Tags give the ability to mark specific points in history as being important
  • v2.1.2
    Release v2.1.2

    [2.1.2] - 2020-09-17

    Security

    • Fix most MRF rules either crashing or not being applied to objects passed into the Common Pipeline (ChatMessage, Question, Answer, Audio, Event).

    Fixed

    • Welcome Chat messages preventing user registration with MRF Simple Policy applied to the local instance.
    • Mastodon API: the public timeline returning an error when the reply_visibility parameter is set to self for an unauthenticated user.
    • Mastodon Streaming API: Handler crashes on authentication failures, resulting in error logs.
    • Mastodon Streaming API: Error logs on client pings.
    • Rich media: Log spam on failures. Now the error is only logged once per attempt.

    Changed

    • Rich Media: A HEAD request is now done to the url, to ensure it has the appropriate content type and size before proceeding with a GET.

    Upgrade notes

    1. Restart Pleroma
  • v2.1.1
    Release v2.1.1

    [2.1.1] - 2020-09-08

    Security

    • Fix possible DoS in Mastodon API user search due to an error in match clauses, leading to an infinite recursion and subsequent OOM with certain inputs.
    • Fix metadata leak for accounts and statuses on private instances.
    • Fix possible DoS in Admin API search using an atom leak vulnerability. Authentication with admin rights was required to exploit.

    Changed

    • Breaking: The metadata providers RelMe and Feed are no longer configurable. RelMe should always be activated and Feed only provides a header tag for the actual RSS/Atom feed when the instance is public.
    • Improved error message when cmake is not available at build stage.

    Added

    • Rich media failure tracking (along with :failure_backoff option).

    Fixed

    • Default HTTP adapter not respecting pool setting, leading to possible OOM.
    • Fixed uploading webp images when the Exiftool Upload Filter is enabled by skipping them
    • Mastodon API: Search parameter following now correctly returns the followings rather than the followers
    • Mastodon API: Timelines hanging for (number of posts with links * rich media timeout) in the worst case. Reduced to just rich media timeout.
    • Mastodon API: Cards being wrong for preview statuses due to cache key collision.
    • Password resets no longer processed for deactivated accounts.
    • Favicon scraper raising exceptions on URLs longer than 255 characters.
  • v2.1.0
    Release v2.1.0

    Pleroma 2.1.0 is a feature release that also contains many bugfixes and general improvements.

    Upgrade notes

    From-source only

    1. Install cmake

    Everyone

    1. Run database migrations (inside Pleroma directory):
    • OTP: ./bin/pleroma_ctl migrate
    • From Source: mix ecto.migrate
    1. Restart Pleroma

    Frontend changes

    Added

    • Added private notifications option for push notifications
    • 'Copy link' button for statuses (in the ellipsis menu)
    • Autocomplete domains from list of known instances
    • 'Bot' settings option and badge
    • Added profile meta data fields that can be set in profile settings
    • Added option to reset avatar/banner in profile settings
    • Descriptions can be set on uploaded files before posting
    • Added status preview option to preview your statuses before posting
    • When a post is a reply to an unavailable post, the 'Reply to'-text has a strike-through style
    • Added ability to see all favoriting or repeating users when hovering the number on highlighted statuses

    Changed

    • Registration page no longer requires email if the server is configured not to require it
    • Change heart to thumbs up in reaction picker
    • Close the media modal on navigation events
    • Add colons to the emoji alt text, to make them copyable
    • Add better visual indication for drag-and-drop for files
    • When disabling attachments, the placeholder links now show an icon and the description instead of just IMAGE or VIDEO etc
    • Remove unnecessary options for 'automatic loading when loading older' and 'reply previews'
    • Greentext now has separate color slot for it
    • Removed the use of with_move parameters when fetching notifications
    • Push notifications now are the same as normal notfication, and are localized.
    • Updated Notification Settings to match new BE API

