Browse Source

Merge branch 'master' of

Matt Baer 3 years ago
100 changed files with 3029 additions and 1821 deletions
  1. +64
  2. +3
  3. +10
  4. +48
  5. +33
  6. +1
  7. +1
  8. +2
  9. +5
  10. +10
  11. +5
  12. +1
  13. +12
  14. +1
  15. +37
  16. +0
  17. +1
  18. +244
  19. +660
  20. +3
  21. +31
  22. +68
  23. +341
  24. +13
  25. +8
  26. +1
  27. +0
  28. +43
  29. +5
  30. +37
  31. +41
  32. +37
  33. +11
  34. +8
  35. +20
  36. +4
  37. +71
  38. +2
  39. +6
  40. +88
  41. +33
  42. +15
  43. +40
  44. +40
  45. +0
  46. +28
  47. +1
  48. +25
  49. +6
  50. +4
  51. +1
  52. +77
  53. +1
  54. +30
  55. +12
  56. +6
  57. +0
  58. +0
  59. +0
  60. +1
  61. +4
  62. +4
  63. +5
  64. +4
  65. +32
  66. +128
  67. +108
  68. +29
  69. +29
  70. +2
  71. +66
  72. +4
  73. +30
  74. +20
  75. +40
  76. +6
  77. +0
  78. +6
  79. +6
  80. +5
  81. +44
  82. +0
  83. +5
  84. +16
  85. +1
  86. +1
  87. +0
  88. +32
  89. +4
  90. +9
  91. +4
  92. +14
  93. +5
  94. +10
  95. +0
  96. +1
  97. +5
  98. +17
  99. +26
  100. +11

+ 64
- 36
.circleci/config.yml View File

@@ -3,7 +3,7 @@ version: 2
- &defaults
- image: circleci/ruby:2.6.0-stretch-node
- image: circleci/ruby:2.7-buster-node
environment: &ruby_environment
DB_HOST: localhost
@@ -39,7 +39,6 @@ aliases:
- checkout
- *attach_workspace

- restore_cache:
- v1-node-dependencies-{{ checksum "yarn.lock" }}
@@ -49,7 +48,6 @@ aliases:
key: v1-node-dependencies-{{ checksum "yarn.lock" }}
- ./node_modules/

- *persist_to_workspace

- &install_system_dependencies
@@ -58,16 +56,25 @@ aliases:
command: |
sudo apt-get update
sudo apt-get install -y libicu-dev libidn11-dev libprotobuf-dev protobuf-compiler
sudo wget
sudo dpkg -i libicu57_57.1-6+deb9u3_amd64.deb
sudo wget
sudo dpkg -i libprotobuf10_3.0.0-9_amd64.deb

- &install_ruby_dependencies
- *attach_workspace

- *install_system_dependencies

- run: ruby -e 'puts RUBY_VERSION' | tee /tmp/.ruby-version
- *restore_ruby_dependencies
- run: bundle install --clean --jobs 16 --path ./vendor/bundle/ --retry 3 --with pam_authentication --without development production && bundle clean
- run: bundle config set clean 'true'
- run: bundle config set deployment 'true'
- run: bundle config set with 'pam_authentication'
- run: bundle config set without 'development production'
- run: bundle config set frozen 'true'
- run: bundle install --jobs 16 --retry 3 && bundle clean
- save_cache:
key: v2-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
@@ -82,10 +89,8 @@ aliases:
- &test_steps
- *attach_workspace

- *install_system_dependencies
- run: sudo apt-get install -y ffmpeg

- run:
name: Prepare Tests
command: ./bin/rails parallel:create parallel:load_schema parallel:prepare
@@ -98,21 +103,21 @@ jobs:
<<: *defaults
<<: *install_steps

<<: *defaults
<<: *install_ruby_dependencies

<<: *defaults
- image: circleci/ruby:2.5.3-stretch-node
- image: circleci/ruby:2.6-buster-node
environment: *ruby_environment
<<: *install_ruby_dependencies

<<: *defaults
- image: circleci/ruby:2.4.5-stretch-node
- image: circleci/ruby:2.5-buster-node
environment: *ruby_environment
<<: *install_ruby_dependencies

@@ -128,43 +133,62 @@ jobs:
- ./mastodon/public/assets
- ./mastodon/public/packs-test/

<<: *defaults
- image: circleci/ruby:2.6.0-stretch-node
- image: circleci/ruby:2.7-buster-node
environment: *ruby_environment
- image: circleci/postgres:10.6-alpine
- image: circleci/redis:5.0.3-alpine3.8
- image: circleci/redis:5-alpine
- *attach_workspace
- *install_system_dependencies
- run:
name: Create database
command: ./bin/rails parallel:create
- run:
name: Run migrations
command: ./bin/rails parallel:migrate

<<: *defaults
- image: circleci/ruby:2.7-buster-node
environment: *ruby_environment
- image: circleci/postgres:10.6-alpine
- image: circleci/redis:5-alpine
<<: *test_steps

<<: *defaults
- image: circleci/ruby:2.5.3-stretch-node
- image: circleci/ruby:2.6-buster-node
environment: *ruby_environment
- image: circleci/postgres:10.6-alpine
- image: circleci/redis:4.0.12-alpine
- image: circleci/redis:5-alpine
<<: *test_steps

<<: *defaults
- image: circleci/ruby:2.4.5-stretch-node
- image: circleci/ruby:2.5-buster-node
environment: *ruby_environment
- image: circleci/postgres:10.6-alpine
- image: circleci/redis:4.0.12-alpine
- image: circleci/redis:5-alpine
<<: *test_steps

<<: *defaults
- image: circleci/node:8.15.0-stretch
- image: circleci/node:12-buster
- *attach_workspace
- run: ./bin/retry yarn test:jest
@@ -173,30 +197,38 @@ jobs:
<<: *defaults
- *attach_workspace
- *install_system_dependencies
- run: bundle exec i18n-tasks check-normalized
- run: bundle exec i18n-tasks unused
- run: bundle exec i18n-tasks missing -t plural
- run: bundle exec i18n-tasks unused -l en
- run: bundle exec i18n-tasks check-consistent-interpolations
- run: bundle exec rake repo:check_locales_files

version: 2
- install
- install-ruby2.6:
- install-ruby2.7:
- install
- install-ruby2.5:
- install-ruby2.6:
- install
- install-ruby2.6
- install-ruby2.4:
- install-ruby2.7
- install-ruby2.5:
- install
- install-ruby2.6
- install-ruby2.7
- build:
- install-ruby2.6
- install-ruby2.7
- test-migrations:
- install-ruby2.7
- test-ruby2.7:
- install-ruby2.7
- build
- test-ruby2.6:
- install-ruby2.6
@@ -205,13 +237,9 @@ workflows:
- install-ruby2.5
- build
- test-ruby2.4:
- install-ruby2.4
- build
- test-webui:
- install
- check-i18n:
- install-ruby2.6
- install-ruby2.7

+ 3
- 3
.codeclimate.yml View File

@@ -27,11 +27,11 @@ plugins:
enabled: true
enabled: true
channel: eslint-5
channel: eslint-6
enabled: true
channel: rubocop-0-54
channel: rubocop-0-76
enabled: true
- spec/

+ 10
- 0
.dependabot/config.yml View File

@@ -0,0 +1,10 @@
version: 1

- package_manager: "ruby:bundler"
directory: "/"
update_schedule: "weekly"

- package_manager: "javascript"
directory: "/"
update_schedule: "weekly"

+ 48
- 17
.env.nanobox View File

@@ -11,24 +11,14 @@ DB_NAME=gonano


# Optional ElasticSearch configuration

# Optimizations

# ImageMagick optimizations

# Federation
# Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation.
@@ -84,6 +74,7 @@ SMTP_PORT=587
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
@@ -97,9 +88,17 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}

# Optional asset host for multi-server setups
# The asset host must allow cross origin request from WEB_DOMAIN or LOCAL_DOMAIN
# if WEB_DOMAIN is not set. For example, the server may have the
# following header field:
# Access-Control-Allow-Origin:

# S3 (optional)
# The attachment host must allow cross origin request from WEB_DOMAIN or
# LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
# following header field:
# Access-Control-Allow-Origin:
# S3_ENABLED=true
@@ -109,6 +108,8 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}

# S3 (Minio Config (optional) Please check Minio instance for details)
# The attachment host must allow cross origin request - see the description
# above.
# S3_ENABLED=true
@@ -119,12 +120,30 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}

# Google Cloud Storage (optional)
# Use S3 compatible API. Since GCS does not support Multipart Upload,
# increase the value of S3_MULTIPART_THRESHOLD to disable Multipart Upload.
# The attachment host must allow cross origin request - see the description
# above.
# S3_ENABLED=true
# S3_PROTOCOL=https
# S3_MULTIPART_THRESHOLD=52428801 # 50.megabytes

# Swift (optional)
# The attachment host must allow cross origin request - see the description
# above.
# For Keystone V3, the value for SWIFT_TENANT should be the project name
# Some OpenStack V3 providers require PROJECT_ID (optional)
# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
# issues with token rate-limiting during high load.
@@ -164,6 +183,11 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}
# LDAP_MAIL=mail
# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))

# PAM authentication (optional)
# PAM authentication uses for the email generation the "email" pam variable
@@ -171,8 +195,8 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}
# The pam environment variable "email" is provided by:
# Fallback Suffix for email address generation (nil by default)
# Fallback email domain for email address generation (LOCAL_DOMAIN by default)
# Name of the pam service (pam "auth" section is evaluated)
# Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)
@@ -207,8 +231,8 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}

# Optional SAML authentication (cf. omniauth-saml)
# SAML_ISSUER=http://localhost:3000/auth/auth/saml/callback
# SAML_ACS_URL=http://localhost:3000/auth/auth/saml/callback
@@ -220,7 +244,14 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}
# SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"
# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"

# Use HTTP proxy for outgoing request (optional)
# http_proxy=http://gateway.local:8118
# Access control for hidden service.

+ 33
- 3
.env.production.sample View File

@@ -10,6 +10,7 @@ DB_NAME=postgres
# Optional ElasticSearch configuration
# You may also set ES_PREFIX to share the same cluster between multiple Mastodon servers (falls back to REDIS_NAMESPACE if not set)
# ES_HOST=es
# ES_PORT=9200
@@ -68,6 +69,7 @@ SMTP_PORT=587
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
@@ -113,6 +115,20 @@

# Google Cloud Storage (optional)
# Use S3 compatible API. Since GCS does not support Multipart Upload,
# increase the value of S3_MULTIPART_THRESHOLD to disable Multipart Upload.
# The attachment host must allow cross origin request - see the description
# above.
# S3_ENABLED=true
# S3_PROTOCOL=https
# S3_MULTIPART_THRESHOLD=52428801 # 50.megabytes

# Swift (optional)
# The attachment host must allow cross origin request - see the description
# above.
@@ -162,7 +178,11 @@ STREAMING_CLUSTER_NUM=1
# LDAP_SEARCH_FILTER="%{uid}=%{email}"
# LDAP_MAIL=mail
# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))

# PAM authentication (optional)
# PAM authentication uses for the email generation the "email" pam variable
@@ -206,8 +226,8 @@ STREAMING_CLUSTER_NUM=1

# Optional SAML authentication (cf. omniauth-saml)
# SAML_ISSUER=http://localhost:3000/auth/auth/saml/callback
# SAML_ACS_URL=http://localhost:3000/auth/auth/saml/callback
@@ -230,3 +250,13 @@ STREAMING_CLUSTER_NUM=1
# http_proxy=http://gateway.local:8118
# Access control for hidden service.

# Authorized fetch mode (optional)
# Require remote servers to authentify when fetching toots, see

# Whitelist mode (optional)
# Only allow federation with whitelisted domains, see

+ 1
- 1
.env.test View File

@@ -1,5 +1,5 @@
# Node.js
# Federation

+ 1
- 0
.env.vagrant View File

@@ -1,2 +1,3 @@

+ 2
- 0
.github/FUNDING.yml View File

@@ -0,0 +1,2 @@
patreon: mastodon
open_collective: mastodon

+ 5
- 0
.github/ISSUE_TEMPLATE/config.yml View File

@@ -0,0 +1,5 @@
blank_issues_enabled: false
- name: Mastodon Meta Discussion Board
about: Please ask and answer questions here.

+ 10
- 0
.github/stale.yml View File

@@ -0,0 +1,10 @@
daysUntilStale: 120
daysUntilClose: 7
- security
staleLabel: wontfix
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs. Thank you
for your contributions.
only: pulls

+ 5
- 1
.gitignore View File

@@ -13,6 +13,7 @@

# Ignore all logfiles and tempfiles.
@@ -23,6 +24,7 @@ public/packs

@@ -55,6 +57,8 @@ npm-debug.log

# Ignore vagrant log files

# Ignore Docker option files

+ 1
- 1
.nvmrc View File

@@ -1 +1 @@

+ 12
- 0
.rubocop.yml View File

@@ -1,3 +1,6 @@
- rubocop-rails

TargetRubyVersion: 2.3
@@ -68,6 +71,9 @@ Naming/MemoizedInstanceVariableName:
Enabled: true

Enabled: false

Enabled: false

@@ -82,6 +88,9 @@ Rails/Exit:
- 'lib/mastodon/*'
- 'lib/cli.rb'

Enabled: false

Enabled: false

@@ -96,6 +105,9 @@ Style/Documentation:
Enabled: true

Enabled: false

Enabled: true

+ 1
- 1
.ruby-version View File

@@ -1 +1 @@

+ 37
- 0
.sass-lint.yml View File

@@ -0,0 +1,37 @@
# Linter Documentation:

include: app/javascript/styles/**/*.scss
- app/javascript/styles/mastodon/reset.scss

# Disallows
no-color-literals: 0
no-css-comments: 0
no-duplicate-properties: 0
no-ids: 0
no-important: 0
no-mergeable-selectors: 0
no-misspelled-properties: 0
no-qualifying-elements: 0
no-transition-all: 0
no-vendor-prefixes: 0

# Nesting
force-element-nesting: 0
force-attribute-nesting: 0
force-pseudo-nesting: 0

# Name Formats
class-name-format: 0
leading-zero: 0

# Style Guide
attribute-quotes: 0
hex-length: 0
indentation: 0
nesting-depth: 0
property-sort-order: 0
quotes: 0

+ 0
- 264
.scss-lint.yml View File

@@ -1,264 +0,0 @@
# Linter Documentation:

scss_files: 'app/javascript/styles/**/*.scss'

- app/javascript/styles/reset.scss

# Reports when you use improper spacing around ! (the "bang") in !default,
# !global, !important, and !optional flags.
enabled: false

# Whether or not to prefer `border: 0` over `border: none`.
enabled: false

# Reports when you define a rule set using a selector with chained classes
# (a.k.a. adjoining classes).
enabled: false

# Prefer hexadecimal color codes over color keywords.
# (e.g. `color: green` is a color keyword)
enabled: false

# Prefer color literals (keywords or hexadecimal codes) to be used only in
# variable declarations. They should be referred to via variables everywhere
# else.
enabled: true

# Which form of comments to prefer in CSS.
enabled: false

# Reports @debug statements (which you probably left behind accidentally).
enabled: false

# Rule sets should be ordered as follows:
# - @extend declarations
# - @include declarations without inner @content
# - properties, @include declarations with inner @content
# - nested rule sets.
enabled: false

# `scss-lint:disable` control comments should be preceded by a comment
# explaining why these linters are being disabled for this file.
# See for
# more information.
enabled: true

# Reports when you define the same property twice in a single rule set.
enabled: false

# Separate rule, function, and mixin declarations with empty lines.
enabled: true

# Reports when you have an empty rule set.
enabled: true

# Reports when you have an @extend directive.
enabled: false

# Files should always have a final newline. This results in better diffs
# when adding lines to the file, since SCM systems such as git won't
# think that you touched the last line.
enabled: false

# HEX colors should use three-character values where possible.
enabled: false

# HEX color values should use lower-case colors to differentiate between
# letters and numbers, e.g. `#E3E3E3` vs. `#e3e3e3`.
enabled: true

# Avoid using ID selectors.
enabled: false

# The basenames of @imported SCSS partials should not begin with an
# underscore and should not include the filename extension.
enabled: false

# Avoid using !important in properties. It is usually indicative of a
# misunderstanding of CSS specificity and can lead to brittle code.
enabled: false

# Indentation should always be done in increments of 2 spaces.
enabled: true
width: 2

# Don't write leading zeros for numeric values with a decimal point.
enabled: false

# Reports when you define the same selector twice in a single sheet.
enabled: false

# Functions, mixins, variables, and placeholders should be declared
# with all lowercase letters and hyphens instead of underscores.
enabled: false

# Avoid nesting selectors too deeply.
enabled: false

# Always use placeholder selectors in @extend.
enabled: false

# Sort properties in a strict order.
enabled: false

# Reports when you use an unknown or disabled CSS property
# (ignoring vendor-prefixed properties).
enabled: false

# Configure which units are allowed for property values.
enabled: false

# Pseudo-elements, like ::before, and ::first-letter, should be declared
# with two colons. Pseudo-classes, like :hover and :first-child, should
# be declared with one colon.
enabled: true

# Avoid qualifying elements in selectors (also known as "tag-qualifying").
enabled: false

# Don't write selectors with a depth of applicability greater than 3.
enabled: false

# Selectors should always use hyphenated-lowercase, rather than camelCase or
# snake_case.
enabled: false
convention: hyphenated_lowercase

# Prefer the shortest shorthand form possible for properties that support it.
enabled: true

# Each property should have its own line, except in the special case of
# single line rulesets.
enabled: true
allow_single_line_rule_sets: true

# Split selectors onto separate lines after each comma, and have each
# individual selector occupy a single line.
enabled: true

# Commas in lists should be followed by a space.
enabled: false

# Properties should be formatted with a single space separating the colon
# from the property's value.
enabled: true

# Properties should be formatted with no space between the name and the
# colon.
enabled: true

# Variables should be formatted with a single space separating the colon
# from the variable's value.
enabled: true

# Variables should be formatted with no space between the name and the
# colon.
enabled: false

# Operators should be formatted with a single space on both sides of an
# infix operator.
enabled: true

# Opening braces should be preceded by a single space.
enabled: true

# Parentheses should not be padded with spaces.
enabled: false

# Enforces that string literals should be written with a consistent form
# of quotes (single or double).
enabled: false

# Property values, @extend, @include, and @import directives, and variable
# declarations should always end with a semicolon.
enabled: true

# Reports lines containing trailing whitespace.
enabled: true

# Don't write trailing zeros for numeric values with a decimal point.
enabled: false

# Don't use the `all` keyword to specify transition properties.
enabled: false

# Numeric values should not contain unnecessary fractional portions.
enabled: false

# Do not use parent selector references (&) when they would otherwise
# be unnecessary.
enabled: false

# URLs should be valid and not contain protocols or domain names.
enabled: true

# URLs should always be enclosed within quotes.
enabled: true

# Properties, like color and font, are easier to read and maintain
# when defined using variables rather than literals.
enabled: false

# Avoid vendor prefixes. Or rather: don't write them yourself.
enabled: false

# Omit length units on zero values, e.g. `0px` vs. `0`.
enabled: true

+ 1
- 1
.yarnclean View File

@@ -43,4 +43,4 @@ Gruntfile.js

# for specific ignore

+ 244
- 422
File diff suppressed because it is too large
View File

+ 660
- 0 View File

@@ -3,6 +3,666 @@ Changelog

All notable changes to this project will be documented in this file.

## [v3.1.2] - 2020-02-27
### Added

- Add `--reset-password` option to `tootctl accounts modify` ([ThibG](
- Add source-mapped stacktrace to error message in web UI ([ThibG](

### Fixed

- Fix dismissing an announcement twice raising an obscure error ([ThibG](
- Fix misleading error when attempting to re-send a pending follow request ([ThibG](
- Fix backups failing when files are missing from media attachments ([ThibG](
- Fix duplicate accounts being created when fetching an account for its key only ([ThibG](
- Fix `/web` redirecting to `/web/web` in web UI ([ThibG](
- Fix previously OStatus-based accounts not being detected as ActivityPub ([ThibG](
- Fix account JSON/RSS not being cacheable due to wrong mime type comparison ([ThibG](
- Fix old browsers crashing because of missing `finally` polyfill in web UI ([ThibG](
- Fix account's bio not being shown if there are no proofs/fields in admin UI ([ThibG](
- Fix sign-ups without checked user agreement being accepted through the web form ([ThibG](
- Fix non-x64 architectures not being able to build Docker image because of hardcoded Node.js architecture ([SaraSmiseth](
- Fix invite request input not being shown on sign-up error if left empty ([ThibG](
- Fix some migration hints mentioning GitLab instead of Mastodon ([saper](

### Security

- Fix leak of arbitrary statuses through unfavourite action in REST API ([Gargron](

## [3.1.1] - 2020-02-10
### Fixed

- Fix yanked dependency preventing installation ([mayaeh](

## [3.1.0] - 2020-02-09
### Added

- Add bookmarks ([ThibG](, [Gargron](, [Gomasy](
- Add announcements ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [ThibG](, [ThibG](, [Gargron](, [ThibG](, [ThibG](
- Add number animations in web UI ([Gargron](, [Gargron](
- Add `kab`, `is`, `kn`, `mr`, `ur` to available locales ([Gargron](, [BoFFire](, [Gargron](
- Add profile filter category ([ThibG](
- Add ability to add oneself to lists ([ThibG](
- Add hint how to contribute translations to preferences page ([Sasha-Sorokin](
- Add signatures to statuses in archive takeout ([noellabo](
- Add support for `magnet:` and `xmpp` links ([ThibG](, [ThibG](
- Add `follow_request` notification type ([ThibG](
- Add ability to filter reports by account domain in admin UI ([ThibG](
- Add link to search for users connected from the same IP address to admin UI ([ThibG](
- Add link to reports targeting a specific domain in admin view ([ThibG](
- Add support for EventSource streaming in web UI ([BenLubar](
- Add hotkey for opening media attachments in web UI ([ThibG](, [Kjwon15](
- Add relationship-based options to status dropdowns in web UI ([Gargron](, [ThibG](, [Gargron](
- Add support for submitting media description with `ctrl`+`enter` in web UI ([ThibG](
- Add download button to audio and video players in web UI ([NimaBoscarino](
- Add setting for whether to crop images in timelines in web UI ([duxovni](
- Add support for `Event` activities ([tcitworld](
- Add basic support for `Group` actors ([noellabo](
- Add `S3_OVERRIDE_PATH_STYLE` environment variable ([Gargron](
- Add `S3_OPEN_TIMEOUT` environment variable ([tateisu](
- Add `LDAP_MAIL` environment variable ([madmath03](
- Add `LDAP_UID_CONVERSION_ENABLED` environment variable ([madmath03](
- Add `--remote-only` option to `tootctl emoji purge` ([ThibG](
- Add `tootctl media remove-orphans` ([Gargron](, [Gargron](
- Add `tootctl media lookup` command ([irlcatgirl](
- Add cache for OEmbed endpoints to avoid extra HTTP requests ([Gargron](
- Add support for KaiOS arrow navigation to public pages ([nolanlawson](
- Add `discoverable` to accounts in REST API ([trwnh](
- Add admin setting to disable default follows ([ArisuOngaku](
- Add support for LDAP and PAM in the OAuth password grant strategy ([ntl-purism](, [Gargron](
- Allow support for `Accept`/`Reject` activities with a non-embedded object ([puckipedia](
- Add "Show thread" button to public profiles ([Sasha-Sorokin](

### Changed

- Change `last_status_at` to be a date, not datetime in REST API ([ThibG](
- Change followers page to relationships page in admin UI ([Gargron](, [Gargron](
- Change reported media attachments to always be hidden in admin UI ([Gargron](, [ThibG](
- Change string from "Disable" to "Disable login" in admin UI ([nileshkumar](
- Change report page structure in admin UI ([Sasha-Sorokin](
- Change swipe sensitivity to be lower on small screens in web UI ([umonaca](
- Change audio/video playback to stop playback when out of view in web UI ([Gargron](
- Change media description label based on upload type in web UI ([ThibG](
- Change large numbers to render without decimal units in web UI ([noellabo](
- Change "Add a choice" button to be disabled rather than hidden when poll limit reached in web UI ([ThibG](, [hinaloe](
- Change `tootctl statuses remove` to keep statuses favourited or bookmarked by local users ([ThibG](, [Gomasy](
- Change domain block behavior to update user records (fast) before deleting data (slower) ([ThibG](
- Change behaviour to strip audio metadata on uploads ([hugogameiro](
- Change accepted length of remote media descriptions from 420 to 1,500 characters ([ThibG](
- Change preferences pages structure ([Sasha-Sorokin](, [mayaeh](, [Sasha-Sorokin](, [Sasha-Sorokin](, [Sasha-Sorokin](, [Sasha-Sorokin](
- Change format of titles in RSS ([devkral](
- Change favourite icon animation from spring-based motion to CSS animation in web UI ([ThibG](
- Change minimum required Node.js version to 10, and default to 12 ([Shleeble](, [mkody](, [Shleeble](
- Change spam check to exempt server staff ([ThibG](
- Change to fallback to to `Create` audience when `object` has no defined audience ([ThibG](
- Change Twemoji library to 12.1.3 in web UI ([koyuawsmbrtn](
- Change blocked users to be hidden from following/followers lists ([ThibG](
- Change signature verification to ignore signatures with invalid host ([Gargron](

### Removed

- Remove unused dependencies ([ykzts](, [mayaeh](, [ThibG](, [ykzts](

### Fixed

- Fix some translatable strings being used wrongly ([Sasha-Sorokin](, [Sasha-Sorokin](, [Sasha-Sorokin](, [mayaeh](
- Fix headline of public timeline page when set to local-only ([ykzts](
- Fix space between tabs not being spread evenly in web UI ([Sasha-Sorokin](, [Sasha-Sorokin](, [Sasha-Sorokin](
- Fix interactive delays in database migrations with no TTY ([Gargron](
- Fix status overflowing in report dialog in web UI ([ThibG](
- Fix unlocalized dropdown button title in web UI ([Sasha-Sorokin](
- Fix media attachments without file being uploadable ([Gargron](
- Fix unfollow confirmations in profile directory in web UI ([ThibG](
- Fix duplicate `description` meta tag on accounts public pages ([ThibG](
- Fix slow query of federated timeline ([notozeki](
- Fix not all of account's active IPs showing up in admin UI ([Gargron](, [Gargron](
- Fix search by IP not using alternative browser sessions in admin UI ([Gargron](
- Fix “X new items” not showing up for slow mode on empty timelines in web UI ([ThibG](
- Fix OEmbed endpoint being inaccessible in secure mode ([Gargron](
- Fix proofs API being inaccessible in secure mode ([Gargron](
- Fix Ruby 2.7 incompatibilities ([ThibG](, [ThibG](, [Shleeble](, [zunda](
- Fix invalid poll votes being accepted in REST API ([ThibG](
- Fix old migrations failing because of strong migrations update ([ThibG](, [ThibG](
- Fix reuse of detailed status components in web UI ([ThibG](
- Fix base64-encoded file uploads not being possible in REST API ([Gargron](, [Gargron](
- Fix error due to missing authentication call in filters controller ([Gargron](
- Fix uncaught unknown format error in host meta controller ([Gargron](
- Fix URL search not returning private toots user has access to ([ThibG](, [ThibG](
- Fix cache digesting log noise on status embeds ([Gargron](
- Fix slowness due to layout thrashing when reloading a large set of statuses in web UI ([panarom](, [panarom](, [Gargron](
- Fix error when fetching followers/following from REST API when user has network hidden ([Gargron](
- Fix IDN mentions not being processed, IDN domains not being rendered ([Gargron](, [Gargron](, [Gargron](
- Fix error when searching for empty phrase ([Gargron](
- Fix backups stopping due to read timeouts ([chr-1x](
- Fix batch actions on non-pending tags in admin UI ([ThibG](
- Fix sample `SAML_ACS_URL`, `SAML_ISSUER` ([orlea](
- Fix manual scrolling issue on Firefox/Windows in web UI ([ThibG](
- Fix archive takeout failing if total dump size exceeds 2GB ([scd31](, [Gargron](
- Fix custom emoji category creation silently erroring out on duplicate category ([ThibG](
- Fix link crawler not specifying preferred content type ([ThibG](
- Fix featured hashtag setting page erroring out instead of rejecting invalid tags ([ThibG](
- Fix tooltip messages of single/multiple-choice polls switcher being reversed in web UI ([acid-chicken](
- Fix typo in help text of `tootctl statuses remove` ([trwnh](
- Fix generic HTTP 500 error on duplicate records ([Gargron](
- Fix old migration failing with new status default scope ([ThibG](
- Fix errors when using search API with no query ([Gargron](, [trwnh](
- Fix poll options not being selectable via keyboard in web UI ([ThibG](
- Fix conversations not having an unread indicator in web UI ([Gargron](
- Fix lost focus when modals open/close in web UI ([ThibG](
- Fix pending upload count not being decremented on error in web UI ([ThibG](
- Fix empty poll options not being removed on remote poll update ([ThibG](
- Fix OCR with delete & redraft in web UI ([ThibG](
- Fix blur behind closed registration message ([ThibG](
- Fix OEmbed discovery not handling different URL variants in query ([Gargron](
- Fix link crawler crashing on `<a>` tags without `href` ([ThibG](
- Fix whitelisted subdomains being ignored in whitelist mode ([noiob](
- Fix broken audit log in whitelist mode in admin UI ([ThibG](
- Fix unread indicator not honoring "Only media" option in local and federated timelines in web UI ([ThibG](
- Fix error when rebuilding home feeds ([dariusk](
- Fix relationship caches being broken as result of a follow request ([ThibG](
- Fix more items than the limit being uploadable in web UI ([ThibG](
- Fix various issues with account migration ([ThibG](
- Fix filtered out items being counted as pending items in slow mode in web UI ([ThibG](
- Fix notification filters not applying to poll options ([ThibG](
- Fix notification message for user's own poll saying it's a poll they voted on in web UI ([ykzts](
- Fix polls with an expiration not showing up as expired in web UI ([noellabo](
- Fix volume slider having an offset between cursor and slider in Chromium in web UI ([ThibG](
- Fix Vagrant image not accepting connections ([shrft](
- Fix batch actions being hidden on small screens in admin UI ([ThibG](
- Fix incoming federation not working in whitelist mode ([ThibG](
- Fix error when passing empty `source` param to `PUT /api/v1/accounts/update_credentials` ([jglauche](
- Fix HTTP-based streaming API being cacheable by proxies ([BenLubar](
- Fix users being able to register while `tootctl self-destruct` is in progress ([Kjwon15](
- Fix microformats detection in link crawler not ignoring `h-card` links ([nightpool](
- Fix outline on full-screen video in web UI ([hinaloe](
- Fix TLD domain blocks not being editable ([ThibG](
- Fix Nanobox deploy hooks ([danhunsaker](
- Fix needlessly complicated SQL query when performing account search amongst followings ([ThibG](
- Fix favourites count not updating when unfavouriting in web UI ([NimaBoscarino](
- Fix occasional crash on scroll in Chromium in web UI ([hinaloe](
- Fix intersection observer not working in single-column mode web UI ([panarom](
- Fix voting issue with remote polls that contain trailing spaces ([ThibG](
- Fix dynamic elements not working in pgHero due to CSP rules ([ykzts](
- Fix overly verbose backtraces when delivering ActivityPub payloads ([zunda](
- Fix rendering `<a>` without `href` when scheme unsupported ([Gargron](
- Fix unfiltered params error when generating ActivityPub tag pagination ([Gargron](
- Fix malformed HTML causing uncaught error ([Gargron](
- Fix native share button not being displayed for unlisted toots ([ThibG](
- Fix remote convertible media attachments (e.g. GIFs) not being saved ([Gargron](
- Fix account query not using faster index ([abcang](
- Fix error when sending moderation notification ([renatolond](

### Security

- Fix OEmbed leaking information about existence of non-public statuses ([Gargron](
- Fix password change/reset not immediately invalidating other sessions ([Gargron](
- Fix settings pages being cacheable by the browser ([Gargron](

## [3.0.1] - 2019-10-10
### Added

- Add `tootctl media usage` command ([Gargron](
- Add admin setting to auto-approve trending hashtags ([Gargron](, [Gargron](

### Changed

- Change `tootctl media refresh` to skip already downloaded attachments ([Gargron](

### Removed

- Remove auto-silence behaviour from spam check ([Gargron](
- Remove HTML `lang` attribute from individual statuses in web UI ([Gargron](
- Remove fallback to long description on sidebar and meta description ([Gargron](

### Fixed

- Fix preloaded JSON-LD context for identity not being used ([Gargron](
- Fix media editing modal changing dimensions once the image loads ([Gargron](
- Fix not showing whether a custom emoji has a local counterpart in admin UI ([Gargron](
- Fix attachment not being re-downloaded even if file is not stored ([Gargron](
- Fix old migration trying to use new column due to default status scope ([Gargron](
- Fix column back button missing for not found accounts ([trwnh](
- Fix issues with tootctl's parallelization and progress reporting ([Gargron](, [Gargron](
- Fix existing user records with now-renamed `pt` locale ([Gargron](
- Fix hashtag timeline REST API accepting too many hashtags ([Gargron](
- Fix `GET /api/v1/instance` REST APIs being unavailable in secure mode ([Gargron](
- Fix performance of home feed regeneration and merging ([Gargron](
- Fix ffmpeg performance issues due to stdout buffer overflow ([hugogameiro](
- Fix S3 adapter retrying failing uploads with exponential backoff ([Gargron](
- Fix `tootctl accounts cull` advertising unused option flag ([Kjwon15](

## [3.0.0] - 2019-10-03
### Added

- Add "not available" label to unloaded media attachments in web UI ([Gargron](, [Gargron](
- **Add profile directory to web UI** ([Gargron](, [mayaeh](
- Add profile directory opt-in federation
- Add profile directory REST API
- Add special alert for throttled requests in web UI ([ThibG](
- Add confirmation modal when logging out from the web UI ([ThibG](
- **Add audio player in web UI** ([Gargron](, [Gargron](, [Gargron](, [ThibG](, [Gargron](
- **Add autosuggestions for hashtags in web UI** ([Gargron](, [ThibG](, [Gargron](, [Gargron](, [Gargron](
- **Add media editing modal with OCR tool in web UI** ([Gargron](, [Gargron](, [ThibG](, [ThibG](, [Gargron](, [Gargron](, [Gargron](
- Add indicator of unread notifications to window title when web UI is out of focus ([Gargron](, [Gargron](
- Add indicator for which options you voted for in a poll in web UI ([ThibG](
- **Add search results pagination to web UI** ([Gargron](, [ThibG](
- **Add option to disable real-time updates in web UI ("slow mode")** ([Gargron](, [ykzts](, [ThibG](, [Gargron](, [ThibG](
- Add option to disable blurhash previews in web UI ([ThibG](
- Add native smooth scrolling when supported in web UI ([ThibG](
- Add scrolling to the search bar on focus in web UI ([Kjwon15](
- Add refresh button to list of rebloggers/favouriters in web UI ([Gargron](
- Add error description and button to copy stack trace to web UI ([Gargron](
- Add search and sort functions to hashtag admin UI ([mayaeh](, [Gargron](, [mayaeh](
- Add setting for default search engine indexing in admin UI ([brortao](
- Add account bio to account view in admin UI ([ThibG](
- **Add option to include reported statuses in warning e-mail from admin UI** ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [mayaeh](
- Add number of pending accounts and pending hashtags to dashboard in admin UI ([Gargron](
- **Add account migration UI** ([Gargron](, [noellabo](, [noellabo](, [noellabo](, [noellabo](
- **Add table of contents to about page** ([Gargron](, [ykzts](, [ykzts](, [Kjwon15](
- **Add password challenge to 2FA settings, e-mail notifications** ([Gargron](
- **Add optional public list of domain blocks with comments** ([ThibG](, [ThibG](, [Gargron](
- Add an RSS feed for featured hashtags ([noellabo](
- Add explanations to featured hashtags UI and profile ([Gargron](
- **Add hashtag trends with admin and user settings** ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [mayaeh](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [ThibG](, [Sasha-Sorokin](, [Gargron](, [Gargron](
- Add hashtag usage breakdown to admin UI
- Add batch actions for hashtags to admin UI
- Add trends to web UI
- Add trends to public pages
- Add user preference to hide trends
- Add admin setting to disable trends
- **Add categories for custom emojis** ([Gargron](, [Gargron](, [Gargron](, [highemerly](
- Add custom emoji categories to emoji picker in web UI
- Add `category` to custom emojis in REST API
- Add batch actions for custom emojis in admin UI
- Add max image dimensions to error message ([raboof](
- Add aac, m4a, 3gp, amr, wma to allowed audio formats ([Gargron](, [umonaca](
- **Add search syntax for operators and phrases** ([Gargron](
- **Add REST API for managing featured hashtags** ([noellabo](
- **Add REST API for managing timeline read markers** ([Gargron](
- Add `exclude_unreviewed` param to `GET /api/v2/search` REST API ([Gargron](
- Add `reason` param to `POST /api/v1/accounts` REST API ([Gargron](
- **Add ActivityPub secure mode** ([Gargron](, [ThibG](, [ThibG](
- Add HTTP signatures to all outgoing ActivityPub GET requests ([Gargron](, [ThibG](
- Add support for ActivityPub Audio activities ([ThibG](
- Add ActivityPub actor representing the entire server ([ThibG](, [rtucker](, [ThibG](, [Gargron](
- **Add whitelist mode** ([Gargron](, [mayaeh](
- Add config of multipart threshold for S3 ([ykzts](, [ykzts](
- Add health check endpoint for web ([ykzts](, [ykzts](
- Add HTTP signature keyId to request log ([Gargron](
- Add `SMTP_REPLY_TO` environment variable ([hugogameiro](
- Add `tootctl preview_cards remove` command ([mayaeh](
- Add `tootctl media refresh` command ([Gargron](
- Add `tootctl cache recount` command ([Gargron](
- Add option to exclude suspended domains from `tootctl domains crawl` ([dariusk](
- Add parallelization to `tootctl search deploy` ([noellabo](
- Add soft delete for statuses for instant deletes through API ([Gargron](, [Gargron](
- Add rails-level JSON caching ([Gargron](, [Gargron](
- **Add request pool to improve delivery performance** ([Gargron](, [ykzts](
- Add concurrent connection attempts to resolved IP addresses ([ThibG](
- Add index for remember_token to improve login performance ([abcang](
- **Add more accurate hashtag search** ([Gargron](, [Gargron](, [Gargron](
- **Add more accurate account search** ([Gargron](, [Gargron](
- **Add a spam check** ([Gargron](, [Gargron](, [ThibG](
- Add new languages ([Gargron](
- Breton
- Spanish (Argentina)
- Estonian
- Macedonian
- New Norwegian
- Add NodeInfo endpoint ([Gargron](, [Gargron](

### Changed

- **Change conversations UI** ([Gargron](
- Change dashboard to short number notation ([noellabo](, [noellabo](
- Change REST API `GET /api/v1/timelines/public` to require authentication when public preview is off ([ThibG](
- Change REST API `POST /api/v1/follow_requests/:id/(approve|reject)` to return relationship ([ThibG](
- Change rate limit for media proxy ([ykzts](
- Change unlisted custom emoji to not appear in autosuggestions ([Gargron](
- Change max length of media descriptions from 420 to 1500 characters ([Gargron](, [ThibG](
- **Change deletes to preserve soft-deleted statuses in unresolved reports** ([Gargron](
- **Change tootctl to use inline parallelization instead of Sidekiq** ([Gargron](
- **Change account deletion page to have better explanations** ([Gargron](, [Gargron](
- Change hashtag component in web UI to show numbers for 2 last days ([Gargron](, [Gargron](, [Gargron](
- Change OpenGraph description on sign-up page to reflect invite ([Gargron](
- Change layout of public profile directory to be the same as in web UI ([Gargron](
- Change detailed status child ordering to sort self-replies on top ([ThibG](
- Change window resize handler to switch to/from mobile layout as soon as needed ([ThibG](
- Change icon button styles to make hover/focus states more obvious ([ThibG](
- Change contrast of status links that are not mentions or hashtags ([ThibG](
- **Change hashtags to preserve first-used casing** ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [Gargron](
- **Change unconfirmed user login behaviour** ([Gargron](, [ThibG](, [Gargron](
- **Change single-column mode to scroll the whole page** ([Gargron](, [Gargron](, [Gargron](, [ThibG](, [Gargron](, [Gargron](, [ThibG](, [Gargron](
- Change `tootctl accounts follow` to only work with local accounts ([angristan](
- Change Dockerfile ([Shleeble](, [ykzts](, [Shleeble](
- Change supported Node versions to include v12 ([abcang](
- Change Portuguese language from `pt` to `pt-PT` ([Gargron](
- Change domain block silence to always require approval on follow ([ThibG](
- Change link preview fetcher to not perform a HEAD request first ([Gargron](
- Change `tootctl domains purge` to accept multiple domains at once ([Gargron](

### Removed

- **Remove OStatus support** ([Gargron](, [Gargron](, [Gargron](, [ThibG](, [ThibG](
- Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` ([Gargron](
- Remove WebP support ([angristan](
- Remove deprecated config options from Heroku and Scalingo ([ykzts](
- Remove deprecated REST API `GET /api/v1/search` API ([Gargron](
- Remove deprecated REST API `GET /api/v1/statuses/:id/card` ([Gargron](
- Remove deprecated REST API `POST /api/v1/notifications/dismiss?id=:id` ([Gargron](
- Remove deprecated REST API `GET /api/v1/timelines/direct` ([Gargron](

### Fixed

- Fix manifest warning ([ykzts](
- Fix admin UI for custom emoji not respecting GIF autoplay preference ([ThibG](
- Fix page body not being scrollable in admin/settings layout ([Gargron](
- Fix placeholder colors for inputs not being explicitly defined ([Gargron](
- Fix incorrect enclosure length in RSS ([tsia](
- Fix TOTP codes not being filtered from logs during enabling/disabling ([Gargron](
- Fix webfinger response not returning 410 when account is suspended ([Gargron](
- Fix ActivityPub Move handler queuing jobs that will fail if account is suspended ([Gargron](
- Fix SSO login not using existing account when e-mail is verified ([Gargron](
- Fix web UI allowing uploads past status limit via drag & drop ([Gargron](
- Fix expiring polls not being displayed as such in web UI ([ThibG](
- Fix 2FA challenge and password challenge for non-database users ([Gargron](, [Gargron](
- Fix profile fields overflowing page width in web UI ([Gargron](
- Fix web push subscriptions being deleted on rate limit or timeout ([Gargron](
- Fix display of long poll options in web UI ([ThibG](, [ThibG](
- Fix search API not resolving URL when `type` is given ([Gargron](
- Fix hashtags being split by ZWNJ character ([Gargron](
- Fix scroll position resetting when opening media modals in web UI ([Gargron](
- Fix duplicate HTML IDs on about page ([ThibG](
- Fix admin UI showing superfluous reject media/reports on suspended domain blocks ([ThibG](
- Fix ActivityPub context not being dynamically computed ([ThibG](
- Fix Mastodon logo style on hover on public pages' footer ([ThibG](
- Fix height of dashboard counters ([ThibG](
- Fix custom emoji animation on hover in web UI directory bios ([ThibG](
- Fix non-numbers being passed to Redis and causing an error ([Gargron](
- Fix error in REST API for an account's statuses ([Gargron](
- Fix uncaught error when resource param is missing in Webfinger request ([Gargron](
- Fix uncaught domain normalization error in remote follow ([Gargron](
- Fix uncaught 422 and 500 errors ([Gargron](, [Gargron](
- Fix uncaught parameter missing exceptions and missing error templates ([Gargron](
- Fix encoding error when checking e-mail MX records ([Gargron](
- Fix items in StatusContent render list not all having a key ([ThibG](
- Fix remote and staff-removed statuses leaving media behind for a day ([Gargron](
- Fix CSP needlessly allowing blob URLs in script-src ([ThibG](
- Fix ignoring whole status because of one invalid hashtag ([Gargron](
- Fix hidden statuses losing focus ([ThibG](
- Fix loading bar being obscured by other elements in web UI ([Gargron](
- Fix multiple issues with replies collection for pages further than self-replies ([ThibG](
- Fix blurhash and autoplay not working on public pages ([Gargron](
- Fix 422 being returned instead of 404 when POSTing to unmatched routes ([Gargron](, [Gargron](
- Fix client-side resizing of image uploads ([ThibG](
- Fix short number formatting for numbers above million in web UI ([Gargron](
- Fix ActivityPub and REST API queries setting cookies and preventing caching ([ThibG](, [ThibG](, [ThibG](, [ThibG](
- Fix some emojis in profile metadata labels are not emojified. ([kedamaDQ](
- Fix account search always returning exact match on paginated results ([Gargron](
- Fix acct URIs with IDN domains not being resolved ([Gargron](
- Fix admin dashboard missing latest features ([Gargron](
- Fix jumping of toot date when clicking spoiler button ([ariasuni](
- Fix boost to original audience not working on mobile in web UI ([ThibG](
- Fix handling of webfinger redirects in ResolveAccountService ([ThibG](
- Fix URLs appearing twice in errors of ActivityPub::DeliveryWorker ([Gargron](
- Fix support for HTTP proxies ([ThibG](
- Fix HTTP requests to IPv6 hosts ([ThibG](
- Fix error in ElasticSearch index import ([mayaeh](
- Fix duplicate account error when seeding development database ([ysksn](
- Fix performance of session clean-up scheduler ([abcang](
- Fix older migrations not running ([zunda](
- Fix URLs counting towards RTL detection ([ahangarha](
- Fix unnecessary status re-rendering in web UI ([ThibG](
- Fix http_parser.rb gem not being compiled when no network available ([petabyteboy](
- Fix muted text color not applying to all text ([trwnh](
- Fix follower/following lists resetting on back-navigation in web UI ([Gargron](
- Fix n+1 query when approving multiple follow requests ([abcang](
- Fix records not being indexed into ElasticSearch sometimes ([Gargron](
- Fix needlessly indexing unsearchable statuses into ElasticSearch ([Gargron](
- Fix new user bootstrapping crashing when to-be-followed accounts are invalid ([ThibG](
- Fix featured hashtag URL being interpreted as media or replies tab ([Gargron](
- Fix account counters being overwritten by parallel writes ([Gargron](

### Security

- Fix performance of GIF re-encoding and always strip EXIF data from videos ([Gargron](

## [2.9.3] - 2019-08-10
### Added

- Add GIF and WebP support for custom emojis ([Gargron](
- Add logout link to dropdown menu in web UI ([koyuawsmbrtn](
- Add indication that text search is unavailable in web UI ([ThibG](, [ThibG](
- Add `suffix` to `Mastodon::Version` to help forks ([clarfon](
- Add on-hover animation to animated custom emoji in web UI ([ThibG](, [ThibG](, [ThibG](
- Add custom emoji support in profile metadata labels ([ThibG](

### Changed

- Change default interface of web and streaming from to ([Gargron](, [zunda](, [Gargron](, [zunda](
- Change the retry limit of web push notifications ([highemerly](
- Change ActivityPub deliveries to not retry HTTP 501 errors ([Gargron](
- Change language detection to include hashtags as words ([Gargron](
- Change terms and privacy policy pages to always be accessible ([Gargron](
- Change robots tag to include `noarchive` when user opts out of indexing ([Kjwon15](

### Fixed

- Fix account domain block not clearing out notifications ([Gargron](
- Fix incorrect locale sometimes being detected for browser ([Gargron](
- Fix crash when saving invalid domain name ([Gargron](
- Fix pinned statuses REST API returning pagination headers ([Gargron](
- Fix "cancel follow request" button having unreadable text in web UI ([Gargron](
- Fix image uploads being blank when canvas read access is blocked ([ThibG](
- Fix avatars not being animated on hover when not logged in ([ThibG](
- Fix overzealous sanitization of HTML lists ([ThibG](
- Fix block crashing when a follow request exists ([ThibG](
- Fix backup service crashing when an attachment is missing ([ThibG](
- Fix account moderation action always sending e-mail notification ([Gargron](
- Fix swiping columns on mobile sometimes failing in web UI ([ThibG](
- Fix wrong actor URI being serialized into poll updates ([ThibG](
- Fix statsd UDP sockets not being cleaned up in Sidekiq ([Gargron](
- Fix expiration date of filters being set to "never" when editing them ([ThibG](
- Fix support for MP4 files that are actually M4V files ([Gargron](
- Fix `alerts` not being typecast correctly in push subscription in REST API ([Gargron](
- Fix some notices staying on unrelated pages ([ThibG](
- Fix unboosting sometimes preventing a boost from reappearing on feed ([ThibG](, [Gargron](
- Fix only one middle dot being recognized in hashtags ([Gargron](, [ThibG](
- Fix unnecessary SQL query performed on unauthenticated requests ([Gargron](
- Fix incorrect timestamp displayed on featured tags ([Kjwon15](
- Fix privacy dropdown active state when dropdown is placed on top of it ([ThibG](
- Fix filters not being applied to poll options ([ThibG](
- Fix keyboard navigation on various dropdowns ([ThibG](, [ThibG](, [ThibG](
- Fix keyboard navigation in modals ([ThibG](
- Fix image conversation being non-deterministic due to timestamps ([Gargron](
- Fix web UI performance ([ThibG](, [ThibG](
- Fix scrolling to compose form when not necessary in web UI ([ThibG](, [ThibG](
- Fix save button being enabled when list title is empty in web UI ([ThibG](
- Fix poll expiration not being pre-filled on delete & redraft in web UI ([ThibG](
- Fix content warning sometimes being set when not requested in web UI ([ThibG](

### Security

- Fix invites not being disabled upon account suspension ([ThibG](
- Fix blocked domains still being able to fill database with account records ([Gargron](

## [2.9.2] - 2019-06-22
### Added

- Add `short_description` and `approval_required` to `GET /api/v1/instance` ([Gargron](

### Changed

- Change camera icon to paperclip icon in upload form ([koyuawsmbrtn](

### Fixed

- Fix audio-only OGG and WebM files not being processed as such ([Gargron](
- Fix audio not being downloaded from remote servers ([Gargron](

## [2.9.1] - 2019-06-22
### Added

- Add moderation API ([Gargron](
- Add audio uploads ([Gargron](, [Gargron](

### Changed

- Change domain blocks to automatically support subdomains ([Gargron](
- Change Nanobox configuration to bring it up to date ([danhunsaker](

### Removed

- Remove expensive counters from federation page in admin UI ([Gargron](

### Fixed

- Fix converted media being saved with original extension and mime type ([Gargron](
- Fix layout of identity proofs settings ([acid-chicken](
- Fix active scope only returning suspended users ([ThibG](
- Fix sanitizer making block level elements unreadable ([Gargron](
- Fix label for site theme not being translated in admin UI ([palindromordnilap](
- Fix statuses not being filtered irreversibly in web UI under some circumstances ([ThibG](
- Fix scrolling behaviour in compose form ([ThibG](

## [2.9.0] - 2019-06-13
### Added

- **Add single-column mode in web UI** ([Gargron](, [Gargron](, [Gargron](, [Gargron](, [Hanage999](, [noellabo](, [abcang](, [Gargron](, [Gargron](, [Gargron](, [Gargron](, [noellabo](, [Hanage999](
- Add waiting time to the list of pending accounts in admin UI ([Gargron](
- Add a keyboard shortcut to hide/show media in web UI ([ThibG](, [Gargron](, [ThibG](
- Add `account_id` param to `GET /api/v1/notifications` ([pwoolcoc](
- Add confirmation modal for unboosting toots in web UI ([aurelien-reeves](
- Add emoji suggestions to content warning and poll option fields in web UI ([ThibG](
- Add `source` attribute to response of `DELETE /api/v1/statuses/:id` ([ThibG](
- Add some caching for HTML versions of public status pages ([ThibG](
- Add button to conveniently copy OAuth code ([ThibG](

### Changed

- **Change default layout to single column in web UI** ([Gargron](
- **Change light theme** ([Gargron](, [Gargron](, [yuzulabo](, [Gargron](
- **Change preferences page into appearance, notifications, and other** ([Gargron](, [Gargron](
- Change priority of delete activity forwards for replies and reblogs ([Gargron](
- Change Mastodon logo to use primary text color of the given theme ([Gargron](
- Change reblogs counter to be updated when boosted privately ([Gargron](
- Change bio limit from 160 to 500 characters ([trwnh](
- Change API rate limiting to reduce allowed unauthenticated requests ([ThibG](, [hinaloe](, [mayaeh](
- Change help text of `tootctl emoji import` command to specify a gzipped TAR archive is required ([dariusk](
- Change web UI to hide poll options behind content warnings ([ThibG](
- Change silencing to ensure local effects and remote effects are the same for silenced local users ([ThibG](
- Change `tootctl domains purge` to remove custom emoji as well ([Kjwon15](
- Change Docker image to keep `apt` working ([SuperSandro2000](

### Removed

- Remove `dist-upgrade` from Docker image ([SuperSandro2000](

### Fixed

- Fix RTL layout not being RTL within the columns area in web UI ([Gargron](
- Fix display of alternative text when a media attachment is not available in web UI ([ThibG](
- Fix not being able to directly switch between list timelines in web UI ([Gargron](
- Fix media sensitivity not being maintained in delete & redraft in web UI ([ThibG](
- Fix emoji picker being always displayed in web UI ([noellabo](, [yuzulabo](, [wcpaez](
- Fix potential private status leak through caching ([ThibG](
- Fix refreshing featured toots when the new collection is empty in web UI ([ThibG](
- Fix undoing domain block also undoing individual moderation on users from before the domain block ([ThibG](
- Fix time not being local in the audit log ([yuzulabo](
- Fix statuses removed by moderation re-appearing on subsequent fetches ([Kjwon15](
- Fix misattribution of inlined announces if `attributedTo` isn't present in ActivityPub ([ThibG](
- Fix `GET /api/v1/polls/:id` not requiring authentication for non-public polls ([Gargron](
- Fix handling of blank poll options in ActivityPub ([ThibG](
- Fix avatar preview aspect ratio on edit profile page ([Kjwon15](
- Fix web push notifications not being sent for polls ([ThibG](
- Fix cut off letters in last paragraph of statuses in web UI ([ariasuni](
- Fix list not being automatically unpinned when it returns 404 in web UI ([Gargron](
- Fix login sometimes redirecting to paths that are not pages ([Gargron](

## [2.8.4] - 2019-05-24
### Fixed

- Fix delivery not retrying on some inbox errors that should be retriable ([ThibG](
- Fix unnecessary 5 minute cooldowns on signature verifications in some cases ([ThibG](
- Fix possible race condition when processing statuses ([ThibG](

### Security

- Require specific OAuth scopes for specific endpoints of the streaming API, instead of merely requiring a token for all endpoints, and allow using WebSockets protocol negotiation to specify the access token instead of using a query string ([ThibG](

## [2.8.3] - 2019-05-19
### Added

- Add `og:image:alt` OpenGraph tag ([BenLubar](
- Add clickable area below avatar in statuses in web UI ([Dar13](
- Add crossed-out eye icon on account gallery in web UI ([Kjwon15](
- Add media description tooltip to thumbnails in web UI ([ThibG](

### Changed

- Change "mark as sensitive" button into a checkbox for clarity ([ThibG](

### Fixed

- Fix bug allowing users to publicly boost their private statuses ([ThibG](, [ThibG](
- Fix performance in formatter by a little ([ThibG](
- Fix some colors in the light theme ([yuzulabo](
- Fix some colors of the high contrast theme ([yuzulabo](
- Fix ambivalent active state of poll refresh button in web UI ([MaciekBaron](
- Fix duplicate posting being possible from web UI ([hinaloe](
- Fix "invited by" not showing up in admin UI ([ThibG](

## [2.8.2] - 2019-05-05
### Added

- Add `SOURCE_TAG` environment variable ([ushitora-anqou](

### Fixed

- Fix cropped hero image on frontpage ([BaptisteGelez](
- Fix blurhash gem not compiling on some operating systems ([Gargron](
- Fix unexpected CSS animations in some browsers ([ThibG](
- Fix closing video modal scrolling timelines to top ([ThibG](

## [2.8.1] - 2019-05-04
### Added

- Add link to existing domain block when trying to block an already-blocked domain ([ThibG](
- Add button to view context to media modal when opened from account gallery in web UI ([Gargron](
- Add ability to create multiple-choice polls in web UI ([ThibG](
- Add `GITHUB_REPOSITORY` and `SOURCE_BASE_URL` environment variables ([rosylilly](
- Add `/interact/` paths to `robots.txt` ([ThibG](
- Add `blurhash` to the Attachment entity in the REST API ([Gargron](

### Changed

- Change hidden media to be shown as a blurhash-based colorful gradient instead of a black box in web UI ([Gargron](
- Change rejected media to be shown as a blurhash-based gradient instead of a list of filenames in web UI ([Gargron](
- Change e-mail whitelist/blacklist to not be checked when invited ([Gargron](
- Change cache header of REST API results to no-cache ([ThibG](
- Change the "mark media as sensitive" button to be more obvious in web UI ([Gargron](, [Gargron](
- Change account gallery in web UI to display 3 columns, open media modal ([Gargron](, [Gargron](

### Fixed

- Fix LDAP/PAM/SAML/CAS users not being pre-approved ([Gargron](
- Fix accounts created through tootctl not being always pre-approved ([Gargron](
- Fix Sidekiq retrying ActivityPub processing jobs that fail validation ([ThibG](
- Fix toots not being scrolled into view sometimes through keyboard selection ([ThibG](
- Fix expired invite links being usable to bypass approval mode ([ThibG](
- Fix not being able to save e-mail preference for new pending accounts ([Gargron](
- Fix upload progressbar when image resizing is involved ([ThibG](
- Fix block action not automatically cancelling pending follow request ([ThibG](
- Fix stoplight logging to stderr separate from Rails logger ([Gargron](
- Fix sign up button not saying sign up when invite is used ([Gargron](
- Fix health checks in Docker Compose configuration ([fabianonline](
- Fix modal items not being scrollable on touch devices ([kedamaDQ](
- Fix Keybase configuration using wrong domain when a web domain is used ([BenLubar](
- Fix avatar GIFs not being animated on-hover on public profiles ([hyenagirl64](
- Fix OpenGraph parser not understanding some valid property meta tags ([da2x](
- Fix wrong fonts being displayed when Roboto is installed on user's machine ([ThibG](
- Fix confirmation modals being too narrow for a secondary action button ([ThibG](

## [2.8.0] - 2019-04-10
### Added

+ 3
- 3 View File

@@ -14,13 +14,13 @@ If your contributions are accepted into Mastodon, you can request to be paid thr

## Bug reports

Bug reports and feature suggestions can be submitted to [GitHub Issues]( Please make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected in the past using the search function. Please also use descriptive, concise titles.
Bug reports and feature suggestions must use descriptive and concise titles and be submitted to [GitHub Issues]( Please use the search function to make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected.

## Translations

You can submit translations via [Weblate]( They are periodically merged into the codebase.
You can submit translations via [Crowdin]( They are periodically merged into the codebase.

[![Mastodon translation statistics by language](](

## Pull requests

+ 31
- 20
Dockerfile View File

@@ -3,24 +3,32 @@ FROM ubuntu:18.04 as build-dep
# Use bash for the shell
SHELL ["bash", "-c"]

# Install Node
ENV NODE_VER="8.15.0"
RUN echo "Etc/UTC" > /etc/localtime && \
# Install Node v12 (LTS)
ENV NODE_VER="12.14.0"
RUN ARCH= && \
dpkgArch="$(dpkg --print-architecture)" && \
case "${dpkgArch##*-}" in \
amd64) ARCH='x64';; \
ppc64el) ARCH='ppc64le';; \
s390x) ARCH='s390x';; \
arm64) ARCH='arm64';; \
armhf) ARCH='armv7l';; \
i386) ARCH='x86';; \
*) echo "unsupported architecture"; exit 1 ;; \
esac && \
echo "Etc/UTC" > /etc/localtime && \
apt update && \
apt -y dist-upgrade && \
apt -y install wget make gcc g++ python && \
apt -y install wget python && \
cd ~ && \
wget$NODE_VER/node-v$NODE_VER.tar.gz && \
tar xf node-v$NODE_VER.tar.gz && \
cd node-v$NODE_VER && \
./configure --prefix=/opt/node && \
make -j$(nproc) > /dev/null && \
make install
wget$NODE_VER/node-v$NODE_VER-linux-$ARCH.tar.gz && \
tar xf node-v$NODE_VER-linux-$ARCH.tar.gz && \
rm node-v$NODE_VER-linux-$ARCH.tar.gz && \
mv node-v$NODE_VER-linux-$ARCH /opt/node

# Install jemalloc
ENV JE_VER="5.1.0"
ENV JE_VER="5.2.1"
RUN apt update && \
apt -y install autoconf && \
apt -y install make autoconf gcc g++ && \
cd ~ && \
wget$JE_VER.tar.gz && \
tar xf $JE_VER.tar.gz && \
@@ -31,7 +39,7 @@ RUN apt update && \
make install_bin install_include install_lib

# Install ruby
ENV RUBY_VER="2.6.1"
ENV RUBY_VER="2.6.5"
ENV CPPFLAGS="-I/opt/jemalloc/include"
ENV LDFLAGS="-L/opt/jemalloc/lib/"
RUN apt update && \
@@ -61,7 +69,9 @@ RUN npm install -g yarn && \
COPY Gemfile* package.json yarn.lock /opt/mastodon/

RUN cd /opt/mastodon && \
bundle install -j$(nproc) --deployment --without development test && \
bundle config set deployment 'true' && \
bundle config set without 'development test' && \
bundle install -j$(nproc) && \
yarn install --pure-lockfile

FROM ubuntu:18.04
@@ -80,13 +90,12 @@ ARG GID=991
RUN apt update && \
echo "Etc/UTC" > /etc/localtime && \
ln -s /opt/jemalloc/lib/* /usr/lib/ && \
apt -y dist-upgrade && \
apt install -y whois wget && \
addgroup --gid $GID mastodon && \
useradd -m -u $UID -g $GID -d /opt/mastodon mastodon && \
echo "mastodon:`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 | mkpasswd -s -m sha-256`" | chpasswd

# Install masto runtime deps
# Install mastodon runtime deps
RUN apt -y --no-install-recommends install \
libssl1.1 libpq5 imagemagick ffmpeg \
libicu60 libprotobuf10 libidn11 libyaml-0-2 \
@@ -95,7 +104,7 @@ RUN apt -y --no-install-recommends install \
ln -s /opt/mastodon /mastodon && \
gem install bundler && \
rm -rf /var/cache && \
rm -rf /var/lib/apt
rm -rf /var/lib/apt/lists/*

# Add tini
@@ -104,16 +113,17 @@ ADD${TINI_VERSION}/tini /tin
RUN echo "$TINI_SUM tini" | sha256sum -c -
RUN chmod +x /tini

# Copy over masto source, and dependencies from building, and set permissions
# Copy over mastodon source, and dependencies from building, and set permissions
COPY --chown=mastodon:mastodon . /opt/mastodon
COPY --from=build-dep --chown=mastodon:mastodon /opt/mastodon /opt/mastodon

# Run masto services in prod mode
# Run mastodon services in prod mode
ENV RAILS_ENV="production"
ENV NODE_ENV="production"

# Tell rails to serve static files

# Set the run user
USER mastodon
@@ -126,3 +136,4 @@ RUN cd ~ && \
# Set the work dir and the container entry point
WORKDIR /opt/mastodon
ENTRYPOINT ["/tini", "--"]
EXPOSE 3000 4000

+ 68
- 57
Gemfile View File

@@ -1,105 +1,116 @@
# frozen_string_literal: true

source ''
ruby '>= 2.4.0', '< 2.7.0'
ruby '>= 2.4.0', '< 3.0.0'

gem 'pkg-config', '~> 1.3'
gem 'pkg-config', '~> 1.4'

gem 'puma', '~> 3.12'
gem 'rails', '~> 5.2.3'
gem 'puma', '~> 4.3'
gem 'rails', '~> 5.2.4'
gem 'sprockets', '~> 3.7.2'
gem 'thor', '~> 0.20'
gem 'rack', '~> 2.2.2'

gem 'thwait', '~> 0.1.0'
gem 'e2mmap', '~> 0.1.0'

gem 'hamlit-rails', '~> 0.2'
gem 'pg', '~> 1.1'
gem 'pg', '~> 1.2'
gem 'makara', '~> 0.4'
gem 'pghero', '~> 2.2'
gem 'pghero', '~> 2.4'
gem 'dotenv-rails', '~> 2.7'

gem 'aws-sdk-s3', '~> 1.36', require: false
gem 'aws-sdk-s3', '~> 1.60', require: false
gem 'fog-core', '<= 2.1.0'
gem 'fog-openstack', '~> 0.3', require: false
gem 'paperclip', '~> 6.0'
gem 'paperclip-av-transcoder', '~> 0.6'
gem 'streamio-ffmpeg', '~> 3.0'
gem 'blurhash', '~> 0.1'

gem 'active_model_serializers', '~> 0.10'
gem 'addressable', '~> 2.6'
gem 'addressable', '~> 2.7'
gem 'bootsnap', '~> 1.4', require: false
gem 'browser'
gem 'charlock_holmes', '~> 0.7.6'
gem 'charlock_holmes', '~> 0.7.7'
gem 'iso-639'
gem 'chewy', '~> 5.0'
gem 'cld3', '~> 3.2.3'
gem 'devise', '~> 4.6'
gem 'devise-two-factor', '~> 3.0'
gem 'chewy', '~> 5.1'
gem 'cld3', '~> 3.2.6'
gem 'devise', '~> 4.7'
gem 'devise-two-factor', '~> 3.1'

group :pam_authentication, optional: true do
gem 'devise_pam_authenticatable2', '~> 9.2'

gem 'net-ldap', '~> 0.10'
gem 'net-ldap', '~> 0.16'
gem 'omniauth-cas', '~> 1.1'
gem 'omniauth-saml', '~> 1.10'
gem 'omniauth', '~> 1.9'

gem 'doorkeeper', '~> 5.0'
gem 'discard', '~> 1.1'
gem 'doorkeeper', '~> 5.2'
gem 'fast_blank', '~> 1.0'
gem 'fastimage'
gem 'goldfinger', '~> 2.1'
gem 'hiredis', '~> 0.6'
gem 'redis-namespace', '~> 1.5'
gem 'redis-namespace', '~> 1.7'
gem 'health_check', git: '', ref: '0b799ead604f900ed50685e9b2d469cd2befba5b'
gem 'htmlentities', '~> 4.3'
gem 'http', '~> 3.3'
gem 'http', '~> 4.3'
gem 'http_accept_language', '~> 2.1'
gem 'http_parser.rb', '~> 0.6', git: '', ref: '54b17ba8c7d8d20a16dfc65d1775241833219cf2'
gem 'httplog', '~> 1.2'
gem 'http_parser.rb', '~> 0.6', git: '', ref: '54b17ba8c7d8d20a16dfc65d1775241833219cf2', submodules: true
gem 'httplog', '~> 1.4.2'
gem 'idn-ruby', require: 'idn'
gem 'kaminari', '~> 1.1'
gem 'link_header', '~> 0.0'
gem 'mime-types', '~> 3.2', require: 'mime/types/columnar'
gem 'mime-types', '~> 3.3.1', require: 'mime/types/columnar'
gem 'nilsimsa', git: '', ref: 'fd184883048b922b176939f851338d0a4971a532'
gem 'nokogiri', '~> 1.10'
gem 'nsa', '~> 0.2'
gem 'oj', '~> 3.7'
gem 'ostatus2', '~> 2.0'
gem 'ox', '~> 2.10'
gem 'oj', '~> 3.10'
gem 'ox', '~> 2.12'
gem 'parslet'
gem 'parallel', '~> 1.19'
gem 'posix-spawn', git: '', ref: '58465d2e213991f8afb13b984854a49fcdcc980c'
gem 'pundit', '~> 2.0'
gem 'pundit', '~> 2.1'
gem 'premailer-rails'
gem 'rack-attack', '~> 5.4'
gem 'rack-cors', '~> 1.0', require: 'rack/cors'
gem 'rack-attack', '~> 6.2'
gem 'rack-cors', '~> 1.1', require: 'rack/cors'
gem 'rails-i18n', '~> 5.1'
gem 'rails-settings-cached', '~> 0.6'
gem 'redis', '~> 4.1', require: ['redis', 'redis/connection/hiredis']
gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
gem 'rqrcode', '~> 0.10'
gem 'sanitize', '~> 5.0'
gem 'rqrcode', '~> 1.1'
gem 'ruby-progressbar', '~> 1.10'
gem 'sanitize', '~> 5.1'
gem 'sidekiq', '~> 5.2'
gem 'sidekiq-scheduler', '~> 3.0'
gem 'sidekiq-unique-jobs', '~> 6.0'
gem 'sidekiq-bulk', '~>0.2.0'
gem 'simple-navigation', '~> 4.0'
gem 'simple_form', '~> 4.1'
gem 'simple-navigation', '~> 4.1'
gem 'simple_form', '~> 5.0'
gem 'sprockets-rails', '~> 3.2', require: 'sprockets/railtie'
gem 'stoplight', '~> 2.1.3'
gem 'strong_migrations', '~> 0.3'
gem 'tty-command', '~> 0.8', require: false
gem 'tty-prompt', '~> 0.18', require: false
gem 'stoplight', '~> 2.2.0'
gem 'strong_migrations', '~> 0.5'
gem 'tty-command', '~> 0.9', require: false
gem 'tty-prompt', '~> 0.20', require: false
gem 'twitter-text', '~> 1.14'
gem 'tzinfo-data', '~> 1.2019'
gem 'webpacker', '~> 4.0'
gem 'webpacker', '~> 4.2'
gem 'webpush'

gem 'json-ld', '~> 3.0'