Skip to content

Releases: mastodon/mastodon

v4.3.2

03 Dec 15:27
13ab4b5
Compare
Choose a tag to compare

Mastodon

Changelog

Added

Changed

Fixed

Security

  • Update dependencies

Upgrade notes

To get the code for v4.3.2, use git fetch && git checkout v4.3.2.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 or newer
  • PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 18 or newer
  • ImageMagick (optional if using libvips): 6.9.7-7 or newer
  • libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.1.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

  1. Install dependencies with bundle install and yarn install --immutable
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes.

When using docker

  1. Restart all Mastodon processes.

v4.2.14

03 Dec 15:30
d94c734
Compare
Choose a tag to compare

Mastodon

Changelog

Added

Fixed

  • Fix inactive users' timelines being backfilled on follow and unsuspend (#33094 by @ClearlyClaire)
  • Fix direct inbox delivery pushing posts into inactive followers' timelines (#33067 by @ClearlyClaire)
  • Fix TagFollow records not being correctly handled in account operations (#33063 by @ClearlyClaire)
  • Fix pushing hashtag-followed posts to feeds of inactive users (#33018 by @Gargron)
  • Fix and improve batch attachment deletion handling when using OpenStack Swift (#32637 by @hugogameiro)
  • Fix tl language native name (#32606 by @seav)

Upgrade notes

To get the code for v4.2.14, use git fetch && git checkout v4.2.14.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0 to 3.2
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.13.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install and yarn install --frozen-lockfile
  2. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

v4.1.21

03 Dec 15:31
a222e7a
Compare
Choose a tag to compare

Mastodon

Changelog

Fixed

Security

  • Update dependencies

Upgrade notes

To get the code for v4.1.21, use git fetch && git checkout v4.1.21.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.1.18, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

Warning

The minimum required Ruby version has been bumped to 3.0 in Mastodon v4.1.14.

External dependencies have not changed compared to v4.1.14, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0
  • PostgreSQL: 9.5 or newer
  • Elasticsearch (optional, for full-text search): 7.x
  • Redis: 4 or newer
  • Node: >= 14, < 18
  • ImageMagick: 6.9.7-7 or newer

Update steps

The following instructions are for updating from 4.1.20.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install and yarn install --frozen-lockfile

Both Docker and non-Docker:

  1. Restart all Mastodon processes

v4.3.1

21 Oct 09:00
9adb96f
Compare
Choose a tag to compare

Mastodon

Changelog

Added

Changed

  • Change translation feature to translate to selected regional variant (e.g. pt-BR) if available (#32428 by @c960657)

Removed

  • Remove ability to get embed code for remote posts (#32578 by @ClearlyClaire)
    Getting the embed code is only reliable for local posts.
    It never worked for non-Mastodon servers, and stopped working correctly with the changes made in 4.3.0.
    We have therefore decided to remove the menu entry while we investigate solutions.

Fixed

Upgrade notes

To get the code for v4.3.1, use git fetch && git checkout v4.3.1.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 or newer
  • PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 18 or newer
  • ImageMagick (optional if using libvips): 6.9.7-7 or newer
  • libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.0.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

  1. Install dependencies with bundle install and yarn install --immutable
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes.

When using docker

  1. Restart all Mastodon processes.

v4.3.0

08 Oct 12:22
ab36c15
Compare
Choose a tag to compare

Mastodon

Upgrade overview

This release contains upgrade notes that deviate from the norm:

‼️ Requires new encryption secrets environment variables
⚠️ The minimal supported version for PostgreSQL has been bumped to 12, and PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug
⚠️ The minimal supported version for Ruby has been bumped to 3.1
⚠️ The minimal supported version for Node.js has been bumped to 18
⚠️ Requires rebuilding Elasticsearch accounts index
⚠️ We switched from yarn 1 to yarn 4, and recommend using corepack
⚠️ The Docker image has been split in two separate images
⚠️ Rolling updates from versions earlier than Mastodon 4.2 are not supported
⚠️ StatsD integration has been removed, replaced by OpenTelemetry integration
⚠️ ImageMagick is being deprecated and may be removed in a future version
ℹ️ Requires streaming API restart
ℹ️ Requires database migrations
ℹ️ The logging format of the streaming server has changed

For more information, view the complete release notes and scroll down to the upgrade instructions section.

Changelog

The following changelog entries focus on changes visible to users, administrators, client developers or federated software developers, but there has also been a lot of code modernization, refactoring, and tooling work, in particular by @mjankowski.

