+### Changed
+- Return HTTP error 413 when uploading an avatar or banner that's above the configured upload limit instead of a 500.
+- Non-admin users now cannot register `admin` scope tokens (not security-critical, they didn't work before, but you _could_ create them)
+ - Admin scopes will be dropped on create
+- Rich media will now backoff for 20 minutes after a failure
+- Quote posts are now considered as part of the same thread as the post they are quoting
+- Extend the mix task `prune_objects` with options to keep more relevant posts
+- Simplified HTTP signature processing
+- Rich media will now hard-exit after 5 seconds, to prevent timeline hangs
+- HTTP Content Security Policy is now far more strict to prevent any potential XSS/CSS leakages
+- Follow requests are now paginated, matches mastodon API spec, so use the Link header to paginate.
+- `internal.fetch` and `relay` actors are now represented with the actor type `Application`
+
+### Fixed
+- /api/v1/accounts/lookup will now respect restrict\_unauthenticated
+- Unknown atoms in the config DB will no longer crash akkoma on boot
+
+### Upgrade notes