v1/accounts/search
withresolve
parameter. - Created
/api/v1/accounts/aliases/all
API endpoint. - Created API endpoint for adding aliases.
- Populate
alsoKnownAs
property on actor object with declared aliases. - Support account migration from Mastodon.
- Created API endpoint for managing client configurations.
- Reject unsolicited public posts.
Changed
- Increase maximum number of custom emojis per post to 50.
- Validate actor aliases before saving into database.
- Process incoming
Move()
activities in background. - Allow custom emojis with
image/webp
media type. - Increase object ID size limit to 2000 chars.
- Increase fetcher timeout to 15 seconds when processing search queries.
Fixed
- Added missing
CHECK
constraints to database tables. - Validate object ID length before saving post to database.
- Validate emoji name length before saving to database.
[1.19.1] - 2023-03-31
Changed
- Limit number of mentions and links in remote posts.
Fixed
- Process queued background jobs before re-trying stalled.
- Remove activity from queue if handler times out.
- Order attachments by creation date when new post is created.
[1.19.0] - 2023-03-30
Added
- Added
prune-remote-emojis
command. - Prune remote emojis in background.
- Added
limits.media.emoji_size_limit
configuration parameter. - Added
federation.fetcher_timeout
andfederation.deliverer_timeout
configuration parameters.
Changed
- Allow emoji names containing hyphens.
- Increased remote emoji size limit to 500 kB.
- Set fetcher timeout to 5 seconds when processing search queries.
Fixed
- Fixed error in emoji update SQL query.
- Restart stalled background jobs.
- Order attachments by creation date.
- Don't reopen monero wallet on each subscription monitor run.
Security
- Updated markdown parser to latest version.
[1.18.0] - 2023-03-21
Added
- Added
fep-e232
feature flag (disabled by default). - Added
account_index
parameter to Monero configuration. - Added
/api/v1/instance/peers
API endpoint. - Added
federation.enabled
configuration parameter that can be used to disable federation.
Changed
- Documented valid role names for
set-role
command. - Granted
delete_any_post
anddelete_any_profile
permissions to admin role. - Updated profile page URL template to match mitra-web.
Fixed
- Make webclient-to-object redirects work for remote profiles and posts.
- Added webclient redirection rule for
/@username
routes. - Don't allow migration if user doesn't have identity proofs.
[1.17.0] - 2023-03-15
Added
- Enabled audio and video uploads.
- Added
audio/ogg
andaudio/x-wav
to the list of supported media types.
Changed
- Save latest ethereum block number to database instead of file.
- Removed hardcoded upload size limit.
Deprecated
- Reading ethereum block number from
current_block
file.
Removed
- Disabled post tokenization (can be re-enabled with
ethereum-extras
feature). - Removed ability to switch from Ethereum devnet to another chain without resetting subscriptions.
Fixed
- Allow
!
after hashtags and mentions. - Ignore emojis with non-unique names in remote posts.
[1.16.0] - 2023-03-08
Added
- Allow to add notes to generated invite codes.
- Added
registration.default_role
configuration option. - Save emojis attached to actor objects.
- Added
emojis
field to Mastodon API Account entity. - Support audio attachments.
- Added CLI command for viewing unreachable actors.
- Implemented NodeInfo 2.1.
- Added
federation.onion_proxy_url
configuration parameter (enables proxy for requests to.onion
domains).
Changed
- Use .jpg extension for files with image/jpeg media type.
Deprecated
- Deprecated
default_role_read_only_user
configuration option (replaced byregistration.default_role
).
[1.15.0] - 2023-02-27
Added
- Set fetcher timeout to 3 minutes.
- Set deliverer timeout to 30 seconds.
- Added
federation
parameter group to configuration. - Add empty
spoiler_text
property to Mastodon API Status object. - Added
error
anderror_description
fields to Mastodon API error responses. - Store information about failed activity deliveries in database.
- Added
/api/v1/accounts/{account_id}/aliases
API endpoint.
Changed
- Put activities generated by CLI commands in a queue instead of immediately sending them.
- Changed path of user's Atom feed to
/feeds/users/{username}
. - Increase number of delivery attempts and increase intervals between them.
Deprecated
- Deprecated
proxy_url
configuration parameter (replaced byfederation.proxy_url
). - Deprecated Atom feeds at
/feeds/{username}
. - Deprecated
message
field in Mastodon API error response.
Fixed
- Prevent
delete-extraneous-posts
command from removing locally-linked posts. - Make webfinger response compatible with GNU Social account lookup.
- Prefer
Group
actor when doing webfinger query on Lemmy server. - Fetch missing profiles before doing follower migration.
- Follow FEP-e232 links when importing post.
[1.14.0] - 2023-02-22
Added
- Added
/api/v1/apps
endpoint. - Added OAuth authorization page.
- Support
authorization_code
OAuth grant type. - Documented
http_cors_allowlist
configuration parameter. - Added
/api/v1/statuses/{status_id}/thread
API endpoint (replaces/api/v1/statuses/{status_id}/context
). - Accept webfinger requests where
resource
is instance actor ID. - Added
proxy_set_header X-Forwarded-Proto $scheme;
directive to nginx config example. - Add
Content-Security-Policy
andX-Content-Type-Options
headers to all responses.
