Skip to content

@Gargron Gargron released this Oct 30, 2018




Link ownership verification (#8703)

You can now verify that you own the links you put into your profile metadata. The linked page must link back to your Mastodon profile, and the link must have a rel="me" attribute. Twitter automatically puts that attribute on profile links, so you can, for example, verify that you and your Twitter account are the same person. It's also useful for homepages, blogs -- anything that might indicate your identity.

Redesigned forms (#8703)

Forms throughout the interface are more readable and better organized.

Revamped direct messages column (#8832, #9022)

Previously the direct messages column listed all individual direct messages both addressed to you and from you. The revamped column groups messages by conversations, i.e. reply chains and participants, which is more in line with what you would expect from such a screen. Conversations you have never opened are highlighted.

Add limit for the number of people that can be followed from one account (#8807)

Previously there were no limits of how many accounts you could follow, save for the API's generous request rate limits. A couple times this resulted in spam accounts following hundreds of thousands of users before they were caught. Besides being annoying to the people being followed by a spam account, following such a large number of accounts increases the load on the server. Now, you can follow up to 7,500 accounts, after which the limit is increased according to your own followers count.

Show "read more" link on overly long in-stream toots (#8205)

Non-Mastodon software in the fediverse may allow much higher character limits, which results in a lot of scrolling in Mastodon's interface. Now, overly long toots are cut off. This should never occur with Mastodon's 500 character limits, unless the toot is abusing line breaks to be super tall on purpose.

Add in-stream link preview (#9120)

Preview cards for articles, YouTube videos, Bandcamp players and other sites that previously only appeared on detailed view now appear on timelines.


  • Add support for styled scrollbars in Firefox Nightly (#8653)
  • Add highlight to the active tab in web UI profiles (#8673)
  • Add auto-focus for comment textarea in report modal (#8689)
  • Add auto-focus for emoji picker's search field (#8688)
  • Add user preference to always expand toots marked with content warnings (#8762)
  • Add user preference to always hide all media (#8569)
  • Add a confirmation dialog when hitting reply and the compose box isn't empty (#8893)

REST and Streaming API

Conversations API (#8832)

GET /api/v1/timelines/direct is being deprecated in favour of GET /api/v1/conversations. The old API's design did not support filtering or pagination very well. The new conversations API groups direct messages by conversations and participants. The streaming API is adjusted to publish a new conversation event in the direct stream when a conversation is created or updated.

Support backwards pagination (#8736)

The new pagination param min_id is the symmetrical opposite of max_id, i.e. it can be used for stepwise pagination from older to newer statuses. The difference to since_id is that since_id will always return the latest statuses, just merely cut off by the provided ID. The new param is supported on all API methods that return statuses.

Support different accounts on OAuth authorize page (#8655)

The new force_login param on the OAuth authorize page can be used to force the user to re-login, which can be necessary when you need to authorize an app with multiple accounts on the same server, because by default once an app is authorized, the authorize page instantly redirects you back.


  • Add card attribute to statuses returned from REST API (#9120)


Support for more granular ActivityPub audiences from other software (#8950, #9093, #9150)

Some ActivityPub software supports addressing specific people as being allowed to see a toot without it being, strictly speaking, a direct message. Think circles in Google+ or lists in Facebook, or aspects in Diaspora. This is now handled correctly in Mastodon. Mastodon itself does not, at the moment, implement creating such limited-audience toots.


  • Add support for ActivityPub Page objects (#9121)


Admin UI

  • Change reports overview to group by target account (#8674)
  • Add admin setting to customize mascot (#8766)
  • Add option to block all reports from a domain (#8830)
  • Add PostgreSQL disk space growth tracking in PGHero (#8906)
  • Add button for disabling local account to report quick actions bar (#9024)
  • Change admin accounts UI default sort to most recent (#8813)


  • Change home timelines to exclude DMs (#8940)
  • Change list timelines to exclude all replies (#8683)
  • Change documentation URL in the UI (#8898)
  • Change style of success and failure messages (#8973)
  • Change DM filtering to always allow DMs from staff (#8993)
  • Change recommended Ruby version to 2.5.3 (#9003)
  • Add Czech language (#8594)
  • Add same-site (lax) attribute to cookies (#8626)
  • Add nginx and systemd templates to dist/ directory (#8770)
  • Add support for /.well-known/change-password (#8828)
  • Add option to override FFMPEG binary path (#8855)
  • Add dns-prefetch tag when using different host for assets or uploads (#8942)
  • Add description meta tag (#8941)
  • Add Content-Security-Policy header (#8957)
  • Add cache for the instance info API (#8765)


  • Fix remote statuses using instance's default locale if no language given (#8861)
  • Fix streaming API not exiting when port or socket is unavailable (#9023)
  • Fix network calls being performed in database transaction in ActivityPub handler (#8951)
  • Fix dropdown arrow position (#8637)
  • Fix first element of dropdowns being focused even if not using keyboard (#8679)
  • Fix tootctl requiring bundle exec invocation (#8619)
  • Fix public pages not using animation preference for avatars (#8614)
  • Fix OEmbed/OpenGraph cards not understanding relative URLs (#8669)
  • Fix some dark emojis not having a white outline (#8597)
  • Fix media description not being displayed in various media modals (#8678)
  • Fix generated URLs of desktop notifications missing base URL (#8758)
  • Fix RTL styles (#8764, #8767, #8823, #8897, #9005, #9007, #9018, #9021)
  • Fix crash in streaming API when tag param missing (#8955)
  • Fix hotkeys not working when no element is focused (#8998)
  • Fix some hotkeys not working on detailed status view (#9006)
  • Fix og:url on status pages (#9047)
  • Fix upload option buttons only being visible on hover (#9074)
  • Fix tootctl not returning exit code 1 on wrong arguments (#9094)
  • Fix preview cards for appearing for profiles mentioned in toot (#6934, #9158)
  • Fix local accounts sometimes being duplicated as faux-remote (#9109)
  • Fix emoji search when the shortcode has multiple separators (#9124)
  • Fix dropdowns sometimes being partially obscured by other elements (#9126)
  • Fix cache not updating when reply/boost/favourite counters or media sensitivity update (#9119)
  • Fix empty display name precedence over username in web UI (#9163)
  • Fix td instead of th in sessions table header (#9162)
  • Fix handling of content types with profile (#9132)
  • Change docker-compose default to persist volumes in current directory (#9055)
  • Change character counters on edit profile page to input length limit (#9100)
  • Change notification filtering to always let through messages from staff (#9152)
  • Change "hide boosts from user" function also hiding notifications about boosts (#9147)
  • Change CSS detailed-status__wrapper class actually wrap the detailed status (#8547)

Upgrade notes:

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Non-Docker only:

  • The recommended Ruby version has been bumped to 2.5.3. You can upgrade, or you can continue using the old version by overwriting the .ruby-version file with e.g. 2.5.1 which was recommended previously
  • Install dependencies: bundle install and yarn install

Both Docker and non-Docker:

  1. Run the database migrations:
    • Non-Docker: RAILS_ENV=production bundle exec rails db:migrate
    • Docker: docker-compose run --rm web rails db:migrate
  2. Precompile the assets:
    • Non-Docker: RAILS_ENV=production bundle exec rails assets:precompile
    • Docker: The assets are already precompiled during the build step
  3. Restart all Mastodon processes


Make sure you are not overwriting the Content-Security-Policy headers, as this release of Mastodon adds them by default and ensures no features are broken by them.

Contributors to this release:


Assets 2