Update changelog

CHANGELOG.md

@@ -4,6 +4,65 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## 2.8.0
+
+### Changed
+- Metadata: Do not include .atom feed links for remote accounts
+- Bumped `fast_html` to v2.3.0, which notably allows to use system-installed lexbor with passing `WITH_SYSTEM_LEXBOR=1` environment variable at build-time
+- Dedupe upload filter now uses a three-level sharding directory structure
+- Deprecate `/api/v1/pleroma/accounts/:id/subscribe`/`unsubscribe`
+- Restrict incoming activities from unknown actors to a subset that does not imply a previous relationship and early rejection of unrecognized activity types.
+- Elixir 1.14 and Erlang/OTP 23 is now the minimum supported release
+- Support `id` param in `GET /api/v1/statuses`
+- LDAP authentication has been refactored to operate as a GenServer process which will maintain an active connection to the LDAP server.
+- Fix 'Setting a marker should mark notifications as read'
+- Adjust more Oban workers to enforce unique job constraints.
+- Oban updated to 2.18.3
+- Publisher behavior improvement when snoozing Oban jobs due to Gun connection pool contention.
+- Poll results refreshing is handled asynchronously and will not attempt to keep fetching updates to a closed poll.
+- Tuning for release builds to lower CPU usage.
+- Rich Media preview fetching will skip making an HTTP HEAD request to check a URL for allowed content type and length if the Tesla adapter is Gun or Finch
+- Fix nonexisting user will not generate metadata for search engine opt-out
+- Update Oban to 2.18
+- Worker configuration is no longer available. This only affects custom max_retries values for a couple Oban queues.
+
+### Added
+- Add metadata provider for ActivityPub alternate links
+- Added support for argon2 passwords and their conversion for migration from Akkoma fork to upstream.
+- Respect :restrict_unauthenticated for hashtag rss/atom feeds
+- LDAP configuration now permits overriding the CA root certificate file for TLS validation.
+- LDAP now supports users changing their passwords
+- Include list id in StatusView
+- Added MRF.FODirectReply which changes replies to followers-only posts to be direct.
+- Add `id_filter` to MRF to filter URLs and their domain prior to fetching
+- Added MRF.QuietReply which prevents replies to public posts from being published to the timelines
+- Add `group_key` to notifications
+- Allow providing avatar/header descriptions
+- Added RemoteReportPolicy from Rebased for handling bogus federated reports
+- scrubbers/default: Allow "mention hashtag" classes used by Mastodon
+- Added dependencies for Swoosh's Mua mail adapter
+- Include session scopes in TokenView
+
+### Fixed
+- Verify a local Update sent through AP C2S so users can only update their own objects
+- Fixed malformed follow requests that cause them to appear stuck pending due to the recipient being unable to process them.
+- Fix incoming Block activities being rejected
+- STARTTLS certificate and hostname verification for LDAP authentication
+- LDAPS connections (implicit TLS) are now supported.
+- Fix /api/v2/media returning the wrong status code (202) for media processed synchronously
+- Miscellaneous fixes for Meilisearch support
+- Fix pleroma_ctl mix task calls sometimes not being found
+- Add a rate limiter to the OAuth App creation endpoint and ensure registered apps are assigned to users.
+- ReceiverWorker will cancel processing jobs instead of retrying if the user cannot be fetched due to 403, 404, or 410 errors or if the account is disabled locally.
+- Address case where instance reachability status couldn't be updated
+- Remote Fetcher Worker recognizes more permanent failure errors
+- StreamerView: Do not leak follows count if hidden
+- Imports of blocks, mutes, and follows would retry repeatedly due to incorrect error handling and all work executed in a single job
+- Make vapid_config return empty array, fixing preloading for instances without push notifications configured
+
+### Removed
+- Remove stub for /api/v1/accounts/:id/identity_proofs (deprecated by Mastodon 3.5.0)
+
 ## 2.7.1
 
 ### Changed

changelog.d/activity-pub-metadata.add

@@ -1 +0,0 @@
-Add metadata provider for ActivityPub alternate links

changelog.d/argon2-passwords.add

@@ -1 +0,0 @@
-Added support for argon2 passwords and their conversion for migration from Akkoma fork to upstream.

changelog.d/atom-tag.change

@@ -1 +0,0 @@
-Metadata: Do not include .atom feed links for remote accounts

changelog.d/bump-lexbor.change

@@ -1 +0,0 @@
-- Bumped `fast_html` to v2.3.0, which notably allows to use system-installed lexbor with passing `WITH_SYSTEM_LEXBOR=1` environment variable at build-time

changelog.d/c2s-update-verify.fix

@@ -1 +0,0 @@
-Verify a local Update sent through AP C2S so users can only update their own objects

changelog.d/debian-install-improve.skip

@@ -1 +0,0 @@
-Fixed a formatting issue that had a required commend embedded in a textblock, and change the language to make it a bit more idiomatic.

changelog.d/dedupe-sharding.change

@@ -1 +0,0 @@
-Dedupe upload filter now uses a three-level sharding directory structure

changelog.d/deprecate-subscribe.change

@@ -1 +0,0 @@
-Deprecate `/api/v1/pleroma/accounts/:id/subscribe`/`unsubscribe`

changelog.d/drop-unwanted.change

@@ -1 +0,0 @@
-Restrict incoming activities from unknown actors to a subset that does not imply a previous relationship and early rejection of unrecognized activity types.

changelog.d/elixir.change

@@ -1 +0,0 @@
-Elixir 1.14 and Erlang/OTP 23 is now the minimum supported release

changelog.d/follow-request.fix

@@ -1 +0,0 @@
-Fixed malformed follow requests that cause them to appear stuck pending due to the recipient being unable to process them.

changelog.d/get-statuses-param.change

@@ -1 +0,0 @@
-Support `id` param in `GET /api/v1/statuses`

changelog.d/hashtag-feeds-restricted.add

@@ -1 +0,0 @@
-Repesct :restrict_unauthenticated for hashtag rss/atom feeds

changelog.d/identity-proofs.remove

@@ -1 +0,0 @@
-Remove stub for /api/v1/accounts/:id/identity_proofs (deprecated by Mastodon 3.5.0)

changelog.d/incoming-blocks.fix

@@ -1 +0,0 @@
-Fix incoming Block activities being rejected

changelog.d/ldap-ca.add

@@ -1 +0,0 @@
-LDAP configuration now permits overriding the CA root certificate file for TLS validation.

changelog.d/ldap-password-change.add

@@ -1 +0,0 @@
-LDAP now supports users changing their passwords

changelog.d/ldap-refactor.change

@@ -1 +0,0 @@
-LDAP authentication has been refactored to operate as a GenServer process which will maintain an active connection to the LDAP server.

changelog.d/ldap-tls.fix

@@ -1 +0,0 @@
-STARTTLS certificate and hostname verification for LDAP authentication

changelog.d/ldaps.fix

@@ -1 +0,0 @@
-LDAPS connections (implicit TLS) are now supported.

changelog.d/list-id-visibility.add

@@ -1 +0,0 @@
-Include list id in StatusView

changelog.d/mediav2_status.fix

@@ -1 +0,0 @@
-Fix /api/v2/media returning the wrong status code (202) for media processed synchronously

changelog.d/meilisearch-misc-fixes.fix

@@ -1 +0,0 @@
-Miscellaneous fixes for Meilisearch support

changelog.d/module-search-in-pleroma-ctl.fix

@@ -1 +0,0 @@
-Fix pleroma_ctl mix task calls sometimes not being found

changelog.d/mrf-fodirectreply.add

@@ -1 +0,0 @@
-Added MRF.FODirectReply which changes replies to followers-only posts to be direct.

changelog.d/mrf-id_filter.add

@@ -1 +0,0 @@
-Add `id_filter` to MRF to filter URLs and their domain prior to fetching

changelog.d/mrf-quietreply.add

@@ -1 +0,0 @@
-Added MRF.QuietReply which prevents replies to public posts from being published to the timelines

changelog.d/notifications-group-key.add

@@ -1 +0,0 @@
-Add `group_key` to notifications

changelog.d/notifications-marker.change

@@ -1 +0,0 @@
-Fix 'Setting a marker should mark notifications as read'

changelog.d/oauth-app-spam.fix

@@ -1 +0,0 @@
-Add a rate limiter to the OAuth App creation endpoint and ensure registered apps are assigned to users.

changelog.d/oban-recevier-improvements.fix

@@ -1 +0,0 @@
-ReceiverWorker will cancel processing jobs instead of retrying if the user cannot be fetched due to 403, 404, or 410 errors or if the account is disabled locally.

changelog.d/oban-uniques.change

@@ -1 +0,0 @@
-Adjust more Oban workers to enforce unique job constraints.

changelog.d/oban-update.change

@@ -1 +0,0 @@
-Oban updated to 2.18.3

changelog.d/oban_gun_snooze.change

@@ -1 +0,0 @@
-Publisher behavior improvement when snoozing Oban jobs due to Gun connection pool contention.

changelog.d/poll-refresh.change

@@ -1 +0,0 @@
-Poll results refreshing is handled asynchronously and will not attempt to keep fetching updates to a closed poll.

changelog.d/profile-image-descriptions.add

@@ -1 +0,0 @@
-Allow providing avatar/header descriptions

changelog.d/publisher-reachability.fix

@@ -1 +0,0 @@
-Address case where instance reachability status couldn't be updated

changelog.d/release-tuning.change

@@ -1 +0,0 @@
-Tuning for release builds to lower CPU usage.

changelog.d/remote-object-fetcher.fix

@@ -1 +0,0 @@
-Remote Fetcher Worker recognizes more permanent failure errors

changelog.d/remote-report-policy.add

@@ -1 +0,0 @@
-Added RemoteReportPolicy from Rebased for handling bogus federated reports

changelog.d/rich-media-no-heads.change

@@ -1 +0,0 @@
-Rich Media preview fetching will skip making an HTTP HEAD request to check a URL for allowed content type and length if the Tesla adapter is Gun or Finch

changelog.d/scrubbers-allow-mention-hashtag.add

@@ -1 +0,0 @@
-scrubbers/default: Allow "mention hashtag" classes used by Mastodon

changelog.d/se-opt-out.change

@@ -1 +0,0 @@
-Fix nonexisting user will not generate metadata for search engine opt-out

changelog.d/stream-follow-relationships-count.fix

@@ -1 +0,0 @@
-StreamerView: Do not leak follows count if hidden

changelog.d/swoosh-mua.add

@@ -1 +0,0 @@
-Added dependencies for Swoosh's Mua mail adapter

changelog.d/token-view-scopes.add

@@ -1 +0,0 @@
-Include session scopes in TokenView

changelog.d/update-oban.change

@@ -1 +0,0 @@
-Update Oban to 2.18

changelog.d/user-imports.fix

@@ -1 +0,0 @@
-Imports of blocks, mutes, and follows would retry repeatedly due to incorrect error handling and all work executed in a single job

changelog.d/vapid_keyword_fallback.fix

@@ -1 +0,0 @@
-Make vapid_config return empty array, fixing preloading for instances without push notifications configured

changelog.d/workerhelper.change

@@ -1 +0,0 @@
-Worker configuration is no longer available. This only affects custom max_retries values for a couple Oban queues.