    Fixed

    • Custom Emoji will display in poll options now.
    • Status ellipsis menu closes properly when selecting certain options
    • Cropped images look correct in Chrome
    • Newlines in the muted words settings work again
    • Clicking on non-latin hashtags won't open a new window
    • Uploading and drag-dropping multiple files works correctly now.
    • Subject field now appears disabled when posting
    • Fix status ellipsis menu being cut off in notifications column
    • Fixed autocomplete sometimes not returning the right user when there's already some results
    • Videos and audio and misc files show description as alt/title properly now
    • Clicking on non-image/video files no longer opens an empty modal
    • Audio files can now be played back in the frontend with hidden attachments
    • Videos are not cropped awkwardly in the uploads section anymore
    • Reply filtering options in Settings -> Filtering now work again using filtering on server
    • Don't show just blank-screen when cookies are disabled
    • Add status idempotency to prevent accidental double posting when posting returns an error
    • Weird bug related to post being sent seemingly after pasting with keyboard (hopefully)
    • Multiple issues with muted statuses/notifications

    Backend changes

    Changed

    • Breaking: The default descriptions on uploads are now empty. The old behavior (filename as default) can be configured, see the cheat sheet.
    • Breaking: Added the ObjectAgePolicy to the default set of MRFs. This will delist and strip the follower collection of any message received that is older than 7 days. This will stop users from seeing very old messages in the timelines. The messages can still be viewed on the user's page and in conversations. They also still trigger notifications.
    • Breaking: Elixir >=1.9 is now required (was >= 1.8)
    • Breaking: Configuration: :auto_linker, :opts moved to :pleroma, Pleroma.Formatter. Old config namespace is deprecated.
    • Breaking: Configuration: :instance, welcome_user_nickname moved to :welcome, :direct_message, :sender_nickname, :instance, :welcome_message moved to :welcome, :direct_message, :message. Old config namespace is deprecated.
    • Breaking: LDAP: Fallback to local database authentication has been removed for security reasons and lack of a mechanism to ensure the passwords are synchronized when LDAP passwords are updated.
    • Breaking Changed defaults for :restrict_unauthenticated so that when :instance, :public is set to false then all :restrict_unauthenticated items be effectively set to true. If you'd like to allow unauthenticated access to specific API endpoints on a private instance, please explicitly set :restrict_unauthenticated to non-default value in config/prod.secret.exs.
    • In Conversations, return only direct messages as last_status
    • Using the only_media filter on timelines will now exclude reblog media
    • MFR policy to set global expiration for all local Create activities
    • OGP rich media parser merged with TwitterCard
    • Configuration: :instance, rewrite_policy moved to :mrf, policies, :instance, :mrf_transparency moved to :mrf, :transparency, :instance, :mrf_transparency_exclusions moved to :mrf, :transparency_exclusions. Old config namespace is deprecated.
    • Configuration: :media_proxy, whitelist format changed to host with scheme (e.g. http://example.com instead of example.com). Domain format is deprecated.
    API Changes
    • Breaking: Pleroma API: The routes to update avatar, banner and background have been removed.
    • Breaking: Image description length is limited now.
    • Breaking: Emoji API: changed methods and renamed routes.
    • Breaking: Notification Settings API for suppressing notifications has been simplified down to block_from_strangers.
    • Breaking: Notification Settings API option for hiding push notification contents has been renamed to hide_notification_contents.
    • MastodonAPI: Allow removal of avatar, banner and background.
    • Streaming: Repeats of a user's posts will no longer be pushed to the user's stream.
    • Mastodon API: Added pleroma.metadata.fields_limits to /api/v1/instance
    • Mastodon API: On deletion, returns the original post text.
    • Mastodon API: Add pleroma.unread_count to the Marker entity.
    • Mastodon API: Added pleroma.metadata.post_formats to /api/v1/instance
    • Mastodon API (legacy): Allow query parameters for /api/v1/domain_blocks, e.g. /api/v1/domain_blocks?domain=badposters.zone
    • Mastodon API: Make notifications about statuses from muted users and threads read automatically
    • Pleroma API: /api/pleroma/captcha responses now include seconds_valid with an integer value.
    Admin API Changes
    • Breaking Changed relay /api/pleroma/admin/relay endpoints response format.
    • Status visibility stats: now can return stats per instance.
    • Mix task to refresh counter cache (mix pleroma.refresh_counter_cache)

    Removed

    • Breaking: removed with_move parameter from notifications timeline.

