1698 lines
179 KiB

All notable changes to this project will be documented in this file.
## Unreleased
### Added
- **Add hotkeys for audio/video control in web UI** ([Gargron](, [Gargron](
- `Space` and `k` to toggle playback
- `m` to toggle mute
- `f` to toggle fullscreen
- `j` and `l` to go back and forward by 10 seconds
- `.` and `,` to go back and forward by a frame (video only)
- Add expand/compress button on media modal in web UI ([mashirozx](, [mashirozx](, [mashirozx](
- Add border around 🕺 emoji in web UI ([ThibG](
- Add border around 🐞 emoji in web UI ([ThibG](
- Add home link to the getting started column when home isn't mounted ([ThibG](
- Add option to disable swiping motions across the web UI ([ThibG](
- **Add pop-out player for audio/video in web UI** ([Gargron](, [Gargron](, [Gargron](, [noellabo](
- Continue watching/listening when you scroll away
- Action bar to interact with/open toot from the pop-out player
- Add unread notification markers in web UI ([ThibG](, [ThibG](, [ThibG](, [noellabo](, [noellabo](
- Add paragraph about browser add-ons when encountering errors in web UI ([ThibG](
- Add import and export for bookmarks ([ThibG](
- Add cache buster feature for media files ([Gargron](
- If you have a proxy cache in front of object storage, deleted files will persist until the cache expires
- If enabled, cache buster will make a special request to the proxy to signal a cache reset
- Add duration option to the mute function ([aquarla](
- Add replies policy option to the list function ([ThibG](, [trwnh](
- Add `og:published_time` OpenGraph tags on toots ([nornagon](
- **Add option to be notified when a followed user posts** ([Gargron](, [ThibG](, [Gargron](
- If you don't want to miss a toot, click the bell button!
- Add client-side validation in password change forms ([ThibG](
- Add client-side validation in the registration form ([ThibG](, [ThibG](
- Add support for Gemini URLs ([joshleeb](
- Add app shortcuts to web app manifest ([mkljczk](
- Add WebAuthn as an alternative 2FA method ([santiagorodriguez96](, [jiikko](
- Add honeypot fields and minimum fill-out time for sign-up form ([ThibG](
- Add icon for mutual relationships in relationship manager ([noellabo](
- Add follow selected followers button in relationship manager ([noellabo](
- **Add subresource integrity for JS and CSS assets** ([Gargron](
- If you use a CDN for static assets (JavaScript, CSS, and so on), you have to trust that the CDN does not modify the assets maliciously
- Subresource integrity compares server-generated asset digests with what's actually served from the CDN and prevents such attacks
- Add `ku`, `sa`, `sc`, `zgh` to available locales ([ykzts](
- Add ability to force an account to mark media as sensitive ([noellabo](
- **Add ability to block access or limit sign-ups from chosen IPs** ([Gargron](, [ThibG](
- Add rules for IPs or CIDR ranges that automatically expire after a configurable amount of time
- Choose the severity of the rule, either blocking all access or merely limiting sign-ups
- **Add support for reversible suspensions through ActivityPub** ([Gargron](
- Servers can signal that one of their accounts has been suspended
- During suspension, the account can only delete its own content
- A reversal of the suspension can be signalled the same way
- A local suspension always overrides a remote one
- Add indication to admin UI of whether a report has been forwarded ([ThibG](
- Add display of reasons for joining of an account in admin UI ([mashirozx](
- Add option to obfuscate domain name in public list of domain blocks ([Gargron](
- Add option to make reasons for joining required on sign-up ([ThibG](, [ThibG](, [ThibG](, [ThibG](
- Add ActivityPub follower synchronization mechanism ([ThibG](, [ThibG](
- Add outbox attribute to instance actor ([ThibG](
- Add featured hashtags as an ActivityPub collection ([Gargron](, [noellabo](
- Add support for dereferencing objects through bearcaps ([Gargron](, [noellabo](
- Add `S3_READ_TIMEOUT` environment variable ([tateisu](
- Add `ALLOWED_PRIVATE_ADDRESSES` environment variable ([ThibG](
- Add `--fix-permissions` option to `tootctl media remove-orphans` ([Gargron](, [uist1idrju3i](
- Add `tootctl accounts merge` ([Gargron](, [ThibG](, [ThibG](
- Has someone changed their domain or subdomain thereby creating two accounts where there should be one?
- This command will fix it on your end
- Add `tootctl maintenance fix-duplicates` ([ThibG](, [Gargron](, [ThibG](
- Index corruption in the database?
- This command is for you
- **Add support for managing multiple stream subscriptions in a single connection** ([Gargron](, [Gargron](, [mfmfuyu](, [zunda](
- Previously, getting live updates for multiple timelines required opening a HTTP or WebSocket connection for each
- More connections means more resource consumption on both ends, not to mention the (ever so slight) delay when establishing a new connection
- Now, with just a single WebSocket connection you can subscribe and unsubscribe to and from multiple streams
- Add support for limiting results by both `min_id` and `max_id` at the same time in REST API ([tateisu](
- Add `GET /api/v1/accounts/:id/featured_tags` to REST API ([noellabo](, [noellabo](
- Add stoplight for object storage failures, return HTTP 503 in REST API ([Gargron](
- Add optional `tootctl remove media` cronjob in Helm chart ([dunn](
- Add clean error message when `RAILS_ENV` is unset ([ThibG](
### Changed
- **Change media modals look in web UI** ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [Kjwon15](, [noellabo](
- Background of the overlay matches the color of the image
- Action bar to interact with or open the toot from the modal
- Change order of announcements in admin UI to be newest-first ([ThibG](
- **Change account suspensions to be reversible by default** ([Gargron](, [ThibG](, [ThibG](, [ThibG](, [ThibG](, [noellabo](, [ThibG](
- Suspensions no longer equal deletions
- A suspended account can be unsuspended with minimal consequences for 30 days
- Immediate deletion of data is still available as an explicit option
- Suspended accounts can request an archive of their data through the UI
- Change REST API to return empty data for suspended accounts (14765)
- Change web UI to show empty profile for suspended accounts ([Gargron](, [Gargron](
- Change featured hashtag suggestions to be recently used instead of most used ([abcang](
- Change direct toots to appear in the home feed again ([Gargron](, [ThibG](, [noellabo](
- Return to treating all toots the same instead of trying to retrofit direct visibility into an instant messaging model
- Change email address validation to return more specific errors ([ThibG](
- Change HTTP signature requirements to include `Digest` header on `POST` requests ([ThibG](
- Change click area of video/audio player buttons to be bigger in web UI ([ariasuni](
- Change order of filters by alphabetic by "keyword or phrase" ([ariasuni](
- Change suspension of remote accounts to also undo outgoing follows ([ThibG](
- Change string "Home" to "Home and lists" in the filter creation screen ([ariasuni](
- Change string "Boost to original audience" to "Boost with original visibility" in web UI ([3n-k1](
- Change string "Show more" to "Show newer" and "Show older" on public pages ([ariasuni](
- Change order of announcements to be reverse chronological in web UI ([dariusk](, [dariusk](
- Change RTL detection to rely on unicode-bidi paragraph by paragraph in web UI ([Gargron](
- Change visibility icon next to timestamp to be clickable in web UI ([ariasuni](, [mayaeh](
- Change public thread view to hide "Show thread" link ([ThibG](
- Change number format on about page from full to shortened ([Gargron](
- Change how scheduled tasks run in multi-process environments ([noellabo](
- New dedicated queue `scheduler`
- Runs by default when Sidekiq is executed with no options
- Has to be added manually in a multi-process environment
### Removed
- Remove fade-in animation from modals in web UI ([Gargron](
- Remove auto-redirect to direct messages in web UI ([Gargron](
- Remove obsolete IndexedDB operations from web UI ([Gargron](
- Remove dependency on unused and unmaintained http_parser.rb gem ([ThibG](
### Fixed
- Fix layout on about page when contact account has a long username ([ThibG](
- Fix follow limit preventing re-following of a moved account ([Gargron](
- **Fix deletes not reaching every server that interacted with toot** ([Gargron](
- Previously, delete of a toot would be primarily sent to the followers of its author, people mentioned in the toot, and people who reblogged the toot
- Now, additionally, it is ensured that it is sent to people who replied to it, favourited it, and to the person it replies to even if that person is not mentioned
- Fix resolving an account through its non-canonical form (i.e. alternate domain) ([ThibG](
- Fix sending redundant ActivityPub events when processing remote account deletion ([ThibG](
- Fix Move handler not being triggered when failing to fetch target account ([ThibG](
- Fix downloading remote media files when server returns empty filename ([ThibG](
- Fix account processing failing because of large collections ([ThibG](
- Fix not being able to unfavorite toots one has lost access to ([ThibG](
- Fix not being able to unbookmark toots one has lost access to ([ThibG](
- Fix possible casing inconsistencies in hashtag search ([ThibG](
- Fix updating account counters when association is not yet created ([Gargron](
- Fix cookies not having a SameSite attribute ([Gargron](
- Fix poll ending notifications being created for each vote ([ThibG](
- Fix multiple boosts of a same toot erroneously appearing in TL ([ThibG](
- Fix asset builds not picking up `CDN_HOST` change ([ThibG](
- Fix desktop notifications permission prompt in web UI ([Gargron](, [Gargron](, [ThibG](, [ThibG](
- Some time ago, browsers added a requirement that desktop notification prompts could only be displayed in response to a user-generated event (such as a click)
- This means that for some time, users who haven't already given the permission before were not getting a prompt and as such were not receiving desktop notifications
- Fix "Mark media as sensitive" string not supporting pluralizations in other languages in web UI ([ariasuni](
- Fix glitched image uploads when canvas read access is blocked in web UI ([ThibG](
- Fix some account gallery items having empty labels in web UI ([ThibG](
- Fix alt-key hotkeys activating while typing in a text field in web UI ([ThibG](
- Fix wrong seek bar width on media player in web UI ([mfmfuyu](
- Fix logging out on mobile in web UI ([ThibG](
- Fix wrong click area for GIFVs in media modal in web UI ([noellabo](
- Fix unreadable placeholder text color in high contrast theme in web UI ([Gargron](
- Fix scrolling issues when closing some dropdown menus in web UI ([ThibG](
- Fix notification filter bar incorrectly filtering gaps in web UI ([ThibG](
- Fix disabled boost icon being replaced by private boost icon on hover in web UI ([ThibG](
- Fix hashtag detection in compose form being different to server-side in web UI ([kedamaDQ](, [ThibG](
- Fix home last read marker mishandling gaps in web UI ([ThibG](
- Fix unnecessary re-rendering of various components when typing in web UI ([Gargron](
- Fix notifications being unnecessarily re-rendered in web UI ([ThibG](
- Fix column swiping animation logic in web UI ([ThibG](
- Fix inefficiency when fetching hashtag timeline ([noellabo](, [akihikodaki](
- Fix inefficiency when fetching bookmarks ([akihikodaki](
- Fix inefficiency when fetching favourites ([akihikodaki](
- Fix inefficiency when fetching media-only account timeline ([akihikodaki](
- Fix inefficieny when deleting accounts ([Gargron](, [ThibG](, [ThibG](, [ThibG](, [ThibG](
- Fix redundant query when processing batch actions on custom emojis ([niwatori24](
- Fix slow distinct queries where grouped queries are faster ([Gargron](
- Fix performance on instances list in admin UI ([Gargron](
- Fix server actor appearing in list of accounts in admin UI ([ThibG](
- Fix "bootstrap timeline accounts" toggle in site settings in admin UI ([ThibG](
- Fix PostgreSQL secret name for cronjob in Helm chart ([metal3d](
- Fix Procfile not being compatible with herokuish ([acuteaura](
- Fix installation of tini being split into multiple steps in Dockerfile ([ryncsn](
### Security
- Fix streaming API allowing connections to persist after access token invalidation ([Gargron](
- Fix 2FA/sign-in token sessions being valid after password change ([Gargron](
- Fix resolving accounts sometimes creating duplicate records for a given ActivityPub identifier ([ThibG](
## [3.2.2] - 2020-12-19
### Added
- Add `tootctl maintenance fix-duplicates` ([ThibG](, [Gargron](
- Index corruption in the database?
- This command is for you
### Removed
- Remove dependency on unused and unmaintained http_parser.rb gem ([ThibG](
### Fixed
- Fix Move handler not being triggered when failing to fetch target account ([ThibG](
- Fix downloading remote media files when server returns empty filename ([ThibG](
- Fix possible casing inconsistencies in hashtag search ([ThibG](
- Fix updating account counters when association is not yet created ([Gargron](
- Fix account processing failing because of large collections ([ThibG](
- Fix resolving an account through its non-canonical form (i.e. alternate domain) ([ThibG](
- Fix slow distinct queries where grouped queries are faster ([Gargron](
### Security
- Fix 2FA/sign-in token sessions being valid after password change ([Gargron](
- Fix resolving accounts sometimes creating duplicate records for a given ActivityPub identifier ([ThibG](
## [3.2.1] - 2020-10-19
### Added
- Add support for latest HTTP Signatures spec draft ([ThibG](
- Add support for inlined objects in ActivityPub `to`/`cc` ([ThibG](
### Changed
- Change actors to not be served at all without authentication in limited federation mode ([ThibG](
- Previously, a bare version of an actor was served when not authenticated, i.e. username and public key
- Because all actor fetch requests are signed using a separate system actor, that is no longer required
### Fixed
- Fix `tootctl media` commands not recognizing very large IDs ([ThibG](
- Fix crash when failing to load emoji picker in web UI ([ThibG](
- Fix contrast requirements in thumbnail color extraction ([ThibG](
- Fix audio/video player not using `CDN_HOST` on public pages ([ThibG](
- Fix private boost icon not being used on public pages ([OmmyZhang](
- Fix audio player on Safari in web UI ([ThibG](, [ThibG](
- Fix dereferencing remote statuses not using the correct account for signature when receiving a targeted inbox delivery ([ThibG](
- Fix nil error in `tootctl media remove` ([noellabo](
- Fix videos with near-60 fps being rejected ([Gargron](
- Fix reported statuses not being included in warning e-mail ([Gargron](
- Fix `Reject` activities of `Follow` objects not correctly destroying a follow relationship ([ThibG](
- Fix inefficiencies in fan-out-on-write service ([Gargron](, [noellabo](
- Fix timeout errors when trying to webfinger some IPv6 configurations ([Gargron](
- Fix files served as `application/octet-stream` being rejected without attempting mime type detection ([ThibG](
## [3.2.0] - 2020-07-27
### Added
- Add `SMTP_SSL` environment variable ([OmmyZhang](
- Add hotkey for toggling content warning input in web UI ([ThibG](
- **Add e-mail-based sign in challenge for users with disabled 2FA** ([Gargron](
- If user tries signing in after:
- Being inactive for a while
- With a previously unknown IP
- Without 2FA being enabled
- Require to enter a token sent via e-mail before sigining in
- Add `limit` param to RSS feeds ([noellabo](
- Add `visibility` param to share page ([noellabo](
- Add blurhash to link previews ([ThibG](, [ThibG](, [ThibG](, [Sasha-Sorokin](, [Sasha-Sorokin](, [ThibG](, [ThibG](, [ThibG](
- In web UI, toots cannot be marked as sensitive unless there is media attached
- However, it's possible to do via API or ActivityPub
- Thumnails of link previews of such posts now use blurhash in web UI
- The Card entity in REST API has a new `blurhash` attribute
- Add support for `summary` field for media description in ActivityPub ([ThibG](
- Add hints about incomplete remote content to web UI ([Gargron](, [noellabo](
- **Add personal notes for accounts** ([ThibG](, [Gargron](, [Sasha-Sorokin](
- To clarify, these are notes only you can see, to help you remember details
- Notes can be viewed and edited from profiles in web UI
- New REST API: `POST /api/v1/accounts/:id/note` with `comment` param
- The Relationship entity in REST API has a new `note` attribute
- Add Helm chart ([dunn](, [dunn](, [dunn](
- **Add customizable thumbnails for audio and video attachments** ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [ThibG](, [ThibG](, [noellabo](, [noellabo](
- Metadata (album, artist, etc) is no longer stripped from audio files
- Album art is automatically extracted from audio files
- Thumbnail can be manually uploaded for both audio and video attachments
- Media upload APIs now support `thumbnail` param
- On `POST /api/v1/media` and `POST /api/v2/media`
- And on `PUT /api/v1/media/:id`
- ActivityPub representation of media attachments represents custom thumbnails with an `icon` attribute
- The Media Attachment entity in REST API now has a `preview_remote_url` to its `preview_url`, equivalent to `remote_url` to its `url`
- **Add color extraction for thumbnails** ([Gargron](, [ThibG](
- The `meta` attribute on the Media Attachment entity in REST API can now have a `colors` attribute which in turn contains three hex colors: `background`, `foreground`, and `accent`
- The background color is chosen from the most dominant color around the edges of the thumbnail
- The foreground and accent colors are chosen from the colors that are the most different from the background color using the CIEDE2000 algorithm
- The most satured color of the two is designated as the accent color
- The one with the highest W3C contrast is designated as the foreground color
- If there are not enough colors in the thumbnail, new ones are generated using a monochrome pattern
- Add a visibility indicator to toots in web UI ([noellabo](, [highemerly](
- Add `tootctl email_domain_blocks` ([tateisu](, [Gargron](
- Add "Add new domain block" to header of federation page in admin UI ([ariasuni](
- Add ability to keep emoji picker open with ctrl+click in web UI ([bclindner](, [noellabo](
- Add custom icon for private boosts in web UI ([ThibG](
- Add support for Create and Update activities that don't inline objects in ActivityPub ([ThibG](
- Add support for Undo activities that don't inline activities in ActivityPub ([ThibG](
### Changed
- Change `.env.production.sample` to be leaner and cleaner ([Gargron](
- It was overloaded as de-facto documentation and getting quite crowded
- Defer to the actual documentation while still giving a minimal example
- Change `tootctl search deploy` to work faster and display progress ([Gargron](
- Change User-Agent of link preview fetching service to include "Bot" ([Gargron](
- Some websites may not render OpenGraph tags into HTML if that's not the case
- Change behaviour to carry blocks over when someone migrates their followers ([ThibG](
- Change volume control and download buttons in web UI ([Gargron](
- **Change design of audio players in web UI** ([Gargron](, [ThibG](, [Gargron](, [ThibG](, [Gargron](, [ThibG](
- Change reply filter to never filter own toots in web UI ([ThibG](
- Change boost button to no longer serve as visibility indicator in web UI ([noellabo](, [ThibG](
- Change contrast of flash messages ([cchoi12](
- Change wording from "Hide media" to "Hide image/images" in web UI ([ariasuni](
- Change appearence of settings pages to be more consistent ([ariasuni](
- Change "Add media" tooltip to not include long list of formats in web UI ([ariasuni](
- Change how badly contrasting emoji are rendered in web UI ([leo60228](, [ThibG](, [mfmfuyu](, [ThibG](
- Change structure of unavailable content section on about page ([ariasuni](
- Change behaviour to accept ActivityPub activities relayed through group actor ([noellabo](
- Change amount of processing retries for ActivityPub activities ([noellabo](
### Removed
- Remove the terms "blacklist" and "whitelist" from UX ([Gargron](, [mayaeh](
- Environment variables changed (old versions continue to work):
- CLI option changed:
- `tootctl domains purge --whitelist-mode``tootctl domains purge --limited-federation-mode`
- Remove some unnecessary database indices ([lfuelling](, [noellabo](
- Remove unnecessary Node.js version upper bound ([ykzts](
### Fixed
- Fix `following` param not working when exact match is found in account search ([noellabo](
- Fix sometimes occuring duplicate mention notifications ([noellabo](
- Fix RSS feeds not being cachable ([ThibG](
- Fix lack of locking around processing of Announce activities in ActivityPub ([noellabo](
- Fix boosted toots from blocked account not being retroactively removed from TL ([ThibG](
- Fix large shortened numbers (like 1.2K) using incorrect pluralization ([Sasha-Sorokin](
- Fix streaming server trying to use empty password to connect to Redis when `REDIS_PASSWORD` is given but blank ([ThibG](
- Fix being unable to unboost posts when blocked by their author ([ThibG](
- Fix account domain block not properly unfollowing accounts from domain ([Gargron](
- Fix removing a domain allow wiping known accounts in open federation mode ([ThibG](
- Fix blocks and mutes pagination in web UI ([ThibG](
- Fix new posts pushing down origin of opened dropdown in web UI ([ThibG](, [ThibG](
- Fix timeline markers not being saved sometimes ([ThibG](, [ThibG](, [ThibG](
- Fix CSV uploads being rejected ([noellabo](
- Fix incompatibility with ElasticSearch 7.x ([noellabo](
- Fix being able to search posts where you're in the target audience but not actively mentioned ([noellabo](
- Fix non-local posts appearing on local-only hashtag timelines in web UI ([noellabo](
- Fix `tootctl media remove-orphans` choking on unknown files in storage ([Gargron](
- Fix `tootctl upgrade storage-schema` misbehaving ([Gargron](, [angristan](
- Fix it marking records as upgraded even though no files were moved
- Fix it not working with S3 storage
- Fix it not working with custom emojis
- Fix GIF reader raising incorrect exceptions ([ThibG](
- Fix hashtag search performing account search as well ([ThibG](
- Fix Webfinger returning wrong status code on malformed or missing param ([ThibG](
- Fix `rake mastodon:setup` error when some environment variables are set ([ThibG](
- Fix admin page crashing when trying to block an invalid domain name in admin UI ([ThibG](
- Fix unsent toot confirmation dialog not popping up in single column mode in web UI ([ThibG](
- Fix performance of follow import ([noellabo](
- Reduce timeout of Webfinger requests to that of other requests
- Use circuit breakers to stop hitting unresponsive servers
- Avoid hitting servers that are already known to be generally unavailable
- Fix filters ignoring media descriptions ([BenLubar](
- Fix some actions on custom emojis leading to cryptic errors in admin UI ([ThibG](
- Fix ActivityPub serialization of replies when some of them are URIs ([ThibG](
- Fix `rake mastodon:setup` choking on environment variables containing `%` ([ThibG](
- Fix account redirect confirmation message talking about moved followers ([ThibG](
- Fix avatars having the wrong size on public detailed status pages ([ThibG](
- Fix various issues around OpenGraph representation of media ([Gargron](
- Pages containing audio no longer say "Attached: 1 image" in description
- Audio attachments now represented as OpenGraph `og:audio`
- The `twitter:player` page now uses Mastodon's proper audio/video player
- Audio/video buffered bars now display correctly in audio/video player
- Volume and progress bars now respond to movement/move smoother
- Fix audio/video/images/cards not reacting to window resizes in web UI ([Gargron](
- Fix very wide media attachments resulting in too thin a thumbnail in web UI ([ThibG](
- Fix crash when merging posts into home feed after following someone ([ThibG](
- Fix unique username constraint for local users not being enforced in database ([ThibG](
- Fix unnecessary gap under video modal in web UI ([mfmfuyu](
- Fix 2FA and sign in token pages not respecting user locale ([mfmfuyu](
- Fix unapproved users being able to view profiles when in limited-federation mode *and* requiring approval for sign-ups ([ThibG](
- Fix initial audio volume not corresponding to what's displayed in audio player in web UI ([ThibG](
- Fix timelines sometimes jumping when closing modals in web UI ([ThibG](
- Fix memory usage of downloading remote files ([Gargron](, [Gargron](, [noellabo](
- Don't read entire file (up to 40 MB) into memory
- Read and write it to temp file in small chunks
- Fix inconsistent account header padding in web UI ([trwnh](
- Fix Thai being skipped from language detection ([Sasha-Sorokin](
- Since Thai has its own alphabet, it can be detected more reliably
- Fix broken hashtag column options styling in web UI ([ThibG](
- Fix pointer cursor being shown on toots that are not clickable in web UI ([arielrodrigues](
- Fix lock icon not being shown when locking account in profile settings ([ThibG](
- Fix domain blocks doing work the wrong way around ([ThibG](
- Instead of suspending accounts one by one, mark all as suspended first (quick)
- Only then proceed to start removing their data (slow)
- Clear out media attachments in a separate worker (slow)
## [v3.1.5] - 2020-07-07
### Security
- Fix media attachment enumeration ([ThibG](
- Change rate limits for various paths ([Gargron](
- Fix other sessions not being logged out on password change ([Gargron](
## [v3.1.5] - 2020-07-07
### Security
- Fix media attachment enumeration ([ThibG](
- Change rate limits for various paths ([Gargron](
- Fix other sessions not being logged out on password change ([Gargron](
## [v3.1.4] - 2020-05-14
### Added
- Add `vi` to available locales ([taicv](
- Add ability to remove identity proofs from account ([Gargron](
- Add ability to exclude local content from federated timeline ([noellabo](, [noellabo](
- Add `remote` param to `GET /api/v1/timelines/public` REST API
- Add `public/remote` / `public:remote` variants to streaming API
- "Remote only" option in federated timeline column settings in web UI
- Add ability to exclude remote content from hashtag timelines in web UI ([noellabo](
- No changes to REST API
- "Local only" option in hashtag column settings in web UI
- Add Capistrano tasks that reload the services after deploying ([berkes](
- Add `invites_enabled` attribute to `GET /api/v1/instance` in REST API ([ThibG](
- Add `tootctl emoji export` command ([lfuelling](
- Add separate cache directory for non-local uploads ([Gargron](, [Hanage999](, [mayaeh](
- Add `tootctl upgrade storage-schema` command to move old non-local uploads to the cache directory
- Add buttons to delete header and avatar from profile settings ([sternenseemann](
- Add emoji graphics and shortcodes from Twemoji 12.1.5 ([DeeUnderscore](
### Changed
- Change error message when trying to migrate to an account that does not have current account set as an alias to be more clear ([TheEvilSkeleton](
- Change delivery failure tracking to work with hostnames instead of URLs ([Gargron](, [noellabo](, [noellabo](, [noellabo](
- Change Content-Security-Policy to not need unsafe-inline style-src ([ThibG](, [ThibG](, [ThibG](, [ThibG](, [ThibG](
- Change how RSS items are titled and formatted ([ThibG](, [ykzts](
### Fixed
- Fix dropdown of muted and followed accounts offering option to hide boosts in web UI ([ThibG](
- Fix "You are already signed in" alert being shown at wrong times ([ThibG](
- Fix retrying of failed-to-download media files not actually working ([noellabo](
- Fix first poll option not being focused when adding a poll in web UI ([ThibG](
- Fix `sr` locale being selected over `sr-Latn` ([ThibG](
- Fix error within error when limiting backtrace to 3 lines ([Gargron](
- Fix `tootctl media remove-orphans` crashing on "Import" files ([ThibG](
- Fix regression in `tootctl media remove-orphans` ([Gargron](
- Fix old unique jobs digests not having been cleaned up ([Gargron](
- Fix own following/followers not showing muted users ([ThibG](
- Fix list of followed people ignoring sorting on Follows & Followers page ([taras2358](
- Fix wrong pgHero Content-Security-Policy when `CDN_HOST` is set ([ThibG](
- Fix needlessly deduplicating usernames on collisions with remote accounts when signing-up through SAML/CAS ([kaiyou](
- Fix page incorrectly scrolling when bringing up dropdown menus in web UI ([ThibG](
- Fix messed up z-index when NoScript blocks media/previews in web UI ([ThibG](
- Fix "See what's happening" page showing public instead of local timeline for logged-in users ([ThibG](
- Fix not being able to resolve public resources in development environment ([Gargron](
- Fix uninformative error message when uploading unsupported image files ([ThibG](
- Fix expanded video player issues in web UI ([ThibG](, [eai04191](
- Fix and refactor keyboard navigation in dropdown menus in web UI ([ThibG](
- Fix uploaded image orientation being messed up in some browsers in web UI ([ThibG](
- Fix actions log crash when displaying updates of deleted announcements in admin UI ([ThibG](
- Fix search not working due to proxy settings when using hidden services ([Gargron](
- Fix poll refresh button not being debounced in web UI ([rasjonell](, [ThibG](
- Fix confusing error when failing to add an alias to an unknown account ([ThibG](
- Fix "Email changed" notification sometimes having wrong e-mail ([ThibG](
- Fix varioues issues on the account aliases page ([ThibG](
- Fix API footer link in web UI ([bubblineyuri](
- Fix pagination of following, followers, follow requests, blocks and mutes lists in web UI ([ThibG](
- Fix styling of polls in JS-less fallback on public pages ([ThibG](
- Fix trying to delete already deleted file when post-processing ([Gargron](
### Security
- Fix Doorkeeper vulnerability that exposed app secret to users who authorized the app and reset secret of the web UI that could have been exposed ([dependabot-preview[bot]](, [Gargron](
- For apps that self-register on behalf of every individual user (such as most mobile apps), this is a non-issue
- The issue only affects developers of apps who are shared between multiple users, such as server-side apps like cross-posters
## [v3.1.3] - 2020-04-05
### Added
- Add ability to filter audit log in admin UI ([Gargron](
- Add titles to warning presets in admin UI ([Gargron](
- Add option to include resolved DNS records when blacklisting e-mail domains in admin UI ([Gargron](
- Add ability to delete files uploaded for settings in admin UI ([ThibG](
- Add sorting by username, creation and last activity in admin UI ([ThibG](
- Add explanation as to why unlocked accounts may have follow requests in web UI ([ThibG](
- Add link to bookmarks to dropdown in web UI ([mayaeh](
- Add support for links to statuses in announcements to be opened in web UI ([ThibG](, [ThibG](
- Add tooltips to audio/video player buttons in web UI ([ariasuni](
- Add submit button to the top of preferences pages ([guigeekz](
- Add specific rate limits for posting, following and reporting ([Gargron](, [Gargron](
- 300 posts every 3 hours
- 400 follows or follow requests every 24 hours
- 400 reports every 24 hours
- Add federation support for the "hide network" preference ([ThibG](
- Add `--skip-media-remove` option to `tootctl statuses remove` ([tateisu](
### Changed
- **Change design of polls in web UI** ([Sasha-Sorokin](, [ThibG](
- Change status click areas in web UI to be bigger ([ariasuni](
- **Change `tootctl media remove-orphans` to work for all classes** ([Gargron](
- **Change local media attachments to perform heavy processing asynchronously** ([Gargron](
- Change video uploads to always be converted to H264/MP4 ([Gargron](, [ThibG](, [ThibG](
- Change video uploads to enforce certain limits ([Gargron](
- Dimensions smaller than 1920x1200px
- Frame rate at most 60fps
- Change the tooltip "Toggle visibility" to "Hide media" in web UI ([ariasuni](
- Change description of privacy levels to be more intuitive in web UI ([ariasuni](
- Change GIF label to be displayed even when autoplay is enabled in web UI ([koyuawsmbrtn](
- Change the string "Hide everything from …" to "Block domain …" in web UI ([ThibG](, [mayaeh](
- Change wording of media display preferences to be more intuitive ([ariasuni](
### Deprecated
- `POST /api/v1/media``POST /api/v2/media` ([Gargron](
### Fixed
- Fix `tootctl media remove-orphans` ignoring `PAPERCLIP_ROOT_PATH` ([Gargron](
- Fix returning results when searching for URL with non-zero offset ([Gargron](
- Fix pinning a column in web UI sometimes redirecting out of web UI ([Gargron](
- Fix background jobs not using locks like they are supposed to ([Gargron](
- Fix content warning being unnecessarily cleared when hiding content warning input in web UI ([ThibG](
- Fix "Show more" not switching to "Show less" on public pages ([ThibG](
- Fix import overwrite option not being selectable ([noellabo](
- Fix wrong color for ellipsis in boost confirmation dialog in web UI ([ariasuni](
- Fix unnecessary unfollowing when importing follows with overwrite option ([noellabo](
- Fix 404 and 410 API errors being silently discarded in web UI ([ThibG](
- Fix OCR not working on Safari because of unsupported worker-src CSP ([ThibG](
- Fix media not being marked sensitive when a content warning is set with no text ([ThibG](
- Fix crash after deleting announcements in web UI ([codesections](, [ThibG](
- Fix bookmarks not being searchable ([Kjwon15](, [noellabo](
- Fix reported accounts not being whitelisted from further spam checks when resolving a spam check report ([ThibG](
- Fix web UI crash in single-column mode on prehistoric browsers ([ThibG](
- Fix some timeouts when searching for URLs ([ThibG](
- Fix detailed view of direct messages displaying a 0 boost count in web UI ([ThibG](
- Fix regression in “Edit media” modal in web UI ([ThibG](
- Fix public posts from silenced accounts not being changed to unlisted visibility ([ThibG](
- Fix error when searching for URLs that contain the mention syntax ([ThibG](
- Fix text area above/right of emoji picker being accidentally clickable in web UI ([ariasuni](
- Fix too large announcements not being scrollable in web UI ([ThibG](
- Fix `tootctl media remove-orphans` crashing when encountering invalid media ([ThibG](
- Fix installation failing when Redis password contains special characters ([ThibG](
- Fix announcements with fully-qualified mentions to local users crashing web UI ([ThibG](
### Security
- Fix re-sending of e-mail confirmation not being rate limited ([Gargron](
## [v3.1.2] - 2020-02-27
### Added
- Add `--reset-password` option to `tootctl accounts modify` ([ThibG](
- Add source-mapped stacktrace to error message in web UI ([ThibG](
### Fixed
- Fix dismissing an announcement twice raising an obscure error ([ThibG](
- Fix misleading error when attempting to re-send a pending follow request ([ThibG](
- Fix backups failing when files are missing from media attachments ([ThibG](
- Fix duplicate accounts being created when fetching an account for its key only ([ThibG](
- Fix `/web` redirecting to `/web/web` in web UI ([ThibG](
- Fix previously OStatus-based accounts not being detected as ActivityPub ([ThibG](
- Fix account JSON/RSS not being cacheable due to wrong mime type comparison ([ThibG](
- Fix old browsers crashing because of missing `finally` polyfill in web UI ([ThibG](
- Fix account's bio not being shown if there are no proofs/fields in admin UI ([ThibG](
- Fix sign-ups without checked user agreement being accepted through the web form ([ThibG](
- Fix non-x64 architectures not being able to build Docker image because of hardcoded Node.js architecture ([SaraSmiseth](
- Fix invite request input not being shown on sign-up error if left empty ([ThibG](
- Fix some migration hints mentioning GitLab instead of Mastodon ([saper](
### Security
- Fix leak of arbitrary statuses through unfavourite action in REST API ([Gargron](
## [3.1.1] - 2020-02-10
### Fixed
- Fix yanked dependency preventing installation ([mayaeh](
## [3.1.0] - 2020-02-09
### Added
- Add bookmarks ([ThibG](, [Gargron](, [Gomasy](
- Add announcements ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [ThibG](, [ThibG](, [Gargron](, [ThibG](, [ThibG](
- Add number animations in web UI ([Gargron](, [Gargron](
- Add `kab`, `is`, `kn`, `mr`, `ur` to available locales ([Gargron](, [BoFFire](, [Gargron](
- Add profile filter category ([ThibG](
- Add ability to add oneself to lists ([ThibG](
- Add hint how to contribute translations to preferences page ([Sasha-Sorokin](
- Add signatures to statuses in archive takeout ([noellabo](
- Add support for `magnet:` and `xmpp` links ([ThibG](, [ThibG](
- Add `follow_request` notification type ([ThibG](
- Add ability to filter reports by account domain in admin UI ([ThibG](
- Add link to search for users connected from the same IP address to admin UI ([ThibG](
- Add link to reports targeting a specific domain in admin view ([ThibG](
- Add support for EventSource streaming in web UI ([BenLubar](
- Add hotkey for opening media attachments in web UI ([ThibG](, [Kjwon15](
- Add relationship-based options to status dropdowns in web UI ([Gargron](, [ThibG](, [Gargron](
- Add support for submitting media description with `ctrl`+`enter` in web UI ([ThibG](
- Add download button to audio and video players in web UI ([NimaBoscarino](
- Add setting for whether to crop images in timelines in web UI ([duxovni](
- Add support for `Event` activities ([tcitworld](
- Add basic support for `Group` actors ([noellabo](
- Add `S3_OVERRIDE_PATH_STYLE` environment variable ([Gargron](
- Add `S3_OPEN_TIMEOUT` environment variable ([tateisu](
- Add `LDAP_MAIL` environment variable ([madmath03](
- Add `LDAP_UID_CONVERSION_ENABLED` environment variable ([madmath03](
- Add `--remote-only` option to `tootctl emoji purge` ([ThibG](
- Add `tootctl media remove-orphans` ([Gargron](, [Gargron](
- Add `tootctl media lookup` command ([irlcatgirl](
- Add cache for OEmbed endpoints to avoid extra HTTP requests ([Gargron](
- Add support for KaiOS arrow navigation to public pages ([nolanlawson](
- Add `discoverable` to accounts in REST API ([trwnh](
- Add admin setting to disable default follows ([ArisuOngaku](
- Add support for LDAP and PAM in the OAuth password grant strategy ([ntl-purism](, [Gargron](
- Allow support for `Accept`/`Reject` activities with a non-embedded object ([puckipedia](
- Add "Show thread" button to public profiles ([Sasha-Sorokin](
### Changed
- Change `last_status_at` to be a date, not datetime in REST API ([ThibG](
- Change followers page to relationships page in admin UI ([Gargron](, [Gargron](
- Change reported media attachments to always be hidden in admin UI ([Gargron](, [ThibG](
- Change string from "Disable" to "Disable login" in admin UI ([nileshkumar](
- Change report page structure in admin UI ([Sasha-Sorokin](
- Change swipe sensitivity to be lower on small screens in web UI ([umonaca](
- Change audio/video playback to stop playback when out of view in web UI ([Gargron](
- Change media description label based on upload type in web UI ([ThibG](
- Change large numbers to render without decimal units in web UI ([noellabo](
- Change "Add a choice" button to be disabled rather than hidden when poll limit reached in web UI ([ThibG](, [hinaloe](
- Change `tootctl statuses remove` to keep statuses favourited or bookmarked by local users ([ThibG](, [Gomasy](
- Change domain block behavior to update user records (fast) before deleting data (slower) ([ThibG](
- Change behaviour to strip audio metadata on uploads ([hugogameiro](
- Change accepted length of remote media descriptions from 420 to 1,500 characters ([ThibG](
- Change preferences pages structure ([Sasha-Sorokin](, [mayaeh](, [Sasha-Sorokin](, [Sasha-Sorokin](, [Sasha-Sorokin](, [Sasha-Sorokin](
- Change format of titles in RSS ([devkral](
- Change favourite icon animation from spring-based motion to CSS animation in web UI ([ThibG](
- Change minimum required Node.js version to 10, and default to 12 ([Shleeble](, [mkody](, [Shleeble](
- Change spam check to exempt server staff ([ThibG](
- Change to fallback to to `Create` audience when `object` has no defined audience ([ThibG](
- Change Twemoji library to 12.1.3 in web UI ([koyuawsmbrtn](
- Change blocked users to be hidden from following/followers lists ([ThibG](
- Change signature verification to ignore signatures with invalid host ([Gargron](
### Removed
- Remove unused dependencies ([ykzts](, [mayaeh](, [ThibG](, [ykzts](
### Fixed
- Fix some translatable strings being used wrongly ([Sasha-Sorokin](, [Sasha-Sorokin](, [Sasha-Sorokin](, [mayaeh](
- Fix headline of public timeline page when set to local-only ([ykzts](
- Fix space between tabs not being spread evenly in web UI ([Sasha-Sorokin](, [Sasha-Sorokin](, [Sasha-Sorokin](
- Fix interactive delays in database migrations with no TTY ([Gargron](
- Fix status overflowing in report dialog in web UI ([ThibG](
- Fix unlocalized dropdown button title in web UI ([Sasha-Sorokin](
- Fix media attachments without file being uploadable ([Gargron](
- Fix unfollow confirmations in profile directory in web UI ([ThibG](
- Fix duplicate `description` meta tag on accounts public pages ([ThibG](
- Fix slow query of federated timeline ([notozeki](
- Fix not all of account's active IPs showing up in admin UI ([Gargron](, [Gargron](
- Fix search by IP not using alternative browser sessions in admin UI ([Gargron](
- Fix “X new items” not showing up for slow mode on empty timelines in web UI ([ThibG](
- Fix OEmbed endpoint being inaccessible in secure mode ([Gargron](
- Fix proofs API being inaccessible in secure mode ([Gargron](
- Fix Ruby 2.7 incompatibilities ([ThibG](, [ThibG](, [Shleeble](, [zunda](
- Fix invalid poll votes being accepted in REST API ([ThibG](
- Fix old migrations failing because of strong migrations update ([ThibG](, [ThibG](
- Fix reuse of detailed status components in web UI ([ThibG](
- Fix base64-encoded file uploads not being possible in REST API ([Gargron](, [Gargron](
- Fix error due to missing authentication call in filters controller ([Gargron](
- Fix uncaught unknown format error in host meta controller ([Gargron](
- Fix URL search not returning private toots user has access to ([ThibG](, [ThibG](
- Fix cache digesting log noise on status embeds ([Gargron](
- Fix slowness due to layout thrashing when reloading a large set of statuses in web UI ([panarom](, [panarom](, [Gargron](
- Fix error when fetching followers/following from REST API when user has network hidden ([Gargron](
- Fix IDN mentions not being processed, IDN domains not being rendered ([Gargron](, [Gargron](, [Gargron](
- Fix error when searching for empty phrase ([Gargron](
- Fix backups stopping due to read timeouts ([chr-1x](
- Fix batch actions on non-pending tags in admin UI ([ThibG](
- Fix sample `SAML_ACS_URL`, `SAML_ISSUER` ([orlea](
- Fix manual scrolling issue on Firefox/Windows in web UI ([ThibG](
- Fix archive takeout failing if total dump size exceeds 2GB ([scd31](, [Gargron](
- Fix custom emoji category creation silently erroring out on duplicate category ([ThibG](
- Fix link crawler not specifying preferred content type ([ThibG](
- Fix featured hashtag setting page erroring out instead of rejecting invalid tags ([ThibG](
- Fix tooltip messages of single/multiple-choice polls switcher being reversed in web UI ([acid-chicken](
- Fix typo in help text of `tootctl statuses remove` ([trwnh](
- Fix generic HTTP 500 error on duplicate records ([Gargron](
- Fix old migration failing with new status default scope ([ThibG](
- Fix errors when using search API with no query ([Gargron](, [trwnh](
- Fix poll options not being selectable via keyboard in web UI ([ThibG](
- Fix conversations not having an unread indicator in web UI ([Gargron](
- Fix lost focus when modals open/close in web UI ([ThibG](
- Fix pending upload count not being decremented on error in web UI ([ThibG](
- Fix empty poll options not being removed on remote poll update ([ThibG](
- Fix OCR with delete & redraft in web UI ([ThibG](
- Fix blur behind closed registration message ([ThibG](
- Fix OEmbed discovery not handling different URL variants in query ([Gargron](
- Fix link crawler crashing on `<a>` tags without `href` ([ThibG](
- Fix whitelisted subdomains being ignored in whitelist mode ([noiob](
- Fix broken audit log in whitelist mode in admin UI ([ThibG](
- Fix unread indicator not honoring "Only media" option in local and federated timelines in web UI ([ThibG](
- Fix error when rebuilding home feeds ([dariusk](
- Fix relationship caches being broken as result of a follow request ([ThibG](
- Fix more items than the limit being uploadable in web UI ([ThibG](
- Fix various issues with account migration ([ThibG](
- Fix filtered out items being counted as pending items in slow mode in web UI ([ThibG](
- Fix notification filters not applying to poll options ([ThibG](
- Fix notification message for user's own poll saying it's a poll they voted on in web UI ([ykzts](
- Fix polls with an expiration not showing up as expired in web UI ([noellabo](
- Fix volume slider having an offset between cursor and slider in Chromium in web UI ([ThibG](
- Fix Vagrant image not accepting connections ([shrft](
- Fix batch actions being hidden on small screens in admin UI ([ThibG](
- Fix incoming federation not working in whitelist mode ([ThibG](
- Fix error when passing empty `source` param to `PUT /api/v1/accounts/update_credentials` ([jglauche](
- Fix HTTP-based streaming API being cacheable by proxies ([BenLubar](
- Fix users being able to register while `tootctl self-destruct` is in progress ([Kjwon15](
- Fix microformats detection in link crawler not ignoring `h-card` links ([nightpool](
- Fix outline on full-screen video in web UI ([hinaloe](
- Fix TLD domain blocks not being editable ([ThibG](
- Fix Nanobox deploy hooks ([danhunsaker](
- Fix needlessly complicated SQL query when performing account search amongst followings ([ThibG](
- Fix favourites count not updating when unfavouriting in web UI ([NimaBoscarino](
- Fix occasional crash on scroll in Chromium in web UI ([hinaloe](
- Fix intersection observer not working in single-column mode web UI ([panarom](
- Fix voting issue with remote polls that contain trailing spaces ([ThibG](
- Fix dynamic elements not working in pgHero due to CSP rules ([ykzts](
- Fix overly verbose backtraces when delivering ActivityPub payloads ([zunda](
- Fix rendering `<a>` without `href` when scheme unsupported ([Gargron](
- Fix unfiltered params error when generating ActivityPub tag pagination ([Gargron](
- Fix malformed HTML causing uncaught error ([Gargron](
- Fix native share button not being displayed for unlisted toots ([ThibG](
- Fix remote convertible media attachments (e.g. GIFs) not being saved ([Gargron](
- Fix account query not using faster index ([abcang](
- Fix error when sending moderation notification ([renatolond](
### Security
- Fix OEmbed leaking information about existence of non-public statuses ([Gargron](
- Fix password change/reset not immediately invalidating other sessions ([Gargron](
- Fix settings pages being cacheable by the browser ([Gargron](
## [3.0.1] - 2019-10-10
### Added
- Add `tootctl media usage` command ([Gargron](
- Add admin setting to auto-approve trending hashtags ([Gargron](, [Gargron](
### Changed
- Change `tootctl media refresh` to skip already downloaded attachments ([Gargron](
### Removed
- Remove auto-silence behaviour from spam check ([Gargron](
- Remove HTML `lang` attribute from individual statuses in web UI ([Gargron](
- Remove fallback to long description on sidebar and meta description ([Gargron](
### Fixed
- Fix preloaded JSON-LD context for identity not being used ([Gargron](
- Fix media editing modal changing dimensions once the image loads ([Gargron](
- Fix not showing whether a custom emoji has a local counterpart in admin UI ([Gargron](
- Fix attachment not being re-downloaded even if file is not stored ([Gargron](
- Fix old migration trying to use new column due to default status scope ([Gargron](
- Fix column back button missing for not found accounts ([trwnh](
- Fix issues with tootctl's parallelization and progress reporting ([Gargron](, [Gargron](
- Fix existing user records with now-renamed `pt` locale ([Gargron](
- Fix hashtag timeline REST API accepting too many hashtags ([Gargron](
- Fix `GET /api/v1/instance` REST APIs being unavailable in secure mode ([Gargron](
- Fix performance of home feed regeneration and merging ([Gargron](
- Fix ffmpeg performance issues due to stdout buffer overflow ([hugogameiro](
- Fix S3 adapter retrying failing uploads with exponential backoff ([Gargron](
- Fix `tootctl accounts cull` advertising unused option flag ([Kjwon15](
## [3.0.0] - 2019-10-03
### Added
- Add "not available" label to unloaded media attachments in web UI ([Gargron](, [Gargron](
- **Add profile directory to web UI** ([Gargron](, [mayaeh](
- Add profile directory opt-in federation
- Add profile directory REST API
- Add special alert for throttled requests in web UI ([ThibG](
- Add confirmation modal when logging out from the web UI ([ThibG](
- **Add audio player in web UI** ([Gargron](, [Gargron](, [Gargron](, [ThibG](, [Gargron](
- **Add autosuggestions for hashtags in web UI** ([Gargron](, [ThibG](, [Gargron](, [Gargron](, [Gargron](
- **Add media editing modal with OCR tool in web UI** ([Gargron](, [Gargron](, [ThibG](, [ThibG](, [Gargron](, [Gargron](, [Gargron](
- Add indicator of unread notifications to window title when web UI is out of focus ([Gargron](, [Gargron](
- Add indicator for which options you voted for in a poll in web UI ([ThibG](
- **Add search results pagination to web UI** ([Gargron](, [ThibG](
- **Add option to disable real-time updates in web UI ("slow mode")** ([Gargron](, [ykzts](, [ThibG](, [Gargron](, [ThibG](
- Add option to disable blurhash previews in web UI ([ThibG](
- Add native smooth scrolling when supported in web UI ([ThibG](
- Add scrolling to the search bar on focus in web UI ([Kjwon15](
- Add refresh button to list of rebloggers/favouriters in web UI ([Gargron](
- Add error description and button to copy stack trace to web UI ([Gargron](
