04 Mar 11:00

f487fc5

v0.14.0-rc3 Spoiled Sloth Pre-release

Pre-release

Hi hi! Here's the third release candidate for 0.14.0 :) Please see the previous release candidate for update and migration notes, but replace rc2 with rc3 throughout. Thanks!

Detailed Changelog

f487fc5 [bugfix] Sanitize incoming PropertyValue fields (#2722)
0b35257 [docs] Update HTTP signature docs a bit (#2721)
66d9297 [bugfix/tracing] fix broken tracing due to conflicting schema url (#2712)
c7845c7 [chore]: Bump golang.org/x/crypto from 0.19.0 to 0.20.0 (#2716)
adb4cdc [chore]: Bump modernc.org/sqlite from 1.28.0 to 1.29.2 (#2718)
ea0efb8 [bugfix] update postgresqlstmt to correctly use postgres err hook (#2711)
40ba936 [docs] Use human sizes for size limitations (#2706)
fcecd0c [bugfix] unwrap boosts when checking in-reply-to status (#2702)
c2a691f [chore] Disable the syslog long message over Unix datagram socket test on macOS (#2700)

Assets 11

28 Feb 12:21

gotosocialorg

v0.14.0-rc2

504c4f2

v0.14.0-rc2 Spoiled Sloth Pre-release

Pre-release

Look at that! This sloth is spoiled rotten! 🦥 👀

Here's the second release candidate for GoToSocial version 0.14.0 Spoiled Sloth!

What happened to the first release candidate, you say? Well, it didn't work properly. But this one does.

Release highlights

Account aliasing. You can now set the alsoKnownAs field on your account via the settings panel, to indicate other accounts you own. This doesn't do much now, but it's the first step towards the Move implementation for account migration coming in v0.15.0. We originally wanted to include Move in this release but it needs more testing so we pushed it back. Hang in there :)
Much better thread sorting. Conversation threads on both the web view and client API use a new sorting mechanism which makes them way more readable. No longer will replies in a thread be scattered all over the place.
Better HTTP signature support. We fixed a longstanding issue with including vs not including query parameters in signed GET requests. We now try (and accept) both methods of constructing signatures. Which leads to...
Improved thread fetching. You'll see far fewer "orphaned" statuses in your timeline now, and you'll see more replies on statuses from other instances.
Syntax highlighting for code blocks on the web UI. When you include a code block in your markdown now, and correctly indicate the language the code is written in, it will be syntax highlighted when rendered on your profile in the web UI. This requires javascript, but it's a progressive enhancement feature. Visitors to your profile with javascript turned off will just see the code block without syntax highlighting :)
Improved "about this instance" page, with a link to the page in the nav bar. Previously the "about this instance" page was more or less hidden. We've now surfaced it better, so you can write all your terms and conditions and instance description stuff there. Relatedly....
Parse instance descriptions and terms and conditions as markdown. Previously it was very difficult to properly edit these fields, because you had to read + write HTML to do so. Now they're parsed as markdown. This means you can more easily include things like blockquotes, lists, etc.
Big refactor of HTML templates + CSS. We did a serious rework of HTML templates to fix indentation. Previously if you did "view source" on a GoToSocial profile page, you'd see a mess of sloppily-indented HTML. With this refactor, the HTML is now nicely indented and much more readable. We also did an accessibility pass and tested our HTML with various screen readers to try to make the web view a bit less annoying to navigate.
First pass at a basic spam filtering system. In light of spam waves happening on the fediverse recently we took a crack at implementing a filter to drop messages identified as spam. This is still in the experimental stage, but it's included in this release so you can try it out already. See the docs for details.

Migration notes

Upgrading

To upgrade to 0.14.0-rc2 from a previous release:

Binary/tar

Stop GoToSocial
Untar the new release, including the web assets and html templates.
Edit your config.yaml file as necessary (see below).
Start GoToSocial

Docker

Stop GoToSocial.
Pull the new docker container (superseriousbusiness/gotosocial:0.14.0-rc2 or superseriousbusiness/gotosocial:latest)
Start GoToSocial.

config.yaml

The configuration file has changed since the previous release. You can see a diff of the config file here: v0.13.0...v0.14.0-rc2#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622

Database Migrations

⚠️ This release contains several database migrations which will run the first time you start up this new version. Be sure not to interrupt this migration process. This will take anywhere between a couple seconds and ten minutes (on slower hardware). Please be patient! ⚠️

Instance description, short description, and terms

Because we changed the way instance description, short description, and terms are parsed and stored, you will need to re-enter these in the admin settings panel. After you've updated to this version, you can just copy-paste your existing descriptions and ToC from the index and about web pages of your instance, and paste them in to the appropriate fields in the settings panel.