    Added

    • Frontends: Add mix task to install frontends.
    • Frontends: Add configurable frontends for primary and admin fe.
    • Configuration: Added a blacklist for email servers.
    • Chats: Added accepts_chat_messages field to user, exposed in APIs and federation.
    • Chats: Added support for federated chats. For details, see the docs.
    • ActivityPub: Added support for existing AP ids for instances migrated from Mastodon.
    • Instance: Add background_image to configuration and /api/v1/instance
    • Instance: Extend /api/v1/instance with Pleroma-specific information.
    • NodeInfo: pleroma:api/v1/notifications:include_types_filter to the features list.
    • NodeInfo: pleroma_emoji_reactions to the features list.
    • Configuration: :restrict_unauthenticated setting, restrict access for unauthenticated users to timelines (public and federate), user profiles and statuses.
    • Configuration: Add :database_config_whitelist setting to whitelist settings which can be configured from AdminFE.
    • Configuration: filename_display_max_length option to set filename truncate limit, if filename display enabled (0 = no limit).
    • New HTTP adapter gun. Gun adapter requires minimum OTP version of 22.2 otherwise Pleroma won’t start. For hackney OTP update is not required.
    • Mix task to create trusted OAuth App.
    • Mix task to reset MFA for user accounts
    • Notifications: Added follow_request notification type.
    • Added :reject_deletes group to SimplePolicy
    • MRF (EmojiStealPolicy): New MRF Policy which allows to automatically download emojis from remote instances
    • Support pagination in emoji packs API (for packs and for files in pack)
    • Support for viewing instances favicons next to posts and accounts
    • Added Pleroma.Upload.Filter.Exiftool as an alternate EXIF stripping mechanism targeting GPS/location metadata.
    • "By approval" registrations mode.
    • Configuration: Added :welcome settings for the welcome message to newly registered users. You can send a welcome message as a direct message, chat or email.
    • Ability to hide favourites and emoji reactions in the API with [:instance, :show_reactions] config.
    API Changes
    • Mastodon API: Add pleroma.parent_visible field to statuses.
    • Mastodon API: Extended /api/v1/instance.
    • Mastodon API: Support for include_types in /api/v1/notifications.
    • Mastodon API: Added /api/v1/notifications/:id/dismiss endpoint.
    • Mastodon API: Add support for filtering replies in public and home timelines.
    • Mastodon API: Support for bot field in /api/v1/accounts/update_credentials.
    • Mastodon API: Support irreversible property for filters.
    • Mastodon API: Add pleroma.favicon field to accounts.
    • Admin API: endpoints for create/update/delete OAuth Apps.
    • Admin API: endpoint for status view.
    • OTP: Add command to reload emoji packs

    Fixed

    • Support pagination in conversations API
    • Breaking: SimplePolicy :reject and :accept allow deletions again
    • Fix follower/blocks import when nicknames starts with @
    • Filtering of push notifications on activities from blocked domains
    • Resolving Peertube accounts with Webfinger
    • blob: urls not being allowed by connect-src CSP
    • Mastodon API: fix GET /api/v1/notifications not returning the full result set
    • Rich Media Previews for Twitter links
    • Admin API: fix GET /api/pleroma/admin/users/:nickname/credentials returning 404 when getting the credentials of a remote user while :instance, :limit_to_local_content is set to :unauthenticated
    • Fix CSP policy generation to include remote Captcha services
    • Fix edge case where MediaProxy truncates media, usually caused when Caddy is serving content for the other Federated instance.
    • Emoji Packs could not be listed when instance was set to public: false
    • Fix whole_word always returning false on filter get requests
    • Migrations not working on OTP releases if the database was connected over ssl
    • Fix relay following

    AdminFE changes

    Added

    • Create /statuses/:id route that shows single status
    • Add link to the user's account in Pleroma on the user's profile page
    • On Reports page add links to reported account and the author of the report
    • In Notes add link to the note author's profile page
    • In Moderation log add link to the actor's profile page
    • Support pagination of local emoji packs and files
    • Add MRF Activity Expiration setting
    • Add ability to disable multi-factor authentication for a user
    • Add ability to configure Invalidation settings on MediaProxy tab
    • Ability to configure S3 settings on Upload tab, Pleroma.Web.ApiSpec.CastAndValidate and :modules settings on Other tab, :pools, :connections_pool and :hackney_pools settings on Job Queue tab, :restrict_unauthenticated settings on Authentication tab, :favicons and :welcome settings on Instance tab, :frontends and Pleroma.Web.Preload settings on Frontend tab
    • Show number of open reports in Sidebar Menu
    • Add confirmation message when deleting a user
    • Add new MediaProxy Cache Tab with ability to manually evict and ban objects from the Pleroma MediaProxy cache
    • Allow managing user's actor_type field via Admin API

