v1.3.1

Immediate hotfix for obscure formatting issue that slipped through review and testing.

v1.3

This update includes important security fixes.

Fixes:

• Textarea height reset on submission (#2236)
• Fixed mistakes in onboarding modal (#1964)
• Improve bio compatibility with GNU social (#2278)
• Adjust boost icon tooltip according to visibility (#1754)
• Support for IDN (utf8/punycode) URLs (#2363, #2370)
• Fix e-mail whitelist rules (#2213)
• Fix hashtags in private toots listing the toot on public hashtag pages (#2182)
• Fix status being available in public timelines before images finished attaching (#2426)
• Add shared status tampering verification (#2525)
• Hide redundant links on small screens (#2175)
• Fix mangling of ##tags (#2247)
• Various performance improvements, bug fixes

Features:

• Version now returned in API (#2181)
• Display remaining characters when editing profile (2219)
• Display local time rather than UTC through JS (#2174)
• API for single notification dismissal (#2251)
• Emoji picker can now be localized (#2294, #2302)
• Improve aria support (#2299, #1424, #2516)
• Confirmation modals for deleting, blocking and muting (#2279)
• Private toots now federate out to remote followers (#2111)
• Improved reports admin UI (#2349)
• Switching the context column in web UI made faster (#2271)
• Right-to-left design for the UI (#2378)
• API support for idempotency header to prevent duplicate toots via network failures (#2419)
• Save media dimensions for media attachments (#2448)
• Link preview cards now support OEmbed, e.g. YouTube, Vimeo, Flickr embeds (#2337)
• Mastodon self-identifies when doing HTTP requests (#2073, #2253)

Various improved localizations and new translations.

Upgrade notes:

• This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
• This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)
• This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors:

@178inaba
@akihikodaki
@Aldarone
@alpaca-tc
@ameliavoncat
@anon5r
@Artoria2e5
@ashfurrow
@benediktg
@blinry
@camponez
@codl
@diomed
@DoubleMalt
@esetomo
@evanminto
@expenses
@Fiaxhs
@Gargron
@ik11235
@ineffyble
@j0k3r
@jeroenpraat
@JoelQ
@jpdevries
@kayleej
@kodnaplakal
@LindseyB
@mabkenar
@magurotabetai
@masarakki
@mecab
@michaeljdeeb
@mig5
@mjankowski
@mtparet
@Naouak
@nolanlawson
@orzFly
@Quent-in
@rainyday
@ramlmn
@saper
@shnjp
@siuying
@stephenburgess8
@STJrInuyasha
@suzukaze
@tahnok
@takp
@ThibG
@tsuwatch
@unarist
@walf443
@Wonderfall
@yhirano55
@yiskah
@ykzts
@ymmtmdk
@yookoala

1.2.2

This release includes important security improvements and fixes.

Fixes:

• Remove unneeded query when posting toot without attachments (#1907)
• Long statuses in boost dialog scroll again (#1710)
• Fix unreblog/unfavourite API returning stale boolean result (#1989)
• Fix treatment of special characters in XML (#1988)
• Skip posting to the API if text is empty (#1962)
• Optimized logo to look sharper (#2020)
• Cache account IDs to be excluded from public timelines (blocked, blocking, muted accounts) for faster queries (#1858)
• Fix multiple load-more requests being fired on account timelines (#2066)
• Ensure that uploaded files are saved with a file extension (#2078)
• Remove unused fonts (#2103)
• Language detection falls back to user's selected locale, otherwise to default locale (#2099)
• Hide link preview if there is a content warning (#1617)
• Fix broken URLs due to HTML escaping (#2138)
• Use confirmed users in about/more stats instead of all (#2127)
• Fix potential for webfinger redirect misuse (#2147)
• Uncached attachments now have type unknown (instead of image, video etc) and no longer transparently hotlink to the remote URL. In the web UI, they are now displayed as a list of links, instead of preview (#2110)
• Fix gif uploads (#2172)

Features:

• Streaming API server now can run in a cluster mode (i.e. multiple processes kickstarted by one master process) (#1970)
• Preferred user locale assigned on sign-up (#1982)
• When over the character limit, character counter goes red (#1980)
• Disable toot button when over character limit (#2088)
• Option to disable all GIF autoplay in the web UI (#1991)
• List of known instances in admin UI (#2095)
• Filter reports by accounts/target accounts (#2092)
• API to retrieve status no longer requires authentication (similar to public timelines APIs) (#1919)
• Rate limits on login attempts, sign-up attemps, and forgotten password attempts (#2079)
• Automatically expand textarea (#2128)
• OpenGraph tags on public followers/following pages (#2052)

There are also various localization additions and improvements, as well as refactors and new test suites.

