[1.1.0] - 2019-10-14

Breaking: The stable branch has been changed from master to stable. If you want to keep using 1.0, the release/1.0 branch will receive security updates for 6 months after 1.1 release.

OTP Note: pleroma_ctl in 1.0 defaults to master and doesn't support specifying arbitrary branches, making ./pleroma_ctl update fail. To fix this, fetch a version of pleroma_ctl from 1.1 using the command below and proceed with the update normally:

curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/develop/rel/files/bin/pleroma_ctl'

Security

  • Mastodon API: respect post privacy in /api/v1/statuses/:id/{favourited,reblogged}_by

Removed

  • Breaking: GNU Social API with Qvitter extensions support
  • Emoji: Remove longfox emojis.
  • Remove Reply-To header from report emails for admins.
  • ActivityPub: The /objects/:uuid/likes endpoint.

Changed

  • Breaking: Configuration: A setting to explicitly disable the mailer was added, defaulting to true, if you are using a mailer add config :pleroma, Pleroma.Emails.Mailer, enabled: true to your config
  • Breaking: Configuration: /media/ is now removed when base_url is configured, append /media/ to your base_url config to keep the old behaviour if desired
  • Breaking: /api/pleroma/notifications/read is moved to /api/v1/pleroma/notifications/read and now supports max_id and responds with Mastodon API entities.
  • Configuration: added config/description.exs, from which docs/config.md is generated
  • Configuration: OpenGraph and TwitterCard providers enabled by default
  • Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text
  • Federation: Return 403 errors when trying to request pages from a user's follower/following collections if they have hide_followers/hide_follows set
  • NodeInfo: Return skipThreadContainment in metadata for the skip_thread_containment option
  • NodeInfo: Return mailerEnabled in metadata
  • Mastodon API: Unsubscribe followers when they unfollow a user
  • Mastodon API: pleroma.thread_muted key in the Status entity
  • AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses)
  • Improve digest email template – Pagination: (optional) return total alongside with items when paginating
  • The Pleroma.FlakeId module has been replaced with the flake_id library.

Fixed

  • Following from Osada
  • Favorites timeline doing database-intensive queries
  • Metadata rendering errors resulting in the entire page being inaccessible
  • federation_incoming_replies_max_depth option being ignored in certain cases
  • Mastodon API: Handling of search timeouts (/api/v1/search and /api/v2/search)
  • Mastodon API: Misskey's endless polls being unable to render
  • Mastodon API: Embedded relationships not being properly rendered in the Account entity of Status entity
  • Mastodon API: Notifications endpoint crashing if one notification failed to render
  • Mastodon API: exclude_replies is correctly handled again.
  • Mastodon API: Add account_id, type, offset, and limit to search API (/api/v1/search and /api/v2/search)
  • Mastodon API, streaming: Fix filtering of notifications based on blocks/mutes/thread mutes
  • Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (GET /api/v1/timelines/public)
  • Mastodon API: Ensure the account field is not empty when rendering Notification entities.
  • Mastodon API: Inability to get some local users by nickname in /api/v1/accounts/:id_or_nickname
  • Mastodon API: Blocks are now treated consistently between the Streaming API and the Timeline APIs
  • Rich Media: Parser failing when no TTL can be found by image TTL setters
  • Rich Media: The crawled URL is now spliced into the rich media data.
  • ActivityPub S2S: sharedInbox usage has been mostly aligned with the rules in the AP specification.
  • ActivityPub C2S: follower/following collection pages being inaccessible even when authentifucated if hide_followers/ hide_follows was set
  • ActivityPub: Deactivated user deletion
  • ActivityPub: Fix /users/:nickname/inbox crashing without an authenticated user
  • MRF: fix ability to follow a relay when AntiFollowbotPolicy was enabled
  • ActivityPub: Correct addressing of Undo.
  • ActivityPub: Correct addressing of profile update activities.
  • ActivityPub: Polls are now refreshed when necessary.
  • Report emails now include functional links to profiles of remote user accounts
  • Existing user id not being preserved on insert conflict
  • Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected.
  • Report email not being sent to admins when the reporter is a remote user
  • Reverse Proxy limiting max_body_length was incorrectly defined and only checked Content-Length headers which may not be sufficient in some circumstances