    Changed

    • Statuses count changes when an instance is selected and shows the amount of statuses from an originating instance
    • Add a confirmation dialog window when Remove button is clicked on the Settings page
    • Disable tab on the Settings page if there are no settings on this tab that can be changed in Admin FE
    • Settings that can't be altered in Admin FE are removed: HTTP Signatures settings, Federation publisher modules and Oban Repo
    • When rendering user's profile, statuses, reports and notes check if required properties exist
    • Remove ability to moderate users that don't have valid nicknames
    • Displays both labels and description in the header of group of settiings
    • Ability to add custom values in Pleroma.Upload.Filter.Mogrify setting in the following format: '{"implode", "1"}'
    • Change types of the following settings: ':groups', ':replace', ':federated_timeline_removal', ':reject', ':match_actor'. Update functions that parses and wraps settings data according to this change.
    • Move rendering Crontab setting from a separate component to EditableKeyword component
    • Show only those MRF settings that have been enabled in MRF Policies setting
    • Move Auto Linker settings to Link Formatter Tab as its configuration was moved to :pleroma, Pleroma.Formatter
    • Active and Local filters are applied by default on the Users tab

    Fixed

    • Send true and false as booleans if they are values of single selects on the Settings page
    • Fix sorting users on Users page if there is an acount with missing nickname or ID
    • Add new type of settings: ['string', 'image']. Render Image upload Input depending on the type of setting, not its key
    • Fix displaying Pending tag and filtering by Pending Approval status
    • Fix following and unfollowing relays from Admin-FE, update mobile UI
  • v2.0.7
    Release v2.0.7

    [2.0.7] - 2020-06-13

    Security

    • Fix potential DoSes exploiting atom leaks in rich media parser and the UserAllowListPolicy MRF policy

    Fixed

    • CSP: not allowing images/media from every host when mediaproxy is disabled
    • CSP: not adding mediaproxy base url to image/media hosts
    • StaticFE missing the CSS file

    Upgrade notes

    1. Restart Pleroma
  • v2.0.6
    Release v2.0.6

    [2.0.6] - 2020-06-09

    Security

    • CSP: harden image-src and media-src when MediaProxy is used

    Fixed

    • AP C2S: Fix pagination in inbox/outbox
    • Various compilation errors on OTP 23
    • Mastodon API streaming: Repeats from muted threads not being filtered

    Changed

    • Various database performance improvements

    Upgrade notes

    1. Run database migrations (inside Pleroma directory):
    • OTP: ./bin/pleroma_ctl migrate
    • From Source: mix ecto.migrate
    1. Restart Pleroma
  • v2.0.5
    Release v2.0.5

    [2.0.5] 2020-05-13

    Backend changes

    Security

    • Fix possible private status leaks in Mastodon Streaming API

    Fixed

    • Crashes when trying to block a user if block federation is disabled
    • Not being able to start the instance without erlang-eldap installed
    • Users with bios over the limit getting rejected
    • Follower counters not being updated on incoming follow accepts

    Pleroma-FE changes

    Added

    • Private notifications option for push notifications
    • 'Copy link' button for statuses (in the ellipsis menu)

    Changed

    • Registration page no longer requires email if the server is configured not to require it

    Fixed

    • Status ellipsis menu closes properly when selecting certain options

    Upgrade notes

    1. Restart Pleroma
  • v2.0.4
    Release v2.0.4

    [2.0.4] - 2020-05-10

    Security

    • AP C2S: Fix a potential DoS by creating nonsensical objects that break timelines

    Fixed

    • Peertube user lookups not working
    • InsertSkeletonsForDeletedUsers migration failing on some instances
    • Healthcheck reporting the number of memory currently used, rather than allocated in total
    • LDAP not being usable in OTP releases
    • Default apache configuration having tls chain issues

    Upgrade notes

    Apache only

    1. Remove the following line from your config:
        SSLCertificateFile      /etc/letsencrypt/live/${servername}/cert.pem

