@Gargron Gargron released this Mar 27, 2018

Assets 2

Mastodon

Fixes

  • Critical: Fixes a regression in unique username validation for local users where a non-lowercase older username would be wrongly ignored, allowing duplicate (differently-cased) usernames. The regression was introduced in 2.3.2 only.

Upgrade notes:

The release fixes a bug that allowed duplicate usernames under some circumstances. To help find these duplicates and clean them up, a new rake task was added: RAILS_ENV=production bundle exec rails mastodon:maintenance:find_duplicate_usernames (in Docker: docker-compose run --rm web rails mastodon:maintenance:find_duplicate_usernames). The task will return a list of affected accounts, if any. It will not remove anything automatically.

Discretion is advised in choosing which accounts to keep (usually the oldest one, however). (See below for renaming instead of deleting). Please mind that database records for accounts cannot be removed from the admin UI by design. You will need to carefully use the Rails console (RAILS_ENV=production bundle exec rails console and equivalent in Docker) like this, for example when account ID is 1234:

account = Account.find(1234)
account.user.destroy
account.destroy

This will remove the record from the database without trace, and clean up any uploaded files and other database associations to that record. (The account ID is part of the admin URL returned by the rake task). You may wish to keep the account and only rename it, however. This can also be only done through the console, like this:

account = Account.find(1234)
account.username = account.username + "1"
account.save

This would change username alice to alice1, for example. If alice1 already exists, you should pick alice2, etc.

Contributors to this release:

@Gargron