glitch-88756ab7-ls236

LinuxServer Changes:

Existing users should update their nginx confs to avoid http2 deprecation warnings.

mastodon Changes:

Merge pull request #2861 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes up to 03210085b7481568cc507f088144aaf1dae73c88

develop-v4.3.0-rc.1-ls74

LinuxServer Changes:

Rebase to Alpine 3.20, enable Active Record Encryption. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

Data change at JSON endpoint https://api.github.com/repos/mastodon/mastodon/releases

v4.2.13-ls107

LinuxServer Changes:

Rebase to Alpine 3.18, migrate to s6v3.

mastodon Changes:

Changelog

Security

• Fix ReDoS vulnerability on some Ruby versions (GHSA-jpxp-r43f-rhvx)
• Update dependencies

Added

• Add “A Mastodon update is available.” message on admin dashboard for non-bugfix updates (#32106 by @ClearlyClaire)

Changed

• Change Mastodon to issue correct HTTP signatures by default (#31994 by @ClearlyClaire)

Fixed

• Fix replies collection being cached improperly
• Fix security context sometimes not being added in LD-Signed activities (#31871 by @ClearlyClaire)
• Fix error when encountering reblog of deleted post in feed rebuild (#32001 by @ClearlyClaire)

Upgrade notes

To get the code for v4.2.13, use git fetch && git checkout v4.2.13.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.0 to 3.2
• PostgreSQL: 10 or newer
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 16 or newer
• ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.12.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

1. Install dependencies: bundle install and yarn install --frozen-lockfile
2. Restart all Mastodon processes

Using Docker:

1. Restart all Mastodon processes

glitch-88756ab7-ls235

LinuxServer Changes:

Existing users should update their nginx confs to avoid http2 deprecation warnings.

mastodon Changes:

Merge pull request #2861 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes up to 03210085b7481568cc507f088144aaf1dae73c88

develop-v4.3.0-rc.1-ls73

LinuxServer Changes:

Rebase to Alpine 3.20, enable Active Record Encryption. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

Data change at JSON endpoint https://api.github.com/repos/mastodon/mastodon/releases

glitch-9bf624b4-ls234

LinuxServer Changes:

Existing users should update their nginx confs to avoid http2 deprecation warnings.

mastodon Changes:

Merge pull request #2860 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes up to 9d664f87a04b6a5157ddbe60ee33b5b7a960198e

v4.2.12-ls106

LinuxServer Changes:

Rebase to Alpine 3.18, migrate to s6v3.

mastodon Changes:

Note

This is a hotfix release for an issue introduced in 4.2.11.

Changelog (v4.2.12)

Fixed

• Fix broken notifications for mentions from local moderators (ClearlyClaire)

Changelog (v4.2.11)

Added

• Add support for incoming <s> tag (mediaformat)

Changed

• Change logic of block/mute bypass for mentions from moderators to only apply to visible roles with moderation powers (ClearlyClaire)

Fixed

• Fix incorrect rate limit on PUT requests (ClearlyClaire)
• Fix presence of ß in adjacent word preventing mention and hashtag matching (adamniedzielski)
• Fix processing of webfinger responses with multiple self links (adamniedzielski)
• Fix duplicate orderedItems in user archive's outbox.json (ClearlyClaire)
• Fix click event handling when clicking outside of an open dropdown menu (ClearlyClaire)
• Fix status processing failing halfway when a remote post has a malformed replies attribute (ClearlyClaire)
• Fix --verbose option of tootctl media remove, which was previously erroneously removed (mjankowski)
• Fix division by zero on some video/GIF files (ClearlyClaire)
• Fix Web UI trying to save user settings despite being logged out (ClearlyClaire)
• Fix hashtag regexp matching some link anchors (ClearlyClaire)
• Fix local account search on LDAP login being case-sensitive (raucao)
• Fix development environment admin account not being auto-approved (ClearlyClaire)
• Fix report reason selector in moderation interface not unselecting rules when changing category (ClearlyClaire)
• Fix already-invalid reports failing to resolve (ClearlyClaire)
• Fix OCR when using S3/CDN for assets (vmstan)
• Fix error when encountering malformed Tag objects from Kbin (ShadowJonathan)
• Fix not all allowed image formats showing in file picker when uploading custom emoji (june128)
• Fix search popout listing unusable search options when logged out (ClearlyClaire)
• Fix processing of featured collections lacking an items attribute (tribela)
• Fix mastodon:stats decoration of stats rake task (mjankowski)

Upgrade notes

To get the code for v4.2.12, use git fetch && git checkout v4.2.12.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.0 to 3.2
• PostgreSQL: 10 or newer
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 16 or newer
• ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.10 or 4.2.11.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

1. Install dependencies: bundle install and yarn install --frozen-lockfile
2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
3. Restart all Mastodon processes

Using Docker:

1. Restart all Mastodon processes

develop-v4.3.0-beta.2-ls72

LinuxServer Changes:

Rebase to Alpine 3.20, enable Active Record Encryption. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

Data change at JSON endpoint https://api.github.com/repos/mastodon/mastodon/releases

glitch-f610fdd6-ls233

LinuxServer Changes:

Existing users should update their nginx confs to avoid http2 deprecation warnings.

mastodon Changes:

Merge pull request #2858 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes up to 28966fa0a6d7b98ee94696acdc79e45449ce8349

glitch-437cecc9-ls233

LinuxServer Changes:

Existing users should update their nginx confs to avoid http2 deprecation warnings.

mastodon Changes:

Fix awkward status action bar layout changes (#2859)