    Everyone

    1. Restart Pleroma
  • v2.0.3
    Release v2.0.3

    [2.0.3] - 2020-05-02

    Security

    • Disallow re-registration of previously deleted users, which allowed viewing direct messages addressed to them
    • Mastodon API: Fix POST /api/v1/follow_requests/:id/authorize allowing to force a follow from a local user even if they didn't reques t to follow
    • CSP: Sandbox uploads

    Fixed

    • Notifications from blocked domains
    • Potential federation issues with Mastodon versions before 3.0.0
    • HTTP Basic Authentication permissions issue
    • Follow/Block imports not being able to find the user if the nickname started with an @
    • Instance stats counting internal users
    • Inability to run a From Source release without git
    • ObjectAgePolicy didn't filter out old messages
    • blob: urls not being allowed by CSP

    Added

    • NodeInfo: ObjectAgePolicy settings to the federation list.
    • Follow request notifications
    API Changes - Admin API: `GET /api/pleroma/admin/need_reboot`.

    Upgrade notes

    1. Restart Pleroma
    2. Run database migrations (inside Pleroma directory):
    • OTP: ./bin/pleroma_ctl migrate
    • From Source: mix ecto.migrate
  • v2.0.2
    Release v2.0.2

    [2.0.2] - 2020-04-08

    Added

    • Support for Funkwhale's Audio activity
    • Admin API: PATCH /api/pleroma/admin/users/:nickname/update_credentials

    Fixed

    • Blocked/muted users still generating push notifications
    • Input textbox for bio ignoring newlines
    • OTP: Inability to use PostgreSQL databases with SSL
    • user delete_activities breaking when trying to delete already deleted posts
    • Incorrect URL for Funkwhale channels

    Upgrade notes

    1. Restart Pleroma
  • v2.0.1
    Release v2.0.1

    [2.0.1] - 2020-03-15

    Security

    • Static-FE: Fix remote posts not being sanitized

    Fixed

    • Rate limiter crashes when there is no explicitly specified ip in the config
    • 500 errors when no Accept header is present if Static-FE is enabled
    • Instance panel not being updated immediately due to wrong Cache-Control headers
    • Statuses posted with BBCode/Markdown having unncessary newlines in Pleroma-FE
    • OTP: Fix some settings not being migrated to in-database config properly
    • No Cache-Control headers on attachment/media proxy requests
    • Character limit enforcement being off by 1
    • Mastodon Streaming API: hashtag timelines not working

    Changed

    • BBCode and Markdown formatters will no longer return any \n and only use <br/> for newlines
    • Mastodon API: Allow registration without email if email verification is not enabled

    Upgrade notes

    Nginx only

    1. Remove proxy_ignore_headers Cache-Control; and proxy_hide_header Cache-Control; from your config.

    Everyone

    1. Run database migrations (inside Pleroma directory):
    • OTP: ./bin/pleroma_ctl migrate
    • From Source: mix ecto.migrate
    1. Restart Pleroma
  • v2.0.0
    Release v2.0.0

    [2.0.0] - 2019-03-08

    Security

    • Mastodon API: Fix being able to request enourmous amount of statuses in timelines leading to DoS. Now limited to 40 per request.

    Removed

    • Breaking: Removed 1.0+ deprecated configurations Pleroma.Upload, :strip_exif and :instance, :dedupe_media
    • Breaking: OStatus protocol support
    • Breaking: MDII uploader
    • Breaking: Using third party engines for user recommendation
    API Changes - **Breaking**: AdminAPI: migrate_from_db endpoint

