X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=CHANGELOG.md;h=2119c8e21633f392b97659bc1fe651773046956f;hb=40bec73db6479850cb8b231dabc2123a93623307;hp=231cac990c0c82f38313f0c5bb56aee656472884;hpb=7afabe1cc696fbe7e9a6350145c1bda8b39012e7;p=akkoma diff --git a/CHANGELOG.md b/CHANGELOG.md index 231cac990..2119c8e21 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,21 +4,107 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## Unreleased +## [Unreleased] + +### Removed +- SSH frontend, to be potentially re-enabled via a bridge rather than wired into the main system +- Gopher frontend, as above + +## 2.5.2 + +### Added +- Allow posting and recieving of misskey markdown (requires text/x.misskeymarkdown in `allowed_post_formats`) + +### Changed +- Set frontend URLs to akkoma-maintained ones + +### Fixed +- Updated `no_empty` MRF to not error when recieving misskey markdown + +### Security +- Ensure local-only statuses do not get leaked + +## 2.5.1 + +### Added +- Elasticsearch Search provider support +- Enabled custom emoji reactions to posts via `/api/v1/pleroma/statuses/:id/reactions/:shortcode:` +- Added continuous integration builds for x86 glibc and musl + +### Fixed +- Enabled support for non-standard AP entities, such as those used by bookwyrm + +## 2.5.0 - 10/06/2022 ### Changed +- Allow users to remove their emails if instance does not need email to register ### Added +- `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object +- Experimental support for Finch. Put `config :tesla, :adapter, {Tesla.Adapter.Finch, name: MyFinch}` in your secrets file to use it. Reverse Proxy will still use Hackney. +- AdminAPI: allow moderators to manage reports, users, invites, and custom emojis +- AdminAPI: restrict moderators to access sensitive data: change user credentials, get password reset token, read private statuses and chats, etc +- PleromaAPI: Add remote follow API endpoint at `POST /api/v1/pleroma/remote_interaction` +- MastoAPI: Add `GET /api/v1/accounts/lookup` +- MastoAPI: Profile Directory support +- MastoAPI: Support v2 Suggestions (handpicked accounts only) +- Ability to log slow Ecto queries by configuring `:pleroma, :telemetry, :slow_queries_logging` +- Added Phoenix LiveDashboard at `/phoenix/live_dashboard` +- Added `/manifest.json` for progressive web apps. +- Readded mastoFE +- Added support for custom emoji reactions +- Added `emoji_url` in notifications to allow for custom emoji rendering +- Make backend-rendered pages translatable. This includes emails. Pages returned as a HTTP response are translated using the language specified in the `userLanguage` cookie, or the `Accept-Language` header. Emails are translated using the `language` field when registering. This language can be changed by `PATCH /api/v1/accounts/update_credentials` with the `language` field. ### Fixed - Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies +- Handle Reject for already-accepted Follows properly +- Display OpenGraph data on alternative notice routes. +- Fix replies count for remote replies +- ChatAPI: Add link headers +- Limited number of search results to 40 to prevent DoS attacks +- ActivityPub: fixed federation of attachment dimensions +- Fixed benchmarks +- Elixir 1.13 support +- Fixed crash when pinned_objects is nil +- Fixed slow timelines when there are a lot of deactivated users +- Fixed account deletion API ### Removed -## Unreleased-patch +### Security +- Private `/objects/` and `/activities/` leaking if cached by authenticated user +- SweetXML library DTD bomb + +## 2.4.2 - 2022-01-10 + +### Fixed +- Federation issues caused by HTTP pool checkout timeouts +- Compatibility with Elixir 1.13 + +### Upgrade notes + +1. Restart Pleroma + +### Changed +- Make `mix pleroma.database set_text_search_config` run concurrently and indefinitely + +### Added +- AdminAPI: Missing configuration description for StealEmojiPolicy + +### Fixed +- MastodonAPI: Stream out Create activities +- MRF ObjectAgePolicy: Fix pattern matching on "published" +- TwitterAPI: Make `change_password` and `change_email` require params on body instead of query +- Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies +- AdminAPI: Fix rendering reports containing a `nil` object - Mastodon API: Activity Search fallbacks on status fetching after a DB Timeout/Error +- Mastodon API: Fix crash in Streamer related to reblogging +- AdminAPI: List available frontends when `static/frontends` folder is missing +- Make activity search properly use language-aware GIN indexes +- AdminAPI: Fix suggestions for MRF Policies -## 2.4.0 - 2021-08-xx +## 2.4.0 - 2021-08-08 ### Changed @@ -31,12 +117,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Improved Twittercard and OpenGraph meta tag generation including thumbnails and image dimension metadata when available. - AdminAPI: sort users so the newest are at the top. - ActivityPub Client-to-Server(C2S): Limitation on the type of Activity/Object are lifted as they are now passed through ObjectValidators +- MRF (`AntiFollowbotPolicy`): Bot accounts are now also considered followbots. Users can still allow bots to follow them by first following the bot. ### Added - MRF (`FollowBotPolicy`): New MRF Policy which makes a designated local Bot account attempt to follow all users in public Notes received by your instance. Users who require approving follower requests or have #nobot in their profile are excluded. - Return OAuth token `id` (primary key) in POST `/oauth/token`. - AdminAPI: return `created_at` date with users. +- AdminAPI: add DELETE `/api/v1/pleroma/admin/instances/:instance` to delete all content from a remote instance. - `AnalyzeMetadata` upload filter for extracting image/video attachment dimensions and generating blurhashes for images. Blurhashes for videos are not generated at this time. - Attachment dimensions and blurhashes are federated when available. - Mastodon API: support `poll` notification. @@ -47,6 +135,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Checking activated Upload Filters for required commands. - Remote users can no longer reappear after being deleted. - Deactivated users may now be deleted. +- Deleting an activity with a lot of likes/boosts no longer causes a database timeout. - Mix task `pleroma.database prune_objects` - Fixed rendering of JSON errors on ActivityPub endpoints. - Linkify: Parsing crash with URLs ending in unbalanced closed paren, no path separator, and no query parameters @@ -111,6 +200,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Support pagination of blocks and mutes. - Account backup. - Configuration: Add `:instance, autofollowing_nicknames` setting to provide a way to make accounts automatically follow new users that register on the local Pleroma instance. +- `[:activitypub, :blockers_visible]` config to control visibility of blockers. - Ability to view remote timelines, with ex. `/api/v1/timelines/public?instance=lain.com` and streams `public:remote` and `public:remote:media`. - The site title is now injected as a `title` tag like preloads or metadata. - Password reset tokens now are not accepted after a certain age.