[WiP] Update changelog for upcoming 4.3.0

2024-08-20 21:08:15 -07:00 · 2024-07-10 16:30:07 +02:00 · 2024-07-10 16:30:07 +02:00 · 0672571c33
commit 0672571c33
parent 28ad3588e4
1 changed files with 251 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,257 @@
 All notable changes to this project will be documented in this file.
 ## [4.3.0] - UNRELEASED
 The following changelog entries focus on changes visible to users, administrators, client developers or federated software developers, but there has also been a lot of code modernization, refactoring, and tooling work, in particular by TODO
 ### Security
 - **Add confirmation interstitial instead of silently redirecting logged-out visitors to remote resources** (#27792, #28902, #30651)
  This fixes a longstanding open redirect in Mastodon, at the cost of added friction when local links to remote resources are shared.
 ### Added
 - **Add experimental server-side notification grouping** (#29889, #30576, #30685, #30688, #30707, #30776, #30779, #30781)
  Group notifications of the same type for the same target, so that your notifications no longer get cluttered by boost and favorite notifications as soon as a couple of your posts get traction.
  This is done server-side so that clients can efficiently get relevant groups without having to go through numerous pages of individual notifications.
  As part of this, the visual design of the entire notifications feature has been revamped.
  TODO: documentation
 - **Add notification policies, filtered notifications and notification requests** (#29366, #29529, #29433, #29565, #29567, #29572, #29575, #29588, #29646, #29652, #29658, #29666, #29693, #29699, #29737, #29706, #29570, #29752, #29810, #29826, #30114, #30251, #30559, #29868)
  The old “Block notifications from non-followers”, “Block notifications from people you don't follow” and “Block direct messages from people you don't follow” notification settings have been replaced by a new set of settings found directly in the notification column.
  You can now filter notifications from people you don't follow, people who don't follow you, accounts created within the past 30 days, as well as unsolicited private mentions.
  Instead of being outright dropped, notifications that do not match your settings are put in a separate “Filtered notifications” box that you can review separately without it clogging your main notifications.
  This adds the following REST API endpoints:
  - `GET /api/v1/notifications/policy`: https://docs.joinmastodon.org/methods/notifications/#get-policy
  - `PATCH /api/v1/notifications/policy`: https://docs.joinmastodon.org/methods/notifications/#update-the-filtering-policy-for-notifications
  - `GET /api/v1/notifications/requests`: https://docs.joinmastodon.org/methods/notifications/#get-requests
  - `GET /api/v1/notifications/requests/:id`: https://docs.joinmastodon.org/methods/notifications/#get-one-request
  - `POST /api/v1/notifications/requests/:id/accept`: https://docs.joinmastodon.org/methods/notifications/#accept-request
  - `POST /api/v1/notifications/requests/:id/dismiss`: https://docs.joinmastodon.org/methods/notifications/#dismiss-request
 - **Add notifications of severed relationships** (#27511, #29665, #29668, #29670, #29700, #29714, #29712, #29731)
  Notify local users when they lose relationships as a result of a local moderator blocking a remote account or server, allowing the affected user to retrieve the list of broken relationships.
  Note that this does not notify remote users.
  This adds the `severed_relationships` notification type to the REST API and streaming, with a new [`relationship_severance_event` attribute](https://docs.joinmastodon.org/entities/Notification/#relationship_severance_event).
 - **Add hover cards in web UI** (#30754, #30864, #30850, #30879, #30928, #30949, #30948, #30931)
  Hovering over an avatar or username will now display a hover card with the first two lines of the user's description and their first two profile fields.
  This can be disabled in the “Animations and accessibility” section of the preferences.
 - **Add "system" theme setting (light/dark theme depending on user system preference)** (#29748, #29553, #29795, #29918, #30839, #30861)
  Add a “system” theme that automatically switch between default dark and light themes depending on the user's system preferences.
  Also changes the default server theme to this new “system” theme so that automatic theme selection happens even when logged out.
 - **Add timeline of public posts about a trending link** (#30381, #30840)
  You can now see public posts mentioning currently-trending articles from people who have opted into discovery features.
  This adds a new REST API endpoint: https://docs.joinmastodon.org/methods/timelines/#link
 - **Add author highlight for news articles whose authors are on the fediverse** (#30398, #30670, #30521, #30846)
  This adds a mechanism to highlight the author of news articles shared on Mastodon.
  TODO
 - **Add in-app notifications for moderation actions and warnings** (#30065, #30082, #30081)
  In addition to email notifications, also notify users of moderation actions or warnings against them directly within the app, so they are less likely to miss important communication from their moderators.
  This adds the `moderation_warning` notification type to the REST API and streaming, with a new [`moderation_warning` attribute](https://docs.joinmastodon.org/entities/Notification/#moderation_warning).
 - **Add domain information to profiles in web UI** (#29602)
  Clicking the domain of a user in their profile will now open a tooltip with a short explanation about servers and federation.
 - Add ability to reorder uploaded media before posting in web UI (#28456)
 - Add ability for admins to configure instance favicon and logo (#30040, #30208, #30259, #30375, #30734)
 - Add profile setup to onboarding in web UI (#27829, #27876, #28453)
 - Add prominent share/copy button on profiles in web UI (#27865, #27889)
 - Add optional hints for server rules (#29539, #29758)
  Server rules can now be broken into a short rule name and a longer explanation of the rule.
  This adds a new [`hint` attribute](https://docs.joinmastodon.org/entities/Rule/#hint) to `Rule` entities in the REST API.
 - Add `/` keyboard shortcut to focus the search field (#29921)
 - Add list of pending releases directly in mail notifications for version updates (#29436, #30035)
 - Add badge on account card in report moderation interface when account is already suspended (#29592)
 - Add admin comments directly to the `admin/instances` page (#29240)
 - Add ability to require approval when users sign up using specific email domains (#28468, #28732, #28607, #28608)
 - Add banner for forwarded reports made by remote users about remote content (#27549)
 - Add support HTML ruby tags in remote posts for east-asian languages (#30897)
 - Add link to manage warning presets in admin navigation (#26199)
 - Add volume saving/reuse to video player (#27488)
 - Add Elasticsearch index size, ffmpeg and ImageMagick versions to the admin dashboard (#27301, #30710)
 - Add `MASTODON_SIDEKIQ_READY_FILENAME` environment variable to use a file for Sidekiq to signal it is ready to process jobs (#30971, #30988)
  In the official Docker image, this is set to `sidekiq_process_has_started_and_will_begin_processing_jobs` so that Sidekiq will touch `tmp/sidekiq_process_has_started_and_will_begin_processing_jobs` to signal readiness.
 - Add `S3_RETRY_LIMIT` environment variable to make S3 retries configurable (#23215)
 - Add `S3_KEY_PREFIX` environment variable (#30181)
 - Add support for multiple `redirect_uris` when creating OAuth 2.0 Applications (#29192)
 - Add Interlingue and Interlingua to interface languages (#28630, #30828)
 - Add Kashubian, Pennsylvania Dutch, Vai, Jawi Malay, Mohawk and Low German to posting languages (#26024, #26634, #27136, #29098, #27115, #27434)
 - Add validations to `Web::PushSubscription` (#30540, #30542)
 - Add option to use native Ruby driver for Redis through `REDIS_DRIVER=ruby` (#30717)
 - Add support for libvips in addition to ImageMagick (#30090, #30590, #30597, #30632, #30857, #30869, #30858)
  Server admins can now use libvips as a faster and lighter alternative to ImageMagick for processing user-uploaded images.
  This requires libvips 8.13 or newer, and needs to be enabled with `MASTODON_USE_LIBVIPS=true`.
  This is enabled by default in the official Docker images, and is intended to completely replace ImageMagick in the future.
 - Add active animation to header settings button (#30221, #30307, #30388)
 - Add OpenTelemetry instrumentation (#30130, #30322, #30353, #30350)
  TODO
 - Add API to get multiple accounts and statuses (#27871, #30465)
  This adds `GET /api/v1/accounts` and `GET /api/v1/statuses` to the REST API, see https://docs.joinmastodon.org/methods/accounts/#index and https://docs.joinmastodon.org/methods/statuses/#index
 - Add redirection back to previous page after site upload deletion (#30141)
 - Add RFC8414 OAuth 2.0 server metadata (#29191)
 - Add loading indicator and empty result message to advanced interface search (#30085)
 - Add `profile` OAuth 2.0 scope, allowing more limited access to user data (#29087, #30357)
 - Add the role ID to the badge component (#29707)
 - Add diagnostic message for failure during CLI search deploy (#29462)
 - Add pagination `Link` headers on API accounts/statuses when pinned true (#29442)
 - Add support for specifying custom CA cert for Elasticsearch through `ES_CA_FILE` (#29122, #29147)
 - Add annual reports for accounts (#28693)
  TODO
 - Add notification email on invalid second authenticator (#28822)
 - Add new emojis from `jdecked/twemoji` 15.0 (#28404)
 - Add configurable error handling in attachment batch deletion (#28184)
  This makes the S3 batch size configurable through the `S3_BATCH_DELETE_LIMIT` environment variable (defaults to 1000), and adds some retry logic, configurable through the `S3_BATCH_DELETE_RETRY` environment variable (defaults to 3).
 - Add VAPID public key to instance serializer (#28006)
 - Add `nodeName` and `nodeDescription` to nodeinfo `metadata` (#28079)
 - Add Thai diacritics and tone marks in `HASHTAG_INVALID_CHARS_RE` (#26576)
 - Add variable delay before link verification of remote account links (#27774)
 - Add support for invite codes in the registration API (#27805)
 - Add HTML lang attribute to preview card descriptions (#27503)
 - Add display of relevant account warnings to report action logs (#27425)
 - Add validation of allowed schemes on preview card URLs (#27485)
 - Add token introspection without read scope to `/api/v1/apps/verify_credentials` (#27142)
 - Add support for cross-origin request to `/nodeinfo/2.0` (#27413)
 - Add variable delay before link verification of remote account links (#27351)
 - Add PWA shortcut to `/explore` page (#27235)
 ### Changed
 - **Change icons throughout the web interface** (#27385, #27539, #27555, #27579, #27700, #27817, #28519, #28709, #28064, #28775, #28780, #27924, #29294, #29395, #29537, #29569, #29610, #29612, #29649, #29844, #27780)
  This changes all the interface icons from FontAwesome to Material Symbols for a more modern look, consistent with the official Mastodon Android app.
  In addition, better care is given to pixel alignment, and icon variants are used to better highlight active/inactive state.
 - **Change design of compose form in web UI** (#28119, #29059, #29248, #29372, #29384, #29417, #29456, #29406, #29651, #29659)
  The compose form has been completely redesigned for a more modern and consistent look, as well as spelling out the chosen privacy setting and language name at all times.
  As part of this, the “Unlisted” privacy setting has been renamed to “Quiet public”.
 - **Change mute, block and domain block confirmation modals in web UI** (#29576, #29614, #29640, #29644, #30131)
  Change the modals to a more modern design, and include more detailed information about the effects of the action requiring confirmation.
 - **Change background color throughout the web UI** (#29522, #29584, #29653, #29779, #29803, #29809, #29808, #29828)
 - **Change onboarding prompt to follow suggestions carousel in web UI** (#28878, #29272)
 - **Change email templates** (#28416, #28755, #28814, #29064, #28883, #29470, #29607, #29761, #29760, #29879)
  All emails to end-users have been completely redesigned with a fresh new look, providing more information while making them easier to reand and keeping maximum compatibility across mail clients.
 - **Change follow recommendations algorithm** (#28314, #28433, #29017, #29108, #29306, #29550, #29619)
  This replaces the “past interactions” recommendation algorithm with a “friends of friends” algorithm that suggests accounts followed by people you follow, and a “similar profiles” algorithm that suggests accounts with a profile similar to your most recent follows.
  In addition, the implementation has been significantly reworked, and all follow recommendations are now dismissable.
  This change deprecates the `source` attribute in `Suggestion` entities in the REST API, and replaces it with the new [`sources` attribute](https://docs.joinmastodon.org/entities/Suggestion/#sources).
 - Change account search algorithm (#30803)
 - **Change streaming server to use its own dependencies and its own docker image** (#24702, #27967, #26850, #28112, #28115, #28137, #28138, #28497, #28548, #30795)
  In order to reduce the amount of runtime dependencies, the streaming server has been moved into a separate package and Docker image.
  The `mastodon` container does not contain the streaming server anymore, as it has been moved to its own `mastodon-streaming` container.
  Administrators may need to update their setup accordingly.
 - Change Web UI to allow viewing and severing relationships with suspended accounts (#27667)
  This also adds a `with_suspended` paramter to `GET /api/v1/accounts/relationships` in the REST API.