    Changed

    • Breaking: Pleroma won't start if it detects unapplied migrations
    • Breaking: Elixir >=1.8 is now required (was >= 1.7)
    • Breaking: Pleroma.Plugs.RemoteIp and :rate_limiter enabled by default. Please ensure your reverse proxy forwards the real IP!
    • Breaking: attachment links (config :pleroma, :instance, no_attachment_links and config :pleroma, Pleroma.Upload, link_name) disabled by default
    • Breaking: OAuth: defaulted [:auth, :enforce_oauth_admin_scope_usage] setting to true which demands admin OAuth scope to perform admin actions (in addition to is_admin flag on User); make sure to use bundled or newer versions of AdminFE & PleromaFE to access admin / moderator features.
    • Breaking: Dynamic configuration has been rearchitected. The :pleroma, :instance, dynamic_configuration setting has been replaced with config :pleroma, configurable_from_database. Please backup your configuration to a file and run the migration task to ensure consistency with the new schema.
    • Breaking: :instance, no_attachment_links has been replaced with :instance, attachment_links which still takes a boolean value but doesn't use double negative language.
    • Replaced pleroma_job_queue and Pleroma.Web.Federator.RetryQueue with Oban (see docs/config.md on migrating customized worker / retry settings)
    • Introduced quantum job scheduler
    • Enabled :instance, extended_nickname_format in the default config
    • Add rel="ugc" to all links in statuses, to prevent SEO spam
    • Extract RSS functionality from OStatus
    • MRF (Simple Policy): Also use :accept/:reject on the actors rather than only their activities
    • OStatus: Extract RSS functionality
    • Deprecated User.Info embedded schema (fields moved to User)
    • Store status data inside Flag activity
    • Deprecated (reorganized as UserRelationship entity) User fields with user AP IDs (blocks, mutes, muted_reblogs, muted_notifications, subscribers).
    • Rate limiter is now disabled for localhost/socket (unless remoteip plug is enabled)
    • Logger: default log level changed from warn to info.
    • Config mix task migrate_to_db truncates config table before migrating the config file.
    • Default to prepare: :unnamed in the database configuration.
    • Instance stats are now loaded on startup instead of being empty until next hourly job.
    API Changes
    • Breaking EmojiReactions: Change endpoints and responses to align with Mastodon
    • Breaking Admin API: PATCH /api/pleroma/admin/users/:nickname/force_password_reset is now PATCH /api/pleroma/admin/users/force_password_reset (accepts nicknames array in the request body)
    • Breaking: Admin API: Return link alongside with token on password reset
    • Breaking: Admin API: PUT /api/pleroma/admin/reports/:id is now PATCH /api/pleroma/admin/reports, see admin_api.md for details
    • Breaking: /api/pleroma/admin/users/invite_token now uses POST, changed accepted params and returns full invite in json instead of only token string.
    • Breaking replying to reports is now "report notes", enpoint changed from POST /api/pleroma/admin/reports/:id/respond to POST /api/pleroma/admin/reports/:id/notes
    • Mastodon API: stopped sanitizing display names, field names and subject fields since they are supposed to be treated as plaintext
    • Admin API: Return total when querying for reports
    • Mastodon API: Return pleroma.direct_conversation_id when creating a direct message (POST /api/v1/statuses)
    • Admin API: Return link alongside with token on password reset
    • Admin API: Support authentication via x-admin-token HTTP header
    • Mastodon API: Add pleroma.direct_conversation_id to the status endpoint (GET /api/v1/statuses/:id)
    • Mastodon API: pleroma.thread_muted to the Status entity
    • Mastodon API: Mark the direct conversation as read for the author when they send a new direct message
    • Mastodon API, streaming: Add pleroma.direct_conversation_id to the conversation stream event payload.
    • Admin API: Render whole status in grouped reports
    • Mastodon API: User timelines will now respect blocks, unless you are getting the user timeline of somebody you blocked (which would be empty otherwise).
    • Mastodon API: Favoriting / Repeating a post multiple times will now return the identical response every time. Before, executing that action twice would return an error ("already favorited") on the second try.
    • Mastodon API: Limit timeline requests to 3 per timeline per 500ms per user/ip by default.

