Skip to content


Choose a tag to compare
@Gargron Gargron released this 22 May 18:18



Offline functionality: (#6876, #6886)

The Mastodon webapp is a Progressive Web App, and now it can run without an active internet connection, too. While many of the functions will not be available, already loaded content will remain accessible. Once a connection is re-established, a clickable gap will be displayed in the columns, allowing you to load things you might have missed while you were offline.

Direct messaging improvements (#6956, #7089, #4514, #7067)

You can now begin a direct message to someone from the dropdown menu on their profile or on their toots. A warning will be displayed that all mentioned users will be able to see the message. A new type of column is now available, which lists all of your direct message correspondence.

New profile metadata (#6645, #7288)

You can now set up to 4 custom properties on your public profile (label and value). For example, you could link to your website, your Patreon, list your e-mail address for inquires, your pronouns, or who drew your avatar.

RSS for users (#7259)

User profiles and hashtags now offer RSS feeds. The content inside the user profile feed is the same as on the Atom feed (public and unlisted toots), but in a more feed reader-friendly format.

Admin UI improvements (#7188, #7189, #7347, #7342)

The report screen has been revamped. Staff can leave notes on reports as well as individual accounts. A history of actions performed on the report is displayed right there and then. The reported toots are displayed in a more compact and polished manner.

The admin view of an account's toots no longer includes private and direct toots. However, if they are reported, they still show up on the report screen.

When a report comes from another server, the account associated with it is not actually the person who sent the report, but a representative account of the server it was sent from, e.g. an admin. Now the report UI reflects this to reduce confusion.

Updated privacy policy (#6666)

We were previously using the privacy policy from Discourse verbatim (which, in turn, is a verbatim copy of the one in WordPress). The policy contained a lot of protections for behaviour the Mastodon software was not exhibiting. The new policy is more narrow and explicit and explains in more detail what kind of data you can store in Mastodon and how it is used. Instead of 5 years, automatic scrubbing of old IP addresses in the database will occur every 12 months.

Bot accounts (#7391)

If you run bots on Mastodon, you can now opt-in to display a bot badge on your profile. This works with non-Mastodon software, too, if the ActivityPub actor is of the Service or Application type. In the future, more features might be implemented to filter bot accounts or opt-out of interactions with them.

Custom emojis in profiles (#6124, #7374)

You can now use custom emojis in your profile's bio, in your display name, and in the values of the profile metadata properties mentioned earlier.

Add preference to hide following/followers lists (#7532)

You can now choose to hide who you follow and who follows you from your public profile. The setting likewise hides this information from ActivityPub data and the REST API. Please mind that such information is an important discovery mechanism for other people for finding good content, but it can also be abused for profiling by association, which is why we are adding this option. Please also mind that the information could be stitched together under certain circumstances: a server where you have a number of followers will know about those followers, another server will know about its followers, etc.


UI/UX additions:

  • Added missing management UI for user-hidden domains (#6628)
  • Allow boosting own private toots to followers (#6157)
  • Collapse overly long conversations on public pages, with controls for expanding (#7102)
  • Added hotkey for revealing/hiding text behind a content warning (#7173)
  • Added high contrast theme (#7213)
  • Automatically resize images before upload in web UI to reduce bandwidth usage (#7223)
  • "Administered by" information on the frontpage (#6984)
  • Add search item to tab bar for mobile devices (#7072)
  • Hide search from compose tab on mobile devices (#7077)
  • Show media in a modal on public pages too (#6801)
  • Added contact e-mail hint to 2FA login form (#7376)
  • Added hint about 7 day cooldown for archive takeout (#7375)
  • Show media modal on public timeline (#7413)

Administration additions:

  • Ability to define a list of disallowed hashtags (#7176)
  • Added "1 week" as expiry option for invites (#6872)
  • Admins and moderators now have the ability to remove an account’s avatar (#6998)
  • Ability to change the user’s email address (#7074)
  • Ability to resend confirmation emails (#7378)
  • Allow searching for custom emojis by incomplete shortcode in admin UI (#7099)