- Add search and sort functions to hashtag admin UI ([mayaeh](, [Gargron](, [mayaeh](
- Add setting for default search engine indexing in admin UI ([brortao](
- Add account bio to account view in admin UI ([ThibG](
- **Add option to include reported statuses in warning e-mail from admin UI** ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [mayaeh](
- Add number of pending accounts and pending hashtags to dashboard in admin UI ([Gargron](
- **Add account migration UI** ([Gargron](, [noellabo](, [noellabo](, [noellabo](, [noellabo](
- **Add table of contents to about page** ([Gargron](, [ykzts](, [ykzts](, [Kjwon15](
- **Add password challenge to 2FA settings, e-mail notifications** ([Gargron](
- **Add optional public list of domain blocks with comments** ([ThibG](, [ThibG](, [Gargron](
- Add an RSS feed for featured hashtags ([noellabo](
- Add explanations to featured hashtags UI and profile ([Gargron](
- **Add hashtag trends with admin and user settings** ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [mayaeh](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [ThibG](, [Sasha-Sorokin](, [Gargron](, [Gargron](
- Add hashtag usage breakdown to admin UI
- Add batch actions for hashtags to admin UI
- Add trends to web UI
- Add trends to public pages
- Add user preference to hide trends
- Add admin setting to disable trends
- **Add categories for custom emojis** ([Gargron](, [Gargron](, [Gargron](, [highemerly](
- Add custom emoji categories to emoji picker in web UI
- Add `category` to custom emojis in REST API
- Add batch actions for custom emojis in admin UI
- Add max image dimensions to error message ([raboof](
- Add aac, m4a, 3gp, amr, wma to allowed audio formats ([Gargron](, [umonaca](
- **Add search syntax for operators and phrases** ([Gargron](
- **Add REST API for managing featured hashtags** ([noellabo](
- **Add REST API for managing timeline read markers** ([Gargron](
- Add `exclude_unreviewed` param to `GET /api/v2/search` REST API ([Gargron](
- Add `reason` param to `POST /api/v1/accounts` REST API ([Gargron](
- **Add ActivityPub secure mode** ([Gargron](, [ThibG](, [ThibG](
- Add HTTP signatures to all outgoing ActivityPub GET requests ([Gargron](, [ThibG](
- Add support for ActivityPub Audio activities ([ThibG](
- Add ActivityPub actor representing the entire server ([ThibG](, [rtucker](, [ThibG](, [Gargron](
- **Add whitelist mode** ([Gargron](, [mayaeh](
- Add config of multipart threshold for S3 ([ykzts](, [ykzts](
- Add health check endpoint for web ([ykzts](, [ykzts](
- Add HTTP signature keyId to request log ([Gargron](
- Add `SMTP_REPLY_TO` environment variable ([hugogameiro](
- Add `tootctl preview_cards remove` command ([mayaeh](
- Add `tootctl media refresh` command ([Gargron](
- Add `tootctl cache recount` command ([Gargron](
- Add option to exclude suspended domains from `tootctl domains crawl` ([dariusk](
- Add parallelization to `tootctl search deploy` ([noellabo](
- Add soft delete for statuses for instant deletes through API ([Gargron](, [Gargron](
- Add rails-level JSON caching ([Gargron](, [Gargron](
- **Add request pool to improve delivery performance** ([Gargron](, [ykzts](
- Add concurrent connection attempts to resolved IP addresses ([ThibG](
- Add index for remember_token to improve login performance ([abcang](
- **Add more accurate hashtag search** ([Gargron](, [Gargron](, [Gargron](
- **Add more accurate account search** ([Gargron](, [Gargron](
- **Add a spam check** ([Gargron](, [Gargron](, [ThibG](
- Add new languages ([Gargron](
- Breton
- Spanish (Argentina)
- Estonian
- Macedonian
- New Norwegian
- Add NodeInfo endpoint ([Gargron](, [Gargron](
### Changed
- **Change conversations UI** ([Gargron](
- Change dashboard to short number notation ([noellabo](, [noellabo](
- Change REST API `GET /api/v1/timelines/public` to require authentication when public preview is off ([ThibG](
- Change REST API `POST /api/v1/follow_requests/:id/(approve|reject)` to return relationship ([ThibG](
- Change rate limit for media proxy ([ykzts](
- Change unlisted custom emoji to not appear in autosuggestions ([Gargron](
- Change max length of media descriptions from 420 to 1500 characters ([Gargron](, [ThibG](
- **Change deletes to preserve soft-deleted statuses in unresolved reports** ([Gargron](
- **Change tootctl to use inline parallelization instead of Sidekiq** ([Gargron](
- **Change account deletion page to have better explanations** ([Gargron](, [Gargron](
- Change hashtag component in web UI to show numbers for 2 last days ([Gargron](, [Gargron](, [Gargron](
- Change OpenGraph description on sign-up page to reflect invite ([Gargron](
- Change layout of public profile directory to be the same as in web UI ([Gargron](
- Change detailed status child ordering to sort self-replies on top ([ThibG](
- Change window resize handler to switch to/from mobile layout as soon as needed ([ThibG](
- Change icon button styles to make hover/focus states more obvious ([ThibG](
- Change contrast of status links that are not mentions or hashtags ([ThibG](
- **Change hashtags to preserve first-used casing** ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](
- **Change unconfirmed user login behaviour** ([Gargron](, [ThibG](, [Gargron](
- **Change single-column mode to scroll the whole page** ([Gargron](, [Gargron](, [Gargron](, [ThibG](, [Gargron](, [Gargron](, [ThibG](, [Gargron](
- Change `tootctl accounts follow` to only work with local accounts ([angristan](
- Change Dockerfile ([Shleeble](, [ykzts](, [Shleeble](
- Change supported Node versions to include v12 ([abcang](
- Change Portuguese language from `pt` to `pt-PT` ([Gargron](
- Change domain block silence to always require approval on follow ([ThibG](
- Change link preview fetcher to not perform a HEAD request first ([Gargron](
- Change `tootctl domains purge` to accept multiple domains at once ([Gargron](
### Removed
- **Remove OStatus support** ([Gargron](, [Gargron](, [Gargron](, [ThibG](, [ThibG](
- Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` ([Gargron](
- Remove WebP support ([angristan](
- Remove deprecated config options from Heroku and Scalingo ([ykzts](
- Remove deprecated REST API `GET /api/v1/search` API ([Gargron](
- Remove deprecated REST API `GET /api/v1/statuses/:id/card` ([Gargron](
- Remove deprecated REST API `POST /api/v1/notifications/dismiss?id=:id` ([Gargron](
- Remove deprecated REST API `GET /api/v1/timelines/direct` ([Gargron](
### Fixed
- Fix manifest warning ([ykzts](
- Fix admin UI for custom emoji not respecting GIF autoplay preference ([ThibG](
- Fix page body not being scrollable in admin/settings layout ([Gargron](
- Fix placeholder colors for inputs not being explicitly defined ([Gargron](
- Fix incorrect enclosure length in RSS ([tsia](
- Fix TOTP codes not being filtered from logs during enabling/disabling ([Gargron](
- Fix webfinger response not returning 410 when account is suspended ([Gargron](
- Fix ActivityPub Move handler queuing jobs that will fail if account is suspended ([Gargron](
- Fix SSO login not using existing account when e-mail is verified ([Gargron](
- Fix web UI allowing uploads past status limit via drag & drop ([Gargron](
- Fix expiring polls not being displayed as such in web UI ([ThibG](
- Fix 2FA challenge and password challenge for non-database users ([Gargron](, [Gargron](
- Fix profile fields overflowing page width in web UI ([Gargron](
- Fix web push subscriptions being deleted on rate limit or timeout ([Gargron](
- Fix display of long poll options in web UI ([ThibG](, [ThibG](
- Fix search API not resolving URL when `type` is given ([Gargron](
- Fix hashtags being split by ZWNJ character ([Gargron](
- Fix scroll position resetting when opening media modals in web UI ([Gargron](
- Fix duplicate HTML IDs on about page ([ThibG](
- Fix admin UI showing superfluous reject media/reports on suspended domain blocks ([ThibG](
- Fix ActivityPub context not being dynamically computed ([ThibG](
- Fix Mastodon logo style on hover on public pages' footer ([ThibG](
- Fix height of dashboard counters ([ThibG](
- Fix custom emoji animation on hover in web UI directory bios ([ThibG](
- Fix non-numbers being passed to Redis and causing an error ([Gargron](
- Fix error in REST API for an account's statuses ([Gargron](
- Fix uncaught error when resource param is missing in Webfinger request ([Gargron](
- Fix uncaught domain normalization error in remote follow ([Gargron](
- Fix uncaught 422 and 500 errors ([Gargron](, [Gargron](
- Fix uncaught parameter missing exceptions and missing error templates ([Gargron](
- Fix encoding error when checking e-mail MX records ([Gargron](
- Fix items in StatusContent render list not all having a key ([ThibG](
- Fix remote and staff-removed statuses leaving media behind for a day ([Gargron](
- Fix CSP needlessly allowing blob URLs in script-src ([ThibG](
- Fix ignoring whole status because of one invalid hashtag ([Gargron](
- Fix hidden statuses losing focus ([ThibG](
- Fix loading bar being obscured by other elements in web UI ([Gargron](
- Fix multiple issues with replies collection for pages further than self-replies ([ThibG](
- Fix blurhash and autoplay not working on public pages ([Gargron](
- Fix 422 being returned instead of 404 when POSTing to unmatched routes ([Gargron](, [Gargron](
- Fix client-side resizing of image uploads ([ThibG](
- Fix short number formatting for numbers above million in web UI ([Gargron](
- Fix ActivityPub and REST API queries setting cookies and preventing caching ([ThibG](, [ThibG](, [ThibG](, [ThibG](
- Fix some emojis in profile metadata labels are not emojified. ([kedamaDQ](
- Fix account search always returning exact match on paginated results ([Gargron](
- Fix acct URIs with IDN domains not being resolved ([Gargron](
- Fix admin dashboard missing latest features ([Gargron](
- Fix jumping of toot date when clicking spoiler button ([ariasuni](
- Fix boost to original audience not working on mobile in web UI ([ThibG](
- Fix handling of webfinger redirects in ResolveAccountService ([ThibG](
- Fix URLs appearing twice in errors of ActivityPub::DeliveryWorker ([Gargron](
- Fix support for HTTP proxies ([ThibG](
- Fix HTTP requests to IPv6 hosts ([ThibG](
- Fix error in ElasticSearch index import ([mayaeh](
- Fix duplicate account error when seeding development database ([ysksn](
- Fix performance of session clean-up scheduler ([abcang](
- Fix older migrations not running ([zunda](
- Fix URLs counting towards RTL detection ([ahangarha](
- Fix unnecessary status re-rendering in web UI ([ThibG](
- Fix http_parser.rb gem not being compiled when no network available ([petabyteboy](
- Fix muted text color not applying to all text ([trwnh](
- Fix follower/following lists resetting on back-navigation in web UI ([Gargron](
- Fix n+1 query when approving multiple follow requests ([abcang](
- Fix records not being indexed into ElasticSearch sometimes ([Gargron](
- Fix needlessly indexing unsearchable statuses into ElasticSearch ([Gargron](
- Fix new user bootstrapping crashing when to-be-followed accounts are invalid ([ThibG](
- Fix featured hashtag URL being interpreted as media or replies tab ([Gargron](
- Fix account counters being overwritten by parallel writes ([Gargron](
### Security
- Fix performance of GIF re-encoding and always strip EXIF data from videos ([Gargron](
## [2.9.3] - 2019-08-10
### Added
- Add GIF and WebP support for custom emojis ([Gargron](
- Add logout link to dropdown menu in web UI ([koyuawsmbrtn](
- Add indication that text search is unavailable in web UI ([ThibG](, [ThibG](
- Add `suffix` to `Mastodon::Version` to help forks ([clarfon](
- Add on-hover animation to animated custom emoji in web UI ([ThibG](, [ThibG](, [ThibG](
- Add custom emoji support in profile metadata labels ([ThibG](
### Changed
- Change default interface of web and streaming from to ([Gargron](, [zunda](, [Gargron](, [zunda](
- Change the retry limit of web push notifications ([highemerly](
- Change ActivityPub deliveries to not retry HTTP 501 errors ([Gargron](
- Change language detection to include hashtags as words ([Gargron](
- Change terms and privacy policy pages to always be accessible ([Gargron](
- Change robots tag to include `noarchive` when user opts out of indexing ([Kjwon15](
### Fixed
- Fix account domain block not clearing out notifications ([Gargron](
- Fix incorrect locale sometimes being detected for browser ([Gargron](
- Fix crash when saving invalid domain name ([Gargron](
- Fix pinned statuses REST API returning pagination headers ([Gargron](