    Added

    • :chat_limit option to limit chat characters.
    • cleanup_attachments option to remove attachments along with statuses. Does not affect duplicate files and attachments without status. Enabling this will increase load to database when deleting statuses on larger instances.
    • Refreshing poll results for remote polls
    • Authentication: Added rate limit for password-authorized actions / login existence checks
    • Static Frontend: Add the ability to render user profiles and notices server-side without requiring JS app.
    • Mix task to re-count statuses for all users (mix pleroma.count_statuses)
    • Mix task to list all users (mix pleroma.user list)
    • Mix task to send a test email (mix pleroma.email test)
    • Support for X-Forwarded-For and similar HTTP headers which used by reverse proxies to pass a real user IP address to the backend. Must not be enabled unless your instance is behind at least one reverse proxy (such as Nginx, Apache HTTPD or Varnish Cache).
    • MRF: New module which handles incoming posts based on their age. By default, all incoming posts that are older than 2 days will be unlisted and not shown to their followers.
    • User notification settings: Add privacy_option option.
    • Support for custom Elixir modules (such as MRF policies)
    • User settings: Add This account is a option.
    • A new users admin digest email
    • OAuth: admin scopes support (relevant setting: [:auth, :enforce_oauth_admin_scope_usage]).
    • Add an option authorized_fetch_mode to require HTTP signatures for AP fetches.
    • ActivityPub: support for replies collection (output for outgoing federation & fetching on incoming federation).
    • Mix task to refresh counter cache (mix pleroma.refresh_counter_cache)
    API Changes
    • Job queue stats to the healthcheck page
    • Admin API: Add ability to fetch reports, grouped by status GET /api/pleroma/admin/grouped_reports
    • Admin API: Add ability to require password reset
    • Mastodon API: Account entities now include follow_requests_count (planned Mastodon 3.x addition)
    • Pleroma API: GET /api/v1/pleroma/accounts/:id/scrobbles to get a list of recently scrobbled items
    • Pleroma API: POST /api/v1/pleroma/scrobble to scrobble a media item
    • Mastodon API: Add upload_limit, avatar_upload_limit, background_upload_limit, and banner_upload_limit to /api/v1/instance
    • Mastodon API: Add pleroma.unread_conversation_count to the Account entity
    • OAuth: support for hierarchical permissions / Mastodon 2.4.3 OAuth permissions
    • Metadata Link: Atom syndication Feed
    • Mix task to re-count statuses for all users (mix pleroma.count_statuses)
    • Mastodon API: Add exclude_visibilities parameter to the timeline and notification endpoints
    • Admin API: /users/:nickname/toggle_activation endpoint is now deprecated in favor of: /users/activate, /users/deactivate, both accept nicknames array
    • Admin API: Multiple endpoints now require nicknames array, instead of singe nickname:
      • POST/DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group are deprecated in favor of: POST/DELETE /api/pleroma/admin/users/permission_group/:permission_group
      • DELETE /api/pleroma/admin/users (nickname query param or nickname sent in JSON body) is deprecated in favor of: DELETE /api/pleroma/admin/users (nicknames query array param or nicknames sent in JSON body)
    • Admin API: Add GET /api/pleroma/admin/relay endpoint - lists all followed relays
    • Pleroma API: POST /api/v1/pleroma/conversations/read to mark all conversations as read
    • ActivityPub: Support Move activities
    • Mastodon API: Add /api/v1/markers for managing timeline read markers
    • Mastodon API: Add the recipients parameter to GET /api/v1/conversations
    • Configuration: feed option for user atom feed.
    • Pleroma API: Add Emoji reactions
    • Admin API: Add /api/pleroma/admin/instances/:instance/statuses - lists all statuses from a given instance
    • Admin API: Add /api/pleroma/admin/users/:nickname/statuses - lists all statuses from a given user
    • Admin API: PATCH /api/pleroma/users/confirm_email to confirm email for multiple users, PATCH /api/pleroma/users/resend_confirmation_email to resend confirmation email for multiple users
    • ActivityPub: Configurable type field of the actors.
    • Mastodon API: /api/v1/accounts/:id has source/pleroma/actor_type field.
    • Mastodon API: /api/v1/update_credentials accepts actor_type field.
    • Captcha: Support native provider
    • Captcha: Enable by default
    • Mastodon API: Add support for account_id param to filter notifications by the account
    • Mastodon API: Add emoji_reactions property to Statuses
    • Mastodon API: Change emoji reaction reply format
    • Notifications: Added pleroma:emoji_reaction notification type
    • Mastodon API: Change emoji reaction reply format once more
    • Configuration: feed.logo option for tag feed.
    • Tag feed: /tags/:tag.rss - list public statuses by hashtag.
    • Mastodon API: Add reacted property to emoji_reactions
    • Pleroma API: Add reactions for a single emoji.
    • ActivityPub: [:activitypub, :note_replies_output_limit] setting sets the number of note self-replies to output on outgoing federation.
    • Admin API: GET /api/pleroma/admin/stats to get status count by visibility scope
    • Admin API: GET /api/pleroma/admin/statuses - list all statuses (accepts godmode and local_only)