Deployment additions:

  • Ability to specify Redis password during mastodon:setup (#7222)
  • Enable ElasticSearch support by default on Nanobox (#6977)
  • Support for running Mastodon as a hidden service (e.g. Tor) (#7134)
  • Log when a rate limit is hit by someone (#7096)

REST API additions:

  • Enable updating additional account information from user preferences via REST API (#6789)
  • New rate limit for POST /api/v1/media to limit amount of data someone could upload in 24h to 10GB (#7337)
  • Support explicitly supplying language code for status via REST API (#7389)
  • Disable API access when login is disabled for the account (#7289)
  • Return HTTP 410 for suspended accounts in GET /api/v1/accounts/:id (#7287)
  • Add REST API for Web Push Notifications subscriptions (#7445)

Performance improvements:

  • Improve performance of rendering mentions and custom emojis in text (#7271)
  • Add support for a separate Redis server for volatile cache (#7272)
  • Validate HTTP response length while receiving (#6891)
  • Add a circuit breaker for ActivityPub deliveries to minimize 10s timeouts (#7053)
  • Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
  • Perform processing that does not use the database before connecting to the database in streaming API (#7168)
  • Marginally optimize RAM usage (#7301)
  • Reduce needlessly rendered data in ActivityPub (#7357)
  • Store home feeds for 7 days instead of 14 (#7354)
  • Marginally improve file/identify/convert/ffmpeg calls performance with posix-spawn (#7346)
  • Improve performance of POST /api/v1/statuses (#7317)
  • Improve performance when fetching conversation threads (#7321)
  • Improve performance of rendering Webfinger response (#7319)
  • Improve web UI load performance when there are a lot of custom emojis on the server (#7047)
  • Support gzip encoding on HTTP requests (#7425)
  • Disallow async function in service worker to allow minimizing the JS (#7482)
  • Do not use permitted_for scope when querying pinned statuses (#7510)



  • Rescue SSL errors when processing mentions, remove useless line (#7184)
  • Prevent animations in OpenGraph preview cards (#7109)
  • Ensure SynchronizeFeaturedCollectionWorker is unique and clean up (#7043)
  • Allow more than the max pinned toots if account is not local (#7105)
  • Improve GIFV encoding params (#7098)
  • Remove most behaviour disparities between blocks and mutes (#7231)
  • Fix unpermitted parameters warning when generating pagination URLs (#6995)
  • Rescue Mastodon::LengthValidationError in FetchLinkCardService (#7424)
  • Catch Paperclip processing failures (fixes #6378) (#7439)
  • Update session activation time (fixes #5605) (#7408)
  • Raise Mastodon::RaceConditionError if Redis lock failed (#7511)


  • Add missing OTP_SECRET in scalingo.json (#6917)
  • Do not default SMTP verify mode to "peer", default to "none" (#6996)
  • Improve OpenStack v3 compatibility (#7392)


  • Prevent suspended accounts from appearing in search results when it's an exact match (#7246)
  • When creating status, if no sensitive param is given, use user's default (#7057)


  • Support actors/statuses with multiple types (#7305)
  • Store URIs of follows, follow requests and blocks for ActivityPub to pass them back correctly (#7160)
  • Improve pagination for ActivityPub outbox, following and followers collections (#7356)
  • Fix handling of malformed ActivityPub payloads when URIs are nil (#7370)
  • Fix add/remove activities for pinned toots not being sent (#7393)
  • Forward deletes on the same path as reply forwarding (#7058)
  • Do not ignore unknown media attachments, only skip them (#6948)
  • Fix hashtags not being federated together with mentions (fixes #6900) (#7406)
  • Take the first recognized actor_type. (#7410)
  • Fetch boosted statuses on behalf of a follower (fixes #7426) (#7459)
  • Fix account URI not updating when updating ActivityPub account (#7488)
  • HTTP signatures spec no longer requires algorithms field (#7525)
  • User agent for WebFinger (#7531)
  • Resolve unknown status from Add activity, skip Remove if unknown (#7526)
  • Do not raise delivery failure on 4xx errors, increase stoplight threshold (#7541)