Upgrade notes:

• This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)
• This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release:

@8398a7
@857b
@abcang
@alpaca-tc
@anon5r
@Artoria2e5
@ashfurrow
@blackle
@bradurani
@chrolis
@cyweo
@d6rkaiz
@daprice
@dar5hak
@diomed
@dunn
@eramdam
@evilny0
@expenses
@fsubal
@Gargron
@geta6
@happycoloredbanana
@hugogameiro
@ian-kelling
@iblech
@ik11235
@ikasoumen
@ineffyble
@iwaim
@jeroenpraat
@JoelQ
@jpdevries
@k0ta0uchi
@kodnaplakal
@kuro5hin
@matsurai25
@matteoaquila
@mig5
@mistydemeo
@mjankowski
@Moosh-be
@PatF
@reedcourty
@rkarabut
@SansPseudoFix
@saper
@saturday06
@snwh
@tmyt
@tomfhowe
@tototoshi
@trebmuh
@tsuwatch
@usagi-f
@walf443
@ykzts
@yookoala
@zacanger

1.2.1

See 1.2.2

1.2

• JS subresource integrity (#1729)
• Title attribute on URLs (#1755)
• List of muted users in web UI (#1799)
• Ability to run Mastodon on a subdomain while using root domain as identifier (#1267)
• Periodic refreshing of Webfinger-sourced data to help with cases where URLs or public keys of an account have changed (#1323)
• Recovery codes for 2FA (#1773)
• Deployment with single-user mode enabled gives chance for one account to register (#1820)
• Admin function to reset someone's password (#1841)
• Use a slightly different reply icon to indicate when a toot is part of a conversation (#1869)
• Error message if video cannot be played (#1879)
• Atom feeds always have valid title tags (#1875)
• Improved compatibility with Google Cloud Storage instead of S3 (#1886)
• Improved admin domain block UI and functionality (#1865):
  • Ability to undo a domain block
  • Ability to specify an option to block media caching from a domain
  • API returns remote URL for media attachment instead of locally cached one if there is no locally cached copy (i.e. hotlinking)
• Home column regex filter now matches against plain-text instead of HTML markup (#1845)
• Less network requests when processing mentions from Atom (#1938)
• Update OStatus2 dependency to fix incompatibility with Ruby 2.4.1 (#1936)
• Web UI greets new users with a modal explaining first steps (#1883)
• Use heuristics to detect language of toots and return it from the API (#1772)
• You can now put down CSS (SCSS) customizations into a special file that isn't in version control and so will not be overwritten by future updates (#1368)
• Various bug fixes and refactors, special shout out to @mjankowski
• Various improvements to existing localizations
• Rake task to clear out unconfirmed user accounts older than 2 days rake mastodon:users:clear
• Rake task that unites all other mandatory periodic tasks: rake mastodon:daily

Upgrade notes:

• This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
• This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)

Contributors to this release:

• abcang
• Akihiko Odaki
• Alda Marteau-Hardi
• Alex Dunn
• alpaca-tc
• Amakasu Ryoma
• Andrew
• Ash Furrow
• Ben Roberts
• Bryce Chidester
• Chad Pytel
• Darío Hereñú
• Eduardo Elias
• Effy Elden
• Erwan Leboucher
• Eugen Rochko
• Fjoerfoks
• George Hattori
• goofy-bz
• Henry Smith
• Hiromi Kai
• Ian Kelling
• Isabelle Knott
• Joachim Viide
• JP DeVries
• Kazuhiro NISHIYAMA
• Keiji, Yoshimi
• Koala Yeung
• Les Orchard
• Luc Didry
• luigi
• Marcin Cieślak
• Matt Jankowski
• maxypy
• mshrtkch
• Naouak
• oliverkeeble
• Olivier Humbert
• Patrick Figel
• Pierre Ozoux
• Ratmir Karabut
• rysiekpl
• Setuu
• Shel Raphen
• Shouko Yu
• tackeyy
• Takayuki KUSANO
• ThibG
• Thor Harald Johansen
• Valentin Lorentz
• Wonderfall
• Yuki Nakagawa
• Zac Anger
• 新都心(Neet Shin)
• 西小倉宏信