    Fixed

    • Report emails now include functional links to profiles of remote user accounts
    • Not being able to log in to some third-party apps when logged in to MastoFE
    • MRF: Delete activities being exempt from MRF policies
    • OTP releases: Not being able to configure OAuth expired token cleanup interval
    • OTP releases: Not being able to configure HTML sanitization policy
    • OTP releases: Not being able to change upload limit (again)
    • Favorites timeline now ordered by favorite date instead of post date
    • Support for cancellation of a follow request
    API Changes
    • Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (GET /api/v1/timelines/public)
    • Mastodon API: Inability to get some local users by nickname in /api/v1/accounts/:id_or_nickname
    • AdminAPI: If some status received reports both in the "new" format and "old" format it was considered reports on two different statuses (in the context of grouped reports)
    • Admin API: Error when trying to update reports in the "old" format
    • Mastodon API: Marking a conversation as read (POST /api/v1/conversations/:id/read) now no longer brings it to the top in the user's direct conversation list
  • v1.1.9
    Release v1.1.9

    Fixed

    • OTP: Inability to set the upload limit (again)
    • Not being able to pin polls
    • Streaming API: incorrect handling of reblog mutes
    • Rejecting the user when field length limit is exceeded
    • OpenGraph provider: html entities in descriptions
  • v1.1.8
    Release v1.1.8

    [1.1.8] - 2020-01-10

    Fixed

    • Captcha generation issues
    • Returned Kocaptcha endpoint to configuration
    • Captcha validity is now 5 minutes
  • v1.1.7
    Release v1.1.7

    [1.1.7] - 2019-12-14

    Fixed

    • OTP: Inability to set the upload limit
    • OTP: Inability to override node name/distribution type to run 2 Pleroma instances on the same machine

    Added

    • Integrated captcha provider

    Changed

    • Captcha enabled by default
    • Default Captcha provider changed from Pleroma.Captcha.Kocaptcha to Pleroma.Captcha.Native
    • Better Cache-Control header for static content

    Bundled Pleroma-FE Changes

    Added

    • Icons in the navigation panel

    Fixed

    • Improved support unauthenticated view of private instances

    Removed

    • Whitespace hack on empty post content
  • v1.1.6
    Release v1.1.6

    [1.1.6] - 2019-11-19

    Fixed

    • Not being able to log into to third party apps when the browser is logged into mastofe
    • Email confirmation not being required even when enabled
    • Mastodon API: conversations API crashing when one status is malformed

    Bundled Pleroma-FE Changes

    Added

    • About page
    • Meme arrows

    Fixed

    • Image modal not closing unless clicked outside of image
    • Attachment upload spinner not being centered
    • Showing follow counters being 0 when they are actually hidden
  • v1.1.5   Retag with a version bump
    36f4382b · Bump mix.exs version ·
    Release v1.1.5

    [1.1.5] - 2019-11-09

    Fixed

    • Polls having different numbers in timelines/notifications/poll api endpoints due to cache desyncronization
    • Pleroma API: OAuth token endpoint not being found when ".json" suffix is appended

    Changed

  • v1.1.4   1.1.4 release.
    Release v1.1.4

    [1.1.4] - 2019-11-01

    Fixed

    • Added a migration that fills up empty user.info fields to prevent breakage after previous unsafe migrations.
    • Failure to migrate from pre-1.0.0 versions
    • Mastodon API: Notification stream not including follow notifications
  • v1.1.3
    Release v1.1.3

    [1.1.3] - 2019-10-25

    Fixed

    • Blocked users showing up in notifications collapsed as if they were muted
    • pleroma_ctl not working on Debian's default shell
  • v1.1.2
    Release v1.1.2

    [1.1.2] - 2019-10-18

    Fixed

    • pleroma_ctl trying to connect to a running instance when generating the config, which of course doesn't exist.
  • v1.1.1
    Release v1.1.1

    [1.1.1] - 2019-10-18

    Fixed

    • One of the migrations between 1.0.0 and 1.1.0 wiping user info of the relay user because of unexpected behavior of postgresql's jsonb_set, resulting in inability to post in the default configuration. If you were affected, please run the following query in postgres console, the relay user will be recreated automatically:
    delete from users where ap_id = 'https://your.instance.hostname/relay';
    • Bad user search matches