Security

  • Add confirmation interstitial instead of silently redirecting logged-out visitors to remote resources (#27792, #28902, and #30651 by @ClearlyClaire and @Gargron)
    This fixes a longstanding open redirect in Mastodon, at the cost of added friction when local links to remote resources are shared.
  • Fix ReDoS vulnerability on some Ruby versions (GHSA-jpxp-r43f-rhvx)
  • Change form-action Content-Security-Policy directive to be more restrictive (#26897 and #32241 by @ClearlyClaire)
  • Update dependencies

Added

Read more

v4.3.0-rc.1

30 Sep 11:01
0321008
Compare
Choose a tag to compare
v4.3.0-rc.1 Pre-release
Pre-release

Mastodon

Warning

This is a pre-release! This has not been as widely tested as regular releases, although it is still tested on mastodon.social and some other servers. If you update to this release, you will not be able to safely downgrade to the existing stable releases. You will, however, be able to upgrade to later nightly releases, prereleases as well as the upcoming 4.3.0 stable release.

Upgrade overview

This release contains upgrade notes that deviate from the norm:

‼️ Requires new encryption secrets environment variables
⚠️ The minimal supported version for PostgreSQL has been bumped to 12
⚠️ The minimal supported version for Ruby has been bumped to 3.1
⚠️ The minimal supported version for Node.js has been bumped to 18
⚠️ Requires rebuilding Elasticsearch accounts index
⚠️ We switched from yarn 1 to yarn 4, and recommend using corepack
⚠️ The Docker image has been split in two separate images
⚠️ Rolling updates from versions earlier than Mastodon 4.2 are not supported
⚠️ StatsD integration has been removed, replaced by OpenTelemetry integration
⚠️ ImageMagick is being deprecated and may be removed in a future version
ℹ️ Requires streaming API restart
ℹ️ Requires database migrations
ℹ️ The logging format of the streaming server has changed

For more information, scroll down to the upgrade instructions section.

Changelog (v4.3.0-rc.1)

Security

Added

  • Add “A Mastodon update is available.” message on admin dashboard for non-bugfix updates (#32106 by @ClearlyClaire)
  • Add ability to view alt text by clicking the ALT badge in web UI (#32058 by @Gargron)
  • Add preview of followers removed in domain block modal in web UI (#32032 and #32105 by @ClearlyClaire and @Gargron)
  • Add server-side notification grouping for follow notifications (#32085 by @renchap)
  • Add reblogs and favourites counts to statuses in ActivityPub (#32007 by @Gargron)
  • Add OTEL_SERVICE_NAME_SEPARATOR to further customize OpenTelemetry service names (#31998 by @timetinytim)

Changed

Fixed

  • Fix missing permission on new embeds making them unclickable (#32135 by @Gargron)
  • Fix missing border in some admin UI tables (#32128 by @mjankowski)
  • Fix recently used tags hint being displayed in profile edition page when there is none (#32120 by @mjankowski)
  • Fix checkbox lists on narrow screens in the settings interface (#32112 by @mjankowski)
  • Fix scrollbar width (#32091 by @ClearlyClaire)
  • Fix typo causing incorrect error being raised in blurhash processing failure (#32104 by @ClearlyClaire)
  • Fix the position of status action buttons being affected by interaction counters (#32084 by @renchap)
  • Fix too many requests caused by relationship look-ups in web UI (#32042 by @Gargron)
  • Fix wrapping in dashboard quick access buttons (#32043 by @renchap)
  • Fix the summary of converted ActivityPub object types to be treated as HTML (#28629 by @Menrath)
  • Fix error when accepting an appeal for sensitive posts deleted in the meantime (#32037 by @ClearlyClaire)
  • Fix multiple bugs in notification requests and notification policies (#32062 by @ClearlyClaire)
  • Fix error when encountering reblog of deleted post in feed rebuild (#32001 by @ClearlyClaire)
  • Fix links for reblogs in moderation interface (#31979 by @ClearlyClaire)
  • Fix Safari browser glitch related to horizontal scrolling (#31960 by @Gargron)
  • Fix the appearance of avatars when they do not load (#31966 by @renchap)
  • Fix spurious error notifications for aborted requests in web UI (#31952 by @c960657)

Removed

Changelog (v4.3.0-beta.2)

Security

Added

Changed

Fixed

Read more

v4.2.13

30 Sep 11:50
Compare
Choose a tag to compare

Mastodon

Changelog

Security

Added

  • Add “A Mastodon update is available.” message on admin dashboard for non-bugfix updates (#32106 by @ClearlyClaire)

Changed

Fixed

  • Fix replies collection being cached improperly
  • Fix security context sometimes not being added in LD-Signed activities (#31871 by @ClearlyClaire)
  • Fix error when encountering reblog of deleted post in feed rebuild (#32001 by @ClearlyClaire)

Upgrade notes

To get the code for v4.2.13, use git fetch && git checkout v4.2.13.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0 to 3.2
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.12.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install and yarn install --frozen-lockfile
  2. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

v4.1.20

30 Sep 11:47
Compare
Choose a tag to compare

Mastodon

Changelog

Security

Changed

Fixed

  • Fix replies collection being cached improperly
  • Fix security context sometimes not being added in LD-Signed activities (#31871 by @ClearlyClaire)
  • Fix error when encountering reblog of deleted post in feed rebuild (#32001 by @ClearlyClaire)

Upgrade notes

To get the code for v4.1.20, use git fetch && git checkout v4.1.20.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.1.18, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

Warning

The minimum required Ruby version has been bumped to 3.0 in Mastodon v4.1.14.

