squeegily
/
pleroma
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 42 Wiki Activity
Fork of Pleroma with site-specific changes and feature branches https://git.pleroma.social/pleroma/pleroma
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6373 Commits
154 Branches
503MB
Tree: cd78e63a25
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cd78e63a25'
${ noResults }
pleroma/CHANGELOG.md

CHANGELOG.md 18KB
Raw Normal View History

Add a changelog
5 years ago
docs: add documentation for MediaProxyWarmingPolicy
5 years ago
ostatus: explicitly disallow protocol downgrade from activitypub This closes embargoed bug #1135.
5 years ago
Add a changelog entry for disallowing locked accounts follows over OStatus
5 years ago
ostatus: explicitly disallow protocol downgrade from activitypub This closes embargoed bug #1135.
5 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
CHANGELOG.md: Add entry for !1484 Related to: https://git.pleroma.social/pleroma/pleroma/merge_requests/1484 [ci skip]
5 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Add changelog entries for follower/following collection behaviour changes
5 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Add `mailerEnabled` to the NodeInfo metadata
5 years ago
Unfollow should also unsubscribe
5 years ago
AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses)
5 years ago
Update CHANGELOG
4 years ago
[#1149] Introduced `quantum` job scheduler. Documentation & config changes.
4 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Do not rembed the object after updating it
4 years ago
Add an index on object likes In !1538 favorites timeline was switched to use the joined object, but no idex on likes in the joined object was added.
4 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Add a changelog entry for !1552
4 years ago
Add a changelog entry for tolerating incorrect chain order
5 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
Mastodon API: Set follower/following counters to 0 when hiding followers/following is enabled We are already doing that in AP representation, so I think we should do it here as well for consistency.
4 years ago
Mastodon API: Fix thread mute detection It was calling CommonAPI.thread_muted? with post author's account instead of viewer's one.
4 years ago
Extend Pleroma.Pagination to support offset-based pagination, use async/await to execute status and account search in parallel
5 years ago
Bugfix: muted/blocked user notification streaming
5 years ago
Add changelog entries for follower/following collection behaviour changes
5 years ago
[#1112] Preserving `id` on user insert conflict on order not to violate conversation_partipations_user_id_fkey constraint.
5 years ago
Fix rich media parser failing when no TTL can be found by image TTL setters
5 years ago
rich media: parser: splice the given URL into the result
5 years ago
activitypub: publisher: align sharedinbox usage with AP specification rules While debugging the follow breakage, I observed that our sharedInbox usage did not match the rules in the specification. Accordingly, I have better aligned our usage of sharedInbox with the rules outlined in the ActivityPub specification.
5 years ago
transmogrifier: use User.delete() instead of handrolled user deletion code for remote users Closes #1104
5 years ago
activitypub: publisher: add (request-target) to http signature when POSTing
4 years ago
Redirect not logged-in users to the MastoFE login page on private instances
5 years ago
Fix Invalid SemVer version generation when the current branch does not have commits ahead of tag/checked out on a tag
5 years ago
Fix/mediaproxy whitelist base url
5 years ago
Remove Reply-To from report emails
4 years ago
MRF: ensure that subdomain_match calls are case-insensitive
4 years ago
Add changelog entry too
4 years ago
MRF: fix up unserializable option lists in describe implementations
4 years ago
Fix CHANGELOG entry
4 years ago
Add a breaking changelog entry for explicitly disabling the mailer and reorder changelog sections in order of importance
5 years ago
docs: add documentation for MediaProxyWarmingPolicy
5 years ago
Modify Changelog.
4 years ago
update changelog to cover MRF describe API.
4 years ago
docs: add documentation for MediaProxyWarmingPolicy
5 years ago
nodeinfo: implement MRF transparency exclusions
5 years ago
Add MRF MentionPolicy for dropping posts which mention specific actors
5 years ago
update changelog for mrf_vocabulary
4 years ago
changelog
5 years ago
[#1041] Rate-limited status actions (per user and per user+status).
5 years ago
Add hashtag filter to user statuses (GET /api/v1/accounts/:id/statuses)
5 years ago
Merge branch 'develop' into feature/allow-user-query-via-id
5 years ago
Docs/more mastodon api
5 years ago
Feature/1072 muting notifications
5 years ago
Add the `blocked_by` attribute to the relationship API (`GET /api/v1/accounts/relationships`)
5 years ago
Add `domain_blocking` to the relationship API (GET /api/v1/accounts/relationships)
5 years ago
Add `pleroma.deactivated` to the Account entity (Mastodon API)
5 years ago
mastoapi password reset added rate limit to password reset configure rate limit in runtime
5 years ago
Add changelog entry for Mastodon API change
5 years ago
Apply suggestion to CHANGELOG.md
5 years ago
Move changelog entries
5 years ago
Admin API: Allow querying user by ID
5 years ago
admin api configure changes
5 years ago
Admin changes
5 years ago
Fix/1019 correct count remote users
5 years ago
[#1062] added option to disable send email
5 years ago
[#1041] Rate-limited status actions (per user and per user+status).
5 years ago
Update CHANGELOG
4 years ago
Update CHANGELOG
5 years ago
mastoapi password reset added rate limit to password reset configure rate limit in runtime
5 years ago
update changelog
5 years ago
update changelog
5 years ago
Admin API: Endpoint for fetching latest user's statuses
5 years ago
add account confirmation email resend in mastodon api
5 years ago
tasks: relay: add list task
4 years ago
Strip internal fields including likes from incoming and outgoing activities
4 years ago
Add hashtag filter to user statuses (GET /api/v1/accounts/:id/statuses)
5 years ago
admin api configure changes
5 years ago
changelog & docs
5 years ago
add the rich media ttl based on image exp time
5 years ago
admin api configure changes
5 years ago
Remove longfox emoji set
4 years ago
Remove Reply-To from report emails
4 years ago
config: remove legacy activitypub accept_blocks setting Anyone who is interested in dropping blocks can write their own MRF policy at this point. This setting predated the MRF framework. Disabling the side effect (unsubscription) is still a config option per policy.
4 years ago
Remove longfox emoji set
4 years ago
tests: fix object containment violations in the transmogrifier tests Some objects were not completely rewritten in the tests, which caused object containment violations. Fix them by rewriting the object IDs to be in an appropriate namespace.
5 years ago
BUMP OF CHICKEN 1.0
5 years ago
Mastodon API: Sanitize display names Closes #1000
5 years ago
update changelog
5 years ago
Add a changelog
5 years ago
Update changelog
5 years ago
Setting Store: Document in changelog.
5 years ago
Docs: Add Explicit addressing to Readme and changelog.
5 years ago
Update CHANGELOG.md
5 years ago
MongooseIM: Add documentation.
5 years ago
Add a changelog
5 years ago
Add a changelog entry for releases
5 years ago
Add a changelog
5 years ago
Update CHANGELOG
5 years ago
Add a changelog entry for removing embded objects mix task
5 years ago
Remove duplicated entries in users' following lists
5 years ago
Feature/896 toggling confirmation
5 years ago
it is changed in compile time we can't change module attributes and endpoint settings in runtime
5 years ago
Add a changelog entry for polls
5 years ago
Add a changelog
5 years ago
Add a changelog entry for polls
5 years ago
Make default pack extensions configurable and default to png and gif
5 years ago
Add a changelog
5 years ago
changes
5 years ago
update Changelog
5 years ago
add report uri and report to
5 years ago
Update changelog
5 years ago
Add option to restrict all users to local content
5 years ago
Extend Mastodon API with public endpoint for getting Favorites timeline of any user (#789)
5 years ago
Feature/826 healthcheck endpoint
5 years ago
Add changelog entry for mascot config
5 years ago
Add a changelog
5 years ago
Merge develop Merge conflict in lib/pleroma/activity.ex
5 years ago
Add Reports to Admin API
5 years ago
it is changed in compile time we can't change module attributes and endpoint settings in runtime
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
Apply suggestion to CHANGELOG.md
5 years ago
Changelog: Document chat token.
5 years ago
Add a changelog
5 years ago
Extend Mastodon API with public endpoint for getting Favorites timeline of any user (#789)
5 years ago
Add a changelog
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
Add a changelog entry for polls
5 years ago
Add a changelog
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
fix format Modified-by: Maksim Pechnikov <parallel588@gmail.com>
5 years ago
Add the emoji packs & finmoji removal to the changelog
5 years ago
add changelog entry for object pruning
5 years ago
[#699] add worker to clean expired oauth tokens
5 years ago
update documentation for the new MRF features [no-ci]
5 years ago
update CHANGELOG for mrf_subchain
5 years ago
updated changelog
5 years ago
Update CHANGELOG
5 years ago
docs: better description for mrf anti link spam
5 years ago
update changelog
5 years ago
Add changelog entry for syslog tag change
5 years ago
Add a changelog
5 years ago
Bind to 127.0.0.1 instead of 0.0.0.0 by default
5 years ago
Put an actual description of the vulnerability and add **Breaking:** to breaking changes
5 years ago
Configuration: Skip thread containment by default In my tests the interaction between thread containment and other restrictions makes postgresql create some very bad query plans. This caused direct messages to time out on soykaf, for example.
5 years ago
Add a changelog
5 years ago
Remove inReplyToStatusId
5 years ago
Add a changelog
5 years ago
Set default loglevel to `warn` in prod It's rare that info logs are needed to debug the issue, so I would suggest setting them to warn in prod by default to make finding the relevant parts easier and potentially even decrease cpu usage on bigger instances Closes #962
5 years ago
Add extra_cookie_attrs to changelog
5 years ago
update Changelog
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
Add a changelog
5 years ago
Add a changelog entry for `pleroma.in_reply_to_account_acct`
5 years ago
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
5 years ago
Move settings to Source subentity
5 years ago
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
5 years ago
Add a changelog
5 years ago
differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip]
5 years ago
Add a changelog
5 years ago
Add the emoji packs & finmoji removal to the changelog
5 years ago
Update CHANGELOG
5 years ago
add Changelog entry
5 years ago
http: bump connection timeout to 10 seconds
5 years ago
Respond with a 404 Not implemented JSON error message when requested API is not implemented
5 years ago
Apply suggestion to CHANGELOG.md
5 years ago
Add a changelog
5 years ago
Utils: Use update_follow_state_for_all when appropriate.
5 years ago
Search: Add fts index on objects table.
5 years ago
Add a changelog
5 years ago
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
5 years ago
Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into feature/845-improve-status-deletion
5 years ago
Add a changelog
5 years ago
update Changelog
5 years ago
Add a changelog
5 years ago
Mention Mastodon 2.8+ follow import fix in changelog
5 years ago
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
5 years ago
Add a changelog
5 years ago
Handle `reblogs` on the first follow request in MastoAPI
5 years ago
Set correct values in the MastoAPI reblog status view
5 years ago
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
5 years ago
Make irreversible field default to false in filters
5 years ago
Replace missing non-nullable Card attributes with empty strings
5 years ago
add CHANGELOG entry
5 years ago
mrf: simple policy: fix matching imported activitypub and ostatus statuses
5 years ago
Add a changelog
5 years ago
remove deprecated PleromaFE configuration
5 years ago
Feature/896 toggling confirmation
5 years ago
remove deprecated PleromaFE configuration
5 years ago
Mastodon API: Fix lists leaking private posts Our previous list visibility resolver grabbed posts if either follower collection of the user in a list who is followed is in `to` or if follower collection of the user in a list was in `cc`. This not only missed unlisted posts but also lead to leaking private posts when `fix_explicit_addressing` mistakingly started putting follower collections to `cc` (also fixed in this MR). Reported by @kurisu@iscute.moe via a DM
5 years ago
Add a changelog
5 years ago
Put an actual description of the vulnerability and add **Breaking:** to breaking changes
5 years ago
Add a changelog
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283 
  1. # Changelog

  2. All notable changes to this project will be documented in this file.

  3. 

  4. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

  5. 

  6. ## [Unreleased]

  7. ### Security

  8. - OStatus: eliminate the possibility of a protocol downgrade attack.

  9. - OStatus: prevent following locked accounts, bypassing the approval process.

  10. 

  11. ### Changed

  12. - **Breaking:** Configuration: A setting to explicitly disable the mailer was added, defaulting to true, if you are using a mailer add `config :pleroma, Pleroma.Emails.Mailer, enabled: true` to your config

  13. - **Breaking:** Configuration: `/media/` is now removed when `base_url` is configured, append `/media/` to your `base_url` config to keep the old behaviour if desired

  14. - Configuration: OpenGraph and TwitterCard providers enabled by default

  15. - Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text

  16. - Federation: Return 403 errors when trying to request pages from a user's follower/following collections if they have `hide_followers`/`hide_follows` set

  17. - NodeInfo: Return `skipThreadContainment` in `metadata` for the `skip_thread_containment` option

  18. - NodeInfo: Return `mailerEnabled` in `metadata`

  19. - Mastodon API: Unsubscribe followers when they unfollow a user

  20. - AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses)

  21. - Improve digest email template

  22. - Replaced [pleroma_job_queue](https://git.pleroma.social/pleroma/pleroma_job_queue) with [Oban](https://github.com/sorentwo/oban)

  23. - Introduced [quantum](https://github.com/quantum-elixir/quantum-core) job scheduler

  24. 

  25. ### Fixed

  26. - Not being able to pin unlisted posts

  27. - Objects being re-embedded to activities after being updated (e.g faved/reposted). Running 'mix pleroma.database prune_objects' again is advised.

  28. - Favorites timeline doing database-intensive queries

  29. - Metadata rendering errors resulting in the entire page being inaccessible

  30. - `federation_incoming_replies_max_depth` option being ignored in certain cases

  31. - Federation/MediaProxy not working with instances that have wrong certificate order

  32. - Mastodon API: Handling of search timeouts (`/api/v1/search` and `/api/v2/search`)

  33. - Mastodon API: Embedded relationships not being properly rendered in the Account entity of Status entity

  34. - Mastodon API: follower/following counters not being nullified, when `hide_follows`/`hide_followers` is set

  35. - Mastodon API: `muted` in the Status entity, using author's account to determine if the tread was muted

  36. - Mastodon API: Add `account_id`, `type`, `offset`, and `limit` to search API (`/api/v1/search` and `/api/v2/search`)

  37. - Mastodon API, streaming: Fix filtering of notifications based on blocks/mutes/thread mutes

  38. - ActivityPub C2S: follower/following collection pages being inaccessible even when authentifucated if `hide_followers`/ `hide_follows` was set

  39. - Existing user id not being preserved on insert conflict

  40. - Rich Media: Parser failing when no TTL can be found by image TTL setters

  41. - Rich Media: The crawled URL is now spliced into the rich media data.

  42. - ActivityPub S2S: sharedInbox usage has been mostly aligned with the rules in the AP specification.

  43. - ActivityPub S2S: remote user deletions now work the same as local user deletions.

  44. - ActivityPub S2S: POST requests are now signed with `(request-target)` pseudo-header.

  45. - Not being able to access the Mastodon FE login page on private instances

  46. - Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag

  47. - Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected.

  48. - Report email not being sent to admins when the reporter is a remote user

  49. - MRF: ensure that subdomain_match calls are case-insensitive

  50. - Reverse Proxy limiting `max_body_length` was incorrectly defined and only checked `Content-Length` headers which may not be sufficient in some circumstances

  51. - MRF: fix use of unserializable keyword lists in describe() implementations

  52. - ActivityPub: Deactivated user deletion

  53. 

  54. ### Added

  55. - Conversations: Add Pleroma-specific conversation endpoints and status posting extensions. Run the `bump_all_conversations` task again to create the necessary data.

  56. - **Breaking:** MRF describe API, which adds support for exposing configuration information about MRF policies to NodeInfo.

  57.   Custom modules will need to be updated by adding, at the very least, `def describe, do: {:ok, %{}}` to the MRF policy modules.

  58. - MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)

  59. - MRF: Support for excluding specific domains from Transparency.

  60. - MRF: Support for filtering posts based on who they mention (`Pleroma.Web.ActivityPub.MRF.MentionPolicy`)

  61. - MRF: Support for filtering posts based on ActivityStreams vocabulary (`Pleroma.Web.ActivityPub.MRF.VocabularyPolicy`)

  62. - MRF (Simple Policy): Support for wildcard domains.

  63. - Support for wildcard domains in user domain blocks setting.

  64. - Configuration: `quarantined_instances` support wildcard domains.

  65. - Configuration: `federation_incoming_replies_max_depth` option

  66. - Mastodon API: Support for the [`tagged` filter](https://github.com/tootsuite/mastodon/pull/9755) in [`GET /api/v1/accounts/:id/statuses`](https://docs.joinmastodon.org/api/rest/accounts/#get-api-v1-accounts-id-statuses)

  67. - Mastodon API, streaming: Add support for passing the token in the `Sec-WebSocket-Protocol` header

  68. - Mastodon API, extension: Ability to reset avatar, profile banner, and background

  69. - Mastodon API: Add support for categories for custom emojis by reusing the group feature. <https://github.com/tootsuite/mastodon/pull/11196>

  70. - Mastodon API: Add support for muting/unmuting notifications

  71. - Mastodon API: Add support for the `blocked_by` attribute in the relationship API (`GET /api/v1/accounts/relationships`). <https://github.com/tootsuite/mastodon/pull/10373>

  72. - Mastodon API: Add support for the `domain_blocking` attribute in the relationship API (`GET /api/v1/accounts/relationships`).

  73. - Mastodon API: Add `pleroma.deactivated` to the Account entity

  74. - Mastodon API: added `/auth/password` endpoint for password reset with rate limit.

  75. - Mastodon API: /api/v1/accounts/:id/statuses now supports nicknames or user id

  76. - Mastodon API: Improve support for the user profile custom fields

  77. - Admin API: Return users' tags when querying reports

  78. - Admin API: Return avatar and display name when querying users

  79. - Admin API: Allow querying user by ID

  80. - Admin API: Added support for `tuples`.

  81. - Admin API: Added endpoints to run mix tasks pleroma.config migrate_to_db & pleroma.config migrate_from_db

  82. - Added synchronization of following/followers counters for external users

  83. - Configuration: `enabled` option for `Pleroma.Emails.Mailer`, defaulting to `false`.

  84. - Configuration: Pleroma.Plugs.RateLimiter `bucket_name`, `params` options.

  85. - Configuration: `user_bio_length` and `user_name_length` options.

  86. - Addressable lists

  87. - Twitter API: added rate limit for `/api/account/password_reset` endpoint.

  88. - ActivityPub: Add an internal service actor for fetching ActivityPub objects.

  89. - ActivityPub: Optional signing of ActivityPub object fetches.

  90. - Admin API: Endpoint for fetching latest user's statuses

  91. - Pleroma API: Add `/api/v1/pleroma/accounts/confirmation_resend?email=<email>` for resending account confirmation.

  92. - Relays: Added a task to list relay subscriptions.

  93. - Mix Tasks: `mix pleroma.database fix_likes_collections`

  94. - Federation: Remove `likes` from objects.

  95. 

  96. ### Changed

  97. - Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text

  98. - Admin API: changed json structure for saving config settings.

  99. - RichMedia: parsers and their order are configured in `rich_media` config.

  100. - RichMedia: add the rich media ttl based on image expiration time.

  101. 

  102. ### Removed

  103. - Emoji: Remove longfox emojis.

  104. - Remove `Reply-To` header from report emails for admins.

  105. - ActivityPub: The `accept_blocks` configuration setting.

  106. 

  107. ## [1.0.1] - 2019-07-14

  108. ### Security

  109. - OStatus: fix an object spoofing vulnerability.

  110. 

  111. ## [1.0.0] - 2019-06-29

  112. ### Security

  113. - Mastodon API: Fix display names not being sanitized

  114. - Rich media: Do not crawl private IP ranges

  115. 

  116. ### Added

  117. - Digest email for inactive users

  118. - Add a generic settings store for frontends / clients to use.

  119. - Explicit addressing option for posting.

  120. - Optional SSH access mode. (Needs `erlang-ssh` package on some distributions).

  121. - [MongooseIM](https://github.com/esl/MongooseIM) http authentication support.

  122. - LDAP authentication

  123. - External OAuth provider authentication

  124. - Support for building a release using [`mix release`](https://hexdocs.pm/mix/master/Mix.Tasks.Release.html)

  125. - A [job queue](https://git.pleroma.social/pleroma/pleroma_job_queue) for federation, emails, web push, etc.

  126. - [Prometheus](https://prometheus.io/) metrics

  127. - Support for Mastodon's remote interaction

  128. - Mix Tasks: `mix pleroma.database bump_all_conversations`

  129. - Mix Tasks: `mix pleroma.database remove_embedded_objects`

  130. - Mix Tasks: `mix pleroma.database update_users_following_followers_counts`

  131. - Mix Tasks: `mix pleroma.user toggle_confirmed`

  132. - Mix Tasks: `mix pleroma.config migrate_to_db`

  133. - Mix Tasks: `mix pleroma.config migrate_from_db`

  134. - Federation: Support for `Question` and `Answer` objects

  135. - Federation: Support for reports

  136. - Configuration: `poll_limits` option

  137. - Configuration: `pack_extensions` option

  138. - Configuration: `safe_dm_mentions` option

  139. - Configuration: `link_name` option

  140. - Configuration: `fetch_initial_posts` option

  141. - Configuration: `notify_email` option

  142. - Configuration: Media proxy `whitelist` option

  143. - Configuration: `report_uri` option

  144. - Configuration: `email_notifications` option

  145. - Configuration: `limit_to_local_content` option

  146. - Pleroma API: User subscriptions

  147. - Pleroma API: Healthcheck endpoint

  148. - Pleroma API: `/api/v1/pleroma/mascot` per-user frontend mascot configuration endpoints

  149. - Admin API: Endpoints for listing/revoking invite tokens

  150. - Admin API: Endpoints for making users follow/unfollow each other

  151. - Admin API: added filters (role, tags, email, name) for users endpoint

  152. - Admin API: Endpoints for managing reports

  153. - Admin API: Endpoints for deleting and changing the scope of individual reported statuses

  154. - Admin API: Endpoints to view and change config settings.

  155. - AdminFE: initial release with basic user management accessible at /pleroma/admin/

  156. - Mastodon API: Add chat token to `verify_credentials` response

  157. - Mastodon API: Add background image setting to `update_credentials`

  158. - Mastodon API: [Scheduled statuses](https://docs.joinmastodon.org/api/rest/scheduled-statuses/)

  159. - Mastodon API: `/api/v1/notifications/destroy_multiple` (glitch-soc extension)

  160. - Mastodon API: `/api/v1/pleroma/accounts/:id/favourites` (API extension)

  161. - Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/)

  162. - Mastodon API: `POST /api/v1/accounts` (account creation API)

  163. - Mastodon API: [Polls](https://docs.joinmastodon.org/api/rest/polls/)

  164. - ActivityPub C2S: OAuth endpoints

  165. - Metadata: RelMe provider

  166. - OAuth: added support for refresh tokens

  167. - Emoji packs and emoji pack manager

  168. - Object pruning (`mix pleroma.database prune_objects`)

  169. - OAuth: added job to clean expired access tokens

  170. - MRF: Support for rejecting reports from specific instances (`mrf_simple`)

  171. - MRF: Support for stripping avatars and banner images from specific instances (`mrf_simple`)

  172. - MRF: Support for running subchains.

  173. - Configuration: `skip_thread_containment` option

  174. - Configuration: `rate_limit` option. See `Pleroma.Plugs.RateLimiter` documentation for details.

  175. - MRF: Support for filtering out likely spam messages by rejecting posts from new users that contain links.

  176. - Configuration: `ignore_hosts` option

  177. - Configuration: `ignore_tld` option

  178. - Configuration: default syslog tag "Pleroma" is now lowercased to "pleroma"

  179. 

  180. ### Changed

  181. - **Breaking:** bind to 127.0.0.1 instead of 0.0.0.0 by default

  182. - **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer

  183. - Thread containment / test for complete visibility will be skipped by default.

  184. - Enforcement of OAuth scopes

  185. - Add multiple use/time expiring invite token

  186. - Restyled OAuth pages to fit with Pleroma's default theme

  187. - Link/mention/hashtag detection is now handled by [auto_linker](https://git.pleroma.social/pleroma/auto_linker)

  188. - NodeInfo: Return `safe_dm_mentions` feature flag

  189. - Federation: Expand the audience of delete activities to all recipients of the deleted object

  190. - Federation: Removed `inReplyToStatusId` from objects

  191. - Configuration: Dedupe enabled by default

  192. - Configuration: Default log level in `prod` environment is now set to `warn`

  193. - Configuration: Added `extra_cookie_attrs` for setting non-standard cookie attributes. Defaults to ["SameSite=Lax"] so that remote follows work.

  194. - Timelines: Messages involving people you have blocked will be excluded from the timeline in all cases instead of just repeats.

  195. - Admin API: Move the user related API to `api/pleroma/admin/users`

  196. - Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change

  197. - Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications`

  198. - Mastodon API: Add `languages` and `registrations` to `/api/v1/instance`

  199. - Mastodon API: Provide plaintext versions of cw/content in the Status entity

  200. - Mastodon API: Add `pleroma.conversation_id`, `pleroma.in_reply_to_account_acct` fields to the Status entity

  201. - Mastodon API: Add `pleroma.tags`, `pleroma.relationship{}`, `pleroma.is_moderator`, `pleroma.is_admin`, `pleroma.confirmation_pending`, `pleroma.hide_followers`, `pleroma.hide_follows`, `pleroma.hide_favorites` fields to the User entity

  202. - Mastodon API: Add `pleroma.show_role`, `pleroma.no_rich_text` fields to the Source subentity

  203. - Mastodon API: Add support for updating `no_rich_text`, `hide_followers`, `hide_follows`, `hide_favorites`, `show_role` in `PATCH /api/v1/update_credentials`

  204. - Mastodon API: Add `pleroma.is_seen` to the Notification entity

  205. - Mastodon API: Add `pleroma.local` to the Status entity

  206. - Mastodon API: Add `preview` parameter to `POST /api/v1/statuses`

  207. - Mastodon API: Add `with_muted` parameter to timeline endpoints

  208. - Mastodon API: Actual reblog hiding instead of a dummy

  209. - Mastodon API: Remove attachment limit in the Status entity

  210. - Mastodon API: Added support max_id & since_id for bookmark timeline endpoints.

  211. - Deps: Updated Cowboy to 2.6

  212. - Deps: Updated Ecto to 3.0.7

  213. - Don't ship finmoji by default, they can be installed as an emoji pack

  214. - Hide deactivated users and their statuses

  215. - Posts which are marked sensitive or tagged nsfw no longer have link previews.

