X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=CHANGELOG.md;h=4e3e408646f1aad4403ca427ee2d67914bf62472;hb=883036b2452b6f5e69b96ee139f11b013b8d37bc;hp=036b9e7758bf1ffd20fdf9e4e63626074d6ee74f;hpb=1a2fe96d56350dc685eb53112630af567de8d5bd;p=akkoma diff --git a/CHANGELOG.md b/CHANGELOG.md index 036b9e775..ebbbc3be8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,24 +4,124 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## Unreleased +## [Unreleased] + +## 2.5.2 + +### Added +- Allow posting and recieving of misskey markdown (requires text/x.misskeymarkdown in `allowed_post_formats`) + +### Changed +- Set frontend URLs to akkoma-maintained ones + +### Fixed +- Updated `no_empty` MRF to not error when recieving misskey markdown + +### Security +- Ensure local-only statuses do not get leaked + +## 2.5.1 + +### Added +- Elasticsearch Search provider support +- Enabled custom emoji reactions to posts via `/api/v1/pleroma/statuses/:id/reactions/:shortcode:` +- Added continuous integration builds for x86 glibc and musl + +### Fixed +- Enabled support for non-standard AP entities, such as those used by bookwyrm + +## 2.5.0 - 10/06/2022 + +### Changed +- Allow users to remove their emails if instance does not need email to register + +### Added +- `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object +- Experimental support for Finch. Put `config :tesla, :adapter, {Tesla.Adapter.Finch, name: MyFinch}` in your secrets file to use it. Reverse Proxy will still use Hackney. +- AdminAPI: allow moderators to manage reports, users, invites, and custom emojis +- AdminAPI: restrict moderators to access sensitive data: change user credentials, get password reset token, read private statuses and chats, etc +- PleromaAPI: Add remote follow API endpoint at `POST /api/v1/pleroma/remote_interaction` +- MastoAPI: Add `GET /api/v1/accounts/lookup` +- MastoAPI: Profile Directory support +- MastoAPI: Support v2 Suggestions (handpicked accounts only) +- Ability to log slow Ecto queries by configuring `:pleroma, :telemetry, :slow_queries_logging` +- Added Phoenix LiveDashboard at `/phoenix/live_dashboard` +- Added `/manifest.json` for progressive web apps. +- Readded mastoFE +- Added support for custom emoji reactions +- Added `emoji_url` in notifications to allow for custom emoji rendering + +### Fixed +- Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies +- Handle Reject for already-accepted Follows properly +- Display OpenGraph data on alternative notice routes. +- Fix replies count for remote replies +- ChatAPI: Add link headers +- Limited number of search results to 40 to prevent DoS attacks +- ActivityPub: fixed federation of attachment dimensions +- Fixed benchmarks +- Elixir 1.13 support +- Fixed crash when pinned_objects is nil +- Fixed slow timelines when there are a lot of deactivated users +- Fixed account deletion API + +### Removed + +### Security +- Private `/objects/` and `/activities/` leaking if cached by authenticated user +- SweetXML library DTD bomb + +## 2.4.2 - 2022-01-10 + +### Fixed +- Federation issues caused by HTTP pool checkout timeouts +- Compatibility with Elixir 1.13 + +### Upgrade notes + +1. Restart Pleroma + +### Changed +- Make `mix pleroma.database set_text_search_config` run concurrently and indefinitely + +### Added +- AdminAPI: Missing configuration description for StealEmojiPolicy + +### Fixed +- MastodonAPI: Stream out Create activities +- MRF ObjectAgePolicy: Fix pattern matching on "published" +- TwitterAPI: Make `change_password` and `change_email` require params on body instead of query +- Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies +- AdminAPI: Fix rendering reports containing a `nil` object +- Mastodon API: Activity Search fallbacks on status fetching after a DB Timeout/Error +- Mastodon API: Fix crash in Streamer related to reblogging +- AdminAPI: List available frontends when `static/frontends` folder is missing +- Make activity search properly use language-aware GIN indexes +- AdminAPI: Fix suggestions for MRF Policies + +## 2.4.0 - 2021-08-08 ### Changed - **Breaking:** Configuration: `:chat, enabled` moved to `:shout, enabled` and `:instance, chat_limit` moved to `:shout, limit` +- **Breaking** Entries for simple_policy, transparency_exclusions and quarantined_instances now list both the instance and a reason. - Support for Erlang/OTP 24 - The `application` metadata returned with statuses is no longer hardcoded. Apps that want to display these details will now have valid data for new posts after this change. - HTTPSecurityPlug now sends a response header to opt out of Google's FLoC (Federated Learning of Cohorts) targeted advertising. - Email address is now returned if requesting user is the owner of the user account so it can be exposed in client and FE user settings UIs. - Improved Twittercard and OpenGraph meta tag generation including thumbnails and image dimension metadata when available. +- AdminAPI: sort users so the newest are at the top. - ActivityPub Client-to-Server(C2S): Limitation on the type of Activity/Object are lifted as they are now passed through ObjectValidators ### Added - MRF (`FollowBotPolicy`): New MRF Policy which makes a designated local Bot account attempt to follow all users in public Notes received by your instance. Users who require approving follower requests or have #nobot in their profile are excluded. - Return OAuth token `id` (primary key) in POST `/oauth/token`. +- AdminAPI: return `created_at` date with users. +- AdminAPI: add DELETE `/api/v1/pleroma/admin/instances/:instance` to delete all content from a remote instance. - `AnalyzeMetadata` upload filter for extracting image/video attachment dimensions and generating blurhashes for images. Blurhashes for videos are not generated at this time. - Attachment dimensions and blurhashes are federated when available. +- Mastodon API: support `poll` notification. - Pinned posts federation ### Fixed @@ -29,16 +129,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Checking activated Upload Filters for required commands. - Remote users can no longer reappear after being deleted. - Deactivated users may now be deleted. +- Deleting an activity with a lot of likes/boosts no longer causes a database timeout. - Mix task `pleroma.database prune_objects` +- Fixed rendering of JSON errors on ActivityPub endpoints. - Linkify: Parsing crash with URLs ending in unbalanced closed paren, no path separator, and no query parameters - -### Removed -- **Breaking**: Remove deprecated `/api/qvitter/statuses/notifications/read` (replaced by `/api/v1/pleroma/notifications/read`) - -## Unreleased (Patch) - -### Fixed - - Try to save exported ConfigDB settings (migrate_from_db) in the system temp directory if default location is not writable. - Uploading custom instance thumbnail via AdminAPI/AdminFE generated invalid URL to the image - Applying ConcurrentLimiter settings via AdminAPI @@ -47,7 +141,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - MRF (`SimplePolicy`): Embedded objects are now checked. If any embedded object would be rejected, its parent is rejected. This fixes Announces leaking posts from blocked domains. - Fixed some Markdown issues, including trailing slash in links. -## [2.3.0] - 2020-03-01 +### Removed +- **Breaking**: Remove deprecated `/api/qvitter/statuses/notifications/read` (replaced by `/api/v1/pleroma/notifications/read`) + +## [2.3.0] - 2021-03-01 ### Security @@ -97,6 +194,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Support pagination of blocks and mutes. - Account backup. - Configuration: Add `:instance, autofollowing_nicknames` setting to provide a way to make accounts automatically follow new users that register on the local Pleroma instance. +- `[:activitypub, :blockers_visible]` config to control visibility of blockers. - Ability to view remote timelines, with ex. `/api/v1/timelines/public?instance=lain.com` and streams `public:remote` and `public:remote:media`. - The site title is now injected as a `title` tag like preloads or metadata. - Password reset tokens now are not accepted after a certain age. @@ -148,7 +246,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Support for expires_in/expires_at in the Filters. -## [2.2.2] - 2020-01-18 +## [2.2.2] - 2021-01-18 ### Fixed