(Custom) CSS and HTML

The big refactor of CSS and HTML means that custom CSS from 0.13.x versions of GoToSocial will likely not work as expected on versions >= 0.14.0. The HTML structure changed a bunch, and some of the class names and whatnot have changed as well. Sorry about that! But it needed to be done. For an example of custom css using the new class names and HTML structure, see the following:

/* Theme colors */
:root {
  --acid-green: rgb(63, 255, 0);
  --magenta: rgb(153, 50, 204);
  
  /* Override */
  --orange2: var(--acid-green);
}

html, body {  
  /* Funky scroll bar */
  scrollbar-color: var(--acid-green) var(--gray1);
}

/* Instance display name */
.page-header {
  grid-column: 2;
  align-self: start;
  margin: 1rem 0 1rem 0;
  background-color: var(--gray1);
  border: 0.25rem solid var(--magenta);
  border-radius: var(--br);
}

/* Header card */
.profile .profile-header {
  background-color: var(--gray1);
  border: 0.25rem solid var(--magenta);
}

/* About + Pinned posts headers */
.profile .col-header {
  background: var(--gray1);
  border: 0.25rem solid var(--magenta);
}

.profile .about-user .col-header {
  border-bottom: none;
  margin-bottom: 0;
}

/* Change about sections */
.profile .about-user .fields, .profile .about-user .bio, .profile .about-user .accountstats {
  background: var(--gray1);
  border-left: 0.25rem solid var(--magenta);
  border-right: 0.25rem solid var(--magenta);
}

/* Fiddle around with borders on about sections */
.profile .about-user .fields .field:first-child {
  border-top: 0.25rem dashed var(--magenta);
}
.profile .about-user .fields .field {
  border-bottom: 0.25rem dashed var(--magenta);
}
.profile .about-user .accountstats {
  border-top: 0.25rem dashed var(--magenta);
  border-bottom: 0.25rem solid var(--magenta);
}

/* Statuses + threads */

/* Thread column header */
.thread .col-header {
  background: var(--gray1);
  border: 0.25rem solid var(--magenta);
}

/* Main status body */
.status, .status.expanded {
  background: var(--gray1);
  border: 0.25rem solid var(--magenta);
}

/* Code snippets */
.status .text .content pre, .status .text .content code {
  background: black;
  color: var(--white2);
}

/* Block quotes */
.status .text .content blockquote {
  background-color: black;
}

/* Media wrapper for attachments */
.status .media .media-wrapper {
  background: var(--bg-nearly-opaque);
}
.status .media .media-wrapper details .unknown-attachment .placeholder {
  border: 0.2rem dashed var(--magenta);
}

/* Polls */
.status .text .poll {
  background-color: black;
  border: 0.25rem solid var(--magenta);
}

.status .text .poll .poll-info {
  background-color: black;
}

/* Status info bars */
.status .status-info, .status.expanded .status-info {
  background: black;
}

/* Back + next links */
.backnextlinks {
  background: var(--gray1);
  padding: 0.5rem;
  border: 0.25rem solid var(--magenta);
  border-radius: var(--br);
}

.page-footer {
  margin-top: 2rem;
  background-color: var(--gray1);
  border-top: 0.25rem solid var(--magenta);
}

Detailed changelog

Changelog for 0.13.0 vs 0.14.0-rc2. Some changes mentioned below may have already been included in 0.13.x releases.

Features / Performance

[performance] simpler throttling logic by @NyaaaWhatsUpDoc in #2407
[feature] Run ANALYZE after migrations on SQLite by @daenney in #2428
[feature] Push status edit messages into open streams by @Sentynel in #2418
[feature] request blocking by http headers by @NyaaaWhatsUpDoc in #2409
[feature] Parse instance descriptors as markdown, show T&C on /about by @tsmethurst in #2481
[feature] Allow webp emoji uploads / derefs by @tsmethurst in #2484
[feature] Log pubKeyID for incoming http-signed requests by @tsmethurst in #2501
[feature] Account alias / move API + db models by @tsmethurst in #2518
[feature] Move + alias account via settings panel by @tsmethurst in #2519
[performance] overhaul struct (+ result) caching library for simplicity, performance and multiple-result lookups by @NyaaaWhatsUpDoc in #2535
[feature] Allow "charset=utf8" in incoming AP POST requests by @tsmethurst in #2564
[feature] Ratelimit + serve emoji images on separate router group by @tsmethurst in #2548
[performance] cache library performance enhancements (updates go-structr => v0.2.0) by @NyaaaWhatsUpDoc in #2575
Improve context descendant sorting by @VyrCossont in https...

Contributors

daenney, milas, and 12 other contributors

Assets 11

28 Feb 10:25

gotosocialorg

v0.14.0-rc1

f29d429

v0.14.0-rc1 Spoiled Sloth Pre-release

Pre-release

Whoops! We borked this release candidate. You should use v0.14.0-rc2 instead!

Assets 11

15 Feb 13:18

gotosocialorg

v0.13.3

fb3e3ca

v0.13.3 Spideriest Sloth 2: The re-slothening

Hi everyone! This here's a security + bugfix release for GoToSocial!

Similar to the v0.13.2 release, this one closes a couple gaps with regard to ensuring that models of remote Activities or Objects can't be modified by Actors who don't own the Activity or Object.

It also fixes a couple different bugs with regard to your instance trying to dereference accounts who've blocked you, or whose instances have blocked you, leading to less weird-looking behavior from the user's side :)

Based on the changes included, Bookwyrm federation should hopefully work a little better now as well, but we haven't tested this.

