v4.3.5-ls131

CI Report:

N/A

LinuxServer Changes:

Rebase to Alpine 3.20, enable Active Record Encryption. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

Warning

A recently released version includes important security fixes.

Corresponding releases are available for the 4.2.x branch and the 4.1.x branch.

Changelog

Changed

• Change hashtag suggestion to prefer personal history capitalization (#34070 by @ClearlyClaire)

Fixed

• Fix processing errors for some HEIF images from iOS 18 (#34086 by @renchap)
• Fix streaming server not filtering unknown-language posts from public timelines (#33774 by @ClearlyClaire)
• Fix preview cards under Content Warnings not being shown in detailed statuses (#34068 by @ClearlyClaire)
• Fix username and display name being hidden on narrow screens in moderation interface (#33064 by @ClearlyClaire)

Upgrade notes

To get the code for v4.3.5, use git fetch && git checkout v4.3.5.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.1 or newer
• PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 18 or newer
• ImageMagick (optional if using libvips): 6.9.7-7 or newer
• libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.4.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

1. Install dependencies with bundle install
2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
3. Restart all Mastodon processes.

When using docker

1. Restart all Mastodon processes.

glitch-v4.3.5-ls269

CI Report:

N/A

LinuxServer Changes:

Rebase to Alpine 3.21.

Remote Changes:

Warning

A recently released version includes important security fixes.

Changelog

Changed

• Change hashtag suggestion to prefer personal history capitalization (#34070 by @ClearlyClaire)

Fixed

• Fix processing errors for some HEIF images from iOS 18 (#34086 by @renchap)
• Fix streaming server not filtering unknown-language posts from public timelines (#33774 by @ClearlyClaire)
• Fix preview cards under Content Warnings not being shown in detailed statuses (#34068 by @ClearlyClaire)
• Fix username and display name being hidden on narrow screens in moderation interface (#33064 by @ClearlyClaire)

Upgrade notes

To get the code for v4.3.5, use git fetch && git checkout v4.3.5.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.1 or newer
• PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 18 or newer
• ImageMagick (optional if using libvips): 6.9.7-7 or newer
• libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.4.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

1. Install dependencies with bundle install
2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
3. Restart all Mastodon processes.

When using docker

1. Restart all Mastodon processes.

v4.3.4-ls130

CI Report:

N/A

LinuxServer Changes:

Rebase to Alpine 3.20, enable Active Record Encryption. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

Warning

This release includes important security fixes.

Corresponding releases are available for the 4.2.x branch and the 4.1.x branch.

Note

If you are using nightly builds, do not use this release but update to nightly.2025-02-28-security or newer instead. If you are on the main branch, update to the latest commit.

Changelog

Security

• Update dependencies
• Change HTML sanitization to remove unusable and unused embed tag (#34021 by @ClearlyClaire, GHSA-mq2m-hr29-8gqf)
• Fix rate-limit on sign-up email verification (GHSA-v39f-c9jj-8w7h)
• Fix improper disclosure of domain blocks to unverified users (GHSA-94h4-fj37-c825)

Changed

• Change preview cards to be shown when Content Warnings are expanded (#33827 by @ClearlyClaire)
• Change warnings against changing encryption secrets to be even more noticeable (#33631 by @ClearlyClaire)
• Change mastodon:setup to prevent overwriting already-configured servers (#33603, #33616, and #33684 by @ClearlyClaire and @mjankowski)
• Change notifications from moderators to not be filtered (#32974 and #33654 by @ClearlyClaire and @mjankowski)

Fixed

• Fix GET /api/v2/notifications/:id and POST /api/v2/notifications/:id/dismiss for ungrouped notifications (#33990 by @ClearlyClaire)
• Fix issue with some versions of libvips on some systems (#33853 by @kleisauke)
• Fix handling of duplicate mentions in incoming status Update (#33911 by @ClearlyClaire)
• Fix inefficiencies in timeline generation (#33839 and #33842 by @ClearlyClaire)
• Fix emoji rewrite adding unnecessary curft to the DOM for most emoji (#33818 by @ClearlyClaire)
• Fix tootctl feeds build not building list timelines (#33783 by @ClearlyClaire)
• Fix flaky test in /api/v2/notifications tests (#33773 by @ClearlyClaire)
• Fix incorrect signature after HTTP redirect (#33757 and #33769 by @ClearlyClaire)
• Fix polls not being validated on edition (#33755 by @ClearlyClaire)
• Fix media preview height in compose form when 3 or more images are attached (#33571 by @ClearlyClaire)
• Fix preview card sizing in “Author attribution” in profile settings (#33482 by @ClearlyClaire)
• Fix processing of incoming notifications for unfilterable types (#33429 by @ClearlyClaire)
• Fix featured tags for remote accounts not being kept up to date (#33372, #33406, and #33425 by @ClearlyClaire and @mjankowski)
• Fix notification polling showing a loading bar in web UI (#32960 by @Gargron)
• Fix accounts table long display name (#29316 by @WebCoder49)
• Fix exclusive lists interfering with notifications (#28162 by @ShadowJonathan)

Upgrade notes

To get the code for v4.3.4, use git fetch && git checkout v4.3.4.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.1 or newer
• PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 18 or newer
• ImageMagick (optional if using libvips): 6.9.7-7 or newer
• libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.3.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

1. Install dependencies with bundle install
2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
3. Restart all Mastodon processes.

When using docker

1. Restart all Mastodon processes.

glitch-v4.3.4-ls268

CI Report:

N/A

LinuxServer Changes:

Rebase to Alpine 3.21.

Remote Changes:

Warning

This release includes important security fixes.

Changelog

Security

• Update dependencies
• Change HTML sanitization to remove unusable and unused embed tag (#34021 by @ClearlyClaire, GHSA-mq2m-hr29-8gqf)
• Fix rate-limit on sign-up email verification (GHSA-v39f-c9jj-8w7h)
• Fix improper disclosure of domain blocks to unverified users (GHSA-94h4-fj37-c825)

Changed

• Change preview cards to be shown when Content Warnings are expanded (#33827 by @ClearlyClaire)
• Change warnings against changing encryption secrets to be even more noticeable (#33631 by @ClearlyClaire)
• Change mastodon:setup to prevent overwriting already-configured servers (#33603, #33616, and #33684 by @ClearlyClaire and @mjankowski)
• Change notifications from moderators to not be filtered (#32974 and #33654 by @ClearlyClaire and @mjankowski)

Fixed

• Fix GET /api/v2/notifications/:id and POST /api/v2/notifications/:id/dismiss for ungrouped notifications (#33990 by @ClearlyClaire)
• Fix issue with some versions of libvips on some systems (#33853 by @kleisauke)
• Fix handling of duplicate mentions in incoming status Update (#33911 by @ClearlyClaire)
• Fix inefficiencies in timeline generation (#33839 and #33842 by @ClearlyClaire)
• Fix emoji rewrite adding unnecessary curft to the DOM for most emoji (#33818 by @ClearlyClaire)
• Fix tootctl feeds build not building list timelines (#33783 by @ClearlyClaire)
• Fix flaky test in /api/v2/notifications tests (#33773 by @ClearlyClaire)
• Fix incorrect signature after HTTP redirect (#33757 and #33769 by @ClearlyClaire)
• Fix polls not being validated on edition (#33755 by @ClearlyClaire)
• Fix media preview height in compose form when 3 or more images are attached (#33571 by @ClearlyClaire)
• Fix preview card sizing in “Author attribution” in profile settings (#33482 by @ClearlyClaire)
• Fix processing of incoming notifications for unfilterable types (#33429 by @ClearlyClaire)
• Fix featured tags for remote accounts not being kept up to date (#33372, #33406, and #33425 by @ClearlyClaire and @mjankowski)
• Fix notification polling showing a loading bar in web UI (#32960 by @Gargron)
• Fix accounts table long display name (#29316 by @WebCoder49)
• Fix exclusive lists interfering with notifications (#28162 by @ShadowJonathan)

Upgrade notes

To get the code for v4.3.4, use git fetch && git checkout v4.3.4.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.1 or newer
• PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 18 or newer
• ImageMagick (optional if using libvips): 6.9.7-7 or newer
• libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.3.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

1. Install dependencies with bundle install
2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
3. Restart all Mastodon processes.

When using docker

1. Restart all Mastodon processes.

develop-v4.3.0-rc.1-ls96

CI Report:

N/A

LinuxServer Changes:

Rebase to Alpine 3.20, enable Active Record Encryption. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

Data change at JSON endpoint https://api.github.com/repos/mastodon/mastodon/releases

v4.3.4-ls129

CI Report:

N/A

LinuxServer Changes:

Rebase to Alpine 3.20, enable Active Record Encryption. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

Warning

This release includes important security fixes.

Corresponding releases are available for the 4.2.x branch and the 4.1.x branch.

Changelog

Security

• Update dependencies
• Change HTML sanitization to remove unusable and unused embed tag (#34021 by @ClearlyClaire, GHSA-mq2m-hr29-8gqf)
• Fix rate-limit on sign-up email verification (GHSA-v39f-c9jj-8w7h)
• Fix improper disclosure of domain blocks to unverified users (GHSA-94h4-fj37-c825)

Changed

• Change preview cards to be shown when Content Warnings are expanded (#33827 by @ClearlyClaire)
• Change warnings against changing encryption secrets to be even more noticeable (#33631 by @ClearlyClaire)
• Change mastodon:setup to prevent overwriting already-configured servers (#33603, #33616, and #33684 by @ClearlyClaire and @mjankowski)
• Change notifications from moderators to not be filtered (#32974 and #33654 by @ClearlyClaire and @mjankowski)

Fixed

• Fix GET /api/v2/notifications/:id and POST /api/v2/notifications/:id/dismiss for ungrouped notifications (#33990 by @ClearlyClaire)
• Fix issue with some versions of libvips on some systems (#33853 by @kleisauke)
• Fix handling of duplicate mentions in incoming status Update (#33911 by @ClearlyClaire)
• Fix inefficiencies in timeline generation (#33839 and #33842 by @ClearlyClaire)
• Fix emoji rewrite adding unnecessary curft to the DOM for most emoji (#33818 by @ClearlyClaire)
• Fix tootctl feeds build not building list timelines (#33783 by @ClearlyClaire)
• Fix flaky test in /api/v2/notifications tests (#33773 by @ClearlyClaire)
• Fix incorrect signature after HTTP redirect (#33757 and #33769 by @ClearlyClaire)
• Fix polls not being validated on edition (#33755 by @ClearlyClaire)
• Fix media preview height in compose form when 3 or more images are attached (#33571 by @ClearlyClaire)
• Fix preview card sizing in “Author attribution” in profile settings (#33482 by @ClearlyClaire)
• Fix processing of incoming notifications for unfilterable types (#33429 by @ClearlyClaire)
• Fix featured tags for remote accounts not being kept up to date (#33372, #33406, and #33425 by @ClearlyClaire and @mjankowski)
• Fix notification polling showing a loading bar in web UI (#32960 by @Gargron)
• Fix accounts table long display name (#29316 by @WebCoder49)
• Fix exclusive lists interfering with notifications (#28162 by @ShadowJonathan)

Upgrade notes

To get the code for v4.3.4, use git fetch && git checkout v4.3.4.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.1 or newer
• PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 18 or newer
• ImageMagick (optional if using libvips): 6.9.7-7 or newer
• libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.3.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

1. Install dependencies with bundle install
2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
3. Restart all Mastodon processes.

When using docker

1. Restart all Mastodon processes.

v4.3.3-ls128

CI Report:

N/A

LinuxServer Changes:

Rebase to Alpine 3.20, enable Active Record Encryption. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

Changelog

Security

• Fix insufficient validation of account URIs (GHSA-5wxh-3p65-r4g6)
• Update dependencies

Fixed

• Fix libyaml missing from Dockerfile build stage (#33591 by @vmstan)
• Fix incorrect notification settings migration for non-followers (#33348 by @ClearlyClaire)
• Fix down clause for notification policy v2 migrations (#33340 by @jesseplusplus)
• Fix error decrementing status count when FeaturedTags#last_status_at is nil (#33320 by @ClearlyClaire)
• Fix last paginated notification group only including data on a single notification (#33271 by @ClearlyClaire)
• Fix processing of mentions for post edits with an existing corresponding silent mention (#33227 by @ClearlyClaire)
• Fix deletion of unconfirmed users with Webauthn set (#33186 by @ClearlyClaire)
• Fix empty authors preview card serialization (#33151, #33466 by @mjankowski and @ClearlyClaire)

Upgrade notes

To get the code for v4.3.3, use git fetch && git checkout v4.3.3.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.1 or newer
• PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 18 or newer
• ImageMagick (optional if using libvips): 6.9.7-7 or newer
• libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.2.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

1. Install dependencies with bundle install
2. Restart all Mastodon processes.

When using docker

1. Restart all Mastodon processes.

glitch-v4.3.4-ls267

CI Report:

N/A

LinuxServer Changes:

Rebase to Alpine 3.21.

Remote Changes:

Warning

This release includes important security fixes.

Changelog

Security

• Update dependencies
• Change HTML sanitization to remove unusable and unused embed tag (#34021 by @ClearlyClaire, GHSA-mq2m-hr29-8gqf)
• Fix rate-limit on sign-up email verification (GHSA-v39f-c9jj-8w7h)
• Fix improper disclosure of domain blocks to unverified users (GHSA-94h4-fj37-c825)

Changed

• Change preview cards to be shown when Content Warnings are expanded (#33827 by @ClearlyClaire)
• Change warnings against changing encryption secrets to be even more noticeable (#33631 by @ClearlyClaire)
• Change mastodon:setup to prevent overwriting already-configured servers (#33603, #33616, and #33684 by @ClearlyClaire and @mjankowski)
• Change notifications from moderators to not be filtered (#32974 and #33654 by @ClearlyClaire and @mjankowski)

Fixed

• Fix GET /api/v2/notifications/:id and POST /api/v2/notifications/:id/dismiss for ungrouped notifications (#33990 by @ClearlyClaire)
• Fix issue with some versions of libvips on some systems (#33853 by @kleisauke)
• Fix handling of duplicate mentions in incoming status Update (#33911 by @ClearlyClaire)
• Fix inefficiencies in timeline generation (#33839 and #33842 by @ClearlyClaire)
• Fix emoji rewrite adding unnecessary curft to the DOM for most emoji (#33818 by @ClearlyClaire)
• Fix tootctl feeds build not building list timelines (#33783 by @ClearlyClaire)
• Fix flaky test in /api/v2/notifications tests (#33773 by @ClearlyClaire)
• Fix incorrect signature after HTTP redirect (#33757 and #33769 by @ClearlyClaire)
• Fix polls not being validated on edition (#33755 by @ClearlyClaire)
• Fix media preview height in compose form when 3 or more images are attached (#33571 by @ClearlyClaire)
• Fix preview card sizing in “Author attribution” in profile settings (#33482 by @ClearlyClaire)
• Fix processing of incoming notifications for unfilterable types (#33429 by @ClearlyClaire)
• Fix featured tags for remote accounts not being kept up to date (#33372, #33406, and #33425 by @ClearlyClaire and @mjankowski)
• Fix notification polling showing a loading bar in web UI (#32960 by @Gargron)
• Fix accounts table long display name (#29316 by @WebCoder49)
• Fix exclusive lists interfering with notifications (#28162 by @ShadowJonathan)

Upgrade notes

To get the code for v4.3.4, use git fetch && git checkout v4.3.4.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.1 or newer
• PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 18 or newer
• ImageMagick (optional if using libvips): 6.9.7-7 or newer
• libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.3.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

1. Install dependencies with bundle install
2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
3. Restart all Mastodon processes.

When using docker

1. Restart all Mastodon processes.

glitch-v4.3.3-ls266

CI Report:

N/A

LinuxServer Changes:

Rebase to Alpine 3.21.

Remote Changes:

Changelog

Security

• Fix insufficient validation of account URIs (GHSA-5wxh-3p65-r4g6)
• Update dependencies

Fixed

• Fix libyaml missing from Dockerfile build stage (#33591 by @vmstan)
• Fix incorrect notification settings migration for non-followers (#33348 by @ClearlyClaire)
• Fix down clause for notification policy v2 migrations (#33340 by @jesseplusplus)
• Fix error decrementing status count when FeaturedTags#last_status_at is nil (#33320 by @ClearlyClaire)
• Fix last paginated notification group only including data on a single notification (#33271 by @ClearlyClaire)
• Fix processing of mentions for post edits with an existing corresponding silent mention (#33227 by @ClearlyClaire)
• Fix deletion of unconfirmed users with Webauthn set (#33186 by @ClearlyClaire)
• Fix empty authors preview card serialization (#33151, #33466 by @mjankowski and @ClearlyClaire)

Upgrade notes

To get the code for v4.3.3, use git fetch && git checkout v4.3.3.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.1 or newer
• PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 18 or newer
• ImageMagick (optional if using libvips): 6.9.7-7 or newer
• libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.2.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

1. Install dependencies with bundle install
2. Restart all Mastodon processes.

When using docker

1. Restart all Mastodon processes.

develop-v4.3.0-rc.1-ls95

CI Report:

N/A

LinuxServer Changes:

Rebase to Alpine 3.20, enable Active Record Encryption. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

Data change at JSON endpoint https://api.github.com/repos/mastodon/mastodon/releases