- Fix "cancel follow request" button having unreadable text in web UI ([Gargron](
- Fix image uploads being blank when canvas read access is blocked ([ThibG](
- Fix avatars not being animated on hover when not logged in ([ThibG](
- Fix overzealous sanitization of HTML lists ([ThibG](
- Fix block crashing when a follow request exists ([ThibG](
- Fix backup service crashing when an attachment is missing ([ThibG](
- Fix account moderation action always sending e-mail notification ([Gargron](
- Fix swiping columns on mobile sometimes failing in web UI ([ThibG](
- Fix wrong actor URI being serialized into poll updates ([ThibG](
- Fix statsd UDP sockets not being cleaned up in Sidekiq ([Gargron](
- Fix expiration date of filters being set to "never" when editing them ([ThibG](
- Fix support for MP4 files that are actually M4V files ([Gargron](
- Fix `alerts` not being typecast correctly in push subscription in REST API ([Gargron](
- Fix some notices staying on unrelated pages ([ThibG](
- Fix unboosting sometimes preventing a boost from reappearing on feed ([ThibG](, [Gargron](
- Fix only one middle dot being recognized in hashtags ([Gargron](, [ThibG](
- Fix unnecessary SQL query performed on unauthenticated requests ([Gargron](
- Fix incorrect timestamp displayed on featured tags ([Kjwon15](
- Fix privacy dropdown active state when dropdown is placed on top of it ([ThibG](
- Fix filters not being applied to poll options ([ThibG](
- Fix keyboard navigation on various dropdowns ([ThibG](, [ThibG](, [ThibG](
- Fix keyboard navigation in modals ([ThibG](
- Fix image conversation being non-deterministic due to timestamps ([Gargron](
- Fix web UI performance ([ThibG](, [ThibG](
- Fix scrolling to compose form when not necessary in web UI ([ThibG](, [ThibG](
- Fix save button being enabled when list title is empty in web UI ([ThibG](
- Fix poll expiration not being pre-filled on delete & redraft in web UI ([ThibG](
- Fix content warning sometimes being set when not requested in web UI ([ThibG](
### Security
- Fix invites not being disabled upon account suspension ([ThibG](
- Fix blocked domains still being able to fill database with account records ([Gargron](
## [2.9.2] - 2019-06-22
### Added
- Add `short_description` and `approval_required` to `GET /api/v1/instance` ([Gargron](
### Changed
- Change camera icon to paperclip icon in upload form ([koyuawsmbrtn](
### Fixed
- Fix audio-only OGG and WebM files not being processed as such ([Gargron](
- Fix audio not being downloaded from remote servers ([Gargron](
## [2.9.1] - 2019-06-22
### Added
- Add moderation API ([Gargron](
- Add audio uploads ([Gargron](, [Gargron](
### Changed
- Change domain blocks to automatically support subdomains ([Gargron](
- Change Nanobox configuration to bring it up to date ([danhunsaker](
### Removed
- Remove expensive counters from federation page in admin UI ([Gargron](
### Fixed
- Fix converted media being saved with original extension and mime type ([Gargron](
- Fix layout of identity proofs settings ([acid-chicken](
- Fix active scope only returning suspended users ([ThibG](
- Fix sanitizer making block level elements unreadable ([Gargron](
- Fix label for site theme not being translated in admin UI ([palindromordnilap](
- Fix statuses not being filtered irreversibly in web UI under some circumstances ([ThibG](
- Fix scrolling behaviour in compose form ([ThibG](
## [2.9.0] - 2019-06-13
### Added
- **Add single-column mode in web UI** ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [Hanage999](, [noellabo](, [abcang](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [noellabo](, [Hanage999](
- Add waiting time to the list of pending accounts in admin UI ([Gargron](
- Add a keyboard shortcut to hide/show media in web UI ([ThibG](, [Gargron](, [ThibG](
- Add `account_id` param to `GET /api/v1/notifications` ([pwoolcoc](
- Add confirmation modal for unboosting toots in web UI ([aurelien-reeves](
- Add emoji suggestions to content warning and poll option fields in web UI ([ThibG](
- Add `source` attribute to response of `DELETE /api/v1/statuses/:id` ([ThibG](
- Add some caching for HTML versions of public status pages ([ThibG](
- Add button to conveniently copy OAuth code ([ThibG](
### Changed
- **Change default layout to single column in web UI** ([Gargron](
- **Change light theme** ([Gargron](, [Gargron](, [yuzulabo](, [Gargron](
- **Change preferences page into appearance, notifications, and other** ([Gargron](, [Gargron](
- Change priority of delete activity forwards for replies and reblogs ([Gargron](
- Change Mastodon logo to use primary text color of the given theme ([Gargron](
- Change reblogs counter to be updated when boosted privately ([Gargron](
- Change bio limit from 160 to 500 characters ([trwnh](
- Change API rate limiting to reduce allowed unauthenticated requests ([ThibG](, [hinaloe](, [mayaeh](
- Change help text of `tootctl emoji import` command to specify a gzipped TAR archive is required ([dariusk](
- Change web UI to hide poll options behind content warnings ([ThibG](
- Change silencing to ensure local effects and remote effects are the same for silenced local users ([ThibG](
- Change `tootctl domains purge` to remove custom emoji as well ([Kjwon15](
- Change Docker image to keep `apt` working ([SuperSandro2000](
### Removed
- Remove `dist-upgrade` from Docker image ([SuperSandro2000](
### Fixed
- Fix RTL layout not being RTL within the columns area in web UI ([Gargron](
- Fix display of alternative text when a media attachment is not available in web UI ([ThibG](
- Fix not being able to directly switch between list timelines in web UI ([Gargron](
- Fix media sensitivity not being maintained in delete & redraft in web UI ([ThibG](
- Fix emoji picker being always displayed in web UI ([noellabo](, [yuzulabo](, [wcpaez](
- Fix potential private status leak through caching ([ThibG](
- Fix refreshing featured toots when the new collection is empty in web UI ([ThibG](
- Fix undoing domain block also undoing individual moderation on users from before the domain block ([ThibG](
- Fix time not being local in the audit log ([yuzulabo](
- Fix statuses removed by moderation re-appearing on subsequent fetches ([Kjwon15](
- Fix misattribution of inlined announces if `attributedTo` isn't present in ActivityPub ([ThibG](
- Fix `GET /api/v1/polls/:id` not requiring authentication for non-public polls ([Gargron](
- Fix handling of blank poll options in ActivityPub ([ThibG](
- Fix avatar preview aspect ratio on edit profile page ([Kjwon15](
- Fix web push notifications not being sent for polls ([ThibG](
- Fix cut off letters in last paragraph of statuses in web UI ([ariasuni](
- Fix list not being automatically unpinned when it returns 404 in web UI ([Gargron](
- Fix login sometimes redirecting to paths that are not pages ([Gargron](
## [2.8.4] - 2019-05-24
### Fixed
- Fix delivery not retrying on some inbox errors that should be retriable ([ThibG](
- Fix unnecessary 5 minute cooldowns on signature verifications in some cases ([ThibG](
- Fix possible race condition when processing statuses ([ThibG](
### Security
- Require specific OAuth scopes for specific endpoints of the streaming API, instead of merely requiring a token for all endpoints, and allow using WebSockets protocol negotiation to specify the access token instead of using a query string ([ThibG](
## [2.8.3] - 2019-05-19
### Added
- Add `og:image:alt` OpenGraph tag ([BenLubar](
- Add clickable area below avatar in statuses in web UI ([Dar13](
- Add crossed-out eye icon on account gallery in web UI ([Kjwon15](
- Add media description tooltip to thumbnails in web UI ([ThibG](
### Changed
- Change "mark as sensitive" button into a checkbox for clarity ([ThibG](
### Fixed
- Fix bug allowing users to publicly boost their private statuses ([ThibG](, [ThibG](
- Fix performance in formatter by a little ([ThibG](
- Fix some colors in the light theme ([yuzulabo](
- Fix some colors of the high contrast theme ([yuzulabo](
- Fix ambivalent active state of poll refresh button in web UI ([MaciekBaron](
- Fix duplicate posting being possible from web UI ([hinaloe](
- Fix "invited by" not showing up in admin UI ([ThibG](
## [2.8.2] - 2019-05-05
### Added
- Add `SOURCE_TAG` environment variable ([ushitora-anqou](
### Fixed
- Fix cropped hero image on frontpage ([BaptisteGelez](
- Fix blurhash gem not compiling on some operating systems ([Gargron](
- Fix unexpected CSS animations in some browsers ([ThibG](
- Fix closing video modal scrolling timelines to top ([ThibG](
## [2.8.1] - 2019-05-04
### Added
- Add link to existing domain block when trying to block an already-blocked domain ([ThibG](
- Add button to view context to media modal when opened from account gallery in web UI ([Gargron](
- Add ability to create multiple-choice polls in web UI ([ThibG](
- Add `GITHUB_REPOSITORY` and `SOURCE_BASE_URL` environment variables ([rosylilly](
- Add `/interact/` paths to `robots.txt` ([ThibG](
- Add `blurhash` to the Attachment entity in the REST API ([Gargron](
### Changed
- Change hidden media to be shown as a blurhash-based colorful gradient instead of a black box in web UI ([Gargron](
- Change rejected media to be shown as a blurhash-based gradient instead of a list of filenames in web UI ([Gargron](
- Change e-mail whitelist/blacklist to not be checked when invited ([Gargron](
- Change cache header of REST API results to no-cache ([ThibG](
- Change the "mark media as sensitive" button to be more obvious in web UI ([Gargron](, [Gargron](
- Change account gallery in web UI to display 3 columns, open media modal ([Gargron](, [Gargron](
### Fixed
- Fix LDAP/PAM/SAML/CAS users not being pre-approved ([Gargron](
- Fix accounts created through tootctl not being always pre-approved ([Gargron](
- Fix Sidekiq retrying ActivityPub processing jobs that fail validation ([ThibG](
- Fix toots not being scrolled into view sometimes through keyboard selection ([ThibG](
- Fix expired invite links being usable to bypass approval mode ([ThibG](
- Fix not being able to save e-mail preference for new pending accounts ([Gargron](
- Fix upload progressbar when image resizing is involved ([ThibG](
- Fix block action not automatically cancelling pending follow request ([ThibG](
- Fix stoplight logging to stderr separate from Rails logger ([Gargron](
- Fix sign up button not saying sign up when invite is used ([Gargron](
- Fix health checks in Docker Compose configuration ([fabianonline](
- Fix modal items not being scrollable on touch devices ([kedamaDQ](
- Fix Keybase configuration using wrong domain when a web domain is used ([BenLubar](
- Fix avatar GIFs not being animated on-hover on public profiles ([hyenagirl64](
- Fix OpenGraph parser not understanding some valid property meta tags ([da2x](
- Fix wrong fonts being displayed when Roboto is installed on user's machine ([ThibG](
- Fix confirmation modals being too narrow for a secondary action button ([ThibG](
## [2.8.0] - 2019-04-10
### Added
- Add polls ([Gargron](, [ThibG](, [Gargron](, [ThibG](, [Gargron](, [ThibG](, [ThibG](, [Gargron](, [Gargron](, [Gargron](, [Gargron](,[Gargron](, [Gargron](, [Gargron](, [ThibG](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [ThibG](, [rinsuki](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [ThibG](, [Gargron](, [ThibG](, [ThibG](, [ThibG](, [ThibG](, [ThibG](, [ThibG](, [ThibG](, [ThibG](, [Gargron](, [Gargron](, [ThibG](, [ThibG](, [Gargron](, [ThibG](, [ThibG](
- Add follows & followers managing UI ([Gargron](, [Gargron](, [Gargron](, [Gargron](
- Add identity proof integration with Keybase ([Gargron](, [xgess](, [Gargron](, [Gargron](, [Gargron](
- Add option to overwrite imported data instead of merging ([Gargron](
- Add featured hashtags to profiles ([Gargron](, [Gargron](, [Gargron](, [ThibG](
- Add admission-based registrations mode ([Gargron](, [ThibG](, [Gargron](, [ThibG](, [Gargron](, [Gargron](
- Add support for WebP uploads ([acid-chicken](
- Add "copy link" item to status action bars in web UI ([Gargron](
- Add list title editing in web UI ([ThibG](
- Add a "Block & Report" button to the block confirmation dialog in web UI ([ThibG](
- Add disappointed elephant when the page crashes in web UI ([Gargron](
- Add ability to upload multiple files at once in web UI ([tmm576](
- Add indication when you are not allowed to follow an account in web UI ([Gargron](, [Gargron](
- Add validations to admin settings to catch common mistakes ([Gargron](, [ThibG](
- Add `type`, `limit`, `offset`, `min_id`, `max_id`, `account_id` to search API ([Gargron](
- Add a preferences API so apps can share basic behaviours ([Gargron](
- Add `visibility` param to reblog REST API ([Gargron](, [ThibG](
- Add `allowfullscreen` attribute to OEmbed iframe ([rinsuki](
- Add `blocked_by` relationship to the REST API ([Gargron](
- Add `tootctl statuses remove` to sweep unreferenced statuses ([Gargron](
- Add `tootctl search deploy` to avoid ugly rake task syntax ([Gargron](
- Add `tootctl self-destruct` to shut down server gracefully ([Gargron](
- Add option to hide application used to toot ([ThibG](, [rinsuki](, [hinaloe](
- Add `DB_SSLMODE` configuration variable ([sascha-sl](
- Add click-to-copy UI to invites page ([Gargron](
- Add self-replies fetching ([ThibG](, [ThibG](, [ThibG](, [ThibG](
- Add rate limit for media proxy requests ([Gargron](
- Add `tootctl emoji purge` ([Gargron](
- Add `tootctl accounts approve` ([Gargron](
- Add `tootctl accounts reset-relationships` ([noellabo](
### Changed
- Change design of landing page ([Gargron](, [Gargron](, [ThibG](, [ThibG](, [koyuawsmbrtn](, [Gargron](
- Change design of profile column in web UI ([Gargron](, [Aditoo17](, [ThibG](, [mayaeh](, [ThibG](
- Change language detector threshold from 140 characters to 4 words ([Gargron](
- Change language detector to always kick in for non-latin alphabets ([Gargron](
- Change icons of features on admin dashboard ([Gargron](
- Change DNS timeouts from 1s to 5s ([ThibG](
- Change Docker image to use Ubuntu with jemalloc ([Sir-Boops](, [BenLubar](
- Change public pages to be cacheable by proxies ([BenLubar](
- Change the 410 gone response for suspended accounts to be cacheable by proxies ([ThibG](
- Change web UI to not not empty timeline of blocked users on block ([ThibG](
- Change JSON serializer to remove unused `@context` values ([Gargron](
- Change GIFV file size limit to be the same as for other videos ([rinsuki](
- Change Webpack to not use @babel/preset-env to compile node_modules ([ykzts](
- Change web UI to use new Web Share Target API ([gol-cha](
- Change ActivityPub reports to have persistent URIs ([ThibG](
- Change `tootctl accounts cull --dry-run` to list accounts that would be deleted ([BenLubar](
- Change format of CSV exports of follows and mutes to include extra settings ([ThibG](, [ThibG](
- Change ActivityPub collections to be cacheable by proxies ([ThibG](
- Change REST API and public profiles to not return follows/followers for users that have blocked you ([Gargron](
- Change the groupings of menu items in settings navigation ([Gargron](
### Removed
- Remove zopfli compression to speed up Webpack from 6min to 1min ([nolanlawson](
- Remove stats.json generation to speed up Webpack ([nolanlawson](
### Fixed
- Fix public timelines being broken by new toots when they are not mounted in web UI ([Gargron](
- Fix quick filter settings not being saved when selecting a different filter in web UI ([ThibG](
- Fix remote interaction dialogs being indexed by search engines ([Gargron](
- Fix maxed-out invites not showing up as expired in UI ([Gargron](
- Fix scrollbar styles on compose textarea ([Gargron](
- Fix timeline merge workers being queued for remote users ([Gargron](
- Fix alternative relay support regression ([Gargron](
- Fix trying to fetch keys of unknown accounts on a self-delete from them ([ThibG](
- Fix CAS `:service_validate_url` option ([enewhuis](
- Fix race conditions when creating backups ([ThibG](
- Fix whitespace not being stripped out of username before validation ([aurelien-reeves](
- Fix n+1 query when deleting status ([Gargron](
- Fix exiting follows not being rejected when suspending a remote account ([ThibG](
- Fix the underlying button element in a disabled icon button not being disabled ([ThibG](
- Fix race condition when streaming out deleted statuses ([ThibG](
- Fix performance of admin federation UI by caching account counts ([Gargron](
- Fix JS error on pages that don't define a CSRF token ([hinaloe](
- Fix `tootctl accounts cull` sometimes removing accounts that are temporarily unreachable ([BenLubar](
## [2.7.4] - 2019-03-05
### Fixed
- Fix web UI not cleaning up notifications after block ([Gargron](
- Fix redundant HTTP requests when resolving private statuses ([ThibG](
- Fix performance of account media query ([abcang](
- Fix mention processing for unknown accounts ([ThibG](
- Fix getting started column not scrolling on short screens ([trwnh](
- Fix direct messages pagination in the web UI ([ThibG](
- Fix serialization of Announce activities ([ThibG](
- Fix home timeline perpetually reloading when empty in web UI ([Gargron](
- Fix lists export ([ThibG](
- Fix edit profile page crash for suspended-then-unsuspended users ([ThibG](
## [2.7.3] - 2019-02-23
### Added
- Add domain filter to the admin federation page ([ThibG](
- Add quick link from admin account view to block/unblock instance ([ThibG](
### Fixed
- Fix video player width not being updated to fit container width ([ThibG](
- Fix domain filter being shown in admin page when local filter is active ([ThibG](
- Fix crash when conversations have no valid participants ([ThibG](
- Fix error when performing admin actions on no statuses ([ThibG](
### Changed
- Change custom emojis to randomize stored file name ([hinaloe](
## [2.7.2] - 2019-02-17
### Added
- Add support for IPv6 in e-mail validation ([zoc](
- Add record of IP address used for signing up ([ThibG](
- Add tight rate-limit for API deletions (30 per 30 minutes) ([Gargron](
- Add support for embedded `Announce` objects attributed to the same actor ([ThibG](, [Gargron](
- Add spam filter for `Create` and `Announce` activities ([Gargron](, [Gargron](, [Gargron](
- Add `registrations` attribute to `GET /api/v1/instance` ([Gargron](
- Add `vapid_key` to `POST /api/v1/apps` and `GET /api/v1/apps/verify_credentials` ([Gargron](
### Fixed
- Fix link color and add link underlines in high-contrast theme ([Gargron](, [Gargron](
- Fix unicode characters in URLs not being linkified ([JMendyk](, [hinaloe](
- Fix URLs linkifier grabbing ending quotation as part of the link ([Gargron](
- Fix authorized applications page design ([rinsuki](
- Fix custom emojis not showing up in share page emoji picker ([rinsuki](
- Fix too liberal application of whitespace in toots ([trwnh](
- Fix misleading e-mail hint being displayed in admin view ([ThibG](
- Fix tombstones not being cleared out ([abcang](
- Fix some timeline jumps ([ThibG](, [ThibG](, [rinsuki](
- Fix content warning input taking keyboard focus even when hidden ([hinaloe](
- Fix hashtags select styling in default and high-contrast themes ([Gargron](
- Fix style regressions on landing page ([Gargron](
- Fix hashtag column not subscribing to stream on mount ([Gargron](
- Fix relay enabling/disabling not resetting inbox availability status ([Gargron](
- Fix mutes, blocks, domain blocks and follow requests not paginating ([Gargron](
- Fix crash on public hashtag pages when streaming fails ([ThibG](
### Changed
- Change icon for unlisted visibility level ([clarcharr](
- Change queue of actor deletes from push to pull for non-follower recipients ([ThibG](
- Change robots.txt to exclude media proxy URLs ([nightpool](
- Change upload description input to allow line breaks ([BenLubar](
- Change `dist/mastodon-streaming.service` to recommend running node without intermediary npm command ([nolanlawson](
- Change conversations to always show names of other participants ([Gargron](
- Change buttons on timeline preview to open the interaction dialog ([Gargron](
- Change error graphic to hover-to-play ([Gargron](
## [2.7.1] - 2019-01-28
### Fixed
- Fix SSO authentication not working due to missing agreement boolean ([Gargron](
- Fix slow fallback of CopyAccountStats migration setting stats to 0 ([Gargron](
- Fix wrong command in migration error message ([angristan](
- Fix initial value of volume slider in video player and handle volume changes ([ThibG](
- Fix missing hotkeys for notifications ([ThibG](
- Fix being able to attach unattached media created by other users ([ThibG](
- Fix unrescued SSL error during link verification ([renatolond](
- Fix Firefox scrollbar color regression ([trwnh](
- Fix scheduled status with media immediately creating a status ([ThibG](
- Fix missing strong style for landing page description ([Kjwon15](
## [2.7.0] - 2019-01-20
### Added
- Add link for adding a user to a list from their profile ([namelessGonbai](
- Add joining several hashtags in a single column ([gdpelican](
- Add volume sliders for videos ([sumdog](
- Add a tooltip explaining what a locked account is ([pawelngei](
- Add preloaded cache for common JSON-LD contexts ([ThibG](
- Add profile directory ([Gargron](
- Add setting to not group reblogs in home feed ([ThibG](
- Add admin ability to remove a user's header image ([ThibG](
- Add account hashtags to ActivityPub actor JSON ([Gargron](
- Add error message for avatar image that's too large ([sumdog](
- Add notification quick-filter bar ([pawelngei](
- Add new first-time tutorial ([Gargron](
- Add moderation warnings ([Gargron](
- Add emoji codepoint mappings for v11.0 ([Gargron](
- Add REST API for creating an account ([Gargron](
- Add support for Malayalam in language filter ([tachyons](
- Add exclude_reblogs option to account statuses API ([Gargron](
- Add local followers page to admin account UI ([chr-1x](
- Add healthcheck commands to docker-compose.yml ([BenLubar](
- Add handler for Move activity to migrate followers ([Gargron](
- Add CSV export for lists and domain blocks ([Gargron](
- Add `tootctl accounts follow ACCT` ([Gargron](
- Add scheduled statuses ([Gargron](
- Add immutable caching for S3 objects ([nolanlawson](
- Add cache to custom emojis API ([Gargron](
- Add preview cards to non-detailed statuses on public pages ([Gargron](
- Add `mod` and `moderator` to list of default reserved usernames ([Gargron](
- Add quick links to the admin interface in the web UI ([ThibG](
- Add `tootctl domains crawl` ([Gargron](
- Add attachment list fallback to public pages ([ThibG](
- Add `tootctl --version` ([Gargron](
- Add information about how to opt-in to the directory on the directory ([Gargron](
- Add timeouts for S3 ([Gargron](
- Add support for non-public reblogs from ActivityPub ([Gargron](
- Add sending of `Reject` activity when sending a `Block` activity ([ThibG](
### Changed
- Temporarily pause timeline if mouse moved recently ([lmorchard](
- Change the password form order ([mayaeh](
- Redesign admin UI for accounts ([Gargron](, [Gargron](
- Redesign admin UI for instances/domain blocks ([Gargron](
- Swap avatar and header input fields in profile page ([ThibG](
- When posting in mobile mode, go back to previous history location ([ThibG](
- Split out is_changing_upload from is_submitting ([ThibG](
- Back to the getting-started when pins the timeline. ([kedamaDQ](
- Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses ([Gargron](
- Limit maximum visibility of local silenced users to unlisted ([ThibG](
- Change API error message for unconfirmed accounts ([noellabo](
- Change the icon to "reply-all" when it's a reply to other accounts ([mayaeh](
- Do not ignore federated reports targetting already-reported accounts ([ThibG](
- Upgrade default Ruby version to 2.6.0 ([Gargron](
- Change e-mail digest frequency ([Gargron](
- Change Docker images for Tor support in docker-compose.yml ([Sir-Boops](
- Display fallback link card thumbnail when none is given ([Gargron](
- Change account bio length validation to ignore mention domains and URLs ([Gargron](
- Use configured contact user for "anonymous" federation activities ([yukimochi](
- Change remote interaction dialog to use specific actions instead of generic "interact" ([Gargron](
- Always re-fetch public key when signature verification fails to support blind key rotation ([ThibG](
- Make replies to boosts impossible, connect reply to original status instead ([valerauko](
- Change e-mail MX validation to check both A and MX records against blacklist ([Gargron](
- Hide floating action button on search and getting started pages ([tmm576](
- Redesign public hashtag page to use a masonry layout ([Gargron](
- Use `summary` as summary instead of content warning for converted ActivityPub objects ([Gargron](
- Display a double reply arrow on public pages for toots that are replies ([ThibG](
- Change admin UI right panel size to be wider ([Kjwon15](
### Removed
- Remove links to (non-functional) ([Gargron](
- Remove LD-Signatures from activities that do not need them ([ThibG](
### Fixed
- Remove unused computation of reblog references from updateTimeline ([ThibG](
- Fix loaded embeds resetting if a status arrives from API again ([ThibG](