1.1.2

• Improved emoji picker (#1395, #1403, #1464)
• Improved scrolling performance (#1415)
• Can type while image is uploading (#1429)
• Filtered notifications column now paginates properly (#1341)
• Recommended Ruby version bumped to 2.4.1 (#1159)
• GIF avatars are now hover-to-play (#1428)
• Optional (off by default) boost confirmation dialog (Shift+Boost to skip) (#1507, #1638)
• Default log level is now INFO instead of DEBUG (#1579)
• Fixed wrong SMTP default breaking e-mail sending (#1563)
• Focus textarea after image finished uploading (#1320)
• Better microformats markup on public pages (#1063)
• Clear spoiler text when replying to toot without spoiler text (#1662)
• Videos can be expanded (#1688)
• Overlay icon button style that is easier to see
• Convert emoji shortcodes into UTF8 when posting (#1666)
• Fix report comments being reset while typing (#1699)
• Ensure all attachments get an extension in their filename based on content type (#1718)
• Fix drag & drop area not appearing in Firefox (#1721)

Localizations fixes, improvements or additions:

• Russian
• Finnish
• Norwegian
• Dutch
• French
• Japanese
• Spanish
• Italian
• Bulgarian
• Portuguese

Upgrade notes:

• An upgrade to Ruby 2.4.1 means having to install Ruby 2.4.1 and reinstalling the bundler gem as a minimum: rbenv install 2.4.1; gem install bundler --no-ri (not required in Docker deployments)
• This release includes dependency updates, that means you need to run bundle install and yarn install (not required in Docker deployments)
• Most importantly, the hover-to-play update for GIF avatars means static versions of GIF avatars need to be generated, or else they wouldn't show up. A rake task has been added for this one-time occasion: rake mastodon:maintenance:add_static_avatars (This will iterate over all accounts who have GIF avatars or headers, and re-process them to generate a static non-GIF version. Please mind that this means downloading and uploading data if your files are stored in the cloud like Amazon S3 or GCS, which could incur costs. If you don't run this task, users with GIF avatars will simply have to re-upload theirs manually)

Contributors to this release:

• Alexander Mankuta
• Alexsander Akers
• Alyssa Ross
• Ash Furrow
• Ben Roberts
• blackle
• Carlos A. Escobar
• CgX
• Chris Martin
• Christopher Su
• Corey Dutson
• d0p1
• Daijiro Wachi
• David Libeau
• Effy Elden
• Eric Blade
• Eugen Rochko
• Gavin Mogan
• goofy-bz
• Henry Smith
• Hugo Gameiro
• INAGAKI Hiroshi
• Isabelle Knott
• James Moore
• Jantso Porali
• Jessica Stokes
• jukper
• Julien Deswaef
• karlyeurl
• Knut Erik
• Koala Yeung
• Komic
• lindwurm
• Lukas Burk
• Manato Kameya
• matteoaquila
• Matteo Aquila
• Matthias Jouan
• Matt Jankowski
• May Kittens Devour Your Soul
• Musee U
• pinfort
• Rachel H
• Ram Lmn
• Ratmir Karabut
• R Tucker
• Ryan Freebern
• Shel R
• spf
• Stephen Burgess
• Svetlozar Todorov
• Thomas Citharel
• Thor Harald Johansen
• tom
• Valentin Ouvrard
• Yann GUERN
• YOSHIOKA Eiichiro
• Yusuke Abe
• 新都心(Neet Shin)

1.1.1

• Webfinger query's canonical username/domain are used instead of initial user input, which may have wrong casing
• Fixed regression that broke form submissions with a 422 error page
• Fixed a situation in which a profile update job was queued with a nil account ID
• Fixed wrongfully skipped profile update jobs
• More Finnish localizations
• More French localizations
• More German localizations
• More Portuguese localizations
• Column header icons now have descriptive tooltips
• Two factor authentication now requires OTP token confirmation before being enabled
• Public timeline APIs are now public (require no registered app/user)
• Added API for profile updating: PATCH /api/v1/accounts/update_credentials
• HTTP Accept-Language header used to determine UI language if no other preferences set by user
• Added env variable to control which is the instance's default locale (DEFAULT_LOCALE)
• Added env variable to disable usage of SQL prepared statements, e.g. when you want to use pgbouncer in transaction pooling mode (PREPARED_STATEMENTS=false)
• Added env variable to change Rails log level (e.g. RAILS_LOG_LEVEL=debug by default)
• Fix "last visited" URLs that are used to redirect back from sign-in wrongfully including API URLs
• Fixed titles in Atom feeds being unsemantic

