fedimovies/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog.

[Unreleased]

Added

• Allow to add notes to generated invite codes.

[1.15.0] - 2023-02-27

Added

• Set fetcher timeout to 3 minutes.
• Set deliverer timeout to 30 seconds.
• Added federation parameter group to configuration.
• Add empty spoiler_text property to Mastodon API Status object.
• Added error and error_description fields to Mastodon API error responses.
• Store information about failed activity deliveries in database.
• Added /api/v1/accounts/{account_id}/aliases API endpoint.

Changed

• Put activities generated by CLI commands in a queue instead of immediately sending them.
• Changed path of user's Atom feed to /feeds/users/{username}.
• Increase number of delivery attempts and increase intervals between them.

Deprecated

• Deprecated proxy_url configuration parameter (replaced by federation.proxy_url).
• Deprecated Atom feeds at /feeds/{username}.
• Deprecated message field in Mastodon API error response.

Fixed

• Prevent delete-extraneous-posts command from removing locally-linked posts.
• Make webfinger response compatible with GNU Social account lookup.
• Prefer Group actor when doing webfinger query on Lemmy server.
• Fetch missing profiles before doing follower migration.
• Follow FEP-e232 links when importing post.

[1.14.0] - 2023-02-22

Added

• Added /api/v1/apps endpoint.
• Added OAuth authorization page.
• Support authorization_code OAuth grant type.
• Documented http_cors_allowlist configuration parameter.
• Added /api/v1/statuses/{status_id}/thread API endpoint (replaces /api/v1/statuses/{status_id}/context).
• Accept webfinger requests where resource is instance actor ID.
• Added proxy_set_header X-Forwarded-Proto $scheme; directive to nginx config example.
• Add Content-Security-Policy and X-Content-Type-Options headers to all responses.

Changed

• Allow instance_uri configuration value to contain URI scheme.
• Changed /api/v1/statuses/{status_id}/context response format to match Mastodon API.
• Changed status code of /api/v1/statuses response to 200 to match Mastodon API.
• Removed add_header directives for Content-Security-Policy and X-Content-Type-Options headers from nginx config example.

Deprecated

• Deprecated protocol guessing on incoming requests (use X-Forwarded-Proto header).

Fixed

• Fixed actor object JSON-LD validation errors.
• Fixed activity JSON-LD validation errors.
• Make media URLs in Mastodon API responses relative to current origin.

[1.13.1] - 2023-02-09

Fixed

• Fixed permission error on subscription settings update.

[1.13.0] - 2023-02-06

Added

• Replace post attachments and other related objects when processing Update(Note) activity.
• Append attachment URL to post content if attachment size exceeds limit.
• Added /api/v1/custom_emojis endpoint.
• Added limits parameter group to configuration.
• Made file size limit adjustable with limits.media.file_size_limit configuration option.
• Added limits.posts.character_limit configuration parameter (replaces post_character_limit).
• Implemented automatic pruning of remote posts and empty profiles (disabled by default).

Changed

• Use proof suites with prefix Mitra.
• Added https://w3id.org/security/data-integrity/v1 to JSON-LD context.
• Return 202 Accepted when activity is accepted by inbox endpoint.
• Ignore forwarded Like activities.
• Set 10 minute timeout on background job that processes incoming activities.
• Use "warn" log level for delivery errors.
• Don't allow read-only users to manage subscriptions.

Deprecated

• Deprecated post_character_limit configuration option.

Fixed

• Change max body size in nginx example config to match app limit.
• Don't create invoice if recipient can't accept subscription payments.
• Ignore Announce(Delete) activities.

[1.12.0] - 2023-01-26

Added

• Added approval_required and invites_enabled flags to /api/v1/instance endpoint response.
• Added registration.type configuration option (replaces registrations_open).
• Implemented roles & permissions.
• Added "read-only user" role.
• Added configuration option for automatic assigning of "read-only user" role after registration.
• Added set-role command.

Changed

• Don't retry activity if fetcher recursion limit has been reached.

Deprecated

• registrations_open configuration option.

Removed

• Dropped support for blockchain configuration parameter.

Fixed

• Added missing <link rel="self"> element to Atom feeds.
• Added missing <link rel="alternate"> element to Atom feed entries.

[1.11.0] - 2023-01-23

Added

• Save sizes of media attachments and other files to database.
• Added import-emoji command.
• Added support for emoji shortcodes.
• Allowed custom emojis with image/apng media type.

Changed

• Make delete-emoji command accept emoji name and hostname instead of ID.
• Replaced client-side tag URLs with collection IDs.

Security

• Validate emoji name before saving.

[1.10.0] - 2023-01-18

Added

• Added /api/v1/settings/move_followers API endpoint (replaces /api/v1/accounts/move_followers).
• Added /api/v1/settings/import_follows API endpoint.
• Validation of Monero subscription payout address.
• Accept webfinger requests where resource is actor ID.
• Adeed support for as:Public and Public audience identifiers.
• Displaying custom emojis.

Changed

• Save downloaded media as "unknown" if its media type is not supported.
• Use mediaType property value to determine file extension when saving downloaded media.
• Added mediaType property to images in actor object.
• Prevent delete-extraneous-posts command from deleting post if there's a recent reply or repost.
• Changed max actor image size to 5 MB.

Removed

• /api/v1/accounts/move_followers API endpoint.

Fixed

• Don't ignore Delete(Person) verification errors if database error subtype is not NotFound.
• Don't stop activity processing on invalid local mentions.
• Accept actor objects where attachment property value is not an array.
• Don't download HTML pages attached by GNU Social.
• Ignore Like() activity if local post doesn't exist.
• Fixed .well-known paths returning 400 Bad Request errors.

[1.9.0] - 2023-01-08

Added

• Added /api/v1/accounts/lookup Mastodon API endpoint.
• Implemented activity delivery queue.
• Started to keep track of unreachable actors.
• Added configuration object to response of /api/v1/instance endpoint.
• Save media types of uploaded avatar and banner images.
• Support for MitraJcsRsaSignature2022 and MitraJcsEip191Signature2022 signature suites.

Changed

• Updated installation instructions, default mitra config and recommended nginx config.
• Limited the number of requests made during the processing of a thread.
• Limited the number of media files that can be attached to a post.

Deprecated

• Deprecated post_character_limit property in /api/v1/instance response.
• Avatar and banner uploads without media type via /api/v1/accounts/update_credentials.
• JcsRsaSignature2022 and JcsEip191Signature2022 signature suites.

Removed

• Removed ability to upload non-images using /api/v1/media endpoint.

Fixed

• Fixed post and profile page redirections.
• Fixed federation with GNU Social.