Mastodon API: Fix being able to request enourmous amount of statuses in timelines leading to DoS. Now limited to 40 per request.
Breaking: Removed 1.0+ deprecated configurations Pleroma.Upload, :strip_exif and :instance, :dedupe_media
Breaking: OStatus protocol support
Breaking: MDII uploader
Breaking: Using third party engines for user recommendation
- **Breaking**: AdminAPI: migrate_from_db endpoint
Breaking: Pleroma won't start if it detects unapplied migrations
Breaking: Elixir >=1.8 is now required (was >= 1.7)
Breaking:Pleroma.Plugs.RemoteIp and :rate_limiter enabled by default. Please ensure your reverse proxy forwards the real IP!
Breaking: attachment links (config :pleroma, :instance, no_attachment_links and config :pleroma, Pleroma.Upload, link_name) disabled by default
Breaking: OAuth: defaulted [:auth, :enforce_oauth_admin_scope_usage] setting to true which demands admin OAuth scope to perform admin actions (in addition to is_admin flag on User); make sure to use bundled or newer versions of AdminFE & PleromaFE to access admin / moderator features.
Breaking: Dynamic configuration has been rearchitected. The :pleroma, :instance, dynamic_configuration setting has been replaced with config :pleroma, configurable_from_database. Please backup your configuration to a file and run the migration task to ensure consistency with the new schema.
Breaking::instance, no_attachment_links has been replaced with :instance, attachment_links which still takes a boolean value but doesn't use double negative language.
Enabled :instance, extended_nickname_format in the default config
Add rel="ugc" to all links in statuses, to prevent SEO spam
Extract RSS functionality from OStatus
MRF (Simple Policy): Also use :accept/:reject on the actors rather than only their activities
OStatus: Extract RSS functionality
Deprecated User.Info embedded schema (fields moved to User)
Store status data inside Flag activity
Deprecated (reorganized as UserRelationship entity) User fields with user AP IDs (blocks, mutes, muted_reblogs, muted_notifications, subscribers).
Rate limiter is now disabled for localhost/socket (unless remoteip plug is enabled)
Logger: default log level changed from warn to info.
Config mix task migrate_to_db truncates config table before migrating the config file.
Default to prepare: :unnamed in the database configuration.
Instance stats are now loaded on startup instead of being empty until next hourly job.
Breaking EmojiReactions: Change endpoints and responses to align with Mastodon
Breaking Admin API: PATCH /api/pleroma/admin/users/:nickname/force_password_reset is now PATCH /api/pleroma/admin/users/force_password_reset (accepts nicknames array in the request body)
Breaking: Admin API: Return link alongside with token on password reset
Breaking: Admin API: PUT /api/pleroma/admin/reports/:id is now PATCH /api/pleroma/admin/reports, see admin_api.md for details
Breaking:/api/pleroma/admin/users/invite_token now uses POST, changed accepted params and returns full invite in json instead of only token string.
Breaking replying to reports is now "report notes", enpoint changed from POST /api/pleroma/admin/reports/:id/respond to POST /api/pleroma/admin/reports/:id/notes
Mastodon API: stopped sanitizing display names, field names and subject fields since they are supposed to be treated as plaintext
Admin API: Return total when querying for reports
Mastodon API: Return pleroma.direct_conversation_id when creating a direct message (POST /api/v1/statuses)
Admin API: Return link alongside with token on password reset
Admin API: Support authentication via x-admin-token HTTP header
Mastodon API: Add pleroma.direct_conversation_id to the status endpoint (GET /api/v1/statuses/:id)
Mastodon API: pleroma.thread_muted to the Status entity
Mastodon API: Mark the direct conversation as read for the author when they send a new direct message
Mastodon API, streaming: Add pleroma.direct_conversation_id to the conversation stream event payload.
Admin API: Render whole status in grouped reports
Mastodon API: User timelines will now respect blocks, unless you are getting the user timeline of somebody you blocked (which would be empty otherwise).
Mastodon API: Favoriting / Repeating a post multiple times will now return the identical response every time. Before, executing that action twice would return an error ("already favorited") on the second try.
Mastodon API: Limit timeline requests to 3 per timeline per 500ms per user/ip by default.
:chat_limit option to limit chat characters.
cleanup_attachments option to remove attachments along with statuses. Does not affect duplicate files and attachments without status. Enabling this will increase load to database when deleting statuses on larger instances.
Refreshing poll results for remote polls
Authentication: Added rate limit for password-authorized actions / login existence checks
Static Frontend: Add the ability to render user profiles and notices server-side without requiring JS app.
Mix task to re-count statuses for all users (mix pleroma.count_statuses)
Mix task to list all users (mix pleroma.user list)
Mix task to send a test email (mix pleroma.email test)
Support for X-Forwarded-For and similar HTTP headers which used by reverse proxies to pass a real user IP address to the backend. Must not be enabled unless your instance is behind at least one reverse proxy (such as Nginx, Apache HTTPD or Varnish Cache).
MRF: New module which handles incoming posts based on their age. By default, all incoming posts that are older than 2 days will be unlisted and not shown to their followers.
User notification settings: Add privacy_option option.
Support for custom Elixir modules (such as MRF policies)
User settings: Add This account is a option.
A new users admin digest email
OAuth: admin scopes support (relevant setting: [:auth, :enforce_oauth_admin_scope_usage]).
Add an option authorized_fetch_mode to require HTTP signatures for AP fetches.
ActivityPub: support for replies collection (output for outgoing federation & fetching on incoming federation).
Mix task to refresh counter cache (mix pleroma.refresh_counter_cache)
Job queue stats to the healthcheck page
Admin API: Add ability to fetch reports, grouped by status GET /api/pleroma/admin/grouped_reports
Admin API: Add ability to require password reset
Mastodon API: Account entities now include follow_requests_count (planned Mastodon 3.x addition)
Pleroma API: GET /api/v1/pleroma/accounts/:id/scrobbles to get a list of recently scrobbled items
Pleroma API: POST /api/v1/pleroma/scrobble to scrobble a media item
Mastodon API: Add upload_limit, avatar_upload_limit, background_upload_limit, and banner_upload_limit to /api/v1/instance
Mastodon API: Add pleroma.unread_conversation_count to the Account entity
Mix task to re-count statuses for all users (mix pleroma.count_statuses)
Mastodon API: Add exclude_visibilities parameter to the timeline and notification endpoints
Admin API: /users/:nickname/toggle_activation endpoint is now deprecated in favor of: /users/activate, /users/deactivate, both accept nicknames array
Admin API: Multiple endpoints now require nicknames array, instead of singe nickname:
POST/DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group are deprecated in favor of: POST/DELETE /api/pleroma/admin/users/permission_group/:permission_group
DELETE /api/pleroma/admin/users (nickname query param or nickname sent in JSON body) is deprecated in favor of: DELETE /api/pleroma/admin/users (nicknames query array param or nicknames sent in JSON body)
Admin API: Add GET /api/pleroma/admin/relay endpoint - lists all followed relays
Pleroma API: POST /api/v1/pleroma/conversations/read to mark all conversations as read
ActivityPub: Support Move activities
Mastodon API: Add /api/v1/markers for managing timeline read markers
Mastodon API: Add the recipients parameter to GET /api/v1/conversations
Configuration: feed option for user atom feed.
Pleroma API: Add Emoji reactions
Admin API: Add /api/pleroma/admin/instances/:instance/statuses - lists all statuses from a given instance
Admin API: Add /api/pleroma/admin/users/:nickname/statuses - lists all statuses from a given user
Admin API: PATCH /api/pleroma/users/confirm_email to confirm email for multiple users, PATCH /api/pleroma/users/resend_confirmation_email to resend confirmation email for multiple users
ActivityPub: Configurable type field of the actors.
Mastodon API: /api/v1/accounts/:id has source/pleroma/actor_type field.