If you're running on v0.13.2 or below, you should update to this release as soon as you have the time. There are no database migrations or frontend file changes, so this should be fairly easy!

Thanks!

Migration notes

Upgrading

See the release notes for 0.13.0 but replace 0.13.0 with 0.13.3 throughout.

config.yaml

No changes since 0.13.2, see 0.13.0 for migration notes from versions < 0.13.0.

Database Migrations

No changes since 0.13.2, see 0.13.0 for migration notes from versions < 0.13.0.

Detailed Changelog

fb3e3ca [chore] also allow text/xml in place of application/xml (#2640)
b9013a8 [bugfix] add stricter checks during all stages of dereferencing remote AS objects (#2639)
a3aa604 [bugfix] Don't return Account or Status if new and dereferencing failed, other small fixes (#2563)
ad6f756 [bugfix] Don't return Internal Server Error when searching for URIs that don't return AP JSON (#2550)
1188971 [feature] Allow "charset=utf8" in incoming AP POST requests (#2564)
5d44ad7 [chore] chore rationalise http return codes for activitypub handlers (#2540)

Assets 11

06 Feb 12:12

gotosocialorg

v0.13.2

f5314c0

v0.13.2 Spideriest Sloth

Release highlights

Fixes some issues where remote accounts could potentially imitate other accounts in order to deliver a subset of activities to a GtS inbox as those accounts. See post https://gts.superseriousbusiness.org/@gotosocial/statuses/01HNZ5GF2EM5M899B7RKXYNMH9 for more details.

This is a recommended security update over anything 0.13.1 and below. You should update your instance when time permits.

Migration notes

Upgrading

See the release notes for 0.13.0 but replace 0.13.0 with 0.13.2 throughout.

config.yaml

No changes since 0.13.1, see 0.13.0 for migration notes from versions < 0.13.0.

Database Migrations

No changes since 0.13.1, see 0.13.0 for migration notes from versions < 0.13.0.

Detailed Changelog

f5314c0 [bugfix] Ensure activities sender always = activities actor (#2608)

Assets 11

10 Jan 13:21

gotosocialorg

v0.13.1

ccecf5a

v0.13.1 Spiderier Sloth

Release highlights

Fixes a couple small issues with poll vote counts and poll expiry, and an issue where domain blocks were sometimes not being properly enforced when deeper- and higher-level domain blocks were used in combination (eg., when combining blocks for say example.org, bad.example.org, also-bad.example.org).

Migration notes

Upgrading

See the release notes for 0.13.0 but replace 0.13.0 with 0.13.1 throughout. Easy peasy!

config.yaml

No changes since 0.13.0, see 0.13.0 for migration notes from versions < 0.13.0.

Database Migrations

No changes since 0.13.0, see 0.13.0 for migration notes from versions < 0.13.0.

Detailed Changelog

ccecf5a [bugfix] fix higher-level explicit domain rules causing issues with lower-level domain blocking (#2513)
d5c305d [bugfix] misc dereferencer fixes (#2475)
1c56192 [feature] Log pubKeyID for http-signed requests (#2501)
f33d05c [bugfix] fix check for closed poll to account for non-zero closed time but in the future (#2486)
b141500 [bugfix] fix poll total vote double count (#2464)

Assets 11

15 Dec 14:50

gotosocialorg

v0.13.0

f4fcffc

v0.13.0 Spider Sloth 🕷️

Spider Sloth, Spider Sloth, does whatever a .... sloth does?

Release highlights

Create, view, and vote in polls. It's been a while in the making but GoToSocial now has support for polls, aka Question activity types. You can create, view, and vote in polls using your client of choice.
Show unsupported media placeholders in incoming posts, where media could not be downloaded (temporarily or otherwise). No more dropped media on posts! You'll instead now get a link to the media on the originating instance, that you can click through in your (mobile) browser.
Mute threads that you're being overwhelmed by. Notifications for replies, likes, and boosts in that thread will no longer be generated.
Media cleanup scheduling. Previously media scheduling took place every night at 12am. With the new media scheduling settings in the config, you can customize the schedule to run it at different times and frequencies. https://docs.gotosocial.org/en/latest/admin/media_caching/#cleanup
Support for setting instance language . You can use the new instance-languages setting to indicate one or more primary languages for your instance. https://docs.gotosocial.org/en/latest/configuration/instance/
Support for language tags on posts. Language of posts is now correctly federated in and out of your instance. The language of posts is also shown on the web view of statuses and threads.
Gather and expose prometheus format metrics. You can now expose a /metrics endpoint to allow a Prometheus instance to scrape metrics about Go runtime memory usage, http request and database metrics, and more. https://docs.gotosocial.org/en/latest/advanced/metrics/

Migration notes

`Error #01: authentication NOT PASSED for public key`

You will see lots of errors in your logs now that look like this. This is normal, and not a new bug! Previously, we were not surfacing these authentication errors, and now we are. They are caused by #894, which we will fix some time in the new year. Again, not a new bug. This will not effect normal running of your instance.