Added

  • Expiring/ephemeral activites. All activities can have expires_at value set, which controls when they should be deleted automatically.
  • Mastodon API: in post_status, the expires_in parameter lets you set the number of seconds until an activity expires. It must be at least one hour.
  • Mastodon API: all status JSON responses contain a pleroma.expires_at item which states when an activity will expire. The value is only shown to the user who created the activity. To everyone else it's empty.
  • Configuration: ActivityExpiration.enabled controls whether expired activites will get deleted at the appropriate time. Enabled by default.
  • Conversations: Add Pleroma-specific conversation endpoints and status posting extensions. Run the bump_all_conversations task again to create the necessary data.
  • MRF: Support for priming the mediaproxy cache (Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy)
  • MRF: Support for excluding specific domains from Transparency.
  • MRF: Support for filtering posts based on who they mention (Pleroma.Web.ActivityPub.MRF.MentionPolicy)
  • Mastodon API: Support for the tagged filter in GET /api/v1/accounts/:id/statuses
  • Mastodon API, streaming: Add support for passing the token in the Sec-WebSocket-Protocol header
  • Mastodon API, extension: Ability to reset avatar, profile banner, and background
  • Mastodon API: Add support for fields_attributes API parameter (setting custom fields)
  • Mastodon API: Add support for categories for custom emojis by reusing the group feature. https://github.com/tootsuite/mastodon/pull/11196
  • Mastodon API: Add support for muting/unmuting notifications
  • Mastodon API: Add support for the blocked_by attribute in the relationship API (GET /api/v1/accounts/relationships). https://github.com/tootsuite/mastodon/pull/10373
  • Mastodon API: Add support for the domain_blocking attribute in the relationship API (GET /api/v1/accounts/relationships).
  • Mastodon API: Add pleroma.deactivated to the Account entity
  • Mastodon API: added /auth/password endpoint for password reset with rate limit.
  • Mastodon API: /api/v1/accounts/:id/statuses now supports nicknames or user id
  • Mastodon API: Improve support for the user profile custom fields
  • Mastodon API: Add support for fields_attributes API parameter (setting custom fields)
  • Mastodon API: Added an endpoint to get multiple statuses by IDs (GET /api/v1/statuses/?ids[]=1&ids[]=2)
  • Admin API: Return users' tags when querying reports
  • Admin API: Return avatar and display name when querying users
  • Admin API: Allow querying user by ID
  • Admin API: Added support for tuples.
  • Admin API: Added endpoints to run mix tasks pleroma.config migrate_to_db & pleroma.config migrate_from_db
  • Added synchronization of following/followers counters for external users
  • Configuration: enabled option for Pleroma.Emails.Mailer, defaulting to false.
  • Configuration: Pleroma.Plugs.RateLimiter bucket_name, params options.
  • Configuration: user_bio_length and user_name_length options.
  • Addressable lists
  • Twitter API: added rate limit for /api/account/password_reset endpoint.
  • ActivityPub: Add an internal service actor for fetching ActivityPub objects.
  • ActivityPub: Optional signing of ActivityPub object fetches.
  • Admin API: Endpoint for fetching latest user's statuses
  • Pleroma API: Add /api/v1/pleroma/accounts/confirmation_resend?email=<email> for resending account confirmation.
  • Pleroma API: Email change endpoint.
  • Admin API: Added moderation log
  • Web response cache (currently, enabled for ActivityPub)
  • Reverse Proxy: Do not retry failed requests to limit pressure on the peer

Changed

  • Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text
  • Admin API: changed json structure for saving config settings.
  • RichMedia: parsers and their order are configured in rich_media config.
  • RichMedia: add the rich media ttl based on image expiration time.