@Gargron Gargron released this Mar 2, 2018 · 1306 commits to master since this release

Assets 2


Note: This is a release candidate. It is intended to be stable, but not guaranteed.


Full-text search for authorized statuses (#6423)

You'll be able to search for toots you've written, boosted, favourited or were mentioned in. The API does not change in any way to allow this, but since this is a computationally-heavy feature, it's optional for admins to setup and requires an ElasticSearch database.

Account archive download (#6460)

Every 7 days you are able to request a full archive of your toots. The toots are exported in ActivityPub JSON format alongside the media files attached to them, your avatar and header images as well as the private key of your account used for signing content. Theoretically, such an archive could be used by any application to support full content migration.

Focal points (#6520)

When uploading a picture, you will be able to select a "focal point" on it, that is to say, the place that should not be cropped out under any circumstances. Mastodon uses varying dimensions of thumbnails, but all of them will respect the focal point. 3rd party apps can also implement this.

Note for app developers: The focal point is returned inside the meta property of media attachments. It's structured like this: { focus: { x: 0, y: -0.1 } }. It is a coordinate on a grid, see this reference.

In turn, the API methods for creating and updating a media attachment accept the focus param, which is expected to be a string of two floating point numbers separated by a comma, e.g. 0.1,0.2

Federated reports (#6570)

Improved UI of the report dialog with an added option to send an anonymized copy of the report to the server of the user you report (normally, the report only goes to your own server's admins!)

Redesign landing page (again) (#6486, #6543, #6545)

The new landing page makes better use of space. The login link is more prominent, and a new hero image is available for admins to customize from admin settings (when not set, it falls back to the OpenGraph thumbnail image admins can also set).

Click card to embed external content (#6471)

YouTube, Vimeo, SoundCloud, Twitch Clips and other websites that support embedding used to appear in the detailed view of a toot straight away, which is not very good for privacy, because embeds load information from another server. Now, a preview of the embed is displayed first, and only once you click it, the remote content is loaded.


UI/UX additions:

  • Add "previous" navigation to public profile pages (#6497)
  • Add "Toots/Toots with replies/Media" tab in web UI (#6572, #6589)
  • Admin settings: Option to show only local toots in timeline preview (#6292)
  • Add preference to always display sensitive media (#6448)
  • Do not hide NSFW media/CW'd text in OpenGraph tags (#6479)
  • Save video metadata and improve video OpenGraph tags (#6481)
  • Move "compose" button on mobile to floating action button (#6594)

Deployment additions:

  • PAM authentication (#5303)
  • CAS + SAML authentication (#6425)
  • LDAP authentication (#6556)
  • Interactive rake mastodon:setup task (#6451)

REST API additions:

  • Add locked to /api/v1/update_credentials (#6506)
  • Add only_media param to public and hashtag timelines API (#6576)
  • Add contact_account and languages to instance API (#6574)

Federation additions:

  • Allow retrieval of private statuses using HTTP signatures (#6225)
  • Accept ActivityPub announce from the author of the original note (#6236)
  • Reject->Follow will remove both follow request and the follow, whichever exists (#6571)
  • Push discovered status through streaming API within a 6h time window (#6484)

Performance improvements:

  • Cache for relationships API (#6482)


UI/UX improvements:

  • Responsively enforce 16:9 ratio on all media thumbnails in web UI (#6590)
  • Fix button hiding when header title is too long (#6406)
  • Same hashtag regex on server and in the web UI (#6431)
  • Fix column header button outline (#6411)
  • Set minimum height for mastodon on drawer (#6142)
  • Change web UI "posts" to "toots" on profile for consistency (#6447)
  • Fix media button type (#6478)
  • Remove outline from body window (#6502)
  • Fix media spoiler design (#6507)
  • Improve public account cards (#6559)
  • Fix password recovery (#6459)
  • Prevent weird redirects to JSON resources after login under some circumstances (#6528)

Backend fixes:

  • Make sure status is not nil in mailer (#6428)
  • Fix saving of oEmbed image (#6409)
  • Validation of character count works even when text of status is nil (#6429)
  • Fix response of signature_verification_failure_reason (#6441)
  • Prevent stale account caches in notifications API (#6442)
  • Prevent HTTP requests to private IP ranges (#6410)
  • Fix avatar/header resizing issues and glitches (#6508, #6515)
  • Ensure the app does not even start if OTP_SECRET is not set (#6557)

REST API fixes:

  • Exclude nil from relationships array (#6427)
  • Ensure that boolean params in the API are parsed for truthiness (#6575)

Docker image improvements:

  • Isolate internal services from external networks (#6369)
  • Set permissions during the build process instead of during startup (#6514)

Upgrade notes:

Enabling optional new features:

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release: