@Gargron Gargron released this May 7, 2018 · 932 commits to master since this release

Assets 2


Note: This is a release candidate. It is intended to be stable, but not guaranteed.

⚠️ Do not update to this version. Skip to v2.4.0rc3 ⚠️


Offline functionality: (#6876, #6886)

The Mastodon webapp is a Progressive Web App, and now it can run without an active internet connection, too. While many of the functions will not be available, already loaded content will remain accessible. Once a connection is re-established, a clickable gap will be displayed in the columns, allowing you to load things you might have missed while you were offline.

Direct messaging improvements (#6956, #7089, #4514, #7067)

You can now begin a direct message to someone from the dropdown menu on their profile or on their toots. A warning will be displayed that all mentioned users will be able to see the message. A new type of column is now available, which lists all of your direct message correspondence.

New profile metadata (#6645, #7288)

You can now set up to 4 custom properties on your public profile (label and value). For example, you could link to your website, your Patreon, list your e-mail address for inquires, your pronouns, or who drew your avatar.

RSS for users (#7259)

User profiles and hashtags now offer RSS feeds. The content inside the user profile feed is the same as on the Atom feed (public and unlisted toots), but in a more feed reader-friendly format.

Admin UI improvements (#7188, #7189, #7347, #7342)

The report screen has been revamped. Staff can leave notes on reports as well as individual accounts. A history of actions performed on the report is displayed right there and then. The reported toots are displayed in a more compact and polished manner.

The admin view of an account's toots no longer includes private and direct toots. However, if they are reported, they still show up on the report screen.

When a report comes from another server, the account associated with it is not actually the person who sent the report, but a representative account of the server it was sent from, e.g. an admin. Now the report UI reflects this to reduce confusion.

Updated privacy policy (#6666)

We were previously using the privacy policy from Discourse verbatim (which, in turn, is a verbatim copy of the one in WordPress). The policy contained a lot of protections for behaviour the Mastodon software was not exhibiting. The new policy is more narrow and explicit and explains in more detail what kind of data you can store in Mastodon and how it is used. Instead of 5 years, automatic scrubbing of old IP addresses in the database will occur every 12 months.

Bot accounts (#7391)

If you run bots on Mastodon, you can now opt-in to display a bot badge on your profile. This works with non-Mastodon software, too, if the ActivityPub actor is of the Service or Application type. In the future, more features might be implemented to filter bot accounts or opt-out of interactions with them, so it might not be wise to mark yourself as a bot for a joke.

Custom emojis in profiles (#6124, #7374)

You can now use custom emojis in your profile's bio, in your display name, and in the values of the profile metadata properties mentioned earlier.


UI/UX additions:

  • Added missing management UI for user-hidden domains (#6628)
  • Allow boosting own private toots to followers (#6157)
  • Collapse overly long conversations on public pages, with controls for expanding (#7102)
  • Added hotkey for revealing/hiding text behind a content warning (#7173)
  • Added high contrast theme (#7213)
  • Automatically resize images before upload in web UI to reduce bandwidth usage (#7223)
  • "Administered by" information on the frontpage (#6984)
  • Add search item to tab bar for mobile devices (#7072)
  • Hide search from compose tab on mobile devices (#7077)
  • Show media in a modal on public pages too (#6801)
  • Added contact e-mail hint to 2FA login form (#7376)
  • Added hint about 7 day cooldown for archive takeout (#7375)

Administration additions:

  • Ability to define a list of disallowed hashtags (#7176)
  • Added "1 week" as expiry option for invites (#6872)
  • Admins and moderators now have the ability to remove an account’s avatar (#6998)
  • Ability to change the user’s email address (#7074)
  • Ability to resend confirmation emails (#7378)
  • Allow searching for custom emojis by incomplete shortcode in admin UI (#7099)

Deployment additions:

  • Ability to specify Redis password during mastodon:setup (#7222)
  • Enable ElasticSearch support by default on Nanobox(#6977)
  • Support for running Mastodon as a hidden service (e.g. Tor) (#7134)
  • Log when a rate limit is hit by someone (#7096)

REST API additions:

  • Enable updating additional account information from user preferences via REST API (#6789)
  • New rate limit for POST /api/v1/media to limit amount of data someone could upload in 24h to 10GB (#7337)
  • Support explicitly supplying language code for status via REST API (#7389)
  • Disable API access when login is disabled for the account (#7289)
  • Return HTTP 410 for suspended accounts in GET /api/v1/accounts/:id (#7287)

Performance improvements:

  • Improve performance of rendering mentions and custom emojis in text (#7271)
  • Add support for a separate Redis server for volatile cache (#7272)
  • Validate HTTP response length while receiving (#6891)
  • Add a circuit breaker for ActivityPub deliveries to minimize 10s timeouts (#7053)
  • Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
  • Perform processing that does not use the database before connecting to the database in streaming API (#7168)
  • Marginally optimize RAM usage (#7301)
  • Reduce needlessly rendered data in ActivityPub (#7357)
  • Store home feeds for 7 days instead of 14 (#7354)
  • Marginally improve file/identify/convert/ffmpeg calls performance with posix-spawn (#7346)
  • Improve performance of POST /api/v1/statuses (#7317)
  • Improve performance when fetching conversation threads (#7321)
  • Improve performance of rendering Webfinger response (#7319)
  • Improve web UI load performance when there are a lot of custom emojis on the server (#7047)



  • Rescue SSL errors when processing mentions, remove useless line (#7184)
  • Prevent animations in OpenGraph preview cards (#7109)
  • Ensure SynchronizeFeaturedCollectionWorker is unique and clean up (#7043)
  • Allow more than the max pinned toots if account is not local (#7105)
  • Improve GIFV encoding params (#7098)
  • Remove most behaviour disparities between blocks and mutes (#7231)
  • Fix unpermitted parameters warning when generating pagination URLs (#6995)


  • Add missing OTP_SECRET in scalingo.json (#6917)
  • Do not default SMTP verify mode to "peer", default to "none" (#6996)
  • Improve OpenStack v3 compatibility (#7392)


  • Prevent suspended accounts from appearing in search results when it's an exact match (#7246)
  • When creating status, if no sensitive param is given, use user's default (#7057)


  • Support actors/statuses with multiple types (#7305)
  • Store URIs of follows, follow requests and blocks for ActivityPub to pass them back correctly (#7160)
  • Improve pagination for ActivityPub outbox, following and followers collections (#7356)
  • Fix handling of malformed ActivityPub payloads when URIs are nil (#7370)
  • Fix add/remove activities for pinned toots not being sent (#7393)
  • Forward deletes on the same path as reply forwarding (#7058)
  • Do not ignore unknown media attachments, only skip them (#6948)


  • The special handling of the "nsfw" hashtag is removed for everything except OStatus. Also, it is now only added to an outgoing status if any media is attached, rather than always when a content warning is present (#7398)


  • Improve relative timestamps in web UI, show year in dates older than a year (#7233)
  • Place emoji picker top if it is closer to the bottom of the viewport (#7314)
  • Place privacy dropdown menu top if it is closer to the bottom of the viewport (#7106)
  • Fix esc hotkey behavior (#7199)
  • Fix the hot key (j, k) does not function correctly when there is a pinned toot in account timeline. (#7202)
  • Fix caret position after inserting emoji (#7167)
  • Make scroll bars a bit wider on webkit browsers (#7060)
  • Change icon for domain blocks (#7139)
  • Remove duplicate frequently used emojis (#7064)
  • Improve dropdowns accessibility (#7318)
  • Set max-height to videos (and gif videos) on modals (#6914)
  • Note if the user is already following the target when authorizing follow (#6325)
  • Set Referrer-Policy to origin in web UI and public pages of private toots to obfuscate what you were viewing in web UI (#7162)
  • When notification type is filtered, ignore live updates for it, preventing gradual emptying of the column (#7101)
  • Optimize public/headers/missing.png (#7084)
  • Fix text color in "show more" link inside boost confirmation modal (#7183)
  • Able to deactivate invites if they aren't expired (#7163)


  • Use RAILS_LOG_LEVEL to set log level of Sidekiq, too (#7079)

Upgrade notes:

Non-Docker only:

  • Dependency updates: bundle install and yarn install

Both Docker and non-Docker:

  • This release includes database migrations, that means you need to run RAILS_ENV=production bundle exec rails db:migrate (in Docker: docker-compose run --rm web rails db:migrate).
  • This release includes changes to assets, that means you need to run RAILS_ENV=production bundle exec rails assets:precompile (in Docker: docker-compose run --rm web rails assets:precompile)

Contributors to this release: