From 0127a1062164b5dac43381e25188c5100497194d Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Mon, 29 Dec 2025 08:44:19 +0400 Subject: [PATCH] Changelog: Update changelog --- CHANGELOG.md | 309 +++++++++++++++++- changelog.d/activity_type_index.change | 1 - changelog.d/admin-api-docs-fix.skip | 1 - changelog.d/admin-api-log-fix.skip | 0 changelog.d/admin-self-revocation.security | 1 - changelog.d/ap-c2s-interaction-perms.fix | 1 - changelog.d/assign-app-user-oom.fix | 1 - changelog.d/authorized_fetch.fix | 1 - changelog.d/blocked-muted-swagger.change | 1 - changelog.d/bump-captcha-posix-make.fix | 1 - changelog.d/changelog-checker.skip | 1 - changelog.d/ci-artifacts.skip | 0 changelog.d/db-restore-docs.change | 1 - changelog.d/deactivated-404-inbox.change | 1 - changelog.d/deepl-json.fix | 1 - changelog.d/delete-instance.change | 1 - changelog.d/deps-update-2025-08.skip | 0 changelog.d/description.skip | 1 - changelog.d/dislike-activity.add | 1 - changelog.d/doc-typo.skip | 0 changelog.d/dockerfile-versions.change | 1 - changelog.d/docs-rum-otp-vacuum.change | 1 - changelog.d/docs.skip | 1 - changelog.d/elixir-1-18.fix | 1 - changelog.d/emoji-pack-upload-zip.add | 1 - changelog.d/emoji_likes.add | 1 - changelog.d/endorsement-state.fix | 1 - changelog.d/endorsements-api.change | 1 - changelog.d/expiring-blocks.add | 1 - changelog.d/expose-markup-configuration.add | 1 - changelog.d/fediindex.change | 1 - changelog.d/filter-user-capabilities.add | 1 - changelog.d/fix-lists-bcc.fix | 1 - changelog.d/fix-report-empty-fields.fix | 1 - changelog.d/fixtests.skip | 0 changelog.d/freebsd-rc.fix | 1 - changelog.d/gin-search.fix | 1 - changelog.d/gitlabci.skip | 0 changelog.d/gun.change | 1 - changelog.d/hashtag-search.change | 1 - changelog.d/instance-view-timeline-access.add | 1 - changelog.d/language-detection.add | 1 - changelog.d/local-nickname-regex.fix | 1 - .../lookup-restrict-unauthenticated.fix | 1 - changelog.d/mastoapi-interaction-perms.fix | 1 - changelog.d/mastodon-quote-id-api.change | 1 - changelog.d/mastodon-quotes-updates.change | 1 - .../moderation-log-unknown-actions.fix | 1 - changelog.d/mrf-inlinequotes-mastodon.fix | 1 - changelog.d/mrf-quietreply.add | 1 - changelog.d/nginx-config.change | 1 - changelog.d/nodeinfo-content-type.fix | 1 - changelog.d/noop-fixes.skip | 0 changelog.d/normalize-actor-image-hrefs.fix | 1 - changelog.d/notification-cleanup.skip | 0 changelog.d/notification-type-update.fix | 1 - .../notification-view-deduplicate.skip | 1 - changelog.d/oban-lazarus.add | 1 - changelog.d/oban-notifier.change | 1 - changelog.d/openbsd-docs-update.skip | 0 .../openbsd-update-httpd-relayd.change | 1 - changelog.d/openbsd-update-rc.fix | 1 - changelog.d/order-favourites-reblogs.change | 1 - changelog.d/outgoing-follow-requests.add | 1 - changelog.d/pin-chats.fix | 1 - changelog.d/plaroma.skip | 1 - changelog.d/pleroma-fe-2-9-2.change | 2 - changelog.d/postgrex.change | 1 - changelog.d/preferred-frontend.add | 1 - changelog.d/preserve-public-cc.fix | 1 - changelog.d/private-functions.skip | 0 changelog.d/reachability.change | 1 - changelog.d/relax-also-known-as.change | 1 - changelog.d/relayd-ipv6.fix | 1 - changelog.d/releases.fix | 1 - changelog.d/remote-url.fix | 1 - .../remove-forgotten-OTPVersion-usage.skip | 0 changelog.d/remove-redundant-code.skip | 0 changelog.d/replies-collection.add | 1 - changelog.d/report-anon.add | 1 - changelog.d/repost-repeat-filtering-3391.add | 1 - changelog.d/rich-media-user-agent.add | 1 - changelog.d/rss-redirect.change | 1 - changelog.d/scrobbles-scope.change | 1 - changelog.d/scrobbles.change | 1 - .../scrubber-inline-quotes-mastodon.add | 1 - changelog.d/scrubber-span-classes.change | 1 - changelog.d/siteinfo-baseurls.add | 1 - changelog.d/smtp-docs.change | 1 - changelog.d/status-push-notification.fix | 1 - changelog.d/stream-marker-updates.add | 1 - changelog.d/tesla.change | 1 - changelog.d/toctou-mkdir.fix | 1 - changelog.d/tos-setting.add | 1 - changelog.d/translate-posts.add | 1 - changelog.d/translation-provider-mozhi.add | 1 - .../translation-provider-translatelocally.add | 1 - changelog.d/transmogrifier-aspublic.fix | 1 - changelog.d/truncate-rich-media.change | 1 - changelog.d/typo.skip | 1 - changelog.d/typos.skip | 0 changelog.d/update-poll-voters-count.fix | 1 - changelog.d/url-encoding-pt2.fix | 1 - changelog.d/url-encoding.fix | 1 - changelog.d/view-internals-leaks.fix | 1 - changelog.d/webfinger-actual-fix.fix | 1 - changelog.d/webfinger-resolution.fix | 1 - changelog.d/webfinger.change | 1 - 108 files changed, 293 insertions(+), 111 deletions(-) delete mode 100644 changelog.d/activity_type_index.change delete mode 100644 changelog.d/admin-api-docs-fix.skip delete mode 100644 changelog.d/admin-api-log-fix.skip delete mode 100644 changelog.d/admin-self-revocation.security delete mode 100644 changelog.d/ap-c2s-interaction-perms.fix delete mode 100644 changelog.d/assign-app-user-oom.fix delete mode 100644 changelog.d/authorized_fetch.fix delete mode 100644 changelog.d/blocked-muted-swagger.change delete mode 100644 changelog.d/bump-captcha-posix-make.fix delete mode 100644 changelog.d/changelog-checker.skip delete mode 100644 changelog.d/ci-artifacts.skip delete mode 100644 changelog.d/db-restore-docs.change delete mode 100644 changelog.d/deactivated-404-inbox.change delete mode 100644 changelog.d/deepl-json.fix delete mode 100644 changelog.d/delete-instance.change delete mode 100644 changelog.d/deps-update-2025-08.skip delete mode 100644 changelog.d/description.skip delete mode 100644 changelog.d/dislike-activity.add delete mode 100644 changelog.d/doc-typo.skip delete mode 100644 changelog.d/dockerfile-versions.change delete mode 100644 changelog.d/docs-rum-otp-vacuum.change delete mode 100644 changelog.d/docs.skip delete mode 100644 changelog.d/elixir-1-18.fix delete mode 100644 changelog.d/emoji-pack-upload-zip.add delete mode 100644 changelog.d/emoji_likes.add delete mode 100644 changelog.d/endorsement-state.fix delete mode 100644 changelog.d/endorsements-api.change delete mode 100644 changelog.d/expiring-blocks.add delete mode 100644 changelog.d/expose-markup-configuration.add delete mode 100644 changelog.d/fediindex.change delete mode 100644 changelog.d/filter-user-capabilities.add delete mode 100644 changelog.d/fix-lists-bcc.fix delete mode 100644 changelog.d/fix-report-empty-fields.fix delete mode 100644 changelog.d/fixtests.skip delete mode 100644 changelog.d/freebsd-rc.fix delete mode 100644 changelog.d/gin-search.fix delete mode 100644 changelog.d/gitlabci.skip delete mode 100644 changelog.d/gun.change delete mode 100644 changelog.d/hashtag-search.change delete mode 100644 changelog.d/instance-view-timeline-access.add delete mode 100644 changelog.d/language-detection.add delete mode 100644 changelog.d/local-nickname-regex.fix delete mode 100644 changelog.d/lookup-restrict-unauthenticated.fix delete mode 100644 changelog.d/mastoapi-interaction-perms.fix delete mode 100644 changelog.d/mastodon-quote-id-api.change delete mode 100644 changelog.d/mastodon-quotes-updates.change delete mode 100644 changelog.d/moderation-log-unknown-actions.fix delete mode 100644 changelog.d/mrf-inlinequotes-mastodon.fix delete mode 100644 changelog.d/mrf-quietreply.add delete mode 100644 changelog.d/nginx-config.change delete mode 100644 changelog.d/nodeinfo-content-type.fix delete mode 100644 changelog.d/noop-fixes.skip delete mode 100644 changelog.d/normalize-actor-image-hrefs.fix delete mode 100644 changelog.d/notification-cleanup.skip delete mode 100644 changelog.d/notification-type-update.fix delete mode 100644 changelog.d/notification-view-deduplicate.skip delete mode 100644 changelog.d/oban-lazarus.add delete mode 100644 changelog.d/oban-notifier.change delete mode 100644 changelog.d/openbsd-docs-update.skip delete mode 100644 changelog.d/openbsd-update-httpd-relayd.change delete mode 100644 changelog.d/openbsd-update-rc.fix delete mode 100644 changelog.d/order-favourites-reblogs.change delete mode 100644 changelog.d/outgoing-follow-requests.add delete mode 100644 changelog.d/pin-chats.fix delete mode 100644 changelog.d/plaroma.skip delete mode 100644 changelog.d/pleroma-fe-2-9-2.change delete mode 100644 changelog.d/postgrex.change delete mode 100644 changelog.d/preferred-frontend.add delete mode 100644 changelog.d/preserve-public-cc.fix delete mode 100644 changelog.d/private-functions.skip delete mode 100644 changelog.d/reachability.change delete mode 100644 changelog.d/relax-also-known-as.change delete mode 100644 changelog.d/relayd-ipv6.fix delete mode 100644 changelog.d/releases.fix delete mode 100644 changelog.d/remote-url.fix delete mode 100644 changelog.d/remove-forgotten-OTPVersion-usage.skip delete mode 100644 changelog.d/remove-redundant-code.skip delete mode 100644 changelog.d/replies-collection.add delete mode 100644 changelog.d/report-anon.add delete mode 100644 changelog.d/repost-repeat-filtering-3391.add delete mode 100644 changelog.d/rich-media-user-agent.add delete mode 100644 changelog.d/rss-redirect.change delete mode 100644 changelog.d/scrobbles-scope.change delete mode 100644 changelog.d/scrobbles.change delete mode 100644 changelog.d/scrubber-inline-quotes-mastodon.add delete mode 100644 changelog.d/scrubber-span-classes.change delete mode 100644 changelog.d/siteinfo-baseurls.add delete mode 100644 changelog.d/smtp-docs.change delete mode 100644 changelog.d/status-push-notification.fix delete mode 100644 changelog.d/stream-marker-updates.add delete mode 100644 changelog.d/tesla.change delete mode 100644 changelog.d/toctou-mkdir.fix delete mode 100644 changelog.d/tos-setting.add delete mode 100644 changelog.d/translate-posts.add delete mode 100644 changelog.d/translation-provider-mozhi.add delete mode 100644 changelog.d/translation-provider-translatelocally.add delete mode 100644 changelog.d/transmogrifier-aspublic.fix delete mode 100644 changelog.d/truncate-rich-media.change delete mode 100644 changelog.d/typo.skip delete mode 100644 changelog.d/typos.skip delete mode 100644 changelog.d/update-poll-voters-count.fix delete mode 100644 changelog.d/url-encoding-pt2.fix delete mode 100644 changelog.d/url-encoding.fix delete mode 100644 changelog.d/view-internals-leaks.fix delete mode 100644 changelog.d/webfinger-actual-fix.fix delete mode 100644 changelog.d/webfinger-resolution.fix delete mode 100644 changelog.d/webfinger.change diff --git a/CHANGELOG.md b/CHANGELOG.md index 19b87f09a..d6cdaa6a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,111 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## 2.10 + +### Security + +- Admin API: Fixed self-revocation vulnerability where admins could accidentally revoke their own admin status via the single-user permission endpoint + +### Changed + +- Add new activity actor/type index. Greatly speeds up retrieval of rare types (like "Listen") +- Use separate schemas for muted/blocked accounts lists +- Docs: Restore DB schema before data to avoid long restore times +- Return 404 with a better error message instead of 400 when receiving an activity for a deactivated user +- Deleting an instance queues individual jobs for each user that needs to be deleted from the server. +- Update Dockerfile to use Elixir 1.17.3, Erlang 26.2.5.6, and Alpine 3.17.9 to match CI release builds +- Docs RUM index: Add OTP install command, update index size expectation and recommend VACUUM FULL +- Support new Mastodon API for endorsed accounts +- Allow FediIndex crawler bot by default +- Update Cowboy, Gun, and Plug family of dependencies +- Hashtag searches return real results based on words in your query +- Support `quoted_status_id` parameter in post creation request +- Use Mastodon-compatible route for quotes list and param for quotes count +- Updated the example Nginx configuration +- Oban Notifier was changed to Oban.Notifiers.PG for performance and scalability benefits +- Updated relayd/httpd config files to be on par with nginx +- Order favourites and reblogs list from newest to oldest +- Update Pleroma-FE to 2.9.2 +- Updated Postgrex library to 0.20.0 +- Improved the logic of how we determine if a server is unreachable. +- Relax alsoKnownAs requirements to just URI, not necessarily HTTP(S) +- Redirect /users/:nickname.rss to /users/:nickname/feed.rss instead of .atom +- Add `write:scrobbles` and `read:scrobbles` scope for scrobbling +- Change scrobble external link param name to use snake case +- Allow "invisible" and "ellipsis" classes for span tags to match Mastodon behavior +- Change SMTP example to use the Mua adapter that works with OTP>25 +- Updated Tesla to 1.15.3 +- Truncate the length of Rich Media title and description fields +- Don't require an Accept header for WebFinger queries and default to JSON. + +### Added + +- Support Dislike activity, as sent by Mitra and Friendica, by changing it into a thumbs-down EmojiReact +- Support Mitra-style emoji likes. +- Added a way to upload new packs from a URL or ZIP file via Admin API +- Add `duration` to the block endpoint, which makes block expire +- Expose markup configuration in InstanceView +- Allow filtering users with `accepts_chat_messages` capability +- Add `timelines_access` to InstanceView +- Implement language detection with fastText +- Added MRF.QuietReply which prevents replies to public posts from being published to the timelines +- Oban.Plugins.Lazarus to help recover stuck jobs from an unclean shutdown of Pleroma +- Add /api/v1/pleroma/outgoing_follow_requests +- Allow users to select preferred frontend +- Provide full replies collection in ActivityPub objects +- Allow anonymizing reports sent to remote servers +- Add only_reblogs parameter to account statuses API for filtering to show only reblogs/reposts +- Allow setting custom user-agent for fetching rich media content +- Scrubber: Allow `quote-inline` class in

tags used by Mastodon quotes +- Add `base_urls` to the /api/v1/instance pleroma metadata which provides information about the base URLs for media_proxy and uploads when configured +- Stream marker updates +- Allow Terms of Service panel behaviour to be configurable +- Support translation providers (DeepL, LibreTranslate) +- Support Mozhi translation provider +- Support translateLocally translation provider + +### Fixed + +- AP C2S: Reject interactions with statuses not visible to Actor +- Fix AssignAppUser migration OOM +- Fix fetching public keys with authorized fetch enabled +- Fix building "captcha" library with OpenBSD make +- Use JSON for DeepL API requests +- Elixir 1.18: Fixed warnings and new deprecations +- Fix endorsement state display in relationship view +- Fix publisher when publishing to a list of users +- Fix reports being rejected when the activity had an empty CC or TO field (instead of not having them at all) +- Set PATH in the FreeBSD rc script to avoid failures starting the service +- Improved performance of status search queries using the default GIN index +- Use end-of-string in regex for local `get_by_nickname` +- Respect restrict_unauthenticated in /api/v1/accounts/lookup +- MastodonAPI: Reject interactions with statuses not visible to user +- Fix ModerationLog FunctionClauseError for unknown actions +- MRF InlineQuotePolicy: Don't inline quoted post URL in Mastodon quote posts +- Fix NodeInfo content-type +- Add Actor images normalization from array of urls to string +- Add `update` to @notification_types +- replaced depracated flags and functions, renamed service to fit other service files +- Allow to pin/unpip chats +- Fix federation issue where Public visibility information in cc field was lost when sent to remote servers, causing posts to appear with inconsistent visibility across instances +- OpenBSD relayd: Fix IPv6 example +- Fix release builds +- `remote_url` links to unproxied URL +- Send push notifications for statuses from subscribed accounts +- Backport [Elixir PR 14242](https://github.com/elixir-lang/elixir/pull/14242) fixing racy mkdir and lack of error handling of parent directory creation +- Transmogrifier: convert "as:Public" to full w3 URL +- Update voters count in remote polls when refreshing +- Fix sometimes incorrect URI percent encoding +- Fix HTTP client making invalid requests due to no percent encoding processing or validation. +- ObjectView: Do not leak unsanitized internal representation of non-Create/non-Undo Activities on fetches +- Fix WebFinger for split-domain setups +- Enforce an exact domain match for WebFinger resolution + ## 2.9.1 ### Security + - Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content. - Fix content-type spoofing vulnerability that could allow users to upload ActivityPub objects as attachments - Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls. @@ -16,27 +118,33 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks. ### Changed + - Include `pl-fe` in available frontends ### Fixed + - Remove trailing ` from end of line 75 which caused issues copy-pasting ## 2.9.0 ### Security + - Require HTTP signatures (if enabled) for routes used by both C2S and S2S AP API - Fix several spoofing vectors ### Changed -- Performance: Use 301 (permanent) redirect instead of 302 (temporary) when redirecting small images in media proxy. This allows browsers to cache the redirect response. + +- Performance: Use 301 (permanent) redirect instead of 302 (temporary) when redirecting small images in media proxy. This allows browsers to cache the redirect response. ### Added + - Include "published" in actor view - Link to exported outbox/followers/following collections in backup actor.json - Hashtag following - Allow to specify post language ### Fixed + - Verify a local Update sent through AP C2S so users can only update their own objects - Fix Mastodon incoming edits with inlined "likes" - Allow incoming "Listen" activities @@ -46,11 +154,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fix blurhash generation crashes ### Removed + - Retire MRFs DNSRBL, FODirectReply, and QuietReply ## 2.8.0 ### Changed + - Metadata: Do not include .atom feed links for remote accounts - Bumped `fast_html` to v2.3.0, which notably allows to use system-installed lexbor with passing `WITH_SYSTEM_LEXBOR=1` environment variable at build-time - Dedupe upload filter now uses a three-level sharding directory structure @@ -71,6 +181,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Worker configuration is no longer available. This only affects custom max_retries values for a couple Oban queues. ### Added + - Add metadata provider for ActivityPub alternate links - Added support for argon2 passwords and their conversion for migration from Akkoma fork to upstream. - Respect :restrict_unauthenticated for hashtag rss/atom feeds @@ -88,6 +199,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Include session scopes in TokenView ### Fixed + - Verify a local Update sent through AP C2S so users can only update their own objects - Fixed malformed follow requests that cause them to appear stuck pending due to the recipient being unable to process them. - Fix incoming Block activities being rejected @@ -105,14 +217,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Make vapid_config return empty array, fixing preloading for instances without push notifications configured ### Removed + - Remove stub for /api/v1/accounts/:id/identity_proofs (deprecated by Mastodon 3.5.0) ## 2.7.1 ### Changed + - Accept `application/activity+json` for requests to `/.well-known/nodeinfo` ### Fixed + - Truncate remote user fields, avoids them getting rejected - Improve the `FollowValidator` to successfully incoming activities with an errant `cc` field. - Resolved edge case where the API can report you are following a user but the relationship is not fully established. @@ -122,16 +237,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## 2.7.0 ### Security + - HTTP Security: By default, don't allow unsafe-eval. The setting needs to be changed to allow Flash emulation. - Fix webfinger spoofing. - Use proper workers for fetching pins instead of an ad-hoc task, fixing a potential fetch loop ### Changed + - Update to Phoenix 1.7 - Elixir Logger configuration is now longer permitted through AdminFE and ConfigDB - Refactor the user backups code and improve test coverage - Invalid activities delivered to the inbox will be rejected with a 400 Bad Request -- Support Bandit as an alternative to Cowboy for the HTTP server. +- Support Bandit as an alternative to Cowboy for the HTTP server. - Update Bandit to 1.5.2 - Replace eblurhash with rinpatch_blurhash. This also removes a dependency on ImageMagick. - Elixir 1.13 is the minimum required version. @@ -170,6 +287,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Refactor the Mastodon /api/v1/streaming websocket handler to use Phoenix.Socket.Transport ### Added + - Uploader: Add support for uploading attachments using IPFS - Add NSFW-detecting MRF - Add DNSRBL MRF @@ -215,6 +333,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Support honk-style attachment summaries as alt-text. ### Fixed + - Fix Emoji object IDs not always being valid - Remove checking ImageMagick's commands for Pleroma.Upload.Filter.AnalyzeMetadata - Ensure that StripLocation actually removes everything resembling GPS data from PNGs @@ -257,7 +376,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fix Optimistic Inbox for failed signatures - MediaProxy Preview failures prevented when encountering certain video files - pleroma_ctl: Use realpath(1) instead of readlink(1) -- ReceiverWorker: Make sure non-{:ok, _} is returned as {:error, …} +- ReceiverWorker: Make sure non-{:ok, \_} is returned as {:error, …} - Harden Rich Media parsing against very slow or malicious URLs - Rich Media Preview cache eviction when the activity is updated. - Parsing of RichMedia TTLs for Amazon URLs when query parameters are nil @@ -269,32 +388,41 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fix validate_webfinger when running a different domain for Webfinger ### Removed + - Mastodon API: Remove deprecated GET /api/v1/statuses/:id/card endpoint https://github.com/mastodon/mastodon/pull/11213 - Removed support for multiple federator modules as we only support ActivityPub ## 2.6.2 ### Security + - MRF StealEmojiPolicy: Sanitize shortcodes (thanks to Hazel K for the report ## 2.6.1 + ### Changed + - - Document maximum supported version of Erlang & Elixir ### Added + - [docs] add frontends management documentation ### Fixed + - TwitterAPI: Return proper error when healthcheck is disabled - Fix eblurhash and elixir-captcha not using system cflags ## 2.6.0 + ### Security + - Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes. - CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID - Disable XML entity resolution completely to fix a dos vulnerability ### Added + - Support for Image activities, namely from Hubzilla - Add OAuth scope descriptions - Allow lang attribute in status text @@ -305,6 +433,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Add unified streaming endpoint ### Fixed + - rel="me" was missing its cache - MediaProxy responses now return a sandbox CSP header - Filter context activities using Visibility.visible_for_user? @@ -326,6 +455,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Show more informative errors when profile exceeds char limits ### Removed + - BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact) - remove BBS/SSH feature, replaced by an external bridge. - Remove a few unused indexes. @@ -335,56 +465,67 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## 2.5.4 ## Security + - Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitrary files from the server's filesystem ## 2.5.3 ### Security + - Emoji pack loader sanitizes pack names - Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories ## 2.5.5 ## Security + - Prevent users from accessing media of other users by creating a status with reused attachment ID ## 2.5.4 ## Security + - Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitrary files from the server's filesystem ## 2.5.3 ### Security + - Emoji pack loader sanitizes pack names - Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories ## 2.5.2 ### Security + - `/proxy` endpoint now sets a Content-Security-Policy (sandbox) - WebSocket endpoint now respects unauthenticated restrictions for streams of public posts - OEmbed HTML tags are now filtered ### Changed + - docs: Be more explicit about the level of compatibility of OTP releases - Set default background worker timeout to 15 minutes ### Fixed + - Atom/RSS formatting (HTML truncation, published, missing summary) - Remove `static_fe` pipeline for `/users/:nickname/feed` - Stop oban from retrying if validating errors occur when processing incoming data - Make sure object refetching as used by already received polls follows MRF rules ### Removed + - BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact) ## 2.5.1 ### Added + - Allow customizing instance languages ### Fixed + - Security: uploading HTTP endpoint can no longer create directories in the upload dir (internal APIs, like backup, still can do it.) - ~ character in urls in Markdown posts are handled properly - Exiftool upload filter will now ignore SVG files @@ -405,6 +546,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Quack, the logging backend that pushes to Slack channels ### Changed + - **Breaking:** Elixir >=1.11 is now required (was >= 1.9) - Allow users to remove their emails if instance does not need email to register - Uploadfilter `Pleroma.Upload.Filter.Exiftool` has been renamed to `Pleroma.Upload.Filter.Exiftool.StripLocation` @@ -415,6 +557,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - CSP now includes wasm-unsafe-eval ### Added + - `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object - Experimental support for Finch. Put `config :tesla, :adapter, {Tesla.Adapter.Finch, name: MyFinch}` in your secrets file to use it. Reverse Proxy will still use Hackney. - `ForceMentionsInPostContent` MRF policy @@ -436,6 +579,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Possibility to discover users like `user@example.org`, while Pleroma is working on `pleroma.example.org`. Additional configuration required. ### Fixed + - Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies - Handle Reject for already-accepted Follows properly - Display OpenGraph data on alternative notice routes. @@ -458,6 +602,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## 2.4.5 - 2022-11-27 ## Fixed + - Image `class` attributes not being scrubbed, allowing to exploit frontend special classes [!3792](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3792) - Delete report notifs when demoting from superuser [!3642](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3642) - Validate `mediaType` only by it's format rather than using a list [!3597](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3597) @@ -472,17 +617,20 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## 2.4.4 - 2022-08-19 ### Security + - Streaming API sessions will now properly disconnect if the corresponding token is revoked ## 2.4.3 - 2022-05-06 ### Security + - Private `/objects/` and `/activities/` leaking if cached by authenticated user - SweetXML library DTD bomb ## 2.4.2 - 2022-01-10 ### Fixed + - Federation issues caused by HTTP pool checkout timeouts - Compatibility with Elixir 1.13 @@ -493,12 +641,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## 2.4.1 - 2021-08-29 ### Changed + - Make `mix pleroma.database set_text_search_config` run concurrently and indefinitely ### Added + - AdminAPI: Missing configuration description for StealEmojiPolicy ### Fixed + - MastodonAPI: Stream out Create activities - MRF ObjectAgePolicy: Fix pattern matching on "published" - TwitterAPI: Make `change_password` and `change_email` require params on body instead of query @@ -537,6 +688,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Pinned posts federation ### Fixed + - Don't crash so hard when email settings are invalid. - Checking activated Upload Filters for required commands. - Remote users can no longer reappear after being deleted. @@ -554,6 +706,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fixed some Markdown issues, including trailing slash in links. ### Removed + - **Breaking**: Remove deprecated `/api/qvitter/statuses/notifications/read` (replaced by `/api/v1/pleroma/notifications/read`) ## [2.3.0] - 2021-03-01 @@ -672,6 +825,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [2.2.1] - 2020-12-22 ### Changed + - Updated Pleroma FE ### Fixed @@ -724,7 +878,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - **Breaking:** `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` (moved to scheduled jobs). - **Breaking:** `Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker` setting from Oban `:crontab` (moved to scheduled jobs). - Removed `:managed_config` option. In practice, it was accidentally removed with 2.0.0 release when frontends were -switched to a new configuration mechanism, however it was not officially removed until now. + switched to a new configuration mechanism, however it was not officially removed until now. ### Added @@ -755,8 +909,10 @@ switched to a new configuration mechanism, however it was not officially removed 1. Install libmagic and development headers (`libmagic-dev` on Ubuntu/Debian, `file-dev` on Alpine Linux) 2. Run database migrations (inside Pleroma directory): - - OTP: `./bin/pleroma_ctl migrate` - - From Source: `mix ecto.migrate` + +- OTP: `./bin/pleroma_ctl migrate` +- From Source: `mix ecto.migrate` + 3. Restart Pleroma ## [2.1.2] - 2020-09-17 @@ -784,6 +940,7 @@ switched to a new configuration mechanism, however it was not officially removed ## [2.1.1] - 2020-09-08 ### Security + - Fix possible DoS in Mastodon API user search due to an error in match clauses, leading to an infinite recursion and subsequent OOM with certain inputs. - Fix metadata leak for accounts and statuses on private instances. - Fix possible DoS in Admin API search using an atom leak vulnerability. Authentication with admin rights was required to exploit. @@ -794,6 +951,7 @@ switched to a new configuration mechanism, however it was not officially removed - Improved error message when cmake is not available at build stage. ### Added + - Rich media failure tracking (along with `:failure_backoff` option).

@@ -803,6 +961,7 @@ switched to a new configuration mechanism, however it was not officially removed
### Fixed + - Default HTTP adapter not respecting pool setting, leading to possible OOM. - Fixed uploading webp images when the Exiftool Upload Filter is enabled by skipping them - Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers @@ -908,6 +1067,7 @@ switched to a new configuration mechanism, however it was not officially removed ### Fixed + - Fix list pagination and other list issues. - Support pagination in conversations API - **Breaking**: SimplePolicy `:reject` and `:accept` allow deletions again @@ -928,9 +1088,11 @@ switched to a new configuration mechanism, however it was not officially removed ## [2.0.7] - 2020-06-13 ### Security + - Fix potential DoSes exploiting atom leaks in rich media parser and the `UserAllowListPolicy` MRF policy ### Fixed + - CSP: not allowing images/media from every host when mediaproxy is disabled - CSP: not adding mediaproxy base url to image/media hosts - StaticFE missing the CSS file @@ -942,28 +1104,36 @@ switched to a new configuration mechanism, however it was not officially removed ## [2.0.6] - 2020-06-09 ### Security + - CSP: harden `image-src` and `media-src` when MediaProxy is used ### Fixed + - AP C2S: Fix pagination in inbox/outbox - Various compilation errors on OTP 23 - Mastodon API streaming: Repeats from muted threads not being filtered ### Changed + - Various database performance improvements ### Upgrade notes + 1. Run database migrations (inside Pleroma directory): - - OTP: `./bin/pleroma_ctl migrate` - - From Source: `mix ecto.migrate` + +- OTP: `./bin/pleroma_ctl migrate` +- From Source: `mix ecto.migrate` + 2. Restart Pleroma ## [2.0.5] - 2020-05-13 ### Security + - Fix possible private status leaks in Mastodon Streaming API ### Fixed + - Crashes when trying to block a user if block federation is disabled - Not being able to start the instance without `erlang-eldap` installed - Users with bios over the limit getting rejected @@ -976,9 +1146,11 @@ switched to a new configuration mechanism, however it was not officially removed ## [2.0.4] - 2020-05-10 ### Security + - AP C2S: Fix a potential DoS by creating nonsensical objects that break timelines ### Fixed + - Peertube user lookups not working - `InsertSkeletonsForDeletedUsers` migration failing on some instances - Healthcheck reporting the number of memory currently used, rather than allocated in total @@ -990,6 +1162,7 @@ switched to a new configuration mechanism, however it was not officially removed #### Apache only 1. Remove the following line from your config: + ``` SSLCertificateFile /etc/letsencrypt/live/${servername}/cert.pem ``` @@ -1001,11 +1174,13 @@ switched to a new configuration mechanism, however it was not officially removed ## [2.0.3] - 2020-05-02 ### Security + - Disallow re-registration of previously deleted users, which allowed viewing direct messages addressed to them - Mastodon API: Fix `POST /api/v1/follow_requests/:id/authorize` allowing to force a follow from a local user even if they didn't request to follow - CSP: Sandbox uploads ### Fixed + - Notifications from blocked domains - Potential federation issues with Mastodon versions before 3.0.0 - HTTP Basic Authentication permissions issue @@ -1016,6 +1191,7 @@ switched to a new configuration mechanism, however it was not officially removed - `blob:` urls not being allowed by CSP ### Added + - NodeInfo: ObjectAgePolicy settings to the `federation` list. - Follow request notifications
@@ -1027,19 +1203,24 @@ switched to a new configuration mechanism, however it was not officially removed 1. Restart Pleroma 2. Run database migrations (inside Pleroma directory): - - OTP: `./bin/pleroma_ctl migrate` - - From Source: `mix ecto.migrate` -3. Reset status visibility counters (inside Pleroma directory): - - OTP: `./bin/pleroma_ctl refresh_counter_cache` - - From Source: `mix pleroma.refresh_counter_cache` +- OTP: `./bin/pleroma_ctl migrate` +- From Source: `mix ecto.migrate` + +3. Reset status visibility counters (inside Pleroma directory): + +- OTP: `./bin/pleroma_ctl refresh_counter_cache` +- From Source: `mix pleroma.refresh_counter_cache` ## [2.0.2] - 2020-04-08 + ### Added + - Support for Funkwhale's `Audio` activity - Admin API: `PATCH /api/pleroma/admin/users/:nickname/update_credentials` ### Fixed + - Blocked/muted users still generating push notifications - Input textbox for bio ignoring newlines - OTP: Inability to use PostgreSQL databases with SSL @@ -1047,13 +1228,17 @@ switched to a new configuration mechanism, however it was not officially removed - Incorrect URL for Funkwhale channels ### Upgrade notes + 1. Restart Pleroma ## [2.0.1] - 2020-03-15 + ### Security + - Static-FE: Fix remote posts not being sanitized ### Fixed + - Rate limiter crashes when there is no explicitly specified ip in the config - 500 errors when no `Accept` header is present if Static-FE is enabled - Instance panel not being updated immediately due to wrong `Cache-Control` headers @@ -1064,24 +1249,33 @@ switched to a new configuration mechanism, however it was not officially removed - Mastodon Streaming API: hashtag timelines not working ### Changed + - BBCode and Markdown formatters will no longer return any `\n` and only use `
` for newlines - Mastodon API: Allow registration without email if email verification is not enabled ### Upgrade notes + #### Nginx only + 1. Remove `proxy_ignore_headers Cache-Control;` and `proxy_hide_header Cache-Control;` from your config. #### Everyone + 1. Run database migrations (inside Pleroma directory): - - OTP: `./bin/pleroma_ctl migrate` - - From Source: `mix ecto.migrate` + +- OTP: `./bin/pleroma_ctl migrate` +- From Source: `mix ecto.migrate` + 2. Restart Pleroma ## [2.0.0] - 2019-03-08 + ### Security + - Mastodon API: Fix being able to request enormous amount of statuses in timelines leading to DoS. Now limited to 40 per request. ### Removed + - **Breaking**: Removed 1.0+ deprecated configurations `Pleroma.Upload, :strip_exif` and `:instance, :dedupe_media` - **Breaking**: OStatus protocol support - **Breaking**: MDII uploader @@ -1093,6 +1287,7 @@ switched to a new configuration mechanism, however it was not officially removed
### Changed + - **Breaking:** Pleroma won't start if it detects unapplied migrations - **Breaking:** Elixir >=1.8 is now required (was >= 1.7) - **Breaking:** `Pleroma.Plugs.RemoteIp` and `:rate_limiter` enabled by default. Please ensure your reverse proxy forwards the real IP! @@ -1142,6 +1337,7 @@ switched to a new configuration mechanism, however it was not officially removed ### Added + - `:chat_limit` option to limit chat characters. - `cleanup_attachments` option to remove attachments along with statuses. Does not affect duplicate files and attachments without status. Enabling this will increase load to database when deleting statuses on larger instances. - Refreshing poll results for remote polls @@ -1209,6 +1405,7 @@ switched to a new configuration mechanism, however it was not officially removed ### Fixed + - Report emails now include functional links to profiles of remote user accounts - Not being able to log in to some third-party apps when logged in to MastoFE - MRF: `Delete` activities being exempt from MRF policies @@ -1228,7 +1425,9 @@ switched to a new configuration mechanism, however it was not officially removed ## [1.1.9] - 2020-02-10 + ### Fixed + - OTP: Inability to set the upload limit (again) - Not being able to pin polls - Streaming API: incorrect handling of reblog mutes @@ -1236,98 +1435,132 @@ switched to a new configuration mechanism, however it was not officially removed - OpenGraph provider: html entities in descriptions ## [1.1.8] - 2020-01-10 + ### Fixed + - Captcha generation issues - Returned Kocaptcha endpoint to configuration - Captcha validity is now 5 minutes ## [1.1.7] - 2019-12-13 + ### Fixed + - OTP: Inability to set the upload limit - OTP: Inability to override node name/distribution type to run 2 Pleroma instances on the same machine ### Added + - Integrated captcha provider ### Changed + - Captcha enabled by default - Default Captcha provider changed from `Pleroma.Captcha.Kocaptcha` to `Pleroma.Captcha.Native` - Better `Cache-Control` header for static content ### Bundled Pleroma-FE Changes + #### Added + - Icons in the navigation panel #### Fixed + - Improved support unauthenticated view of private instances #### Removed + - Whitespace hack on empty post content ## [1.1.6] - 2019-11-19 + ### Fixed + - Not being able to log into to third party apps when the browser is logged into mastofe - Email confirmation not being required even when enabled - Mastodon API: conversations API crashing when one status is malformed ### Bundled Pleroma-FE Changes + #### Added + - About page - Meme arrows #### Fixed + - Image modal not closing unless clicked outside of image - Attachment upload spinner not being centered - Showing follow counters being 0 when they are actually hidden ## [1.1.5] - 2019-11-09 + ### Fixed + - Polls having different numbers in timelines/notifications/poll api endpoints due to cache desyncronization - Pleroma API: OAuth token endpoint not being found when ".json" suffix is appended ### Changed + - Frontend bundle updated to [044c9ad0](https://git.pleroma.social/pleroma/pleroma-fe/commit/044c9ad0562af059dd961d50961a3880fca9c642) ## [1.1.4] - 2019-11-01 + ### Fixed + - Added a migration that fills up empty user.info fields to prevent breakage after previous unsafe migrations. - Failure to migrate from pre-1.0.0 versions - Mastodon API: Notification stream not including follow notifications ## [1.1.3] - 2019-10-25 + ### Fixed + - Blocked users showing up in notifications collapsed as if they were muted - `pleroma_ctl` not working on Debian's default shell ## [1.1.2] - 2019-10-18 + ### Fixed + - `pleroma_ctl` trying to connect to a running instance when generating the config, which of course doesn't exist. ## [1.1.1] - 2019-10-18 + ### Fixed + - One of the migrations between 1.0.0 and 1.1.0 wiping user info of the relay user because of unexpected behavior of postgresql's `jsonb_set`, resulting in inability to post in the default configuration. If you were affected, please run the following query in postgres console, the relay user will be recreated automatically: + ``` delete from users where ap_id = 'https://your.instance.hostname/relay'; ``` + - Bad user search matches ## [1.1.0] - 2019-10-14 + **Breaking:** The stable branch has been changed from `master` to `stable`. If you want to keep using 1.0, the `release/1.0` branch will receive security updates for 6 months after 1.1 release. **OTP Note:** `pleroma_ctl` in 1.0 defaults to `master` and doesn't support specifying arbitrary branches, making `./pleroma_ctl update` fail. To fix this, fetch a version of `pleroma_ctl` from 1.1 using the command below and proceed with the update normally: + ``` curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/develop/rel/files/bin/pleroma_ctl' ``` + ### Security + - Mastodon API: respect post privacy in `/api/v1/statuses/:id/{favourited,reblogged}_by` ### Removed + - **Breaking:** GNU Social API with Qvitter extensions support - Emoji: Remove longfox emojis. - Remove `Reply-To` header from report emails for admins. - ActivityPub: The `/objects/:uuid/likes` endpoint. ### Changed + - **Breaking:** Configuration: A setting to explicitly disable the mailer was added, defaulting to true, if you are using a mailer add `config :pleroma, Pleroma.Emails.Mailer, enabled: true` to your config - **Breaking:** Configuration: `/media/` is now removed when `base_url` is configured, append `/media/` to your `base_url` config to keep the old behaviour if desired - **Breaking:** `/api/pleroma/notifications/read` is moved to `/api/v1/pleroma/notifications/read` and now supports `max_id` and responds with Mastodon API entities. @@ -1341,10 +1574,11 @@ curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/devel - Mastodon API: `pleroma.thread_muted` key in the Status entity - AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses) - Improve digest email template -– Pagination: (optional) return `total` alongside with `items` when paginating + – Pagination: (optional) return `total` alongside with `items` when paginating - The `Pleroma.FlakeId` module has been replaced with the `flake_id` library. ### Fixed + - Following from Osada - Favorites timeline doing database-intensive queries - Metadata rendering errors resulting in the entire page being inaccessible @@ -1377,6 +1611,7 @@ curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/devel - Reverse Proxy limiting `max_body_length` was incorrectly defined and only checked `Content-Length` headers which may not be sufficient in some circumstances ### Added + - Expiring/ephemeral activities. All activities can have expires_at value set, which controls when they should be deleted automatically. - Mastodon API: in post_status, the expires_in parameter lets you set the number of seconds until an activity expires. It must be at least one hour. - Mastodon API: all status JSON responses contain a `pleroma.expires_at` item which states when an activity will expire. The value is only shown to the user who created the activity. To everyone else it's empty. @@ -1420,24 +1655,33 @@ curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/devel - Reverse Proxy: Do not retry failed requests to limit pressure on the peer ### Changed + - Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text - Admin API: changed json structure for saving config settings. - RichMedia: parsers and their order are configured in `rich_media` config. - RichMedia: add the rich media ttl based on image expiration time. ## [1.0.7] - 2019-09-26 + ### Fixed + - Broken federation on Erlang 22 (previous versions of hackney http client were using an option that got deprecated) + ### Changed + - ActivityPub: The first page in inboxes/outboxes is no longer embedded. ## [1.0.6] - 2019-08-14 + ### Fixed + - MRF: fix use of unserializable keyword lists in describe() implementations - ActivityPub S2S: POST requests are now signed with `(request-target)` pseudo-header. ## [1.0.5] - 2019-08-13 + ### Fixed + - Mastodon API: follower/following counters not being nullified, when `hide_follows`/`hide_followers` is set - Mastodon API: `muted` in the Status entity, using author's account to determine if the thread was muted - Mastodon API: return the actual profile URL in the Account entity's `url` property when appropriate @@ -1448,6 +1692,7 @@ curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/devel - Fix internal server error when using the healthcheck API. ### Added + - **Breaking:** MRF describe API, which adds support for exposing configuration information about MRF policies to NodeInfo. Custom modules will need to be updated by adding, at the very least, `def describe, do: {:ok, %{}}` to the MRF policy modules. - Relays: Added a task to list relay subscriptions. @@ -1459,21 +1704,28 @@ curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/devel - Configuration: `federation_incoming_replies_max_depth` option ### Removed + - Federation: Remove `likes` from objects. - **Breaking:** ActivityPub: The `accept_blocks` configuration setting. ## [1.0.4] - 2019-08-01 + ### Fixed + - Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag ## [1.0.3] - 2019-07-31 + ### Security + - OStatus: eliminate the possibility of a protocol downgrade attack. - OStatus: prevent following locked accounts, bypassing the approval process. - TwitterAPI: use CommonAPI to handle remote follows instead of OStatus. ## [1.0.2] - 2019-07-28 + ### Fixed + - Not being able to pin unlisted posts - Mastodon API: represent poll IDs as strings - MediaProxy: fix matching filenames @@ -1484,19 +1736,25 @@ curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/devel - ActivityPub S2S: remote user deletions now work the same as local user deletions. ### Changed + - Configuration: OpenGraph and TwitterCard providers enabled by default - Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text ## [1.0.1] - 2019-07-14 + ### Security + - OStatus: fix an object spoofing vulnerability. ## [1.0.0] - 2019-06-29 + ### Security + - Mastodon API: Fix display names not being sanitized - Rich media: Do not crawl private IP ranges ### Added + - Digest email for inactive users - Add a generic settings store for frontends / clients to use. - Explicit addressing option for posting. @@ -1561,6 +1819,7 @@ curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/devel - Configuration: default syslog tag "Pleroma" is now lowercased to "pleroma" ### Changed + - **Breaking:** bind to 127.0.0.1 instead of 0.0.0.0 by default - **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer - Thread containment / test for complete visibility will be skipped by default. @@ -1602,6 +1861,7 @@ curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/devel - Rich Media: crawl only https URLs. ### Fixed + - Follow requests don't get 'stuck' anymore. - Added an FTS index on objects. Running `vacuum analyze` and setting a larger `work_mem` is recommended. - Followers counter not being updated when a follower is blocked @@ -1637,31 +1897,48 @@ curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/devel - MRF: Simple policy now properly delists imported or relayed statuses ## Removed + - Configuration: `config :pleroma, :fe` in favor of the more flexible `config :pleroma, :frontend_configurations` ## [0.9.99999] - 2019-05-31 + ### Security + - Mastodon API: Fix lists leaking private posts ## [0.9.9999] - 2019-04-05 + ### Security + - Mastodon API: Fix content warnings skipping HTML sanitization ## [0.9.999] - 2019-03-13 + Frontend changes only. + ### Added + - Added floating action button for posting status on mobile + ### Changed + - Changed user-settings icon to a pencil + ### Fixed + - Keyboard shortcuts activating when typing a message - Gaps when scrolling down on a timeline after showing new ## [0.9.99] - 2019-03-08 + ### Changed + - Update the frontend to the 0.9.99 tag + ### Fixed + - Sign the date header in federation to fix Mastodon federation. ## [0.9.9] - 2019-02-22 + This is our first stable release. diff --git a/changelog.d/activity_type_index.change b/changelog.d/activity_type_index.change deleted file mode 100644 index ea2d7adbe..000000000 --- a/changelog.d/activity_type_index.change +++ /dev/null @@ -1 +0,0 @@ -Add new activity actor/type index. Greatly speeds up retrieval of rare types (like "Listen") diff --git a/changelog.d/admin-api-docs-fix.skip b/changelog.d/admin-api-docs-fix.skip deleted file mode 100644 index 5c1c68ea0..000000000 --- a/changelog.d/admin-api-docs-fix.skip +++ /dev/null @@ -1 +0,0 @@ -Fix 'Create a user' description in admin api docs diff --git a/changelog.d/admin-api-log-fix.skip b/changelog.d/admin-api-log-fix.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/admin-self-revocation.security b/changelog.d/admin-self-revocation.security deleted file mode 100644 index a311ca1ed..000000000 --- a/changelog.d/admin-self-revocation.security +++ /dev/null @@ -1 +0,0 @@ -Admin API: Fixed self-revocation vulnerability where admins could accidentally revoke their own admin status via the single-user permission endpoint \ No newline at end of file diff --git a/changelog.d/ap-c2s-interaction-perms.fix b/changelog.d/ap-c2s-interaction-perms.fix deleted file mode 100644 index 18caf9b2f..000000000 --- a/changelog.d/ap-c2s-interaction-perms.fix +++ /dev/null @@ -1 +0,0 @@ -AP C2S: Reject interactions with statuses not visible to Actor diff --git a/changelog.d/assign-app-user-oom.fix b/changelog.d/assign-app-user-oom.fix deleted file mode 100644 index ac1de7159..000000000 --- a/changelog.d/assign-app-user-oom.fix +++ /dev/null @@ -1 +0,0 @@ -Fix AssignAppUser migration OOM diff --git a/changelog.d/authorized_fetch.fix b/changelog.d/authorized_fetch.fix deleted file mode 100644 index 1db8e88c9..000000000 --- a/changelog.d/authorized_fetch.fix +++ /dev/null @@ -1 +0,0 @@ -Fix fetching public keys with authorized fetch enabled \ No newline at end of file diff --git a/changelog.d/blocked-muted-swagger.change b/changelog.d/blocked-muted-swagger.change deleted file mode 100644 index 12bba8612..000000000 --- a/changelog.d/blocked-muted-swagger.change +++ /dev/null @@ -1 +0,0 @@ -Use separate schemas for muted/blocked accounts lists \ No newline at end of file diff --git a/changelog.d/bump-captcha-posix-make.fix b/changelog.d/bump-captcha-posix-make.fix deleted file mode 100644 index 9af489164..000000000 --- a/changelog.d/bump-captcha-posix-make.fix +++ /dev/null @@ -1 +0,0 @@ -- Fix building "captcha" library with OpenBSD make \ No newline at end of file diff --git a/changelog.d/changelog-checker.skip b/changelog.d/changelog-checker.skip deleted file mode 100644 index e910a649f..000000000 --- a/changelog.d/changelog-checker.skip +++ /dev/null @@ -1 +0,0 @@ -Fix CI changelog checker diff --git a/changelog.d/ci-artifacts.skip b/changelog.d/ci-artifacts.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/db-restore-docs.change b/changelog.d/db-restore-docs.change deleted file mode 100644 index 21e0f8e97..000000000 --- a/changelog.d/db-restore-docs.change +++ /dev/null @@ -1 +0,0 @@ -Docs: Restore DB schema before data to avoid long restore times diff --git a/changelog.d/deactivated-404-inbox.change b/changelog.d/deactivated-404-inbox.change deleted file mode 100644 index 3912c53ef..000000000 --- a/changelog.d/deactivated-404-inbox.change +++ /dev/null @@ -1 +0,0 @@ -Return 404 with a better error message instead of 400 when receiving an activity for a deactivated user \ No newline at end of file diff --git a/changelog.d/deepl-json.fix b/changelog.d/deepl-json.fix deleted file mode 100644 index ee6f8664e..000000000 --- a/changelog.d/deepl-json.fix +++ /dev/null @@ -1 +0,0 @@ -Use JSON for DeepL API requests diff --git a/changelog.d/delete-instance.change b/changelog.d/delete-instance.change deleted file mode 100644 index 9d84dac54..000000000 --- a/changelog.d/delete-instance.change +++ /dev/null @@ -1 +0,0 @@ -Deleting an instance queues individual jobs for each user that needs to be deleted from the server. diff --git a/changelog.d/deps-update-2025-08.skip b/changelog.d/deps-update-2025-08.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/description.skip b/changelog.d/description.skip deleted file mode 100644 index bbcfb2e13..000000000 --- a/changelog.d/description.skip +++ /dev/null @@ -1 +0,0 @@ -Use :list_behaviour_implementations for LanguageDetector and Translation providers diff --git a/changelog.d/dislike-activity.add b/changelog.d/dislike-activity.add deleted file mode 100644 index 1fcbda78b..000000000 --- a/changelog.d/dislike-activity.add +++ /dev/null @@ -1 +0,0 @@ -Support Dislike activity, as sent by Mitra and Friendica, by changing it into a thumbs-down EmojiReact \ No newline at end of file diff --git a/changelog.d/doc-typo.skip b/changelog.d/doc-typo.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/dockerfile-versions.change b/changelog.d/dockerfile-versions.change deleted file mode 100644 index 54b3df93d..000000000 --- a/changelog.d/dockerfile-versions.change +++ /dev/null @@ -1 +0,0 @@ -Update Dockerfile to use Elixir 1.17.3, Erlang 26.2.5.6, and Alpine 3.17.9 to match CI release builds \ No newline at end of file diff --git a/changelog.d/docs-rum-otp-vacuum.change b/changelog.d/docs-rum-otp-vacuum.change deleted file mode 100644 index 6d8d43dd0..000000000 --- a/changelog.d/docs-rum-otp-vacuum.change +++ /dev/null @@ -1 +0,0 @@ -Docs RUM index: Add OTP install command, update index size expectation and recommend VACUUM FULL diff --git a/changelog.d/docs.skip b/changelog.d/docs.skip deleted file mode 100644 index fd1aae513..000000000 --- a/changelog.d/docs.skip +++ /dev/null @@ -1 +0,0 @@ -Update *Differences in Mastodon API responses from vanilla Mastodon* \ No newline at end of file diff --git a/changelog.d/elixir-1-18.fix b/changelog.d/elixir-1-18.fix deleted file mode 100644 index d4d5a3493..000000000 --- a/changelog.d/elixir-1-18.fix +++ /dev/null @@ -1 +0,0 @@ -Elixir 1.18: Fixed warnings and new deprecations diff --git a/changelog.d/emoji-pack-upload-zip.add b/changelog.d/emoji-pack-upload-zip.add deleted file mode 100644 index 3f1973269..000000000 --- a/changelog.d/emoji-pack-upload-zip.add +++ /dev/null @@ -1 +0,0 @@ -Added a way to upload new packs from a URL or ZIP file via Admin API \ No newline at end of file diff --git a/changelog.d/emoji_likes.add b/changelog.d/emoji_likes.add deleted file mode 100644 index 13c91a950..000000000 --- a/changelog.d/emoji_likes.add +++ /dev/null @@ -1 +0,0 @@ -Support Mitra-style emoji likes. diff --git a/changelog.d/endorsement-state.fix b/changelog.d/endorsement-state.fix deleted file mode 100644 index cc3b6d9e9..000000000 --- a/changelog.d/endorsement-state.fix +++ /dev/null @@ -1 +0,0 @@ -Fix endorsement state display in relationship view diff --git a/changelog.d/endorsements-api.change b/changelog.d/endorsements-api.change deleted file mode 100644 index 279392c66..000000000 --- a/changelog.d/endorsements-api.change +++ /dev/null @@ -1 +0,0 @@ -Support new Mastodon API for endorsed accounts diff --git a/changelog.d/expiring-blocks.add b/changelog.d/expiring-blocks.add deleted file mode 100644 index 29989af15..000000000 --- a/changelog.d/expiring-blocks.add +++ /dev/null @@ -1 +0,0 @@ -Add `duration` to the block endpoint, which makes block expire \ No newline at end of file diff --git a/changelog.d/expose-markup-configuration.add b/changelog.d/expose-markup-configuration.add deleted file mode 100644 index 8c7f35697..000000000 --- a/changelog.d/expose-markup-configuration.add +++ /dev/null @@ -1 +0,0 @@ -Expose markup configuration in InstanceView diff --git a/changelog.d/fediindex.change b/changelog.d/fediindex.change deleted file mode 100644 index b9bef2762..000000000 --- a/changelog.d/fediindex.change +++ /dev/null @@ -1 +0,0 @@ -Allow FediIndex crawler bot by default \ No newline at end of file diff --git a/changelog.d/filter-user-capabilities.add b/changelog.d/filter-user-capabilities.add deleted file mode 100644 index fe2459210..000000000 --- a/changelog.d/filter-user-capabilities.add +++ /dev/null @@ -1 +0,0 @@ -Allow filtering users with `accepts_chat_messages` capability \ No newline at end of file diff --git a/changelog.d/fix-lists-bcc.fix b/changelog.d/fix-lists-bcc.fix deleted file mode 100644 index cd819fea3..000000000 --- a/changelog.d/fix-lists-bcc.fix +++ /dev/null @@ -1 +0,0 @@ -Fix publisher when publishing to a list of users diff --git a/changelog.d/fix-report-empty-fields.fix b/changelog.d/fix-report-empty-fields.fix deleted file mode 100644 index ba0a2b2a2..000000000 --- a/changelog.d/fix-report-empty-fields.fix +++ /dev/null @@ -1 +0,0 @@ -Fix reports being rejected when the activity had an empty CC or TO field (instead of not having them at all) \ No newline at end of file diff --git a/changelog.d/fixtests.skip b/changelog.d/fixtests.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/freebsd-rc.fix b/changelog.d/freebsd-rc.fix deleted file mode 100644 index 1f59d4596..000000000 --- a/changelog.d/freebsd-rc.fix +++ /dev/null @@ -1 +0,0 @@ -Set PATH in the FreeBSD rc script to avoid failures starting the service diff --git a/changelog.d/gin-search.fix b/changelog.d/gin-search.fix deleted file mode 100644 index ba9977b6e..000000000 --- a/changelog.d/gin-search.fix +++ /dev/null @@ -1 +0,0 @@ -Improved performance of status search queries using the default GIN index diff --git a/changelog.d/gitlabci.skip b/changelog.d/gitlabci.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/gun.change b/changelog.d/gun.change deleted file mode 100644 index 3d72b7701..000000000 --- a/changelog.d/gun.change +++ /dev/null @@ -1 +0,0 @@ -Update Cowboy, Gun, and Plug family of dependencies diff --git a/changelog.d/hashtag-search.change b/changelog.d/hashtag-search.change deleted file mode 100644 index f17e711ce..000000000 --- a/changelog.d/hashtag-search.change +++ /dev/null @@ -1 +0,0 @@ -Hashtag searches return real results based on words in your query diff --git a/changelog.d/instance-view-timeline-access.add b/changelog.d/instance-view-timeline-access.add deleted file mode 100644 index eb414e786..000000000 --- a/changelog.d/instance-view-timeline-access.add +++ /dev/null @@ -1 +0,0 @@ -Add `timelines_access` to InstanceView diff --git a/changelog.d/language-detection.add b/changelog.d/language-detection.add deleted file mode 100644 index 6d1a7f705..000000000 --- a/changelog.d/language-detection.add +++ /dev/null @@ -1 +0,0 @@ -Implement language detection with fastText \ No newline at end of file diff --git a/changelog.d/local-nickname-regex.fix b/changelog.d/local-nickname-regex.fix deleted file mode 100644 index 81ddd9cff..000000000 --- a/changelog.d/local-nickname-regex.fix +++ /dev/null @@ -1 +0,0 @@ -Use end-of-string in regex for local `get_by_nickname` diff --git a/changelog.d/lookup-restrict-unauthenticated.fix b/changelog.d/lookup-restrict-unauthenticated.fix deleted file mode 100644 index a062b9361..000000000 --- a/changelog.d/lookup-restrict-unauthenticated.fix +++ /dev/null @@ -1 +0,0 @@ -Respect restrict_unauthenticated in /api/v1/accounts/lookup diff --git a/changelog.d/mastoapi-interaction-perms.fix b/changelog.d/mastoapi-interaction-perms.fix deleted file mode 100644 index 857d59400..000000000 --- a/changelog.d/mastoapi-interaction-perms.fix +++ /dev/null @@ -1 +0,0 @@ -MastodonAPI: Reject interactions with statuses not visible to user diff --git a/changelog.d/mastodon-quote-id-api.change b/changelog.d/mastodon-quote-id-api.change deleted file mode 100644 index 8b9f267b3..000000000 --- a/changelog.d/mastodon-quote-id-api.change +++ /dev/null @@ -1 +0,0 @@ -Support `quoted_status_id` parameter in post creation request diff --git a/changelog.d/mastodon-quotes-updates.change b/changelog.d/mastodon-quotes-updates.change deleted file mode 100644 index 4c01ec106..000000000 --- a/changelog.d/mastodon-quotes-updates.change +++ /dev/null @@ -1 +0,0 @@ -Use Mastodon-compatible route for quotes list and param for quotes count diff --git a/changelog.d/moderation-log-unknown-actions.fix b/changelog.d/moderation-log-unknown-actions.fix deleted file mode 100644 index 8940e8d34..000000000 --- a/changelog.d/moderation-log-unknown-actions.fix +++ /dev/null @@ -1 +0,0 @@ -Fix ModerationLog FunctionClauseError for unknown actions \ No newline at end of file diff --git a/changelog.d/mrf-inlinequotes-mastodon.fix b/changelog.d/mrf-inlinequotes-mastodon.fix deleted file mode 100644 index 638b3fde3..000000000 --- a/changelog.d/mrf-inlinequotes-mastodon.fix +++ /dev/null @@ -1 +0,0 @@ -MRF InlineQuotePolicy: Don't inline quoted post URL in Mastodon quote posts diff --git a/changelog.d/mrf-quietreply.add b/changelog.d/mrf-quietreply.add deleted file mode 100644 index 4ed20bce6..000000000 --- a/changelog.d/mrf-quietreply.add +++ /dev/null @@ -1 +0,0 @@ -Added MRF.QuietReply which prevents replies to public posts from being published to the timelines diff --git a/changelog.d/nginx-config.change b/changelog.d/nginx-config.change deleted file mode 100644 index 3455e3a7b..000000000 --- a/changelog.d/nginx-config.change +++ /dev/null @@ -1 +0,0 @@ -Updated the example Nginx configuration diff --git a/changelog.d/nodeinfo-content-type.fix b/changelog.d/nodeinfo-content-type.fix deleted file mode 100644 index 255fab475..000000000 --- a/changelog.d/nodeinfo-content-type.fix +++ /dev/null @@ -1 +0,0 @@ -Fix NodeInfo content-type diff --git a/changelog.d/noop-fixes.skip b/changelog.d/noop-fixes.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/normalize-actor-image-hrefs.fix b/changelog.d/normalize-actor-image-hrefs.fix deleted file mode 100644 index 33d222391..000000000 --- a/changelog.d/normalize-actor-image-hrefs.fix +++ /dev/null @@ -1 +0,0 @@ -Add Actor images normalization from array of urls to string diff --git a/changelog.d/notification-cleanup.skip b/changelog.d/notification-cleanup.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/notification-type-update.fix b/changelog.d/notification-type-update.fix deleted file mode 100644 index ee864000c..000000000 --- a/changelog.d/notification-type-update.fix +++ /dev/null @@ -1 +0,0 @@ -Add `update` to @notification_types diff --git a/changelog.d/notification-view-deduplicate.skip b/changelog.d/notification-view-deduplicate.skip deleted file mode 100644 index 769352692..000000000 --- a/changelog.d/notification-view-deduplicate.skip +++ /dev/null @@ -1 +0,0 @@ -remove duplicated code from notificationview diff --git a/changelog.d/oban-lazarus.add b/changelog.d/oban-lazarus.add deleted file mode 100644 index e54345e5e..000000000 --- a/changelog.d/oban-lazarus.add +++ /dev/null @@ -1 +0,0 @@ -Oban.Plugins.Lazarus to help recover stuck jobs from an unclean shutdown of Pleroma diff --git a/changelog.d/oban-notifier.change b/changelog.d/oban-notifier.change deleted file mode 100644 index a3932a165..000000000 --- a/changelog.d/oban-notifier.change +++ /dev/null @@ -1 +0,0 @@ -Oban Notifier was changed to Oban.Notifiers.PG for performance and scalability benefits diff --git a/changelog.d/openbsd-docs-update.skip b/changelog.d/openbsd-docs-update.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/openbsd-update-httpd-relayd.change b/changelog.d/openbsd-update-httpd-relayd.change deleted file mode 100644 index 2ee85c2b0..000000000 --- a/changelog.d/openbsd-update-httpd-relayd.change +++ /dev/null @@ -1 +0,0 @@ -Updated relayd/httpd config files to be on par with nginx diff --git a/changelog.d/openbsd-update-rc.fix b/changelog.d/openbsd-update-rc.fix deleted file mode 100644 index 2d4263827..000000000 --- a/changelog.d/openbsd-update-rc.fix +++ /dev/null @@ -1 +0,0 @@ -replaced depracated flags and functions, renamed service to fit other service files diff --git a/changelog.d/order-favourites-reblogs.change b/changelog.d/order-favourites-reblogs.change deleted file mode 100644 index 67c235d62..000000000 --- a/changelog.d/order-favourites-reblogs.change +++ /dev/null @@ -1 +0,0 @@ -Order favourites and reblogs list from newest to oldest diff --git a/changelog.d/outgoing-follow-requests.add b/changelog.d/outgoing-follow-requests.add deleted file mode 100644 index a898bcf6e..000000000 --- a/changelog.d/outgoing-follow-requests.add +++ /dev/null @@ -1 +0,0 @@ -Add /api/v1/pleroma/outgoing_follow_requests diff --git a/changelog.d/pin-chats.fix b/changelog.d/pin-chats.fix deleted file mode 100644 index e7520ceaf..000000000 --- a/changelog.d/pin-chats.fix +++ /dev/null @@ -1 +0,0 @@ -Allow to pin/unpip chats diff --git a/changelog.d/plaroma.skip b/changelog.d/plaroma.skip deleted file mode 100644 index 184ca07e0..000000000 --- a/changelog.d/plaroma.skip +++ /dev/null @@ -1 +0,0 @@ -i don't think it's called plaroma \ No newline at end of file diff --git a/changelog.d/pleroma-fe-2-9-2.change b/changelog.d/pleroma-fe-2-9-2.change deleted file mode 100644 index d6073b08a..000000000 --- a/changelog.d/pleroma-fe-2-9-2.change +++ /dev/null @@ -1,2 +0,0 @@ -Update Pleroma-FE to 2.9.2 - diff --git a/changelog.d/postgrex.change b/changelog.d/postgrex.change deleted file mode 100644 index 1539f5b8d..000000000 --- a/changelog.d/postgrex.change +++ /dev/null @@ -1 +0,0 @@ -Updated Postgrex library to 0.20.0 diff --git a/changelog.d/preferred-frontend.add b/changelog.d/preferred-frontend.add deleted file mode 100644 index 145e9451b..000000000 --- a/changelog.d/preferred-frontend.add +++ /dev/null @@ -1 +0,0 @@ -Allow users to select preferred frontend diff --git a/changelog.d/preserve-public-cc.fix b/changelog.d/preserve-public-cc.fix deleted file mode 100644 index 1b20ce9ad..000000000 --- a/changelog.d/preserve-public-cc.fix +++ /dev/null @@ -1 +0,0 @@ -Fix federation issue where Public visibility information in cc field was lost when sent to remote servers, causing posts to appear with inconsistent visibility across instances diff --git a/changelog.d/private-functions.skip b/changelog.d/private-functions.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/reachability.change b/changelog.d/reachability.change deleted file mode 100644 index 71b9514be..000000000 --- a/changelog.d/reachability.change +++ /dev/null @@ -1 +0,0 @@ -Improved the logic of how we determine if a server is unreachable. diff --git a/changelog.d/relax-also-known-as.change b/changelog.d/relax-also-known-as.change deleted file mode 100644 index 800c3e72a..000000000 --- a/changelog.d/relax-also-known-as.change +++ /dev/null @@ -1 +0,0 @@ -Relax alsoKnownAs requirements to just URI, not necessarily HTTP(S) \ No newline at end of file diff --git a/changelog.d/relayd-ipv6.fix b/changelog.d/relayd-ipv6.fix deleted file mode 100644 index 634e1f635..000000000 --- a/changelog.d/relayd-ipv6.fix +++ /dev/null @@ -1 +0,0 @@ -OpenBSD relayd: Fix IPv6 example diff --git a/changelog.d/releases.fix b/changelog.d/releases.fix deleted file mode 100644 index 5436accc7..000000000 --- a/changelog.d/releases.fix +++ /dev/null @@ -1 +0,0 @@ -Fix release builds diff --git a/changelog.d/remote-url.fix b/changelog.d/remote-url.fix deleted file mode 100644 index 9be84a878..000000000 --- a/changelog.d/remote-url.fix +++ /dev/null @@ -1 +0,0 @@ -`remote_url` links to unproxied URL diff --git a/changelog.d/remove-forgotten-OTPVersion-usage.skip b/changelog.d/remove-forgotten-OTPVersion-usage.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/remove-redundant-code.skip b/changelog.d/remove-redundant-code.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/replies-collection.add b/changelog.d/replies-collection.add deleted file mode 100644 index 9b7f8dc77..000000000 --- a/changelog.d/replies-collection.add +++ /dev/null @@ -1 +0,0 @@ -Provide full replies collection in ActivityPub objects \ No newline at end of file diff --git a/changelog.d/report-anon.add b/changelog.d/report-anon.add deleted file mode 100644 index 3238d1636..000000000 --- a/changelog.d/report-anon.add +++ /dev/null @@ -1 +0,0 @@ -Allow anonymizing reports sent to remote servers diff --git a/changelog.d/repost-repeat-filtering-3391.add b/changelog.d/repost-repeat-filtering-3391.add deleted file mode 100644 index b4dce4397..000000000 --- a/changelog.d/repost-repeat-filtering-3391.add +++ /dev/null @@ -1 +0,0 @@ -Add only_reblogs parameter to account statuses API for filtering to show only reblogs/reposts \ No newline at end of file diff --git a/changelog.d/rich-media-user-agent.add b/changelog.d/rich-media-user-agent.add deleted file mode 100644 index 5c1e2b134..000000000 --- a/changelog.d/rich-media-user-agent.add +++ /dev/null @@ -1 +0,0 @@ -Allow setting custom user-agent for fetching rich media content diff --git a/changelog.d/rss-redirect.change b/changelog.d/rss-redirect.change deleted file mode 100644 index cd8b099aa..000000000 --- a/changelog.d/rss-redirect.change +++ /dev/null @@ -1 +0,0 @@ -Redirect /users/:nickname.rss to /users/:nickname/feed.rss instead of .atom \ No newline at end of file diff --git a/changelog.d/scrobbles-scope.change b/changelog.d/scrobbles-scope.change deleted file mode 100644 index 3c31eadcc..000000000 --- a/changelog.d/scrobbles-scope.change +++ /dev/null @@ -1 +0,0 @@ -Add `write:scrobbles` and `read:scrobbles` scope for scrobbling diff --git a/changelog.d/scrobbles.change b/changelog.d/scrobbles.change deleted file mode 100644 index ed1777b2d..000000000 --- a/changelog.d/scrobbles.change +++ /dev/null @@ -1 +0,0 @@ -Change scrobble external link param name to use snake case \ No newline at end of file diff --git a/changelog.d/scrubber-inline-quotes-mastodon.add b/changelog.d/scrubber-inline-quotes-mastodon.add deleted file mode 100644 index a8006e423..000000000 --- a/changelog.d/scrubber-inline-quotes-mastodon.add +++ /dev/null @@ -1 +0,0 @@ -Scrubber: Allow `quote-inline` class in

tags used by Mastodon quotes \ No newline at end of file diff --git a/changelog.d/scrubber-span-classes.change b/changelog.d/scrubber-span-classes.change deleted file mode 100644 index 4ba5dfa91..000000000 --- a/changelog.d/scrubber-span-classes.change +++ /dev/null @@ -1 +0,0 @@ -Allow "invisible" and "ellipsis" classes for span tags to match Mastodon behavior diff --git a/changelog.d/siteinfo-baseurls.add b/changelog.d/siteinfo-baseurls.add deleted file mode 100644 index 6f0f19847..000000000 --- a/changelog.d/siteinfo-baseurls.add +++ /dev/null @@ -1 +0,0 @@ -Add `base_urls` to the /api/v1/instance pleroma metadata which provides information about the base URLs for media_proxy and uploads when configured \ No newline at end of file diff --git a/changelog.d/smtp-docs.change b/changelog.d/smtp-docs.change deleted file mode 100644 index fb9925e43..000000000 --- a/changelog.d/smtp-docs.change +++ /dev/null @@ -1 +0,0 @@ -Change SMTP example to use the Mua adapter that works with OTP>25 \ No newline at end of file diff --git a/changelog.d/status-push-notification.fix b/changelog.d/status-push-notification.fix deleted file mode 100644 index ed0bbff33..000000000 --- a/changelog.d/status-push-notification.fix +++ /dev/null @@ -1 +0,0 @@ -Send push notifications for statuses from subscribed accounts diff --git a/changelog.d/stream-marker-updates.add b/changelog.d/stream-marker-updates.add deleted file mode 100644 index e9fda3e59..000000000 --- a/changelog.d/stream-marker-updates.add +++ /dev/null @@ -1 +0,0 @@ -Stream marker updates diff --git a/changelog.d/tesla.change b/changelog.d/tesla.change deleted file mode 100644 index bd0ec6e94..000000000 --- a/changelog.d/tesla.change +++ /dev/null @@ -1 +0,0 @@ -Updated Tesla to 1.15.3 diff --git a/changelog.d/toctou-mkdir.fix b/changelog.d/toctou-mkdir.fix deleted file mode 100644 index b070db1a0..000000000 --- a/changelog.d/toctou-mkdir.fix +++ /dev/null @@ -1 +0,0 @@ -Backport [Elixir PR 14242](https://github.com/elixir-lang/elixir/pull/14242) fixing racy mkdir and lack of error handling of parent directory creation \ No newline at end of file diff --git a/changelog.d/tos-setting.add b/changelog.d/tos-setting.add deleted file mode 100644 index db9b0d5f2..000000000 --- a/changelog.d/tos-setting.add +++ /dev/null @@ -1 +0,0 @@ -Allow Terms of Service panel behaviour to be configurable diff --git a/changelog.d/translate-posts.add b/changelog.d/translate-posts.add deleted file mode 100644 index e7a9317a1..000000000 --- a/changelog.d/translate-posts.add +++ /dev/null @@ -1 +0,0 @@ -Support translation providers (DeepL, LibreTranslate) \ No newline at end of file diff --git a/changelog.d/translation-provider-mozhi.add b/changelog.d/translation-provider-mozhi.add deleted file mode 100644 index c3cf5940a..000000000 --- a/changelog.d/translation-provider-mozhi.add +++ /dev/null @@ -1 +0,0 @@ -Support Mozhi translation provider diff --git a/changelog.d/translation-provider-translatelocally.add b/changelog.d/translation-provider-translatelocally.add deleted file mode 100644 index 635e80061..000000000 --- a/changelog.d/translation-provider-translatelocally.add +++ /dev/null @@ -1 +0,0 @@ -Support translateLocally translation provider diff --git a/changelog.d/transmogrifier-aspublic.fix b/changelog.d/transmogrifier-aspublic.fix deleted file mode 100644 index 36610cbed..000000000 --- a/changelog.d/transmogrifier-aspublic.fix +++ /dev/null @@ -1 +0,0 @@ -Transmogrifier: convert "as:Public" to full w3 URL diff --git a/changelog.d/truncate-rich-media.change b/changelog.d/truncate-rich-media.change deleted file mode 100644 index 1df064be1..000000000 --- a/changelog.d/truncate-rich-media.change +++ /dev/null @@ -1 +0,0 @@ -Truncate the length of Rich Media title and description fields diff --git a/changelog.d/typo.skip b/changelog.d/typo.skip deleted file mode 100644 index 721ba96c5..000000000 --- a/changelog.d/typo.skip +++ /dev/null @@ -1 +0,0 @@ -Fix typo in test name diff --git a/changelog.d/typos.skip b/changelog.d/typos.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/update-poll-voters-count.fix b/changelog.d/update-poll-voters-count.fix deleted file mode 100644 index 557c2b0df..000000000 --- a/changelog.d/update-poll-voters-count.fix +++ /dev/null @@ -1 +0,0 @@ -Update voters count in remote polls when refreshing diff --git a/changelog.d/url-encoding-pt2.fix b/changelog.d/url-encoding-pt2.fix deleted file mode 100644 index bc6857e02..000000000 --- a/changelog.d/url-encoding-pt2.fix +++ /dev/null @@ -1 +0,0 @@ -Fix sometimes incorrect URI percent encoding diff --git a/changelog.d/url-encoding.fix b/changelog.d/url-encoding.fix deleted file mode 100644 index 3cca87ded..000000000 --- a/changelog.d/url-encoding.fix +++ /dev/null @@ -1 +0,0 @@ -Fix HTTP client making invalid requests due to no percent encoding processing or validation. diff --git a/changelog.d/view-internals-leaks.fix b/changelog.d/view-internals-leaks.fix deleted file mode 100644 index a1a09afe1..000000000 --- a/changelog.d/view-internals-leaks.fix +++ /dev/null @@ -1 +0,0 @@ -ObjectView: Do not leak unsanitized internal representation of non-Create/non-Undo Activities on fetches diff --git a/changelog.d/webfinger-actual-fix.fix b/changelog.d/webfinger-actual-fix.fix deleted file mode 100644 index 6aaf89d68..000000000 --- a/changelog.d/webfinger-actual-fix.fix +++ /dev/null @@ -1 +0,0 @@ -Fix WebFinger for split-domain setups diff --git a/changelog.d/webfinger-resolution.fix b/changelog.d/webfinger-resolution.fix deleted file mode 100644 index 71b927bb0..000000000 --- a/changelog.d/webfinger-resolution.fix +++ /dev/null @@ -1 +0,0 @@ -Enforce an exact domain match for WebFinger resolution diff --git a/changelog.d/webfinger.change b/changelog.d/webfinger.change deleted file mode 100644 index 353e65a89..000000000 --- a/changelog.d/webfinger.change +++ /dev/null @@ -1 +0,0 @@ -Don't require an Accept header for WebFinger queries and default to JSON. \ No newline at end of file