 - Change counters to be displayed on profile timelines in web UI (#30525)
 - Change disabled buttons color in light mode to make the difference more visible (#30998)
 - Change design of people tab on explore in web UI (#30059)
 - Change sidebar text in web UI (#30696)
 - Change "Follow" to "Follow back" and "Mutual" when appropriate in web UI (#28452, #28465)
 - Change media to be hidden/blurred by default in report modal (#28522)
 - Change order of the "muting" and "blocking" list options in “Data Exports” (#26088)
 - Change admin and moderation notes character limit from 500 to 2000 characters (#30288)
 - Change mute options to be in dropdown on muted users list in web UI (#30049)
 - Change out-of-band hashtags design in web UI (#29732)
 - Change design of metadata underneath detailed posts in web UI (#29585, #29605, #29648)
 - Change action button to be last on profiles in web UI (#29533, #29923)
 - Change dropdown menu icon to not be replaced by close icon when open in web UI (#29532)
 - Change back button to always appear in advanced web UI (#29551, #29669)
 - Change border of active compose field search inputs (#29832, #29839)
 - Change layout and wording of the Content Retention server settings page (#27733)
 - Change unconfirmed users to be kept for one week instead of two days (#30285)
 - Change database pool size to default to Sidekiq concurrency settings in Sidekiq processes (#26488)
 - Change alt text to empty string for avatars (#21875)
 - Change Docker images to use custom-built libvips and ffmpeg (#30571, #30569)
 - Change external links in the admin audit log to plain text or local administration pages (#27139, #27150)
 - Change YJIT to be enabled when available (#30310, #27283)
  Enable Ruby's built-in just-in-time compiler. This improves performances substantially, at the cost of a slightly increased memory usage.
 - Change `.env` file loading from deprecated `dotenv-rails` gem to `dotenv` gem (#29173, #30121)
  This should have no effect except in the unlikely case an environment variable included a newline.
 - Change “Panjabi” language name to the more common spelling “Punjabi” (#27117)
 - Change encryption of OTP secrets to use ActiveRecord Encryption (#29831, #28325, #30151, #30202, #30340, #30344)
  This requires a manual step from administrators of existing servers. Indeed, they need to generate new secrets, which can be done using `bundle exec rails db:encryption:init`.
  Furthermore, there is a risk that the introduced migration fails if the server was misconfigured in the past. If that happens, the migration error will include the relevant information.
 - Change `/api/v1/announcements` to return regular `Status` entities (#26736)
 - Change imports to convert case-insensitive fields to lowercase (#29739, #29740)
 - Change stats in the admin interface to be inclusive of the full selected range, from beginning of day to end of day (#29416, #29841)
 - Change materialized views to be refreshed concurrently to avoid locks (#29015)
 - Change compose form to use server-provided post character and poll options limits (#28928, #29490)
 - Change streaming server logging from `npmlog` to `pino` and `pino-http` (#27828)
  This changes the Mastodon streaming server log format, so this might be considered a breaking change if you were parsing the logs.
 - Change media “ALT” label to use a specific CSS class (#28777)
 - Change streaming API host to not be overridden to localhost in development mode (#28557)
 - Change cookie rotator to use SHA1 digest for new cookies (#27392)
  Note that this requires that no pre-4.2.0 Mastodon web server is running when this code is deployed, as those would not understand the new cookies.
  Therefore, zero-downtime updates are only supported if you're coming from 4.2.0 or newer. If you want to skip Mastodon 4.2, you will need to completely stop Mastodon services before updating.
 - Change preview card deletes to be done using batch method (#28183)
 - Change `img-src` and `media-src` CSP directives to not include `https:` (#28025, #28561)
 - Change self-destruct procedure (#26439, #29049, #29420)
  Instead of enqueuing deletion jobs immediately, `tootctl self-destruct` now outputs a value for the `SELF_DESTRUCT` environment variable, which puts a server in self-destruct mode, processing deletions in the background, while giving users access to their export archives.
 ### Removed
 - Remove `CacheBuster` default options (#30718)
 - Remove home marker updates from the Web UI (#22721)
  The web interface was unconditionally updating the home marker to the most recent received post, discarding any value set by other clients, thus making the feature unreliable.
 - Remove support for Ruby 3.0 (reaching EOL) (#29702)
 - Remove setting for unfollow confirmation modal (#29373)
  Instead, the unfollow confirmation modal will always be displayed.
