Skip to content

@Gargron Gargron released this Mar 9, 2018 · 4943 commits to master since this release



Full-text search for authorized statuses (#6423)

You'll be able to search for toots you've written, boosted, favourited or were mentioned in. The API does not change in any way to allow this, but since this is a computationally-heavy feature, it's optional for admins to setup and requires an ElasticSearch database.

Account archive download (#6460)

Every 7 days you are able to request a full archive of your toots. The toots are exported in ActivityPub JSON format alongside the media files attached to them, your avatar and header images as well as the private key of your account used for signing content. Theoretically, such an archive could be used by any application to support full content migration.

Focal points (#6520)

When uploading a picture, you will be able to select a "focal point" on it, that is to say, the place that should not be cropped out under any circumstances. Mastodon uses varying dimensions of thumbnails, but all of them will respect the focal point. 3rd party apps can also implement this.

Note for app developers: The focal point is returned inside the meta property of media attachments. It's structured like this: { focus: { x: 0, y: -0.1 } }. It is a coordinate on a grid, see this reference.

In turn, the API methods for creating and updating a media attachment accept the focus param, which is expected to be a string of two floating point numbers separated by a comma, e.g. 0.1,0.2

Federated reports (#6570)

Improved UI of the report dialog with an added option to send an anonymized copy of the report to the server of the user you report (normally, the report only goes to your own server's admins!)

Redesign landing page (again) (#6486, #6543, #6545)

The new landing page makes better use of space. The login link is more prominent, and a new hero image is available for admins to customize from admin settings (when not set, it falls back to the OpenGraph thumbnail image admins can also set).

Click card to embed external content (#6471)

YouTube, Vimeo, SoundCloud, Twitch Clips and other websites that support embedding used to appear in the detailed view of a toot straight away, which is not very good for privacy, because embeds load information from another server. Now, a preview of the embed is displayed first, and only once you click it, the remote content is loaded.


UI/UX additions:

  • Add "previous" navigation to public profile pages (#6497)
  • Add "Toots/Toots with replies/Media" tab in web UI (#6572, #6589)
  • Admin settings: Option to show only local toots in timeline preview (#6292)
  • Add preference to always display sensitive media (#6448)
  • Do not hide NSFW media/CW'd text in OpenGraph tags (#6479)
  • Save video metadata and improve video OpenGraph tags (#6481)
  • Move "compose" button on mobile to floating action button (#6594)
  • Increase avatars to 400x400 max, do not upscale smaller avatars (#6651)
  • Implement tag auto-completion by history (#6621)
  • Improved media modal with pinch zoom (#5956)
  • Make more apparent that an account is blocked or muted (fixes #6544) (#6627, #6636)
  • Remove text requirement from statuses when media is attached, do not auto-insert media URL into text (#6672)
  • Display attachment filenames in notifications (#6693)
  • Display attachment filesnames in timelines in compact style when media is missing (#6680)

Deployment additions:

  • PAM authentication (#5303)
  • CAS + SAML authentication (#6425)
  • LDAP authentication (#6556)
  • Interactive rake mastodon:setup task (#6451)

REST API additions:

  • Add locked to /api/v1/update_credentials (#6506)
  • Add only_media param to public and hashtag timelines API (#6576)
  • Add contact_account and languages to instance API (#6574)

Federation additions:

  • Allow retrieval of private statuses using HTTP signatures (#6225)
  • Accept ActivityPub announce from the author of the original note (#6236)
  • Reject->Follow will remove both follow request and the follow, whichever exists (#6571)
  • Push discovered status through streaming API within a 6h time window (#6484)
  • Federate pinned statuses over ActivityPub (#6610)

Performance improvements:

  • Cache for relationships API (#6482)


UI/UX improvements:

  • Responsively enforce 16:9 ratio on all media thumbnails in web UI (#6590)
  • Fix button hiding when header title is too long (#6406)
  • Same hashtag regex on server and in the web UI (#6431)
  • Fix column header button outline (#6411)
  • Set minimum height for mastodon on drawer (#6142)
  • Change web UI "posts" to "toots" on profile for consistency (#6447)
  • Fix media button type (#6478)
  • Remove outline from body window (#6502)
  • Fix media spoiler design (#6507)
  • Improve public account cards (#6559)
  • Fix password recovery (#6459)
  • Prevent weird redirects to JSON resources after login under some circumstances (#6528)
  • Fix accounts' display name/bio not being set from initial state (#6644)
  • Show media on report UI (#6619)
  • Place dropdown menu top if it is closer to the bottom of the viewport (#6641)
  • Redirect from web tag timeline to public tag timeline if not signed in (#6633)
  • Add headings to the security settings page (#6661)
  • Remove pointer events on the entire UI when a dropdown menu is open (#6648)
  • Don't escape status text while truncating for title of page (#6671)
  • When enabled, always display media in gallery. Also: click to reveal (#6692)
  • Add missing meta description to profiles, some other SEO stuff (#6706)

Backend fixes:

  • Make sure status is not nil in mailer (#6428)
  • Fix saving of oEmbed image (#6409)
  • Validation of character count works even when text of status is nil (#6429)
  • Fix response of signature_verification_failure_reason (#6441)
  • Prevent stale account caches in notifications API (#6442)
  • Prevent HTTP requests to private IP ranges (#6410)
  • Fix avatar/header resizing issues and glitches (#6508, #6515)
  • Ensure the app does not even start if OTP_SECRET is not set (#6557)

REST API fixes:

  • Exclude nil from relationships array (#6427)
  • Ensure that boolean params in the API are parsed for truthiness (#6575)

Docker image improvements:

  • Isolate internal services from external networks (#6369)
  • Set permissions during the build process instead of during startup (#6514)

Upgrade notes:

Enabling optional new features:

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Docker only:

Note: We will now publish pre-built Docker images as tootsuite/mastodon instead of gargron/mastodon. Furthermore, the edge tag will now refer to the master branch, latest to the latest stable release, other tags will remain the same. The docker-compose.yml file and documentation has been adjusted accordingly.


  • If you are using Docker with docker-compose and are getting a PG::ConnectionBad: could not translate host name "db" to address: Name does not resolve, you might have to do docker-compose down (make sure you were using volumes so you won't lose data!) before you can run any further docker-compose commands.

Contributors to this release:


Assets 2
You can’t perform that action at this time.