  216. - HTTP connection timeout is now set to 10 seconds.

  217. - Respond with a 404 Not implemented JSON error message when requested API is not implemented

  218. - Rich Media: crawl only https URLs.

  219. 

  220. ### Fixed

  221. - Follow requests don't get 'stuck' anymore.

  222. - Added an FTS index on objects. Running `vacuum analyze` and setting a larger `work_mem` is recommended.

  223. - Followers counter not being updated when a follower is blocked

  224. - Deactivated users being able to request an access token

  225. - Limit on request body in rich media/relme parsers being ignored resulting in a possible memory leak

  226. - Proper Twitter Card generation instead of a dummy

  227. - Deletions failing for users with a large number of posts

  228. - NodeInfo: Include admins in `staffAccounts`

  229. - ActivityPub: Crashing when requesting empty local user's outbox

  230. - Federation: Handling of objects without `summary` property

  231. - Federation: Add a language tag to activities as required by ActivityStreams 2.0

  232. - Federation: Do not federate avatar/banner if set to default allowing other servers/clients to use their defaults

  233. - Federation: Cope with missing or explicitly nulled address lists

  234. - Federation: Explicitly ensure activities addressed to `as:Public` become addressed to the followers collection

  235. - Federation: Better cope with actors which do not declare a followers collection and use `as:Public` with these semantics

  236. - Federation: Follow requests from remote users who have been blocked will be automatically rejected if appropriate

  237. - MediaProxy: Parse name from content disposition headers even for non-whitelisted types

  238. - MediaProxy: S3 link encoding

  239. - Rich Media: Reject any data which cannot be explicitly encoded into JSON

  240. - Pleroma API: Importing follows from Mastodon 2.8+

  241. - Twitter API: Exposing default scope, `no_rich_text` of the user to anyone

  242. - Twitter API: Returning the `role` object in user entity despite `show_role = false`

  243. - Mastodon API: `/api/v1/favourites` serving only public activities

  244. - Mastodon API: Reblogs having `in_reply_to_id` - `null` even when they are replies

  245. - Mastodon API: Streaming API broadcasting wrong activity id

  246. - Mastodon API: 500 errors when requesting a card for a private conversation

  247. - Mastodon API: Handling of `reblogs` in `/api/v1/accounts/:id/follow`

  248. - Mastodon API: Correct `reblogged`, `favourited`, and `bookmarked` values in the reblog status JSON

  249. - Mastodon API: Exposing default scope of the user to anyone

  250. - Mastodon API: Make `irreversible` field default to `false` [`POST /api/v1/filters`]

  251. - Mastodon API: Replace missing non-nullable Card attributes with empty strings

  252. - User-Agent is now sent correctly for all HTTP requests.

  253. - MRF: Simple policy now properly delists imported or relayed statuses

  254. 

  255. ## Removed

  256. - Configuration: `config :pleroma, :fe` in favor of the more flexible `config :pleroma, :frontend_configurations`

  257. 

  258. ## [0.9.99999] - 2019-05-31

  259. ### Security

  260. - Mastodon API: Fix lists leaking private posts

  261. 

  262. ## [0.9.9999] - 2019-04-05

  263. ### Security

  264. - Mastodon API: Fix content warnings skipping HTML sanitization

  265. 

  266. ## [0.9.999] - 2019-03-13

  267. Frontend changes only.

  268. ### Added

  269. - Added floating action button for posting status on mobile

  270. ### Changed

  271. - Changed user-settings icon to a pencil

  272. ### Fixed

  273. - Keyboard shortcuts activating when typing a message

  274. - Gaps when scrolling down on a timeline after showing new

  275. 

  276. ## [0.9.99] - 2019-03-08

  277. ### Changed

  278. - Update the frontend to the 0.9.99 tag

  279. ### Fixed

  280. - Sign the date header in federation to fix Mastodon federation.

  281. 

  282. ## [0.9.9] - 2019-02-22

  283. This is our first stable release.