@Gargron Gargron released this Apr 19, 2017 · 3600 commits to master since this release

Assets 2

This release includes important security improvements and fixes.


  • Remove unneeded query when posting toot without attachments (#1907)
  • Long statuses in boost dialog scroll again (#1710)
  • Fix unreblog/unfavourite API returning stale boolean result (#1989)
  • Fix treatment of special characters in XML (#1988)
  • Skip posting to the API if text is empty (#1962)
  • Optimized logo to look sharper (#2020)
  • Cache account IDs to be excluded from public timelines (blocked, blocking, muted accounts) for faster queries (#1858)
  • Fix multiple load-more requests being fired on account timelines (#2066)
  • Ensure that uploaded files are saved with a file extension (#2078)
  • Remove unused fonts (#2103)
  • Language detection falls back to user's selected locale, otherwise to default locale (#2099)
  • Hide link preview if there is a content warning (#1617)
  • Fix broken URLs due to HTML escaping (#2138)
  • Use confirmed users in about/more stats instead of all (#2127)
  • Fix potential for webfinger redirect misuse (#2147)
  • Uncached attachments now have type unknown (instead of image, video etc) and no longer transparently hotlink to the remote URL. In the web UI, they are now displayed as a list of links, instead of preview (#2110)
  • Fix gif uploads (#2172)


  • Streaming API server now can run in a cluster mode (i.e. multiple processes kickstarted by one master process) (#1970)
  • Preferred user locale assigned on sign-up (#1982)
  • When over the character limit, character counter goes red (#1980)
  • Disable toot button when over character limit (#2088)
  • Option to disable all GIF autoplay in the web UI (#1991)
  • List of known instances in admin UI (#2095)
  • Filter reports by accounts/target accounts (#2092)
  • API to retrieve status no longer requires authentication (similar to public timelines APIs) (#1919)
  • Rate limits on login attempts, sign-up attemps, and forgotten password attempts (#2079)
  • Automatically expand textarea (#2128)
  • OpenGraph tags on public followers/following pages (#2052)

There are also various localization additions and improvements, as well as refactors and new test suites.

Upgrade notes:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate)
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release: