squeegily
/
pleroma
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 42 Wiki Activity
Fork of Pleroma with site-specific changes and feature branches https://git.pleroma.social/pleroma/pleroma
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9010 Commits
154 Branches
503MB
Tree: 0e8f6d24b8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0e8f6d24b8'
${ noResults }
pleroma/CHANGELOG.md

CHANGELOG.md 38KB
Raw Normal View History

Add a changelog
5 years ago
Formatting: Do not use \n and prefer <br> instead It moves bbcode to bbcode_pleroma as the former is owned by kaniini and transfering ownership wasn't done in a timely manner. Closes: https://git.pleroma.social/pleroma/pleroma/issues/1374 Closes: https://git.pleroma.social/pleroma/pleroma/issues/1375
4 years ago
removing with_move parameter
4 years ago
include_types parameter in /api/v1/notifications
4 years ago
test for default features and changelog entry
4 years ago
restrict_unauthenticated setting
4 years ago
changelog fix
4 years ago
include_types parameter in /api/v1/notifications
4 years ago
version bump changelog and mix version
4 years ago
changelog: entries for timeline DoS fixes
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
update changelog
4 years ago
Remove MDII uploader
4 years ago
Remove user recommendation by third party engine
4 years ago
Apply suggestion to CHANGELOG.md
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Check for unapplied migrations on startup Closes #1328
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
config.exs: Re-enable rate limiter and enable remote ip
4 years ago
Disable attachment links by default Closes #1394
4 years ago
[#1478] OAuth admin tweaks: enforced OAuth admin scopes usage by default, migrated existing OAuth records. Adjusted tests.
4 years ago
Document dynamic_configuration breaking change
4 years ago
Fix the confusingly named and inverted logic of "no_attachment_links" The setting is now simply "attachment_links" and the boolean value does what you expect. A double negative is never possible and describing the functionality is no longer a philospher's worst nightmare.
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Removed duplicate Changed entry in Unreleased section of CHANGELOG.md.
4 years ago
[#1335] Added CHANGELOG.md entry.
4 years ago
Disable rate limiter for socket/localhost (unless RemoteIp is enabled)
4 years ago
Update CHANGELOG
4 years ago
truncate config table on migrate to db task
4 years ago
Allow account registration without an email
4 years ago
Document database default changes
4 years ago
Document the instance stats fix
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
EmojiReactions: Add docs and Changelog
4 years ago
Removed duplicate Changed entry in Unreleased section of CHANGELOG.md.
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Add "/api/pleroma/admin/reports/:id" -> "/api/pleroma/admin/reports" changelog entry
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Add report notes
4 years ago
mastodon API: do not sanitize html in non-html fields
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Support authentication via `x-admin-token` HTTP header
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Mastodon API, streaming: Add `pleroma.direct_conversation_id` to the `conversation` stream event payload.
4 years ago
Admin API: Render whole status in grouped reports
4 years ago
Changelog: Update with user timeline change info.
4 years ago
Update changelog
4 years ago
changelog: entries for timeline DoS fixes
4 years ago
Admin API: `PATCH /api/pleroma/admin/users/:nickname/credentials`, `GET /api/pleroma/admin/users/:nickname/credentials`.
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Add a changelog entry for poll refetching
4 years ago
Changelog: Add information about chat limit.
4 years ago
Make attachments cleanup optional
4 years ago
Add a changelog entry for poll refetching
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Add changelog entry, cheatsheet docs, and alphabetize.
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Add CLI list users command
4 years ago
Create pleroma.email mix task Closes: https://git.pleroma.social/pleroma/pleroma/issues/1061
4 years ago
Fix wrong list level in the changelog
4 years ago
Apply suggestion to CHANGELOG.md
4 years ago
update changelog
4 years ago
Add support for custom modules
4 years ago
[ActivityPub] Configurable ActivityPub actor type
4 years ago
Update CHANGELOG
4 years ago
[#1427] Reworked admin scopes support. Requalified users.is_admin flag as legacy accessor to admin actions in case token lacks admin scope(s).
4 years ago
Fix typo
4 years ago
[#1505] Added tests, changelog entry, tweaked config settings related to replies output on outgoing federation.
4 years ago
Admin API: `GET /api/pleroma/admin/stats` to get status count by visibility scope
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Update CHANGELOG and pleroma_api.md
4 years ago
Code style fixes
4 years ago
Better changelog wording
4 years ago
update changelog
4 years ago
change new scrobble endpoint
4 years ago
Revert "Add upload limits to /api/v1/instance" This reverts commit db27c0dd8b18763ff2abb124ee8d641a4580cdaa.
4 years ago
Mastodon API: Add `pleroma.unread_conversation_count` to the Account entity
4 years ago
Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes # Conflicts: # CHANGELOG.md # lib/pleroma/web/mastodon_api/controllers/account_controller.ex # lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex # lib/pleroma/web/router.ex
4 years ago
Extract RSS Feed functionality from OStatus
4 years ago
Add a task to re-count statuses for all users
4 years ago
Mastodon API: Add `exclude_visibilities` parameter to the timeline and notification endpoints
4 years ago
Deprecate /api/pleroma/admin/users/:nickname/toggle_activation instead of deleting it
4 years ago
Add "/api/pleroma/admin/reports/:id" -> "/api/pleroma/admin/reports" changelog entry
4 years ago
Add `GET /api/pleroma/admin/relay` endpoint - lists all followed relays
4 years ago
Pleroma API: `POST /api/v1/pleroma/conversations/read` to mark all user's conversations as read
4 years ago
Update CHANGELOG
4 years ago
update changelog
4 years ago
Mastodon API: Add the `recipients` parameter to `GET /api/v1/conversations`
4 years ago
add subject to atom feed
4 years ago
Merge branch 'develop' into 'reactions' # Conflicts: # CHANGELOG.md
4 years ago
Admin API: list all statuses from a given instance
4 years ago
Admin API: Exclude boosts from `GET /api/pleroma/admin/users/:nickname/statuses` and `GET /api/pleroma/admin/instance/:instance/statuses`
4 years ago
AdminAPI: Confirm user account, resend confirmation email
4 years ago
[ActivityPub] Configurable ActivityPub actor type
4 years ago
Add native captcha and enable it by default.
4 years ago
Add support for `account_id` param to filter notifications by the account
4 years ago
StatusView: Add `emoji_reactions`
4 years ago
Emoji reactions: Document changes
4 years ago
Update changelog
4 years ago
Emoji reactions: Update docs and changelog
4 years ago
add tag feeds
4 years ago
Emoji Reactions: Document changes
4 years ago
Emoji Reactions: Add documentation
4 years ago
[#1505] Added tests, changelog entry, tweaked config settings related to replies output on outgoing federation.
4 years ago
Admin API: `GET /api/pleroma/admin/stats` to get status count by visibility scope
4 years ago
Admin API: `GET /api/pleroma/admin/statuses` - list all statuses (accepts `godmode` and `local_only`)
4 years ago
Merge branch 'develop' into feature/store-statuses-data-inside-flag
4 years ago
Revert subscription refactoring. As discussed in pleroma-meta#2 This reverts commit eb9aa7aa1095de150d036839c78c402019efb4b1, reversing changes made to c4fbb56984d8f86df948cfd9b0f7c081d688c365.
4 years ago
Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Add a changelog entry for !1940
4 years ago
ActivityPub: Fix deletes being exempt from MRF Closes #1461
4 years ago
OAuth token cleanup: Get rid of compile-time configuration
4 years ago
HTML: Compile Scrubbers on boot This makes it possible to configure their behavior on OTP releases.
4 years ago
Actually fix upload limit on OTP releases Closes #1109
4 years ago
Document the favorites timeline order change
4 years ago
Update CHANGELOG
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
4 years ago
Fix get_cached_by_nickname_or_id not allowing to get local users by nickname Closes #1293
4 years ago
AdminAPI: Grouped reports old/new fix If some status received reports both in the "new" format and "old" format it was considered reports on two different statuses (in the context of grouped reports)
4 years ago
Admin API: Error when trying to update reports in the "old" format
4 years ago
Update CHANGELOG.md
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Sync develop changelog with master and create a new section for post-1.1 changes
4 years ago
changelog: sync with stable
4 years ago
changelog: add 1.1.6 entries from stable
4 years ago
Sync the changelogs between develop and stable
4 years ago
pleroma_ctl: Fix attempting to use RPC for config generation
4 years ago
Sync develop changelog with master and create a new section for post-1.1 changes
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
ostatus: explicitly disallow protocol downgrade from activitypub This closes embargoed bug #1135.
4 years ago
Mastodon API: Respect post privacy in favourited/reblogged endpoints
4 years ago
ostatus: explicitly disallow protocol downgrade from activitypub This closes embargoed bug #1135.
4 years ago
Prioritize the removal of TwitterAPI and :accept_blocks in the changelog
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Prioritize the removal of TwitterAPI and :accept_blocks in the changelog
4 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
CHANGELOG.md: Add entry for !1484 Related to: https://git.pleroma.social/pleroma/pleroma/merge_requests/1484 [ci skip]
5 years ago
Extend `/api/pleroma/notifications/read` to mark multiple notifications as read and make it respond with Mastoapi entities
4 years ago
changelog
4 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Add changelog entries for follower/following collection behaviour changes
5 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Add `mailerEnabled` to the NodeInfo metadata
5 years ago
Unfollow should also unsubscribe
5 years ago
changelog
4 years ago
AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses)
5 years ago
Update CHANGELOG
4 years ago
Return "total" optionally
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Transmogrifier: Fix follow handling when the actor is an object.
4 years ago
Add an index on object likes In !1538 favorites timeline was switched to use the joined object, but no idex on likes in the joined object was added.
4 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Add a changelog entry for !1552
4 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Mastodon API Poll view: Fix handling of polls without an end date
4 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Do not crash if one notification failed to render
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Extend Pleroma.Pagination to support offset-based pagination, use async/await to execute status and account search in parallel
5 years ago
Bugfix: muted/blocked user notification streaming
5 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Fix rich media parser failing when no TTL can be found by image TTL setters
5 years ago
rich media: parser: splice the given URL into the result
5 years ago
activitypub: publisher: align sharedinbox usage with AP specification rules While debugging the follow breakage, I observed that our sharedInbox usage did not match the rules in the specification. Accordingly, I have better aligned our usage of sharedInbox with the rules outlined in the ActivityPub specification.
5 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Fix CHANGELOG entry
4 years ago
Update CHANGELOG (add a note about !1649)
4 years ago
Fix AntiFollowbotPolicy when trying to follow a relay
4 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
docs: add documentation for MediaProxyWarmingPolicy
5 years ago
Update CHANGELOG.md
4 years ago
Merge remote-tracking branch 'origin/develop' into sixohsix/pleroma-post_expiration
4 years ago
Modify Changelog.
4 years ago
docs: add documentation for MediaProxyWarmingPolicy
5 years ago
nodeinfo: implement MRF transparency exclusions
5 years ago
Add MRF MentionPolicy for dropping posts which mention specific actors
5 years ago
Add hashtag filter to user statuses (GET /api/v1/accounts/:id/statuses)
5 years ago
Merge branch 'develop' into feature/allow-user-query-via-id
5 years ago
Docs/more mastodon api
5 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Feature/1072 muting notifications
5 years ago
Add the `blocked_by` attribute to the relationship API (`GET /api/v1/accounts/relationships`)
5 years ago
Add `domain_blocking` to the relationship API (GET /api/v1/accounts/relationships)
5 years ago
Add `pleroma.deactivated` to the Account entity (Mastodon API)
5 years ago
mastoapi password reset added rate limit to password reset configure rate limit in runtime
5 years ago
Add changelog entry for Mastodon API change
5 years ago
Apply suggestion to CHANGELOG.md
5 years ago
Sync the changelog from stable and collapse the API sections
4 years ago
Move changelog entries
5 years ago
Admin API: Allow querying user by ID
5 years ago
admin api configure changes
5 years ago
Admin changes
5 years ago
Fix/1019 correct count remote users
5 years ago
[#1062] added option to disable send email
5 years ago
[#1041] Rate-limited status actions (per user and per user+status).
5 years ago
Update CHANGELOG
4 years ago
Update CHANGELOG
5 years ago
mastoapi password reset added rate limit to password reset configure rate limit in runtime
5 years ago
update changelog
5 years ago
update changelog
5 years ago
Admin API: Endpoint for fetching latest user's statuses
5 years ago
add account confirmation email resend in mastodon api
5 years ago
Add email change endpoint
4 years ago
Log admin/moderator actions
4 years ago
Add Pleroma.Plugs.Cache
4 years ago
Track failed proxy urls and don't request them again
4 years ago
Add hashtag filter to user statuses (GET /api/v1/accounts/:id/statuses)
5 years ago
admin api configure changes
5 years ago
changelog & docs
5 years ago
add the rich media ttl based on image exp time
5 years ago
admin api configure changes
5 years ago
Sync changelogs between master and develop
4 years ago
Sync develop changelog with master and create a new section for post-1.1 changes
4 years ago
Apply suggestion to CHANGELOG.md
4 years ago
Sync develop changelog with master and create a new section for post-1.1 changes
4 years ago
Remove longfox emoji set
4 years ago
tests: fix object containment violations in the transmogrifier tests Some objects were not completely rewritten in the tests, which caused object containment violations. Fix them by rewriting the object IDs to be in an appropriate namespace.
5 years ago
BUMP OF CHICKEN 1.0
5 years ago
Mastodon API: Sanitize display names Closes #1000
5 years ago
update changelog
5 years ago
Add a changelog
5 years ago
Update changelog
5 years ago
Setting Store: Document in changelog.
5 years ago
Docs: Add Explicit addressing to Readme and changelog.
5 years ago
Update CHANGELOG.md
5 years ago
MongooseIM: Add documentation.
5 years ago
Add a changelog
5 years ago
Add a changelog entry for releases
5 years ago
Add a changelog
5 years ago
Update CHANGELOG
5 years ago
Add a changelog entry for removing embded objects mix task
5 years ago
Remove duplicated entries in users' following lists
5 years ago
Feature/896 toggling confirmation
5 years ago
it is changed in compile time we can't change module attributes and endpoint settings in runtime
5 years ago
Add a changelog entry for polls
5 years ago
Add a changelog
5 years ago
Add a changelog entry for polls
5 years ago
Make default pack extensions configurable and default to png and gif
5 years ago
Add a changelog
5 years ago
changes
5 years ago
update Changelog
5 years ago
add report uri and report to
5 years ago
Update changelog
5 years ago
Add option to restrict all users to local content
5 years ago
Extend Mastodon API with public endpoint for getting Favorites timeline of any user (#789)
5 years ago
Feature/826 healthcheck endpoint
5 years ago
Add changelog entry for mascot config
5 years ago
Add a changelog
5 years ago
Merge develop Merge conflict in lib/pleroma/activity.ex
5 years ago
Add Reports to Admin API
5 years ago
it is changed in compile time we can't change module attributes and endpoint settings in runtime
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
Apply suggestion to CHANGELOG.md
5 years ago
Changelog: Document chat token.
5 years ago
Add a changelog
5 years ago
Extend Mastodon API with public endpoint for getting Favorites timeline of any user (#789)
5 years ago
Add a changelog
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
Add a changelog entry for polls
5 years ago
Add a changelog
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
fix format Modified-by: Maksim Pechnikov <parallel588@gmail.com>
5 years ago
Add the emoji packs & finmoji removal to the changelog
5 years ago
add changelog entry for object pruning
5 years ago
[#699] add worker to clean expired oauth tokens
5 years ago
update documentation for the new MRF features [no-ci]
5 years ago
update CHANGELOG for mrf_subchain
5 years ago
updated changelog
5 years ago
Update CHANGELOG
5 years ago
docs: better description for mrf anti link spam
5 years ago
update changelog
5 years ago
Add changelog entry for syslog tag change
5 years ago
Add a changelog
5 years ago
Bind to 127.0.0.1 instead of 0.0.0.0 by default
5 years ago
Put an actual description of the vulnerability and add **Breaking:** to breaking changes
5 years ago
Configuration: Skip thread containment by default In my tests the interaction between thread containment and other restrictions makes postgresql create some very bad query plans. This caused direct messages to time out on soykaf, for example.
5 years ago
Add a changelog
5 years ago
Remove inReplyToStatusId
5 years ago
Add a changelog
5 years ago
Set default loglevel to `warn` in prod It's rare that info logs are needed to debug the issue, so I would suggest setting them to warn in prod by default to make finding the relevant parts easier and potentially even decrease cpu usage on bigger instances Closes #962
5 years ago
Add extra_cookie_attrs to changelog
5 years ago
update Changelog
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
user creation admin api will create multiple users
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
Add a changelog
5 years ago
Add a changelog entry for `pleroma.in_reply_to_account_acct`
5 years ago
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
5 years ago
Move settings to Source subentity
5 years ago
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
5 years ago
Add a changelog
5 years ago
differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip]
5 years ago
Add a changelog
5 years ago
Add the emoji packs & finmoji removal to the changelog
5 years ago
Update CHANGELOG
5 years ago
add Changelog entry
5 years ago
http: bump connection timeout to 10 seconds
5 years ago
Respond with a 404 Not implemented JSON error message when requested API is not implemented
5 years ago
Apply suggestion to CHANGELOG.md
5 years ago
Add a changelog
5 years ago
Utils: Use update_follow_state_for_all when appropriate.
5 years ago
Search: Add fts index on objects table.
5 years ago
Add a changelog
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into feature/845-improve-status-deletion
5 years ago
Add a changelog
5 years ago
update Changelog
5 years ago
Add a changelog
5 years ago
Mention Mastodon 2.8+ follow import fix in changelog
5 years ago
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
5 years ago
Add a changelog
5 years ago
Handle `reblogs` on the first follow request in MastoAPI
5 years ago
Set correct values in the MastoAPI reblog status view
5 years ago
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
5 years ago
Make irreversible field default to false in filters
5 years ago
Replace missing non-nullable Card attributes with empty strings
5 years ago
add CHANGELOG entry
5 years ago
mrf: simple policy: fix matching imported activitypub and ostatus statuses
5 years ago
Add a changelog
5 years ago
remove deprecated PleromaFE configuration
5 years ago
Feature/896 toggling confirmation
5 years ago
remove deprecated PleromaFE configuration
5 years ago
Mastodon API: Fix lists leaking private posts Our previous list visibility resolver grabbed posts if either follower collection of the user in a list who is followed is in `to` or if follower collection of the user in a list was in `cc`. This not only missed unlisted posts but also lead to leaking private posts when `fix_explicit_addressing` mistakingly started putting follower collections to `cc` (also fixed in this MR). Reported by @kurisu@iscute.moe via a DM
5 years ago
Add a changelog
5 years ago
Put an actual description of the vulnerability and add **Breaking:** to breaking changes
5 years ago
Add a changelog
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609 
  1. # Changelog

  2. All notable changes to this project will be documented in this file.

  3. 

  4. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

  5. 

  6. ## [unreleased]

  7. ### Changed

  8. - **Breaking:** BBCode and Markdown formatters will no longer return any `\n` and only use `<br/>` for newlines

  9. 

  10. ### Removed

  11. - **Breaking:** removed `with_move` parameter from notifications timeline.

  12. 

  13. ### Added

  14. - NodeInfo: `pleroma:api/v1/notifications:include_types_filter` to the `features` list.

  15. - NodeInfo: `pleroma_emoji_reactions` to the `features` list.

  16. - Configuration: `:restrict_unauthenticated` setting, restrict access for unauthenticated users to timelines (public and federate), user profiles and statuses.

  17. - New HTTP adapter [gun](https://github.com/ninenines/gun). Gun adapter requires minimum OTP version of 22.2 otherwise Pleroma won’t start. For hackney OTP update is not required.

  18. <details>

  19.   <summary>API Changes</summary>

  20. - Mastodon API: Support for `include_types` in `/api/v1/notifications`.

  21. </details>

  22. 

  23. ## [2.0.0] - 2019-03-08

  24. ### Security

  25. - Mastodon API: Fix being able to request enourmous amount of statuses in timelines leading to DoS. Now limited to 40 per request.

  26. 

  27. ### Removed

  28. - **Breaking**: Removed 1.0+ deprecated configurations `Pleroma.Upload, :strip_exif` and `:instance, :dedupe_media`

  29. - **Breaking**: OStatus protocol support

  30. - **Breaking**: MDII uploader

  31. - **Breaking**: Using third party engines for user recommendation

  32. <details>

  33.   <summary>API Changes</summary>

  34. - **Breaking**: AdminAPI: migrate_from_db endpoint

  35. </details>

  36. 

  37. ### Changed

  38. - **Breaking:** Pleroma won't start if it detects unapplied migrations

  39. - **Breaking:** Elixir >=1.8 is now required (was >= 1.7)

  40. - **Breaking:** `Pleroma.Plugs.RemoteIp` and `:rate_limiter` enabled by default. Please ensure your reverse proxy forwards the real IP!

  41. - **Breaking:** attachment links (`config :pleroma, :instance, no_attachment_links` and `config :pleroma, Pleroma.Upload, link_name`) disabled by default

  42. - **Breaking:** OAuth: defaulted `[:auth, :enforce_oauth_admin_scope_usage]` setting to `true` which demands `admin` OAuth scope to perform admin actions (in addition to `is_admin` flag on User); make sure to use bundled or newer versions of AdminFE & PleromaFE to access admin / moderator features.

  43. - **Breaking:** Dynamic configuration has been rearchitected. The `:pleroma, :instance, dynamic_configuration` setting has been replaced with `config :pleroma, configurable_from_database`. Please backup your configuration to a file and run the migration task to ensure consistency with the new schema.

  44. - **Breaking:** `:instance, no_attachment_links` has been replaced with `:instance, attachment_links` which still takes a boolean value but doesn't use double negative language.

  45. - Replaced [pleroma_job_queue](https://git.pleroma.social/pleroma/pleroma_job_queue) and `Pleroma.Web.Federator.RetryQueue` with [Oban](https://github.com/sorentwo/oban) (see [`docs/config.md`](docs/config.md) on migrating customized worker / retry settings)

  46. - Introduced [quantum](https://github.com/quantum-elixir/quantum-core) job scheduler

  47. - Enabled `:instance, extended_nickname_format` in the default config

  48. - Add `rel="ugc"` to all links in statuses, to prevent SEO spam

  49. - Extract RSS functionality from OStatus

  50. - MRF (Simple Policy): Also use `:accept`/`:reject` on the actors rather than only their activities

  51. - OStatus: Extract RSS functionality

  52. - Deprecated `User.Info` embedded schema (fields moved to `User`)

  53. - Store status data inside Flag activity

  54. - Deprecated (reorganized as `UserRelationship` entity) User fields with user AP IDs (`blocks`, `mutes`, `muted_reblogs`, `muted_notifications`, `subscribers`).

  55. - Rate limiter is now disabled for localhost/socket (unless remoteip plug is enabled)

  56. - Logger: default log level changed from `warn` to `info`.

  57. - Config mix task `migrate_to_db` truncates `config` table before migrating the config file.

  58. - Allow account registration without an email

  59. - Default to `prepare: :unnamed` in the database configuration.

  60. - Instance stats are now loaded on startup instead of being empty until next hourly job.

  61. <details>

  62.   <summary>API Changes</summary>

  63. 

  64. - **Breaking** EmojiReactions: Change endpoints and responses to align with Mastodon

  65. - **Breaking** Admin API: `PATCH /api/pleroma/admin/users/:nickname/force_password_reset` is now `PATCH /api/pleroma/admin/users/force_password_reset` (accepts `nicknames` array in the request body)

  66. - **Breaking:** Admin API: Return link alongside with token on password reset

  67. - **Breaking:** Admin API: `PUT /api/pleroma/admin/reports/:id` is now `PATCH /api/pleroma/admin/reports`, see admin_api.md for details

  68. - **Breaking:** `/api/pleroma/admin/users/invite_token` now uses `POST`, changed accepted params and returns full invite in json instead of only token string.

  69. - **Breaking** replying to reports is now "report notes", enpoint changed from `POST /api/pleroma/admin/reports/:id/respond` to `POST /api/pleroma/admin/reports/:id/notes`

  70. - Mastodon API: stopped sanitizing display names, field names and subject fields since they are supposed to be treated as plaintext

  71. - Admin API: Return `total` when querying for reports

  72. - Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`)

  73. - Admin API: Return link alongside with token on password reset

  74. - Admin API: Support authentication via `x-admin-token` HTTP header

  75. - Mastodon API: Add `pleroma.direct_conversation_id` to the status endpoint (`GET /api/v1/statuses/:id`)

  76. - Mastodon API: `pleroma.thread_muted` to the Status entity

  77. - Mastodon API: Mark the direct conversation as read for the author when they send a new direct message

  78. - Mastodon API, streaming: Add `pleroma.direct_conversation_id` to the `conversation` stream event payload.

  79. - Admin API: Render whole status in grouped reports

  80. - Mastodon API: User timelines will now respect blocks, unless you are getting the user timeline of somebody you blocked (which would be empty otherwise).

  81. - Mastodon API: Favoriting / Repeating a post multiple times will now return the identical response every time. Before, executing that action twice would return an error ("already favorited") on the second try.

  82. - Mastodon API: Limit timeline requests to 3 per timeline per 500ms per user/ip by default.

  83. - Admin API: `PATCH /api/pleroma/admin/users/:nickname/credentials` and `GET /api/pleroma/admin/users/:nickname/credentials`

  84. </details>

  85. 

  86. ### Added

  87. - `:chat_limit` option to limit chat characters.

  88. - `cleanup_attachments` option to remove attachments along with statuses. Does not affect duplicate files and attachments without status. Enabling this will increase load to database when deleting statuses on larger instances.

  89. - Refreshing poll results for remote polls

  90. - Authentication: Added rate limit for password-authorized actions / login existence checks

  91. - Static Frontend: Add the ability to render user profiles and notices server-side without requiring JS app.

  92. - Mix task to re-count statuses for all users (`mix pleroma.count_statuses`)

  93. - Mix task to list all users (`mix pleroma.user list`)

  94. - Mix task to send a test email (`mix pleroma.email test`)

  95. - Support for `X-Forwarded-For` and similar HTTP headers which used by reverse proxies to pass a real user IP address to the backend. Must not be enabled unless your instance is behind at least one reverse proxy (such as Nginx, Apache HTTPD or Varnish Cache).

  96. - MRF: New module which handles incoming posts based on their age. By default, all incoming posts that are older than 2 days will be unlisted and not shown to their followers.

  97. - User notification settings: Add `privacy_option` option.

  98. - Support for custom Elixir modules (such as MRF policies)

  99. - User settings: Add _This account is a_ option.

  100. - A new users admin digest email

  101. - OAuth: admin scopes support (relevant setting: `[:auth, :enforce_oauth_admin_scope_usage]`).

  102. - Add an option `authorized_fetch_mode` to require HTTP signatures for AP fetches.

  103. - ActivityPub: support for `replies` collection (output for outgoing federation & fetching on incoming federation).

  104. - Mix task to refresh counter cache (`mix pleroma.refresh_counter_cache`)

  105. <details>

  106.   <summary>API Changes</summary>

  107. 

  108. - Job queue stats to the healthcheck page

  109. - Admin API: Add ability to fetch reports, grouped by status `GET /api/pleroma/admin/grouped_reports`

  110. - Admin API: Add ability to require password reset

  111. - Mastodon API: Account entities now include `follow_requests_count` (planned Mastodon 3.x addition)

  112. - Pleroma API: `GET /api/v1/pleroma/accounts/:id/scrobbles` to get a list of recently scrobbled items

  113. - Pleroma API: `POST /api/v1/pleroma/scrobble` to scrobble a media item

  114. - Mastodon API: Add `upload_limit`, `avatar_upload_limit`, `background_upload_limit`, and `banner_upload_limit` to `/api/v1/instance`

  115. - Mastodon API: Add `pleroma.unread_conversation_count` to the Account entity

  116. - OAuth: support for hierarchical permissions / [Mastodon 2.4.3 OAuth permissions](https://docs.joinmastodon.org/api/permissions/)

  117. - Metadata Link: Atom syndication Feed

  118. - Mix task to re-count statuses for all users (`mix pleroma.count_statuses`)

  119. - Mastodon API: Add `exclude_visibilities` parameter to the timeline and notification endpoints

  120. - Admin API: `/users/:nickname/toggle_activation` endpoint is now deprecated in favor of: `/users/activate`, `/users/deactivate`, both accept `nicknames` array

  121. - Admin API: Multiple endpoints now require `nicknames` array, instead of singe `nickname`:

  122.   - `POST/DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group` are deprecated in favor of: `POST/DELETE /api/pleroma/admin/users/permission_group/:permission_group`

  123.   - `DELETE /api/pleroma/admin/users` (`nickname` query param or `nickname` sent in JSON body) is deprecated in favor of: `DELETE /api/pleroma/admin/users` (`nicknames` query array param or `nicknames` sent in JSON body)

  124. - Admin API: Add `GET /api/pleroma/admin/relay` endpoint - lists all followed relays

  125. - Pleroma API: `POST /api/v1/pleroma/conversations/read` to mark all conversations as read

  126. - ActivityPub: Support `Move` activities

  127. - Mastodon API: Add `/api/v1/markers` for managing timeline read markers

  128. - Mastodon API: Add the `recipients` parameter to `GET /api/v1/conversations`

  129. - Configuration: `feed` option for user atom feed.

  130. - Pleroma API: Add Emoji reactions

  131. - Admin API: Add `/api/pleroma/admin/instances/:instance/statuses` - lists all statuses from a given instance

  132. - Admin API: Add `/api/pleroma/admin/users/:nickname/statuses` - lists all statuses from a given user

  133. - Admin API: `PATCH /api/pleroma/users/confirm_email` to confirm email for multiple users, `PATCH /api/pleroma/users/resend_confirmation_email` to resend confirmation email for multiple users

  134. - ActivityPub: Configurable `type` field of the actors.

  135. - Mastodon API: `/api/v1/accounts/:id` has `source/pleroma/actor_type` field.

  136. - Mastodon API: `/api/v1/update_credentials` accepts `actor_type` field.

  137. - Captcha: Support native provider

  138. - Captcha: Enable by default

  139. - Mastodon API: Add support for `account_id` param to filter notifications by the account

  140. - Mastodon API: Add `emoji_reactions` property to Statuses

  141. - Mastodon API: Change emoji reaction reply format

  142. - Notifications: Added `pleroma:emoji_reaction` notification type

  143. - Mastodon API: Change emoji reaction reply format once more

  144. - Configuration: `feed.logo` option for tag feed.

  145. - Tag feed: `/tags/:tag.rss` - list public statuses by hashtag.

  146. - Mastodon API: Add `reacted` property to `emoji_reactions`

  147. - Pleroma API: Add reactions for a single emoji.

  148. - ActivityPub: `[:activitypub, :note_replies_output_limit]` setting sets the number of note self-replies to output on outgoing federation.

  149. - Admin API: `GET /api/pleroma/admin/stats` to get status count by visibility scope

  150. - Admin API: `GET /api/pleroma/admin/statuses` - list all statuses (accepts `godmode` and `local_only`)

  151. </details>

  152. 

  153. ### Fixed

  154. - Report emails now include functional links to profiles of remote user accounts

  155. - Not being able to log in to some third-party apps when logged in to MastoFE

  156. - MRF: `Delete` activities being exempt from MRF policies

  157. - OTP releases: Not being able to configure OAuth expired token cleanup interval

  158. - OTP releases: Not being able to configure HTML sanitization policy

  159. - OTP releases: Not being able to change upload limit (again)

  160. - Favorites timeline now ordered by favorite date instead of post date

  161. - Support for cancellation of a follow request

  162. <details>

  163.   <summary>API Changes</summary>

  164. 

  165. - Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)

  166. - Mastodon API: Inability to get some local users by nickname in `/api/v1/accounts/:id_or_nickname`

  167. - AdminAPI: If some status received reports both in the "new" format and "old" format it was considered reports on two different statuses (in the context of grouped reports)

  168. - Admin API: Error when trying to update reports in the "old" format

  169. - Mastodon API: Marking a conversation as read (`POST /api/v1/conversations/:id/read`) now no longer brings it to the top in the user's direct conversation list

  170. </details>

  171. 

  172. ## [1.1.9] - 2020-02-10

  173. ### Fixed

  174. - OTP: Inability to set the upload limit (again)

  175. - Not being able to pin polls

  176. - Streaming API: incorrect handling of reblog mutes

  177. - Rejecting the user when field length limit is exceeded

  178. - OpenGraph provider: html entities in descriptions

  179. 

  180. ## [1.1.8] - 2020-01-10

  181. ### Fixed

  182. - Captcha generation issues

  183. - Returned Kocaptcha endpoint to configuration

  184. - Captcha validity is now 5 minutes

  185. 

  186. ## [1.1.7] - 2019-12-13

  187. ### Fixed

  188. - OTP: Inability to set the upload limit

  189. - OTP: Inability to override node name/distribution type to run 2 Pleroma instances on the same machine

  190. 

  191. ### Added

  192. - Integrated captcha provider

  193. 

  194. ### Changed

  195. - Captcha enabled by default

  196. - Default Captcha provider changed from `Pleroma.Captcha.Kocaptcha` to `Pleroma.Captcha.Native`

  197. - Better `Cache-Control` header for static content

  198. 

  199. ### Bundled Pleroma-FE Changes

  200. #### Added

  201. - Icons in the navigation panel

  202. 

  203. #### Fixed

  204. - Improved support unauthenticated view of private instances

  205. 

  206. #### Removed

  207. - Whitespace hack on empty post content

  208. 

  209. ## [1.1.6] - 2019-11-19

  210. ### Fixed

  211. - Not being able to log into to third party apps when the browser is logged into mastofe

  212. - Email confirmation not being required even when enabled

  213. - Mastodon API: conversations API crashing when one status is malformed

  214. 

  215. ### Bundled Pleroma-FE Changes

  216. #### Added

  217. - About page

  218. - Meme arrows

  219. 

  220. #### Fixed

  221. - Image modal not closing unless clicked outside of image

  222. - Attachment upload spinner not being centered

  223. - Showing follow counters being 0 when they are actually hidden

  224. 

  225. ## [1.1.5] - 2019-11-09

  226. ### Fixed

  227. - Polls having different numbers in timelines/notifications/poll api endpoints due to cache desyncronization

  228. - Pleroma API: OAuth token endpoint not being found when ".json" suffix is appended

  229. 

  230. ### Changed

  231. - Frontend bundle updated to [044c9ad0](https://git.pleroma.social/pleroma/pleroma-fe/commit/044c9ad0562af059dd961d50961a3880fca9c642)

  232. 

  233. ## [1.1.4] - 2019-11-01

  234. ### Fixed

  235. - Added a migration that fills up empty user.info fields to prevent breakage after previous unsafe migrations.

  236. - Failure to migrate from pre-1.0.0 versions

  237. - Mastodon API: Notification stream not including follow notifications

  238. 

  239. ## [1.1.3] - 2019-10-25

  240. ### Fixed

  241. - Blocked users showing up in notifications collapsed as if they were muted

  242. - `pleroma_ctl` not working on Debian's default shell

  243. 

  244. ## [1.1.2] - 2019-10-18

  245. ### Fixed

  246. - `pleroma_ctl` trying to connect to a running instance when generating the config, which of course doesn't exist.

  247. 

  248. ## [1.1.1] - 2019-10-18

  249. ### Fixed

  250. - One of the migrations between 1.0.0 and 1.1.0 wiping user info of the relay user because of unexpected behavior of postgresql's `jsonb_set`, resulting in inability to post in the default configuration. If you were affected, please run the following query in postgres console, the relay user will be recreated automatically:

  251. ```

  252. delete from users where ap_id = 'https://your.instance.hostname/relay';

  253. ```

  254. - Bad user search matches

  255. 

  256. ## [1.1.0] - 2019-10-14

  257. **Breaking:** The stable branch has been changed from `master` to `stable`. If you want to keep using 1.0, the `release/1.0` branch will receive security updates for 6 months after 1.1 release.

  258. 

  259. **OTP Note:** `pleroma_ctl` in 1.0 defaults to `master` and doesn't support specifying arbitrary branches, making `./pleroma_ctl update` fail. To fix this, fetch a version of `pleroma_ctl` from 1.1 using the command below and proceed with the update normally:

  260. ```

  261. curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/develop/rel/files/bin/pleroma_ctl'

  262. ```

  263. ### Security

  264. - Mastodon API: respect post privacy in `/api/v1/statuses/:id/{favourited,reblogged}_by`

  265. 

  266. ### Removed

  267. - **Breaking:** GNU Social API with Qvitter extensions support

  268. - Emoji: Remove longfox emojis.

  269. - Remove `Reply-To` header from report emails for admins.

  270. - ActivityPub: The `/objects/:uuid/likes` endpoint.

  271. 

  272. ### Changed

  273. - **Breaking:** Configuration: A setting to explicitly disable the mailer was added, defaulting to true, if you are using a mailer add `config :pleroma, Pleroma.Emails.Mailer, enabled: true` to your config

  274. - **Breaking:** Configuration: `/media/` is now removed when `base_url` is configured, append `/media/` to your `base_url` config to keep the old behaviour if desired

  275. - **Breaking:** `/api/pleroma/notifications/read` is moved to `/api/v1/pleroma/notifications/read` and now supports `max_id` and responds with Mastodon API entities.

  276. - Configuration: added `config/description.exs`, from which `docs/config.md` is generated

  277. - Configuration: OpenGraph and TwitterCard providers enabled by default

  278. - Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text

  279. - Federation: Return 403 errors when trying to request pages from a user's follower/following collections if they have `hide_followers`/`hide_follows` set

  280. - NodeInfo: Return `skipThreadContainment` in `metadata` for the `skip_thread_containment` option

  281. - NodeInfo: Return `mailerEnabled` in `metadata`

  282. - Mastodon API: Unsubscribe followers when they unfollow a user

  283. - Mastodon API: `pleroma.thread_muted` key in the Status entity

  284. - AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses)

  285. - Improve digest email template

  286. – Pagination: (optional) return `total` alongside with `items` when paginating

  287. - The `Pleroma.FlakeId` module has been replaced with the `flake_id` library.

  288. 

  289. ### Fixed

  290. - Following from Osada

  291. - Favorites timeline doing database-intensive queries

  292. - Metadata rendering errors resulting in the entire page being inaccessible

  293. - `federation_incoming_replies_max_depth` option being ignored in certain cases

  294. - Mastodon API: Handling of search timeouts (`/api/v1/search` and `/api/v2/search`)

  295. - Mastodon API: Misskey's endless polls being unable to render

  296. - Mastodon API: Embedded relationships not being properly rendered in the Account entity of Status entity

  297. - Mastodon API: Notifications endpoint crashing if one notification failed to render

  298. - Mastodon API: `exclude_replies` is correctly handled again.

  299. - Mastodon API: Add `account_id`, `type`, `offset`, and `limit` to search API (`/api/v1/search` and `/api/v2/search`)

  300. - Mastodon API, streaming: Fix filtering of notifications based on blocks/mutes/thread mutes

  301. - Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)

  302. - Mastodon API: Ensure the `account` field is not empty when rendering Notification entities.

  303. - Mastodon API: Inability to get some local users by nickname in `/api/v1/accounts/:id_or_nickname`

  304. - Mastodon API: Blocks are now treated consistently between the Streaming API and the Timeline APIs

  305. - Rich Media: Parser failing when no TTL can be found by image TTL setters

  306. - Rich Media: The crawled URL is now spliced into the rich media data.

  307. - ActivityPub S2S: sharedInbox usage has been mostly aligned with the rules in the AP specification.

  308. - ActivityPub C2S: follower/following collection pages being inaccessible even when authentifucated if `hide_followers`/ `hide_follows` was set

  309. - ActivityPub: Deactivated user deletion

  310. - ActivityPub: Fix `/users/:nickname/inbox` crashing without an authenticated user

  311. - MRF: fix ability to follow a relay when AntiFollowbotPolicy was enabled

  312. - ActivityPub: Correct addressing of Undo.

  313. - ActivityPub: Correct addressing of profile update activities.

  314. - ActivityPub: Polls are now refreshed when necessary.

  315. - Report emails now include functional links to profiles of remote user accounts

  316. - Existing user id not being preserved on insert conflict

  317. - Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected.

  318. - Report email not being sent to admins when the reporter is a remote user

  319. - Reverse Proxy limiting `max_body_length` was incorrectly defined and only checked `Content-Length` headers which may not be sufficient in some circumstances

  320. 

  321. ### Added

  322. - Expiring/ephemeral activites. All activities can have expires_at value set, which controls when they should be deleted automatically.

  323. - Mastodon API: in post_status, the expires_in parameter lets you set the number of seconds until an activity expires. It must be at least one hour.

  324. - Mastodon API: all status JSON responses contain a `pleroma.expires_at` item which states when an activity will expire. The value is only shown to the user who created the activity. To everyone else it's empty.

  325. - Configuration: `ActivityExpiration.enabled` controls whether expired activites will get deleted at the appropriate time. Enabled by default.

  326. - Conversations: Add Pleroma-specific conversation endpoints and status posting extensions. Run the `bump_all_conversations` task again to create the necessary data.

  327. - MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)

  328. - MRF: Support for excluding specific domains from Transparency.

  329. - MRF: Support for filtering posts based on who they mention (`Pleroma.Web.ActivityPub.MRF.MentionPolicy`)

  330. - Mastodon API: Support for the [`tagged` filter](https://github.com/tootsuite/mastodon/pull/9755) in [`GET /api/v1/accounts/:id/statuses`](https://docs.joinmastodon.org/api/rest/accounts/#get-api-v1-accounts-id-statuses)

  331. - Mastodon API, streaming: Add support for passing the token in the `Sec-WebSocket-Protocol` header

  332. - Mastodon API, extension: Ability to reset avatar, profile banner, and background

  333. - Mastodon API: Add support for `fields_attributes` API parameter (setting custom fields)

  334. - Mastodon API: Add support for categories for custom emojis by reusing the group feature. <https://github.com/tootsuite/mastodon/pull/11196>

  335. - Mastodon API: Add support for muting/unmuting notifications

  336. - Mastodon API: Add support for the `blocked_by` attribute in the relationship API (`GET /api/v1/accounts/relationships`). <https://github.com/tootsuite/mastodon/pull/10373>

  337. - Mastodon API: Add support for the `domain_blocking` attribute in the relationship API (`GET /api/v1/accounts/relationships`).

  338. - Mastodon API: Add `pleroma.deactivated` to the Account entity

  339. - Mastodon API: added `/auth/password` endpoint for password reset with rate limit.

  340. - Mastodon API: /api/v1/accounts/:id/statuses now supports nicknames or user id

  341. - Mastodon API: Improve support for the user profile custom fields

  342. - Mastodon API: Add support for `fields_attributes` API parameter (setting custom fields)

  343. - Mastodon API: Added an endpoint to get multiple statuses by IDs (`GET /api/v1/statuses/?ids[]=1&ids[]=2`)

  344. - Admin API: Return users' tags when querying reports

  345. - Admin API: Return avatar and display name when querying users

  346. - Admin API: Allow querying user by ID

  347. - Admin API: Added support for `tuples`.

  348. - Admin API: Added endpoints to run mix tasks pleroma.config migrate_to_db & pleroma.config migrate_from_db

  349. - Added synchronization of following/followers counters for external users

  350. - Configuration: `enabled` option for `Pleroma.Emails.Mailer`, defaulting to `false`.

  351. - Configuration: Pleroma.Plugs.RateLimiter `bucket_name`, `params` options.

  352. - Configuration: `user_bio_length` and `user_name_length` options.

  353. - Addressable lists

  354. - Twitter API: added rate limit for `/api/account/password_reset` endpoint.

  355. - ActivityPub: Add an internal service actor for fetching ActivityPub objects.

  356. - ActivityPub: Optional signing of ActivityPub object fetches.

  357. - Admin API: Endpoint for fetching latest user's statuses

  358. - Pleroma API: Add `/api/v1/pleroma/accounts/confirmation_resend?email=<email>` for resending account confirmation.

  359. - Pleroma API: Email change endpoint.

  360. - Admin API: Added moderation log

  361. - Web response cache (currently, enabled for ActivityPub)

  362. - Reverse Proxy: Do not retry failed requests to limit pressure on the peer

  363. 

  364. ### Changed

  365. - Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text

  366. - Admin API: changed json structure for saving config settings.

  367. - RichMedia: parsers and their order are configured in `rich_media` config.

  368. - RichMedia: add the rich media ttl based on image expiration time.

  369. 

  370. ## [1.0.7] - 2019-09-26

  371. ### Fixed

  372. - Broken federation on Erlang 22 (previous versions of hackney http client were using an option that got deprecated)

  373. ### Changed

  374. - ActivityPub: The first page in inboxes/outboxes is no longer embedded.

  375. 

  376. ## [1.0.6] - 2019-08-14

  377. ### Fixed

  378. - MRF: fix use of unserializable keyword lists in describe() implementations

  379. - ActivityPub S2S: POST requests are now signed with `(request-target)` pseudo-header.

  380. 

  381. ## [1.0.5] - 2019-08-13

  382. ### Fixed

  383. - Mastodon API: follower/following counters not being nullified, when `hide_follows`/`hide_followers` is set

  384. - Mastodon API: `muted` in the Status entity, using author's account to determine if the thread was muted

  385. - Mastodon API: return the actual profile URL in the Account entity's `url` property when appropriate

  386. - Templates: properly style anchor tags

  387. - Objects being re-embedded to activities after being updated (e.g faved/reposted). Running 'mix pleroma.database prune_objects' again is advised.

  388. - Not being able to access the Mastodon FE login page on private instances

  389. - MRF: ensure that subdomain_match calls are case-insensitive

  390. - Fix internal server error when using the healthcheck API.

  391. 

  392. ### Added

  393. - **Breaking:** MRF describe API, which adds support for exposing configuration information about MRF policies to NodeInfo.

  394.   Custom modules will need to be updated by adding, at the very least, `def describe, do: {:ok, %{}}` to the MRF policy modules.

  395. - Relays: Added a task to list relay subscriptions.

  396. - MRF: Support for filtering posts based on ActivityStreams vocabulary (`Pleroma.Web.ActivityPub.MRF.VocabularyPolicy`)

  397. - MRF (Simple Policy): Support for wildcard domains.

  398. - Support for wildcard domains in user domain blocks setting.

  399. - Configuration: `quarantined_instances` support wildcard domains.

  400. - Mix Tasks: `mix pleroma.database fix_likes_collections`

  401. - Configuration: `federation_incoming_replies_max_depth` option

  402. 

  403. ### Removed

  404. - Federation: Remove `likes` from objects.

  405. - **Breaking:** ActivityPub: The `accept_blocks` configuration setting.

  406. 

  407. ## [1.0.4] - 2019-08-01

  408. ### Fixed

  409. - Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag

  410. 

  411. ## [1.0.3] - 2019-07-31

  412. ### Security

  413. - OStatus: eliminate the possibility of a protocol downgrade attack.

  414. - OStatus: prevent following locked accounts, bypassing the approval process.

  415. - TwitterAPI: use CommonAPI to handle remote follows instead of OStatus.

  416. 

  417. ## [1.0.2] - 2019-07-28

  418. ### Fixed

  419. - Not being able to pin unlisted posts

  420. - Mastodon API: represent poll IDs as strings

  421. - MediaProxy: fix matching filenames

  422. - MediaProxy: fix filename encoding

  423. - Migrations: fix a sporadic migration failure

  424. - Metadata rendering errors resulting in the entire page being inaccessible

  425. - Federation/MediaProxy not working with instances that have wrong certificate order

  426. - ActivityPub S2S: remote user deletions now work the same as local user deletions.

  427. 

  428. ### Changed

  429. - Configuration: OpenGraph and TwitterCard providers enabled by default

  430. - Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text

  431. 

  432. ## [1.0.1] - 2019-07-14

  433. ### Security

  434. - OStatus: fix an object spoofing vulnerability.

  435. 

  436. ## [1.0.0] - 2019-06-29

  437. ### Security

  438. - Mastodon API: Fix display names not being sanitized

  439. - Rich media: Do not crawl private IP ranges

  440. 

  441. ### Added

  442. - Digest email for inactive users

  443. - Add a generic settings store for frontends / clients to use.

  444. - Explicit addressing option for posting.

  445. - Optional SSH access mode. (Needs `erlang-ssh` package on some distributions).

  446. - [MongooseIM](https://github.com/esl/MongooseIM) http authentication support.

  447. - LDAP authentication

  448. - External OAuth provider authentication

  449. - Support for building a release using [`mix release`](https://hexdocs.pm/mix/master/Mix.Tasks.Release.html)

  450. - A [job queue](https://git.pleroma.social/pleroma/pleroma_job_queue) for federation, emails, web push, etc.

  451. - [Prometheus](https://prometheus.io/) metrics

  452. - Support for Mastodon's remote interaction

  453. - Mix Tasks: `mix pleroma.database bump_all_conversations`

  454. - Mix Tasks: `mix pleroma.database remove_embedded_objects`

  455. - Mix Tasks: `mix pleroma.database update_users_following_followers_counts`

  456. - Mix Tasks: `mix pleroma.user toggle_confirmed`

  457. - Mix Tasks: `mix pleroma.config migrate_to_db`

  458. - Mix Tasks: `mix pleroma.config migrate_from_db`

  459. - Federation: Support for `Question` and `Answer` objects

  460. - Federation: Support for reports

  461. - Configuration: `poll_limits` option

  462. - Configuration: `pack_extensions` option

  463. - Configuration: `safe_dm_mentions` option

  464. - Configuration: `link_name` option

  465. - Configuration: `fetch_initial_posts` option

  466. - Configuration: `notify_email` option

  467. - Configuration: Media proxy `whitelist` option

  468. - Configuration: `report_uri` option

  469. - Configuration: `email_notifications` option

  470. - Configuration: `limit_to_local_content` option

  471. - Pleroma API: User subscriptions

  472. - Pleroma API: Healthcheck endpoint

  473. - Pleroma API: `/api/v1/pleroma/mascot` per-user frontend mascot configuration endpoints

  474. - Admin API: Endpoints for listing/revoking invite tokens

  475. - Admin API: Endpoints for making users follow/unfollow each other

  476. - Admin API: added filters (role, tags, email, name) for users endpoint

  477. - Admin API: Endpoints for managing reports

  478. - Admin API: Endpoints for deleting and changing the scope of individual reported statuses

  479. - Admin API: Endpoints to view and change config settings.

  480. - AdminFE: initial release with basic user management accessible at /pleroma/admin/

  481. - Mastodon API: Add chat token to `verify_credentials` response

  482. - Mastodon API: Add background image setting to `update_credentials`

  483. - Mastodon API: [Scheduled statuses](https://docs.joinmastodon.org/api/rest/scheduled-statuses/)

  484. - Mastodon API: `/api/v1/notifications/destroy_multiple` (glitch-soc extension)

  485. - Mastodon API: `/api/v1/pleroma/accounts/:id/favourites` (API extension)

  486. - Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/)

  487. - Mastodon API: `POST /api/v1/accounts` (account creation API)

  488. - Mastodon API: [Polls](https://docs.joinmastodon.org/api/rest/polls/)

  489. - ActivityPub C2S: OAuth endpoints

  490. - Metadata: RelMe provider

  491. - OAuth: added support for refresh tokens

  492. - Emoji packs and emoji pack manager

  493. - Object pruning (`mix pleroma.database prune_objects`)

  494. - OAuth: added job to clean expired access tokens

  495. - MRF: Support for rejecting reports from specific instances (`mrf_simple`)

  496. - MRF: Support for stripping avatars and banner images from specific instances (`mrf_simple`)

  497. - MRF: Support for running subchains.

  498. - Configuration: `skip_thread_containment` option

  499. - Configuration: `rate_limit` option. See `Pleroma.Plugs.RateLimiter` documentation for details.

  500. - MRF: Support for filtering out likely spam messages by rejecting posts from new users that contain links.

  501. - Configuration: `ignore_hosts` option

  502. - Configuration: `ignore_tld` option

  503. - Configuration: default syslog tag "Pleroma" is now lowercased to "pleroma"

  504. 

  505. ### Changed

  506. - **Breaking:** bind to 127.0.0.1 instead of 0.0.0.0 by default

  507. - **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer

  508. - Thread containment / test for complete visibility will be skipped by default.

  509. - Enforcement of OAuth scopes

  510. - Add multiple use/time expiring invite token

  511. - Restyled OAuth pages to fit with Pleroma's default theme

  512. - Link/mention/hashtag detection is now handled by [auto_linker](https://git.pleroma.social/pleroma/auto_linker)

  513. - NodeInfo: Return `safe_dm_mentions` feature flag

  514. - Federation: Expand the audience of delete activities to all recipients of the deleted object

  515. - Federation: Removed `inReplyToStatusId` from objects

  516. - Configuration: Dedupe enabled by default

  517. - Configuration: Default log level in `prod` environment is now set to `warn`

  518. - Configuration: Added `extra_cookie_attrs` for setting non-standard cookie attributes. Defaults to ["SameSite=Lax"] so that remote follows work.

  519. - Timelines: Messages involving people you have blocked will be excluded from the timeline in all cases instead of just repeats.

  520. - Admin API: Move the user related API to `api/pleroma/admin/users`

  521. - Admin API: `POST /api/pleroma/admin/users` will take list of users

  522. - Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change

  523. - Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications`

  524. - Mastodon API: Add `languages` and `registrations` to `/api/v1/instance`

  525. - Mastodon API: Provide plaintext versions of cw/content in the Status entity

  526. - Mastodon API: Add `pleroma.conversation_id`, `pleroma.in_reply_to_account_acct` fields to the Status entity

  527. - Mastodon API: Add `pleroma.tags`, `pleroma.relationship{}`, `pleroma.is_moderator`, `pleroma.is_admin`, `pleroma.confirmation_pending`, `pleroma.hide_followers`, `pleroma.hide_follows`, `pleroma.hide_favorites` fields to the User entity

  528. - Mastodon API: Add `pleroma.show_role`, `pleroma.no_rich_text` fields to the Source subentity

  529. - Mastodon API: Add support for updating `no_rich_text`, `hide_followers`, `hide_follows`, `hide_favorites`, `show_role` in `PATCH /api/v1/update_credentials`

  530. - Mastodon API: Add `pleroma.is_seen` to the Notification entity

  531. - Mastodon API: Add `pleroma.local` to the Status entity

  532. - Mastodon API: Add `preview` parameter to `POST /api/v1/statuses`

  533. - Mastodon API: Add `with_muted` parameter to timeline endpoints

  534. - Mastodon API: Actual reblog hiding instead of a dummy

  535. - Mastodon API: Remove attachment limit in the Status entity

  536. - Mastodon API: Added support max_id & since_id for bookmark timeline endpoints.

  537. - Deps: Updated Cowboy to 2.6

  538. - Deps: Updated Ecto to 3.0.7

  539. - Don't ship finmoji by default, they can be installed as an emoji pack

  540. - Hide deactivated users and their statuses

  541. - Posts which are marked sensitive or tagged nsfw no longer have link previews.

  542. - HTTP connection timeout is now set to 10 seconds.

  543. - Respond with a 404 Not implemented JSON error message when requested API is not implemented

  544. - Rich Media: crawl only https URLs.

  545. 

  546. ### Fixed

  547. - Follow requests don't get 'stuck' anymore.

  548. - Added an FTS index on objects. Running `vacuum analyze` and setting a larger `work_mem` is recommended.

  549. - Followers counter not being updated when a follower is blocked

  550. - Deactivated users being able to request an access token

  551. - Limit on request body in rich media/relme parsers being ignored resulting in a possible memory leak

  552. - Proper Twitter Card generation instead of a dummy

  553. - Deletions failing for users with a large number of posts

  554. - NodeInfo: Include admins in `staffAccounts`

  555. - ActivityPub: Crashing when requesting empty local user's outbox

  556. - Federation: Handling of objects without `summary` property

  557. - Federation: Add a language tag to activities as required by ActivityStreams 2.0

  558. - Federation: Do not federate avatar/banner if set to default allowing other servers/clients to use their defaults

  559. - Federation: Cope with missing or explicitly nulled address lists

  560. - Federation: Explicitly ensure activities addressed to `as:Public` become addressed to the followers collection

  561. - Federation: Better cope with actors which do not declare a followers collection and use `as:Public` with these semantics

  562. - Federation: Follow requests from remote users who have been blocked will be automatically rejected if appropriate

  563. - MediaProxy: Parse name from content disposition headers even for non-whitelisted types

  564. - MediaProxy: S3 link encoding

  565. - Rich Media: Reject any data which cannot be explicitly encoded into JSON

  566. - Pleroma API: Importing follows from Mastodon 2.8+

  567. - Twitter API: Exposing default scope, `no_rich_text` of the user to anyone

  568. - Twitter API: Returning the `role` object in user entity despite `show_role = false`

  569. - Mastodon API: `/api/v1/favourites` serving only public activities

  570. - Mastodon API: Reblogs having `in_reply_to_id` - `null` even when they are replies

  571. - Mastodon API: Streaming API broadcasting wrong activity id

  572. - Mastodon API: 500 errors when requesting a card for a private conversation

  573. - Mastodon API: Handling of `reblogs` in `/api/v1/accounts/:id/follow`

  574. - Mastodon API: Correct `reblogged`, `favourited`, and `bookmarked` values in the reblog status JSON

  575. - Mastodon API: Exposing default scope of the user to anyone

  576. - Mastodon API: Make `irreversible` field default to `false` [`POST /api/v1/filters`]

  577. - Mastodon API: Replace missing non-nullable Card attributes with empty strings

  578. - User-Agent is now sent correctly for all HTTP requests.

  579. - MRF: Simple policy now properly delists imported or relayed statuses

  580. 

  581. ## Removed

  582. - Configuration: `config :pleroma, :fe` in favor of the more flexible `config :pleroma, :frontend_configurations`

  583. 

  584. ## [0.9.99999] - 2019-05-31

  585. ### Security

  586. - Mastodon API: Fix lists leaking private posts

  587. 

  588. ## [0.9.9999] - 2019-04-05

  589. ### Security

  590. - Mastodon API: Fix content warnings skipping HTML sanitization

  591. 

  592. ## [0.9.999] - 2019-03-13

  593. Frontend changes only.

  594. ### Added

  595. - Added floating action button for posting status on mobile

  596. ### Changed

  597. - Changed user-settings icon to a pencil

  598. ### Fixed

  599. - Keyboard shortcuts activating when typing a message

  600. - Gaps when scrolling down on a timeline after showing new

  601. 

  602. ## [0.9.99] - 2019-03-08

  603. ### Changed

  604. - Update the frontend to the 0.9.99 tag

  605. ### Fixed

  606. - Sign the date header in federation to fix Mastodon federation.

  607. 

  608. ## [0.9.9] - 2019-02-22

  609. This is our first stable release.