 - Remove support for Capistrano (#27295, #30009)
 ### Fixed
 - **Fix link preview cards not always preserving the original URL from the status** (#27312)
 - Fix various issues when in link preview card generation (#28748, #30017, #30362, #30173, #30853, #30929, #30933, #30957, #30987)
 - Fix HTTP 500 error in `/api/v1/polls/:id/votes` when required `choices` parameter is missing (#25598)
 - Fix cross-origin loading of `inert.css` polyfill (#30687)
 - Fix cutoff of instance name in sign-up form (#30598)
 - Fix `--verbose` option of `tootctl media remove`, which was previously erroneously removed (#30536)
 - Fix empty `aria-hidden` attribute value in logo resources area (#30570)
 - Fix “Redirect URI” field not being marked as required in “New application” form (#30311)
 - Fix right-to-left text in preview cards (#30930)
 - Fix rack attack `match_type` value typo in logging config (#30514)
 - Fix division by zero on some video/GIF files (#30600)
 - Fix Web UI trying to save user settings despite being logged out (#30324)
 - Fix hashtag regexp matching some link anchors (#30190)
 - Fix race condition in `POST /api/v1/push/subscription` (#30166)
 - Fix post deletion not being delayed when those are part of an account warning (#30163)
 - Fix local account search on LDAP login being case-sensitive (#30113)
 - Fix rendering error on `/start` when not logged in (#30023)
 - Fix development environment admin account not being auto-approved (#29958)
 - Fix logo pushing header buttons out of view on certain conditions in mobile layout (#29787)
 - Fix notification-related records not being reattributed when merging accounts (#29694)
 - Fix results/query in `api/v1/featured_tags/suggestions` (#29597)
 - Fix being able to upload more than 4 media attachments in some cases (#29183)
 - Fix preview card player getting embedded when clicking on the external link button (#29457)
 - Fix full date display not respecting the locale 12/24h format (#29448)
 - Fix filters title and keywords overflow (#29396)
 - Fix incorrect date format in “Follows and followers” (#29390)
 - Fix “Edit media” modal sizing and layout when space-constrained (#27095)
 - Fix modal container bounds (#29185)
 - Fix inefficient HTTP signature parsing using regexps and `StringScanner` (#29133)
 - Fix moderation report updates through `PUT /api/v1/admin/reports/:id` not being logged in the audit log (#29044, #30342)
 - Fix report reason selector in moderation interface not unselecting rules when changing category (#29026)
 - Fix already-invalid reports failing to resolve (#29027)
 - Fix the emoji dropdown button always opening the dropdown instead of behaving like a toggle (#29012)
 - Fix processing of incoming posts with bearcaps (#26527)
 - Fix search form re-rendering spuriously in web UI (#28876)
 - Fix `RedownloadMediaWorker` not being called on transient S3 failure (#28714)
 - Fix ISO code for Canadian French from incorrect `fr-QC` to `fr-CA` (#26015)
 - Fix `.opus` file uploads being misidentified by Paperclip (#28580)
 - Fix loading local accounts with extraneous domain part in WebUI (#28559)
 - Fix OCR when using S3/CDN for assets (#28551)
 - Fix destructive actions in dropdowns not using error color in light theme (#28484)
 - Fix call to inefficient `delete_matched` cache method in domain blocks (#28374)
 - Fix status edits not always being streamed to mentioned users (#28324)
 - Fix error when encountering malformed `Tag` objects from Kbin (#28235)
 - Fix onboarding step descriptions being truncated on narrow screens (#28021)
 - Fix not all allowed image formats showing in file picker when uploading custom emoji (#28076)
 - Fix search popout listing unusable search options when logged out (#27918)
 - Fix duplicate IDs in relationships and familiar_followers APIs (#27982)
 - Fix modal content not being selectable (#27813)
 - Fix Web UI not displaying appropriate explanation when a user hides their follows/followers (#27791)
 - Fix format-dependent redirects being cached regardless of requested format (#27632)
 - Fix processing of featured collections lacking an `items` attribute (#27581)
 - Fix confusing screen when visiting a confirmation link for an already-confirmed email (#27368)
 - Fix explore page reloading when you navigate back to it in web UI (#27489)
 - Fix missing redirection from `/home` to `/deck/home` in the advanced interface (#27378)
 - Fix empty environment variables not using default nil value (#27400)
 - Fix language sorting in settings (#27158)
 ## [4.2.10] - 2024-07-04
 ### Security