Changed
- Allow
instance_uri
configuration value to contain URI scheme. - Changed
/api/v1/statuses/{status_id}/context
response format to match Mastodon API. - Changed status code of
/api/v1/statuses
response to 200 to match Mastodon API. - Removed
add_header
directives forContent-Security-Policy
andX-Content-Type-Options
headers from nginx config example.
Deprecated
- Deprecated protocol guessing on incoming requests (use
X-Forwarded-Proto
header).
Fixed
- Fixed actor object JSON-LD validation errors.
- Fixed activity JSON-LD validation errors.
- Make media URLs in Mastodon API responses relative to current origin.
[1.13.1] - 2023-02-09
Fixed
- Fixed permission error on subscription settings update.
[1.13.0] - 2023-02-06
Added
- Replace post attachments and other related objects when processing
Update(Note)
activity. - Append attachment URL to post content if attachment size exceeds limit.
- Added
/api/v1/custom_emojis
endpoint. - Added
limits
parameter group to configuration. - Made file size limit adjustable with
limits.media.file_size_limit
configuration option. - Added
limits.posts.character_limit
configuration parameter (replacespost_character_limit
). - Implemented automatic pruning of remote posts and empty profiles (disabled by default).
Changed
- Use proof suites with prefix
Mitra
. - Added
https://w3id.org/security/data-integrity/v1
to JSON-LD context. - Return
202 Accepted
when activity is accepted by inbox endpoint. - Ignore forwarded
Like
activities. - Set 10 minute timeout on background job that processes incoming activities.
- Use "warn" log level for delivery errors.
- Don't allow read-only users to manage subscriptions.
Deprecated
- Deprecated
post_character_limit
configuration option.
Fixed
- Change max body size in nginx example config to match app limit.
- Don't create invoice if recipient can't accept subscription payments.
- Ignore
Announce(Delete)
activities.
[1.12.0] - 2023-01-26
Added
- Added
approval_required
andinvites_enabled
flags to/api/v1/instance
endpoint response. - Added
registration.type
configuration option (replacesregistrations_open
). - Implemented roles & permissions.
- Added "read-only user" role.
- Added configuration option for automatic assigning of "read-only user" role after registration.
- Added
set-role
command.
Changed
- Don't retry activity if fetcher recursion limit has been reached.
Deprecated
registrations_open
configuration option.
Removed
- Dropped support for
blockchain
configuration parameter.
Fixed
- Added missing
<link rel="self">
element to Atom feeds. - Added missing
<link rel="alternate">
element to Atom feed entries.
[1.11.0] - 2023-01-23
Added
- Save sizes of media attachments and other files to database.
- Added
import-emoji
command. - Added support for emoji shortcodes.
- Allowed custom emojis with
image/apng
media type.
Changed
- Make
delete-emoji
command accept emoji name and hostname instead of ID. - Replaced client-side tag URLs with collection IDs.
Security
- Validate emoji name before saving.
[1.10.0] - 2023-01-18
Added
- Added
/api/v1/settings/move_followers
API endpoint (replaces/api/v1/accounts/move_followers
). - Added
/api/v1/settings/import_follows
API endpoint. - Validation of Monero subscription payout address.
- Accept webfinger requests where
resource
is actor ID. - Adeed support for
as:Public
andPublic
audience identifiers. - Displaying custom emojis.
Changed
- Save downloaded media as "unknown" if its media type is not supported.
- Use
mediaType
property value to determine file extension when saving downloaded media. - Added
mediaType
property to images in actor object. - Prevent
delete-extraneous-posts
command from deleting post if there's a recent reply or repost. - Changed max actor image size to 5 MB.
Removed
/api/v1/accounts/move_followers
API endpoint.
Fixed
- Don't ignore
Delete(Person)
verification errors if database error subtype is notNotFound
. - Don't stop activity processing on invalid local mentions.
- Accept actor objects where
attachment
property value is not an array. - Don't download HTML pages attached by GNU Social.
- Ignore
Like()
activity if local post doesn't exist. - Fixed
.well-known
paths returning400 Bad Request
errors.
[1.9.0] - 2023-01-08
Added
- Added
/api/v1/accounts/lookup
Mastodon API endpoint. - Implemented activity delivery queue.
- Started to keep track of unreachable actors.
- Added
configuration
object to response of/api/v1/instance
endpoint. - Save media types of uploaded avatar and banner images.
- Support for
MitraJcsRsaSignature2022
andMitraJcsEip191Signature2022
signature suites.
Changed
- Updated installation instructions, default mitra config and recommended nginx config.
- Limited the number of requests made during the processing of a thread.
- Limited the number of media files that can be attached to a post.
Deprecated
- Deprecated
post_character_limit
property in/api/v1/instance
response. - Avatar and banner uploads without media type via
/api/v1/accounts/update_credentials
. JcsRsaSignature2022
andJcsEip191Signature2022
signature suites.
Removed
- Removed ability to upload non-images using
/api/v1/media
endpoint.
Fixed
- Fixed post and profile page redirections.
- Fixed federation with GNU Social.