External dependencies have not changed compared to v4.1.14, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0
  • PostgreSQL: 9.5 or newer
  • Elasticsearch (optional, for full-text search): 7.x
  • Redis: 4 or newer
  • Node: >= 14, < 18
  • ImageMagick: 6.9.7-7 or newer

Update steps

The following instructions are for updating from 4.1.19.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install and yarn install --frozen-lockfile

Both Docker and non-Docker:

  1. Restart all Mastodon processes

v4.3.0-beta.2

17 Sep 15:53
3e91c10
Compare
Choose a tag to compare
v4.3.0-beta.2 Pre-release
Pre-release

Mastodon

Warning

This is a pre-release! This has not been as widely tested as regular releases, although it is still tested on mastodon.social and some other servers. If you update to this release, you will not be able to safely downgrade to the existing stable releases. You will, however, be able to upgrade to later nightly releases, prereleases as well as the upcoming 4.3.0 stable release.

Upgrade overview

This release contains upgrade notes that deviate from the norm:

‼️ Requires new encryption secrets environment variables
⚠️ The minimal supported version for PostgreSQL has been bumped to 12
⚠️ The minimal supported version for Ruby has been bumped to 3.1
⚠️ The minimal supported version for Node.js has been bumped to 18
⚠️ Requires rebuilding Elasticsearch accounts index
⚠️ We switched from yarn 1 to yarn 4, and recommend using corepack
⚠️ The Docker image has been split in two separate images
⚠️ Rolling updates from versions earlier than Mastodon 4.2 are not supported
⚠️ StatsD integration has been removed, replaced by OpenTelemetry integration
⚠️ ImageMagick is being deprecated and may be removed in a future version
ℹ️ Requires streaming API restart
ℹ️ Requires database migrations
ℹ️ The logging format of the streaming server has changed

For more information, scroll down to the upgrade instructions section.

Changelog (v4.3.0-beta.2)

Security

Added

Changed

Fixed

Changelog (v4.3.0-beta.1)

The following changelog entries focus on changes visible to users, administrators, client developers or federated software developers, but there has also been a lot of code modernization, refactoring, and tooling work, in particular by @mjankowski.

Security

  • Add confirmation interstitial instead of silently redirecting logged-out visitors to remote resources (#27792, #28902, and #30651 by @ClearlyClaire and @Gargron)
    This fixes a longstanding open redirect in Mastodon, at the cost of added friction when local links to remote resources are shared.

Added

Read more

v4.3.0-beta.1

23 Aug 16:18
97f6baf
Compare
Choose a tag to compare
v4.3.0-beta.1 Pre-release
Pre-release

Mastodon

Warning

This is a pre-release! This has not been as widely tested as regular releases, although it is still tested on mastodon.social and some other servers. If you update to this release, you will not be able to safely downgrade to the existing stable releases. You will, however, be able to upgrade to later nightly releases, prereleases as well as the upcoming 4.3.0 stable release.

Upgrade overview

This release contains upgrade notes that deviate from the norm:

‼️ Requires new encryption secrets environment variables
⚠️ The minimal supported version for PostgreSQL has been bumped to 12
⚠️ The minimal supported version for Ruby has been bumped to 3.1
⚠️ The minimal supported version for Node.js has been bumped to 18
⚠️ Requires rebuilding Elasticsearch accounts index
⚠️ We switched from yarn 1 to yarn 4, and recommend using corepack
⚠️ The Docker image has been split in two separate images
⚠️ Rolling updates from versions earlier than Mastodon 4.2 are not supported
⚠️ StatsD integration has been removed, replaced by OpenTelemetry integration
⚠️ ImageMagick is being deprecated and may be removed in a future version
ℹ️ Requires streaming API restart
ℹ️ Requires database migrations
ℹ️ The logging format of the streaming server has changed

For more information, scroll down to the upgrade instructions section.

Changelog

The following changelog entries focus on changes visible to users, administrators, client developers or federated software developers, but there has also been a lot of code modernization, refactoring, and tooling work, in particular by @mjankowski.

Security

  • Add confirmation interstitial instead of silently redirecting logged-out visitors to remote resources (#27792, #28902, and #30651 by @ClearlyClaire and @Gargron)
    This fixes a longstanding open redirect in Mastodon, at the cost of added friction when local links to remote resources are shared.

Added

Read more