- Fix race condition causing shallow status with only a "favourited" attribute ([ThibG](
- Remove intermediary arrays when creating hash maps from results ([Gargron](
- Extract counters from accounts table to account_stats table to improve performance ([Gargron](
- Change identities id column to a bigint ([Gargron](
- Fix conversations API pagination ([ThibG](
- Improve account suspension speed and completeness ([Gargron](
- Fix thread depth computation in statuses_controller ([ThibG](
- Fix database deadlocks by moving account stats update outside transaction ([ThibG](
- Escape HTML in profile name preview in profile settings ([pawelngei](
- Use same CORS policy for /@:username and /users/:username ([ThibG](
- Make custom emoji domains case insensitive ([Esteth](
- Various fixes to scrollable lists and media gallery ([ThibG](
- Fix bootsnap cache directory being declared relatively ([Gargron](
- Fix timeline pagination in the web UI ([ThibG](
- Fix padding on dropdown elements in preferences ([ThibG](
- Make avatar and headers respect GIF autoplay settings ([ThibG](
- Do no retry Web Push workers if the server returns a 4xx response ([Gargron](
- Minor scrollable list fixes ([ThibG](
- Ignore low-confidence CharlockHolmes guesses when parsing link cards ([ThibG](
- Fix `tootctl accounts rotate` not updating public keys ([Gargron](
- Fix CSP / X-Frame-Options for media players ([jomo](
- Fix unnecessary loadMore calls when the end of a timeline has been reached ([ThibG](
- Skip mailer job retries when a record no longer exists ([Gargron](
- Fix composer not getting focus after reply confirmation dialog ([ThibG](
- Fix signature verification stoplight triggering on non-timeout errors ([Gargron](
- Fix ThreadResolveWorker getting queued with invalid URLs ([Gargron](
- Fix crash when clearing uninitialized timeline ([ThibG](
- Avoid duplicate work by merging ReplyDistributionWorker into DistributionWorker ([ThibG](
- Skip full text search if it fails, instead of erroring out completely ([Kjwon15](
- Fix profile metadata links not verifying correctly sometimes ([shrft](
- Ensure blocked user unfollows blocker if Block/Undo-Block activities are processed out of order ([ThibG](
- Fix unreadable text color in report modal for some statuses ([Gargron](
- Stop GIFV timeline preview explicitly when it's opened in modal ([kedamaDQ](
- Fix scrollbar width compensation ([ThibG](
- Fix race conditions when processing deleted toots ([ThibG](
- Fix SSO issues on WebKit browsers by disabling Same-Site cookie again ([moritzheiber](
- Fix empty OEmbed error ([renatolond](
- Fix drag & drop modal not disappearing sometimes ([hinaloe](
- Fix statuses with content warnings being displayed in web push notifications sometimes ([ThibG](
- Fix scroll-to-detailed status not working on public pages ([ThibG](
- Fix media modal loading indicator ([ThibG](
- Fix hashtag search results not having a permalink fallback in web UI ([ThibG](
- Fix slightly cropped font on settings page dropdowns when using system font ([ariasuni](
- Fix not being able to drag & drop text into forms ([tmm576](
### Security
- Sanitize and sandbox toot embeds in web UI ([ThibG](
- Add tombstones for remote statuses to prevent replay attacks ([ThibG](
## [2.6.5] - 2018-12-01
### Changed
- Change lists to display replies to others on the list and list owner ([ThibG](
### Fixed
- Fix failures caused by commonly-used JSON-LD contexts being unavailable ([ThibG](
## [2.6.4] - 2018-11-30
### Fixed
- Fix yarn dependencies not installing due to yanked event-stream package ([Gargron](
## [2.6.3] - 2018-11-30
### Added
- Add hyphen to characters allowed in remote usernames ([ThibG](
### Changed
- Change server user count to exclude suspended accounts ([Gargron](
### Fixed
- Fix ffmpeg processing sometimes stalling due to overfilled stdout buffer ([hugogameiro](
- Fix missing DNS records raising the wrong kind of exception ([Gargron](
- Fix already queued deliveries still trying to reach inboxes marked as unavailable ([Gargron](
### Security
- Fix TLS handshake timeout not being enforced ([Gargron](
## [2.6.2] - 2018-11-23
### Added
- Add Page to whitelisted ActivityPub types ([mbajur](
- Add 20px to column width in web UI ([Gargron](
- Add amount of freed disk space in `tootctl media remove` ([Gargron](, [Gargron](, [mayaeh](
- Add "Show thread" link to self-replies ([Gargron](
### Changed
- Change order of Atom and RSS links so Atom is first ([Alkarex](
- Change Nginx configuration for Nanobox apps ([danhunsaker](
- Change the follow action to appear instant in web UI ([Gargron](
- Change how the ActiveRecord connection is instantiated in on_worker_boot ([Gargron](
- Change `tootctl accounts cull` to always touch accounts so they can be skipped ([renatolond](
- Change mime type comparison to ignore JSON-LD profile ([valerauko](
### Fixed
- Fix web UI crash when conversation has no last status ([sammy8806](
- Fix follow limit validator reporting lower number past threshold ([Gargron](
- Fix form validation flash message color and input borders ([Gargron](
- Fix invalid twitter:player cards being displayed ([ThibG](
- Fix emoji update date being processed incorrectly ([ThibG](
- Fix playing embed resetting if status is reloaded in web UI ([ThibG](, [Gargron](
- Fix web UI crash when favouriting a deleted status ([ThibG](
- Fix intermediary arrays being created for hash maps ([Gargron](
- Fix filter ID not being a string in REST API ([Gargron](
### Security
- Fix multiple remote account deletions being able to deadlock the database ([Gargron](
- Fix HTTP connection timeout of 10s not being enforced ([Gargron](
## [2.6.1] - 2018-10-30
### Fixed
- Fix resolving resources by URL not working due to a regression in [valerauko]( ([Gargron](
- Fix reducer error in web UI when a conversation has no last status ([Gargron](
## [2.6.0] - 2018-10-30
### Added
- Add link ownership verification ([Gargron](
- Add conversations API ([Gargron](
- Add limit for the number of people that can be followed from one account ([Gargron](
- Add admin setting to customize mascot ([ashleyhull-versent](
- Add support for more granular ActivityPub audiences from other software, i.e. circles ([Gargron](, [Gargron](, [Gargron](
- Add option to block all reports from a domain ([Gargron](
- Add user preference to always expand toots marked with content warnings ([webroo](
- Add user preference to always hide all media ([fvh-P](
- Add `force_login` param to OAuth authorize page ([Gargron](
- Add `tootctl accounts backup` ([Gargron](, [Gargron](
- Add `tootctl accounts create` ([Gargron](, [Gargron](
- Add `tootctl accounts cull` ([Gargron](, [Gargron](
- Add `tootctl accounts delete` ([Gargron](, [Gargron](
- Add `tootctl accounts modify` ([Gargron](, [Gargron](
- Add `tootctl accounts refresh` ([Gargron](, [Gargron](
- Add `tootctl feeds build` ([Gargron](, [Gargron](
- Add `tootctl feeds clear` ([Gargron](, [Gargron](
- Add `tootctl settings registrations open` ([Gargron](, [Gargron](
- Add `tootctl settings registrations close` ([Gargron](, [Gargron](
- Add `min_id` param to REST API to support backwards pagination ([Gargron](
- Add a confirmation dialog when hitting reply and the compose box isn't empty ([ThibG](
- Add PostgreSQL disk space growth tracking in PGHero ([Gargron](
- Add button for disabling local account to report quick actions bar ([Gargron](
- Add Czech language ([Aditoo17](
- Add `same-site` (`lax`) attribute to cookies ([sorin-davidoi](
- Add support for styled scrollbars in Firefox Nightly ([sorin-davidoi](
- Add highlight to the active tab in web UI profiles ([rhoio](
- Add auto-focus for comment textarea in report modal ([ThibG](
- Add auto-focus for emoji picker's search field ([ThibG](
- Add nginx and systemd templates to `dist/` directory ([Gargron](
- Add support for `/.well-known/change-password` ([Gargron](
- Add option to override FFMPEG binary path ([sascha-sl](
- Add `dns-prefetch` tag when using different host for assets or uploads ([Gargron](
- Add `description` meta tag ([Gargron](
- Add `Content-Security-Policy` header ([ThibG](
- Add cache for the instance info API ([ykzts](
- Add suggested follows to search screen in mobile layout ([Gargron](
- Add CORS header to `/.well-known/*` routes ([BenLubar](
- Add `card` attribute to statuses returned from REST API ([Gargron](
- Add in-stream link preview ([Gargron](
- Add support for ActivityPub `Page` objects ([mbajur](
### Changed
- Change forms design ([Gargron](
- Change reports overview to group by target account ([Gargron](
- Change web UI to show "read more" link on overly long in-stream statuses ([lanodan](
- Change design of direct messages column ([Gargron](, [Gargron](
- Change home timelines to exclude DMs ([Gargron](
- Change list timelines to exclude all replies ([cbayerlein](
- Change admin accounts UI default sort to most recent ([Gargron](
- Change documentation URL in the UI ([Gargron](
- Change style of success and failure messages ([Gargron](
- Change DM filtering to always allow DMs from staff ([qguv](
- Change recommended Ruby version to 2.5.3 ([zunda](
- Change docker-compose default to persist volumes in current directory ([Gargron](
- Change character counters on edit profile page to input length limit ([Gargron](
- Change notification filtering to always let through messages from staff ([Gargron](
- Change "hide boosts from user" function also hiding notifications about boosts ([ThibG](
- Change CSS `detailed-status__wrapper` class actually wrap the detailed status ([trwnh](
### Deprecated
- `GET /api/v1/timelines/direct``GET /api/v1/conversations` ([Gargron](
- `POST /api/v1/notifications/dismiss``POST /api/v1/notifications/:id/dismiss` ([Gargron](
- `GET /api/v1/statuses/:id/card``card` attributed included in status ([Gargron](
### Removed
- Remove "on this device" label in column push settings ([rhoio](
- Remove rake tasks in favour of tootctl commands ([Gargron](
### Fixed
- Fix remote statuses using instance's default locale if no language given ([Kjwon15](
- Fix streaming API not exiting when port or socket is unavailable ([Gargron](
- Fix network calls being performed in database transaction in ActivityPub handler ([Gargron](
- Fix dropdown arrow position ([ThibG](
- Fix first element of dropdowns being focused even if not using keyboard ([ThibG](
- Fix tootctl requiring `bundle exec` invocation ([abcang](
- Fix public pages not using animation preference for avatars ([renatolond](
- Fix OEmbed/OpenGraph cards not understanding relative URLs ([ThibG](
- Fix some dark emojis not having a white outline ([ThibG](
- Fix media description not being displayed in various media modals ([ThibG](
- Fix generated URLs of desktop notifications missing base URL ([GenbuHase](
- Fix RTL styles ([mabkenar](, [mabkenar](, [mabkenar](, [mabkenar](, [mabkenar](, [mabkenar](, [mabkenar](, [mabkenar](, [mabkenar](, [mabkenar](
- Fix crash in streaming API when tag param missing ([Gargron](
- Fix hotkeys not working when no element is focused ([ThibG](
- Fix some hotkeys not working on detailed status view ([ThibG](
- Fix og:url on status pages ([ThibG](
- Fix upload option buttons only being visible on hover ([Gargron](
- Fix tootctl not returning exit code 1 on wrong arguments ([sascha-sl](
- Fix preview cards for appearing for profiles mentioned in toot ([ThibG](, [ThibG](
- Fix local accounts sometimes being duplicated as faux-remote ([Gargron](
- Fix emoji search when the shortcode has multiple separators ([ThibG](
- Fix dropdowns sometimes being partially obscured by other elements ([kedamaDQ](
- Fix cache not updating when reply/boost/favourite counters or media sensitivity update ([Gargron](
- Fix empty display name precedence over username in web UI ([Gargron](
- Fix td instead of th in sessions table header ([Gargron](
- Fix handling of content types with profile ([valerauko](
## [2.5.2] - 2018-10-12
### Security
- Fix XSS vulnerability ([Gargron](
## [2.5.1] - 2018-10-07
### Fixed
- Fix database migrations for PostgreSQL below 9.5 ([Gargron](
- Fix class autoloading issue in ActivityPub Create handler ([Gargron](
- Fix cache statistics not being sent via statsd when statsd enabled ([ykzts](
- Bump puma from 3.11.4 to 3.12.0 ([dependabot[bot]](
### Security
- Fix some local images not having their EXIF metadata stripped on upload ([ThibG](
- Fix being able to enable a disabled relay via ActivityPub Accept handler ([ThibG](
- Bump nokogiri from 1.8.4 to 1.8.5 ([dependabot[bot]](
- Fix being able to report statuses not belonging to the reported account ([ThibG](