Many documentation pages have also been updated. Also, reminder that since v1.1 there are four Sidekiq queue types:

• default: local toot distribution and other local tasks
• push: delivery of toots to remote servers, processing of remote toot payloads
• pull (this is new since v1.1): fetching of data from remote servers, e.g. resolving threads, updating profile data like avatars
• mailers: e-mail delivery

Contributors to this release:

• Aguay-val
• Alda Marteau-Hardi
• Amanda Visconti
• André Lewin
• Ash Furrow
• ava
• awea
• axolotl
• Ben Field
• benklop
• Blake
• Brad Janke
• Brian Mock
• Chad Pytel
• Chris Heninger
• Christopher Gilbert
• David Authier
• David Celis
• David Huerta
• Derek Lewis
• Ed Knutson
• Effy Elden
• Elizabeth Myers
• Erwan Leboucher
• Eugen Rochko
• Florian Maunier
• foxiehkins
• Guewen FAIVRE
• Hugo Gameiro
• isati
• Jack Michaud
• James Smith
• Jantso Porali
• Jason Rhodes
• Joël Quenneville
• Jonathan Klee
• Julien
• kadiix
• Kody
• Korbinian
• Kurtis Rainbolt-Greene
• Lukas Fülling
• Markus Amalthea Magnuson
• Markus R
• Matt Jankowski
• Milton Mazzarri
• Mouse Reeve
• Nick Gerakines
• Nicolai von Neudeck
• Ninetailed
• Olivier Humbert
• Ornithologist Coder
• Pavel Djundik
• Rachel H
• Ray Alez
• rbaumert
• R Tucker
• Sebastian Hübner
• seekr
• Sergei Č
• Shel R
• spf
• StefOfficiel
• Technowix
• Thibaut (Eychics)
• ThibG
• Thomas Alberola
• Thomas Citharel
• Toby Deshane
• tom
• Tristan Mahé
• Valentin_NC
• Valentin Ouvrard
• VirtuBox
• Vladimir Mincev
• Yann GUERN
• YDrogen
• ZiiX

1.1

Regular iterative release in a stable state.

Contributors to this release:

• Adam Thurlow
• Aesen
• Alexander Acevedo
• Alex Gleason
• Alice
• Angristan
• Ash Furrow
• blackle
• Brad Urani
• Cédric Levieux
• Christopher Kolstad
• Clément D
• Damien Erambert
• David Baumgold
• Drew DeVault
• Effy Elden
• Eugen Rochko
• Evan Minto
• Florian Maunier
• Florian Piesche
• halna_Tanaguru
• Ian McDowell
• Isabelle Knott
• James Moore
• JantsoP
• Jantso Porali
• Jason Snell
• jenn kaplan
• Jessica Stokes
• Jo Decker
• Jonathan Hurter
• Jordan Guerder
• Kazhnuz
• Kibigo
• Kibigo!
• Kit Redgrave
• Korbinian
• Kurtis Rainbolt-Greene
• leopku
• Leo Wzukw
• Lorenz Diener
• Markus Amalthea Magnuson
• Marvin Kopf
• Matt Jankowski
• Maxime BORGES
• Michael Vieira
• Neville Park
• Niclas Darville
• nicobz25
• nicolas
• Nope Nope
• Olivia Mossberg
• Padraig Fahy
• Pete Keen
• Pierre Ozoux
• Rakib Hasan
• Ryan Wade
• Samy KACIMI
• scriptjunkie
• Sébastien Santoro
• shel
• Sina Mashek
• TheKinrar
• Thibaut (Eychics)
• Tobias Merkle
• Tom McAtee
• Udo Kramer
• undrskr
• Valentin Lorentz
• walfie
• Wonderfall
• wxcafé
• Your Name

Nipple Tooth

First major stable release of Mastodon! Mastodon translated literally means "nipple tooth"