  • The special handling of the "nsfw" hashtag is removed for everything except OStatus. Also, it is now only added to an outgoing status if any media is attached, rather than always when a content warning is present (#7398)
  • Fix custom emoji handling in UpdateRemoteProfileService (OStatus) (#7501)


  • Improve relative timestamps in web UI, show year in dates older than a year (#7233)
  • Place emoji picker top if it is closer to the bottom of the viewport (#7314)
  • Place privacy dropdown menu top if it is closer to the bottom of the viewport (#7106)
  • Fix esc hotkey behavior (#7199)
  • Fix the hot key (j, k) does not function correctly when there is a pinned toot in account timeline. (#7202)
  • Fix caret position after inserting emoji (#7167)
  • Make scroll bars a bit wider on webkit browsers (#7060)
  • Change icon for domain blocks (#7139)
  • Remove duplicate frequently used emojis (#7064)
  • Improve dropdowns accessibility (#7318)
  • Set max-height to videos (and gif videos) on modals (#6914)
  • Note if the user is already following the target when authorizing follow (#6325)
  • Set Referrer-Policy to origin in web UI and public pages of private toots to obfuscate what you were viewing in web UI (#7162)
  • When notification type is filtered, ignore live updates for it, preventing gradual emptying of the column (#7101)
  • Optimize public/headers/missing.png (#7084)
  • Fix text color in "show more" link inside boost confirmation modal (#7183)
  • Able to deactivate invites if they aren't expired (#7163)
  • Use randomized setTimeout when fallback-polling and re-add since_id (#7522)
  • Skip pagination logic for pinned account timelines in reducer (#7540)
  • Do not override the default push notification settings (#6037)
  • In footer, replace text "Mastodon" with logo (#7545)
  • Disables autocorrect/autocapitalize on remote username field. (#7549)
  • Improve default background of public profile header (#7556)
  • Use real container width in MediaGallery srcSet (#7571)


  • Use RAILS_LOG_LEVEL to set log level of Sidekiq, too (#7079)

Upgrade notes:

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)


  • If you are on Ruby 2.3.x and lower you will get errors when uploading images. Please upgrade to Ruby 2.5.1 or at least 2.4.x
  • If avatars and images in web UI are suddenly not loading, check if the server serves them with a CORS header, e.g. Access-Control-Allow-Origin: where is your domain. This is needed for the offline functionality of the webapp to work.
  • If image uploads stopped working (images won't even begin uploading), it's likely you have a restrictive CSP (Content-Security-Policy) header set up and need to adjust it (allow blob: as img-src and connect-src). This is because overly large images will be downsized in the browser before upload to save bandwidth
  • If you get 500 errors related to cache, this might be due to the upgrade from Rails 5.1 to Rails 5.2. The cache can be discarded by using RAILS_ENV=production bundle exec rails console: Rails.cache.delete
  • If you are using Ceph for uploads, add S3_SIGNATURE_VERSION=s3

How to view logs

I get this question a lot so let's get this out of the way. The errors you see in the browser (with the disappointed elephant) are always reflected in the log of the web process. Here is how to view those logs:

  • With Docker: docker logs mastodon_web_1 (add -f for live scroll)
  • Non-Docker: journalctl -u mastodon-web (add -f for live scroll)

Furthermore, each request has a unique Request-Id header, which you can get from the Network tab of your web inspector in the browser. You can search the logs with that Request-Id value to find specifically the error message of that request.

Note: If the web process isn't actually started, the error will not be in those logs. It will most likely be in the Nginx error log, if you use Nginx, e.g.: /var/log/nginx/error.log by default. And it will most likely be about how the web process isn't running.

Contributors to this release: