v0.12.0-rc2

Hello hello! Another day another release candidate. We fixed a couple bugs that showed up in the first RC. Thank you for reporting those!

For full installation instructions and changes etc, please follow the rc1 release notes linked below, but replace rc1 with rc2 throughout.

https://github.com/superseriousbusiness/gotosocial/releases/tag/v0.12.0-rc1

Changelog

• 805c67b [bugfix] add missing "local" param in public timeline link headers (#2277)
• 77c5d74 [bugfix] Postgres error wrapping fix (#2276)
• 5250b57 [frontend/bugfix] bulk import export link (#2275)
• 0dfb260 [bugfix/frontend] Fix 'steal this look' emoji promise mapping (#2270)

v0.12.0-rc1

Hello!

Here's the first release candidate for version 0.12.0 of GoToSocial, codename SPAGHETTI SLOTH 🍝

Release highlights

This release brings initial support for different federation modes, starting with allowlist federation mode. You can now set your federation mode to allowlist, and then add and remove domain allows via the admin settings panel. You can read documentation on this feature here: https://docs.gotosocial.org/en/latest/admin/federation_modes/.

We revamped some other bits of the settings panel too, including adding a setting for the 'discoverable' flag, which is documented here: https://docs.gotosocial.org/en/latest/user_guide/settings/#mark-account-as-discoverable-by-search-engines-and-directories

And as usual we did a whole bunch of bug fixing, performance tweaks, and that sort of thing! It's a bit of a cliche to put that in release notes, but there you go.

We also started implementing some background functionality for poll support, but we didn't quite finish that in time for this release, so polls are not yet enabled. Next time!

Migration notes

Settings panel

You may get an error when using the new settings panel code for the first time, since we moved some stuff around. To resolve this, please try clearing cookies for the page using your browser settings, refreshing the page, and then logging in again.

Building frontend from source

If you build the frontend assets (settings panel, css, etc) yourself from source, please be aware that the instructions for building have changed slightly: https://github.com/superseriousbusiness/gotosocial/blob/main/CONTRIBUTING.md#stylesheet--web-dev

Upgrading

To upgrade to 0.12.0 from a previous release:

Binary/tar

1. Stop GoToSocial
2. Untar the new release, including the web assets and html templates.
3. Edit your config.yaml file as necessary (see below).
4. Start GoToSocial

Docker

1. Stop GoToSocial.
2. Pull the new docker container (superseriousbusiness/gotosocial:0.12.0-rc1 or superseriousbusiness/gotosocial:latest)
3. Start GoToSocial.

config.yaml

The configuration file has changed since the previous release. You can see a diff of the config file here: v0.11.1...v0.12.0-rc1#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622

Database Migrations

This release contains several database migrations which will run the first time you start up this new version. Be sure not to interrupt this migration process. This will take anywhere between a couple seconds and ten minutes (on slower hardware). Please be patient!

Detailed Changelog

Features + Performance

• 637f188 [feature] Allow import/export/creation of domain allows via admin panel (#2264)
• 6e50883 [performance] updates markdown parsing to reduce allocations in the same way as the plain text formatter (#2252)
• c6e00af [feature] tentatively start adding polls support (#2249)
• 736cd37 [frontend] Add discoverable flag to settings panel (#2235)
• 0cce2c0 [feature] Block a bunch of "AI" crawlers (#2239)
• 183eaa5 [feature] Implement explicit domain allows + allowlist federation mode (#2200)
• fc11dee [feature] add paging to AP following / followers endpoints (#2198)
• 7293d60 [feature] add paging to account follows, followers and follow requests endpoints (#2186)
• 4b59451 [feature] Allow admins to expire remote public keys; refetch expired keys on demand (#2183)
• 2cac5a4 [feature] Support Actor URIs for webfinger queries (#2187)
• 14ef098 [feature] Support OTLP HTTP, drop Jaeger (#2184)
• 5f10885 [feature] Don't trace non-existing routes (#2172)
• 3ed1ca6 [feature] Store admin actions in the db, prevent conflicting actions (#2167)
• 7b48437 [feature] list commands for both attachment and emojis (#2121)
• 8f38dc2 [feature] Add rate limit exceptions option, use ISO8601 for rate limit reset (#2151)
• 94d1663 [performance] Rework home timeline query to use cache more (#2148)
• 4ae16bc [feature] Make log format configurable (#2130)
• 638f023 [performance] Tweak media attachment cleanup; replace stale index (#2143)
• 1e2db7a [feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs (#2134)
• 92de8fb [feature] Instance rules (#2125)
• 42bb352 [feature] Add snapshot binary builds + uploads (#2119)

Bugfixes

• 2b6b9cd [bugfix] Fix paging for empty items (#2236)
• b6b8f82 [bugfix] Move follow.show_reblogs check further up to avoid showing unwanted reblogs in home timeline (#2234)
• 9f9fcf7 [bugfix] support both CollectionPage AND OrderedCollectionPage in status replies (#2220)
• ba0a31d [bugfix] fix flakey paging test (#2210)
• 916c6d0 [bugfix] fix checks for deref the same status descendants / ascendants (#2181)
• 4eb77ff [bugfix] move SQLite pragmas into connection string (#2171)
• 1ee99fc [bugfix] wrap bun.Tx to add our own error processing (#2169)
• 083e8f3 [bugfix/frontend] Normalize header sizes (#2152)
• d5d6ad4 [bugfix] fix double firing bun.DB query hooks (#2124)

Chores + version bumps

• 48725f7 [chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.25 to 1.0.26 (#2266)
• 39e22a9 [chore]: Bump golang.org/x/net from 0.16.0 to 0.17.0 (#2262)
• 37fe8ae [chore]: Bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (#2258)
• 274dfb5 [chore]: Bump golang.org/x/image from 0.12.0 to 0.13.0 (#2256)
• abd598e [chore]: Bump github.com/abema/go-mp4 from 1.0.0 to 1.1.1 (#2257)
• 5aeceb5 [chore]: Bump golang.org/x/net from 0.15.0 to 0.16.0 (#2260)
• d173fcd [chore] Convert some settings / admin panel JS to TypeScript (#2247)
• 297b6ee [chore] internal/ap: add pollable AS types, code reformatting, general niceties (#2248)
• a1ab2c2 [chore]: Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.18.0 to 1.19.0 (#2246)
• 118b546 [chore]: Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#2244)
• 21f0517 [chore]: Bump modernc.org/sqlite from 1.25.0 to 1.26.0 (#2243)
• 088daef [chore]: Bump go.opentelemetry.io/otel/sdk from 1.18.0 to 1.19.0 (#2242)
• 536d9e4 [chore/bugfix] Deinterface text.Formatter, allow underscores in hashtags (#2233)
• 2a9927d [chore] Enable S256 code challenge (#2224)
• e93cc7a [chore]: Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#2221)
• d45a75e [chore]: Bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 (#2223)
• 380d83f [chore]: Bump github.com/abema/go-mp4 from 0.13.0 to 1.0.0 (#2222)
• 8f67dd5 [chore] deinterface the typeutils.Converter and update to use state structure (#2217)
• 1b848aa [chore] fix typo in slice.go (#2219)
• c6fdcd5 [chore]: Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.17.0 to 1.18.0 (#2207)
• f302ebb [chore]: Bump github.com/miekg/dns from 1.1.55 to 1.1.56 (#2204)
• 50b713e [chore] bump bun (and related libraries) versions to v1.1.16 (#2209)
• 7011f57 [chore] bump bun v1.1.14 -> v1.1.15 (#2195)
• 23dd6f6 [chore]: Bump golang.org/x/net from 0.14.0 to 0.15.0 (#2193)
• ecbce17 [chore]: Bump github.com/tdewolff/minify/v2 from 2.12.8 to 2.12.9 (#2194)
• f0a3fca [chore]: Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#2190)
• b093947 [chore] much improved paging package (#2182)
• 9f2199f [chore] Add script for downloading latest snapshot tar.gz (#2157)
• 4f3daee [chore]: Bump golang.org/x/image from 0.11.0 to 0.12.0 (#2178)
• c0bddd2 [chore]: Bump github.com/minio/minio-go/v7 from 7.0.62 to 7.0.63 (#2180)
• ddd3c2e [chore]: Bump golang.org/x/text from 0.12.0 to 0.13.0 (#2177)
• 2ec313a [chore]: Bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2166)
• e6407ec [chore]: Bump github.com/KimMachineGun/automemlimit from 0.2.6 to 0.3.0 (#2165)
• 13f1c85 [chore/frontend] Make line-height a wee little bit bigger (#2159)
• 70d87f0 [chore]: Bump codeberg.org/gruf/go-kv from 1.6.3 to 1.6.4 (#2142)
• 59b5ed6 [chore]: Bump github.com/minio/minio-go/v7 from 7.0.61 to 7.0.62 (#2141)
• 36dceac [chore]: Bump github.com/yuin/goldmark from 1.5.5 to 1.5.6 (#2140)
• e70629e [chore]: Bump github.com/jackc/pgx/v5 from 5.4.2 to 5.4.3 (#2112)
• 5a4ceeb [chore]: Bump github.com/abema/go-mp4 from 0.12.0 to 0.13.0 (#2113)
• 8f4b779 [chore]: Bump modernc.org/sqlite from 1.24.0 to 1.25.0 (#2114)
• e9c3663 [chore] ensure worker contexts have request ID (#2120)

Docs

• e0f0d32 [docs] statuses-query-pinned #2250 (#2251)
• b987653 [docs] ahs article milestone a (#2218)
• d6add4e [docs] Add a note on cluster support (#2214)
• 79906f9 [docs] add fail2ban regex in the doc (#2189)
• 5416ad9 [docs] Update backup docs (#2153)

v0.11.1 Slightly Sloppier Sloth

Hey sportsfans, here's a bugfix release!

⚠️ IF YOU'VE BEEN RUNNING A SNAPSHOT FROM MAIN, DO NOT USE THIS RELEASE. Stick with your snapshots until the next minor release. You have been warned! This release is specifically for people who were using 0.11.0 before.

Now that's out of the way...

Highlights

• We unbuggered the Content-Security-Policy stuff for S3 for good this time! Now, GoToSocial will probe your s3 storage on startup to figure out which endpoint to add to the CSP.
• We fixed a little bug in our media cleanup where an old index was being used, and stuff wasn't being cleaned properly. The first time you run a cleanup with this version, it should be faster and your storage use should drop by something in the order of gigabytes.
• No more duplicate database hooks, for those of you who run with trace logging.
• Update Go to 1.21.0, should be a teensy tiny bit faster.

Now get out there and play ball! ⚾ 🎾 🍙

Migration notes

Upgrading

To upgrade to 0.11.1 from a previous release:

Binary/tar

1. Stop GoToSocial
2. Untar the new release, including the web assets and html templates.
3. Edit your config.yaml file as necessary (see below).
4. Start GoToSocial

Docker

1. Stop GoToSocial.
2. Pull the new docker container (superseriousbusiness/gotosocial:0.11.1 or superseriousbusiness/gotosocial:latest)
3. Start GoToSocial.

config.yaml

The configuration file has changed since the previous release. You can see a diff of the config file here: v0.11.0...v0.11.1#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622

Database Migrations

This release contains several database migrations which will run the first time you start up this new version. Be sure not to interrupt this migration process. This will take anywhere between a couple seconds and ten minutes (on slower hardware). Please be patient!

Detailed Changelog

Features / Performance

• c7a46e0 [performance] Tweak media attachment cleanup; replace stale index (#2143)
• de95f5f [feature] Add snapshot binary builds + uploads (#2119)

Bugfixes

• 4b5a3e0 [feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs (#2134)
• 4533458 [bugfix] fix double firing bun.DB query hooks (#2124)

Chores + version bumps

• b6c07a7 [chore]: Bump codeberg.org/gruf/go-kv from 1.6.3 to 1.6.4 (#2142)
• 24b02d1 [chore]: Bump github.com/minio/minio-go/v7 from 7.0.61 to 7.0.62 (#2141)
• 3ee69cc [chore]: Bump github.com/yuin/goldmark from 1.5.5 to 1.5.6 (#2140)
• 688ea88 [chore]: Bump github.com/jackc/pgx/v5 from 5.4.2 to 5.4.3 (#2112)
• 3c1e12d [chore]: Bump github.com/abema/go-mp4 from 0.12.0 to 0.13.0 (#2113)
• 7c65f13 [chore]: Bump modernc.org/sqlite from 1.24.0 to 1.25.0 (#2114)
• 71ed361 [chore] ensure worker contexts have request ID (#2120)

v0.11.0 Sloppy Sloth

Hello comrades!

Here's v0.11.0 of GoToSocial, Sloppy Sloth!

It's got a lot of stuff in it (when do our releases not have a lot of stuff in them?), so, we hope you like stuff!

Release highlights

We're making a habit of finally getting around to implementing features that people have been asking for forever. In this spirit, the following things are now implemented:

• Hashtags! Wow, finally! You can write a post with hashtags, and that post will be federated out with those hashtags set on the post. It's like magic! And that's not all, no no, posts will federate in with the correct hashtags set on them as well, so you can view posts using that hashtag in your client application of choice. This won't retroactively apply for all posts sitting in your database, see the note about hashtags below under migration notes for more details.
• Account notes! You can now set, view, and unset your own private notes on accounts (depending on what client you're using).
• Markers! Client applications can now set and retrieve markers for timeline paging.
• List replies policies now work as they should!
• Lots of performance stuff: we tweaked our cacheing configuration, increased the amount of concurrent database connections that sqlite can use, and more. Things oughta feel a teensy bit faster :)

Migration notes

Upgrading

To upgrade to 0.11.0 from a previous release:

Binary/tar

1. Stop GoToSocial
2. Untar the new release, including the web assets and html templates.
3. Edit your config.yaml file as necessary (see below).
4. Start GoToSocial

Docker

1. Stop GoToSocial.
2. Pull the new docker container (superseriousbusiness/gotosocial:0.11.0 or superseriousbusiness/gotosocial:latest)
3. Start GoToSocial.

config.yaml

The configuration file has changed since the previous release. You can see a diff of the config file here: v0.10.0...v0.11.0#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622

Database Migrations

This release contains several database migrations which will run the first time you start up this new version. Be sure not to interrupt this migration process. This will take anywhere between a couple seconds and ten minutes (on slower hardware). Please be patient!

Hashtags

Where are all the hashtags??

This update does not cause all hashtagged statuses currently in your database to show up in hashtag timelines, because that would require a large + annoying database migration with a huge amount of calls to remote instances all at once.

Instead, from this release onwards, your instance will begin to process hashtags correctly on new posts that it sees after you upgrade.

Your instance will also update existing posts that it sees again (because of boosts, or status searches, replies, etc) with appropriate hashtags.

In other words, don't expect to see a busy and bustling hashtag timeline immediately; it will populate over time!

Why can't I view hashtags at https://[my-instance]/tags/some_hashtag in my browser?

Simply put, we haven't decided yet whether we want to expose all hashtagged posts on a web page like Mastodon and other servers do. You can view hashtag timelines in your client, but it didn't feel right to start showing other people's posts on a hashtag web page that just anyone can access without authentication. We're still figuring out the best thing to do for those hashtag web endpoints that your instance now has :)

Detailed changelogs

Features + Performance

• [feature] Lower remote media cache config duration by @daenney in #2007
• [feature] Report Masto version in /api/v1/instance by @daenney in #1977
• [feature/performance] support uncaching remote emoji + scheduled cleanup functions by @NyaaaWhatsUpDoc in #1987
• [performance] retry db queries on busy errors by @NyaaaWhatsUpDoc in #2025
• [feature] Support setting private notes on accounts by @VyrCossont in #1982
• [feature] Implement markers API by @VyrCossont in #1989
• [performance] cache follow, follow request and block ID lists by @NyaaaWhatsUpDoc in #2027
• [feature] Hashtag federation (in/out), hashtag client API endpoints by @tsmethurst in #2032
• [feature] Set timezone in Docker using TZ env variable by @tsmethurst in #2050
• [feature] Allow users to skip http client tls verification for testing purposes (with appropriately loud warnings) by @tsmethurst in #2052
• [feature] simpler cache size configuration by @NyaaaWhatsUpDoc in #2051
• [performance] add caching of status fave, boost of, in reply to ID lists by @NyaaaWhatsUpDoc in #2060
• Allow full BCP 47 in language inputs by @VyrCossont in #2067
• [feature] List replies policy, refactor async workers by @tsmethurst in #2087
• [performance] remove last of relational queries to instead rely on caches by @NyaaaWhatsUpDoc in #2091
• [feature] Set Content-Security-Policy header by @daenney in #2095
• [feature] destroy capitalism

Bugfixes

• [bugfix/frontend] Decode URI component domain before showing on frontend by @tsmethurst in #2043
• [bugfix] Allow instance accounts to be shown in search results in certain circumstances by @tsmethurst in #2053
• [bugfix] handle HEAD requests more elegantly by @NyaaaWhatsUpDoc in #2055
• [bugfix] fix slow accounts / statuses using emojis lookups by @NyaaaWhatsUpDoc in #2056
• [bugfix] Rework MultiError to wrap + unwrap errors properly by @tsmethurst in #2057
• [bugfix] update cache library with nil ptr fix by @NyaaaWhatsUpDoc in #2070
• [bugfix] don't accept unrelated statuses by @NyaaaWhatsUpDoc in #2078
• [bugfix] only set content-length AFTER rewinding body bytes by @NyaaaWhatsUpDoc in #2086
• [bugfix] Fix incorrect per-loop variable capture by @daenney in #2092
• [bugfix] Use length in runes when trimming for RSS by @tsmethurst in #2094
• [bugfix] Populate followRequest before accessing TargetAccount ptr by @tsmethurst in #2099
• [bugfix] Use custom bluemonday policy to disallow inline img tags by @tsmethurst in #2100
• [bugfix] Fix using wrong key for clientID during oauth callback by @tsmethurst in #2101
• [bugfix] Suppress 'errNoEntries' warnings from InboxForwarding function call by @tsmethurst in #2102
• [bugfix] Add s3 endpoint as image-src and media-src for CSP by @tsmethurst in #2103
• [bugfix] CSP policy fixes for S3/object storage by @daenney in #2104
• [bugfix] bump go-kv version with logfmt quote fix by @NyaaaWhatsUpDoc in #2108
• [fix] Update CSP header for blob images (upload preview) and dev livereload by @f0x52 in #2109
• [bugfix] fix inconsistent calculated cache sizes by @NyaaaWhatsUpDoc in #2115

Chores + Version Bumps

• Bump word-wrap from 1.2.3 to 1.2.4 in /web/source by @dependabot in #2001
• [chore]: Bump github.com/go-playground/form/v4 from 4.2.0 to 4.2.1 by @dependabot in #1994
• [chore]: Bump github.com/minio/minio-go/v7 from 7.0.59 to 7.0.60 by @dependabot in #1992
• [chore]: Bump github.com/jackc/pgx/v5 from 5.4.1 to 5.4.2 by @dependabot in #1991
• [chore]: Bump modernc.org/sqlite from 1.23.1 to 1.24.0 by @dependabot in #1993
• [chore] Admin CLI + new account creation refactoring by @tsmethurst in #2008
• [chore] Disable the right webfinger test by @daenney in #2018
• [chore]: Bump go.uber.org/automaxprocs from 1.5.2 to 1.5.3 by @dependabot in #2020
• [chore]: Bump github.com/jackc/pgconn from 1.14.0 to 1.14.1 by @dependabot in #2024
• [chore]: Bump codeberg.org/gruf/go-cache/v3 from ...

v0.11.0-rc3

Hello! Another day another attempt to fix the content-security-policy headers, oh my god 🦥 😱

Anyway! To update from a previous RC, just replace the binary.

To update to this RC from 0.10.0 or lower, please see the migration notes here: https://github.com/superseriousbusiness/gotosocial/releases/tag/v0.11.0-rc1

Good luck and god speed!

Changelog

• 912a104 [fix] Update CSP header for blob images (upload preview) and dev livereload (#2109)
• 8ea7f55 [bugfix] bump go-kv version with logfmt quote fix (#2108)
• 5e368d3 [bugfix] CSP policy fixes for S3/object storage (#2104)

v0.11.0-rc2

Hi! This is exactly the same as the first release candidate, but fixes an issue with content-security-policy being too strict when s3 is enabled!

For migration notes and all that jazz, please see the announcement for the first release candidate! https://github.com/superseriousbusiness/gotosocial/releases/tag/v0.11.0-rc1

Changelog

• b727454 [bugfix] Add s3 endpoint as image-src and media-src for CSP (#2103)

v0.11.0-rc1

Hello comrades!

Here's the first release candidate for v0.11.0 of GoToSocial!

It's got a lot of stuff in it (when do our releases not have a lot of stuff in them?), so, we hope you like stuff!

important if you're using a non-proxying S3 setup, please use the second release candidate instead: https://github.com/superseriousbusiness/gotosocial/releases/tag/v0.11.0-rc2

Release highlights

We're making a habit of finally getting around to implementing features that people have been asking for forever. In this spirit, the following things are now implemented:

• Hashtags! Wow, finally! You can write a post with hashtags, and that post will be federated out with those hashtags set on the post. It's like magic! And that's not all, no no, posts will federate in with the correct hashtags set on them as well, so you can view posts using that hashtag in your client application of choice. This won't retroactively apply for all posts sitting in your database, see the note about hashtags below under migration notes for more details.
• Account notes! You can now set, view, and unset your own private notes on accounts (depending on what client you're using).
• Markers! Client applications can now set and retrieve markers for timeline paging.
• List replies policies now work as they should!
• Lots of performance stuff: we tweaked our cacheing configuration, increased the amount of concurrent database connections that sqlite can use, and more. Things oughta feel a teensy bit faster :)

Migration notes

Upgrading

To upgrade to 0.11.0-rc1 from a previous release:

Binary/tar

1. Stop GoToSocial
2. Untar the new release, including the web assets and html templates.
3. Edit your config.yaml file as necessary (see below).
4. Start GoToSocial

Docker

1. Stop GoToSocial.
2. Pull the new docker container (superseriousbusiness/gotosocial:0.11.0-rc1 or superseriousbusiness/gotosocial:latest)
3. Start GoToSocial.

config.yaml

The configuration file has changed since the previous release. You can see a diff of the config file here: v0.10.0...v0.11.0-rc1#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622

Database Migrations

This release contains several database migrations which will run the first time you start up this new version. Be sure not to interrupt this migration process. This will take anywhere between a couple seconds and ten minutes (on slower hardware). Please be patient!

Hashtags

Where are all the hashtags??

This update does not cause all hashtagged statuses currently in your database to show up in hashtag timelines, because that would require a large + annoying database migration with a huge amount of calls to remote instances all at once.

Instead, from this release onwards, your instance will begin to process hashtags correctly on new posts that it sees after you upgrade.

Your instance will also update existing posts that it sees again (because of boosts, or status searches, replies, etc) with appropriate hashtags.

In other words, don't expect to see a busy and bustling hashtag timeline immediately; it will populate over time!

Why can't I view hashtags at https://[my-instance]/tags/some_hashtag in my browser?

Simply put, we haven't decided yet whether we want to expose all hashtagged posts on a web page like Mastodon and other servers do. You can view hashtag timelines in your client, but it didn't feel right to start showing other people's posts on a hashtag web page that just anyone can access without authentication. We're still figuring out the best thing to do for those hashtag web endpoints that your instance now has :)

Detailed changelog

Features + performance

• 3aedd93 [feature] Set Content-Security-Policy header (#2095)
• 91cbcd5 [performance] remove last of relational queries to instead rely on caches (#2091)
• 9770d54 [feature] List replies policy, refactor async workers (#2087)
• 0f81274 [feature] Allow full BCP 47 in language inputs (#2067)
• 9a291de [performance] add caching of status fave, boost of, in reply to ID lists (#2060)
• 00adf18 [feature] simpler cache size configuration (#2051)
• 2be83fd [feature] Allow users to skip http client tls verification for testing purposes (with appropriately loud warnings) (#2052)
• 9bd03e1 [feature] Set timezone in Docker using TZ env variable (#2050)
• 2796a2e [feature] Hashtag federation (in/out), hashtag client API endpoints (#2032)
• ed2477e [performance] cache follow, follow request and block ID lists (#2027)
• b874e92 [feature] Implement markers API (#1989)
• 22ac460 [feature] Support setting private notes on accounts (#1982)
• 5f3e095 [performance] retry db queries on busy errors (#2025)
• 9eff0d4 [feature/performance] support uncaching remote emoji + scheduled cleanup functions (#1987)
• f8f0312 [feature] Report Masto version in /api/v1/instance (#1977)
• da82820 [feature] Lower remote media cache config duration (#2007)

Bugfixes

• a1768a8 [bugfix] Suppress 'errNoEntries' warnings from InboxForwarding function call (#2102)
• dc99e9e [bugfix] Fix using wrong key for clientID during oauth callback (#2101)
• dc96562 [bugfix] Use custom bluemonday policy to disallow inline img tags (#2100)
• a26af13 [bugfix] Populate followReq before accessing targetaccount pointer (#2099)
• 5588d4e [bugfix] Use length in runes when trimming for RSS (#2094)
• dbf487e [bugfix] Fix incorrect per-loop variable capture (#2092)
• 0ddc2ed [bugfix] only set content-length AFTER rewinding body bytes (#2086)
• 3920bc8 [bugfix] don't accept unrelated statuses (#2078)
• 6f4ae8f [bugfix] update cache library with nil ptr fix (#2070)
• e8a20f5 [bugfix] Rework MultiError to wrap + unwrap errors properly (#2057)
• 2cee8f2 [bugfix] fix slow accounts / statuses using emojis lookups (#2056)
• 24516b8 [bugfix] handle HEAD requests more elegantly (#2055)
• cec29e2 [bugfix] Allow instance accounts to be shown in search results in certain circumstances (#2053)
• de148e9 [bugfix/frontend] Decode URI component domain before showing on frontend (#2043)

Chores + version bumps

• 992c7ce [chore] Add test to ensure show_reblogs on follow works as expected (#2093)
• 4b05dcd [chore] Update robots.txt, give chatgpt the middle finger (#2085)
• 9df4d38 [chore] Add Feditext as recommended client (#2081)
• be3718f [chore] Use generic pointer function (#2080)
• 517829a [chore]: Bump github.com/tdewolff/minify/v2 from 2.12.7 to 2.12.8 (#2073)
• 303a6a6 [chore]: Bump golang.org/x/oauth2 from 0.10.0 to 0.11.0 (#2076)
• cc69250 [chore]: Bump github.com/abema/go-mp4 from 0.11.0 to 0.12.0 (#2075)
• 0242f03 [chore]: Bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#2077)
• aaa5985 [chore]: Bump golang.org/x/image from 0.9.0 to 0.11.0 (#2074)
• c1375ca [chore] Remove go-playground/validator (#2069)
• a5a80b4 [chore]: Bump github.com/abema/go-mp4 from 0.10.2-0.20230727031202-a1a707db6ecd to 0.11.0 (#2042)
• 9ed9d96 [chore]: Bump github.com/minio/minio-go/v7 from 7.0.60 to 7.0.61 (#2041)
• cf4bd70 [chore] Update activity dependency (#2031)
• e747c14 [chore] fix merge issue (#2029)
• 98c2b8f [chore] update go-mp4 to latest commit (#2028)
• 81fe59d [chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.24 to 1.0.25 (#2021)
• b05f6c8 [chore]: Bump github.com/yuin/goldmark from 1.5.4 to 1.5.5 (#2023)
• c9f3539 [chore]: Bump codeberg.org/gruf/go-cache/v3 from 3.4.1 to 3.4.3 (#2022)
• 8b71567 [chore]: Bump github.com/jackc/pgconn from 1.14.0 to 1.14.1 (#2024)
• b7891bb [chore]: Bump go.uber.org/automaxprocs from 1.5.2 to 1.5.3 (#2020)
• 994d5e8 [chore] Disable the right webfinger test (#2018)
• 5a29a03 [chore] Admin CLI + new account creation refactoring (#2008)
• 43a2753 [chore]: Bump modernc.org/sqlite from 1.23.1 to 1.24.0 (#1993)
• fa57c69 [chore]: Bump github.com/jackc/pgx/v5 from 5.4.1 to 5.4.2 (#1991)
• 8313998 [chore]: Bump github.com/minio/minio-go/v7 from 7.0.59 to 7.0.60 (#1992)
• d53449c [chore]: Bump github.com/go-playground/form/v4 from 4.2.0 to 4.2.1 (#1994)
• 8ac3a3f Bump word-wrap from 1.2.3 to 1.2.4 in /web/source (#2001)

Documentation

• 31a2158 update coc (#2090)
• e5c7501 [docs] Add first anti-harassment research article re: authorized fetch (#2089)
• 7f1f2b8 [docs] fix postgres create database command (#2071)

v0.10.0 Shrimple Sloth 🦐

Hello! We did a release! Here it is! We fixed a bunch of broken stuff and added some more stuff that's probably broken and which we'll have to fix in the future! 😎

As always, big thank you to all contributors and well-wishers, and those who use the software and help it grow. The sloth thanks you.

Highlights

• LISTS: this has been one of the most frequently requested features for GoToSocial since forever, so we're happy to be able to include it now! With this release, you can create lists, delete lists, add/remove accounts from lists, and view list timelines in your client app. It works pretty OK!
• Partial search implementation: previously, you could only use search to look for exact URLs (https://example.org/users/someone) or to look for users by their exact namestring (@someone@example.org). With this release, you can now also do partial text searches for:
  • statuses you've posted yourself (search in status content warning and body)
  • statuses posted in reply to you (search in status content warning and body)
  • accounts you don't yet follow (search in username and display name)
  • accounts you do follow (search in username, display name, and bio)
• Profile field settings: you can now set up to 6 profile property/value fields in the settings panel.
• Loads of bug fixes. We fixed some of the more annoying/longstanding bugs including missing profile + header pics, please see the section 'First run of media cleanup' below.

Migration notes

Upgrading

To upgrade to 0.10.0 from a previous release:

Binary/tar

1. Stop GoToSocial
2. Untar the new release, including the web assets and html templates.
3. Edit your config.yaml file as necessary (see below).
4. Start GoToSocial

Docker

1. Stop GoToSocial.
2. Pull the new docker container (superseriousbusiness/gotosocial:0.10.0 or superseriousbusiness/gotosocial:latest)
3. Start GoToSocial.

config.yaml

The configuration file has changed since the previous release. You can see a diff of the config file here: v0.9.0...v0.10.0#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622

Database Migrations

This release contains several database migrations which will run the first time you start up this new version. Be sure not to interrupt this migration process. This will take anywhere between a couple seconds and ten minutes (on slower hardware). Please be patient!

First run of media cleanup

The first time your instance runs a media cleanup (normally at midnight every night), it will likely take a long time. We introduced some issues in 0.9.0 to do with avatars + headers, and the first media cleanup you do in this new version fixes those issues by iterating through all your stored media attachments and fixing ones whose file is missing. Just let it run, it will sort itself out!

Detailed changelog

Features/performance

• f0dad43 [feature] Use Read/Write lock for config (#1969)
• 2a99df0 [feature] enable + document explicit IP dialer allowing/denying (#1950)
• 81f33c3 [feature] Add media list command (#1943)
• ba0bc06 [feature] Add instance stats to /about (#1936)
• 8e00431 [performance] update go-cache library (#1917)
• 831ae09 [feature] Add partial text search for accounts + statuses (#1836)
• 8fb5a7e [Frontend] Settings for profile fields (#1885)
• 20978b1 [performance] wrap httpclient response body to ensure drained before close (#1854)
• f5c004d [feature] Add List functionality (#1802)
• fc524f8 [feature] Configurable custom css length (#1827)

Bugfixes

• 89ee9d5 [bugfix] Return all accounts when list accounts limit <= 0 (#2014)
• d6fa74e [bugfix] Change maximumPasswordLength to 72 bytes (#2012)
• f431974 [bugfix] more robust list timeline invalidation (#1995)
• 346ecab [bugfix] Add missing continue statement in prepareXBetweenIDs (#1996)
• 12b6cdc [bugfix] Set Vary header correctly on cache-control (#1988)
• 1951e6c [bugfix] Update account Update logic (#1984)
• 8d92b24 [bugfix] Align default values in the configuration file with the code (#1971)
• 0d267fd [bugfix] Properly handle range > content-length (#1979)
• ca5492b [bugfix] Tidy up rss feed serving; don't error on empty feed (#1970)
• 6dbb8ba [bugfix] Fix delete follow req instead of follow (#1962)
• f40bb02 [bugfix] Delete mutual follow (requests) when receiving block from remote (#1960)
• 672386a [bugfix] Don't overflow on very wide status'es (#1956)
• ac564c1 [bugfix] Reorder web view logic, other small fixes (#1954)
• 3d16962 [chore/bugfix] Break Websockets logic into smaller read/write functions, don't log expected errors (#1932)
• 2a40c81 [bugfix] Try to fix the webfinger test, again (#1931)
• d98b631 [bugfix] Use gtserror package for WrongType errs (#1930)
• 52ebff5 [bugfix] Only mark status orphaned on 410 Gone (#1923)
• 3e19f48 [bugfix] Ensure InReplyToID set properly, update dereference ancestors func (#1921)
• 9a22102 [bugfix/chore] oauth entropy fix + media cleanup tasks rewrite (#1853)
• 73bfb5f [bugfix] Parse POST-style forms in the list member removal endpoint (#1903)
• d8e16a2 [chore/bugfix] Refactor ap/extract.go functions, return URIs more reliably (#1897)
• 0fa06c0 [bugfix] Accept non-multipart forms for account updates (#1896)
• e70bf8a [chore/bugfix] Domain block tidying up, Implement first pass of 207 Multi-Status (#1886)
• 827cc4d [chore/bugfix] Demote failed inbox forwarding to warn log rather than error return (#1892)
• 5e2897e [bugfix] Invalidate timeline entries for status when stats change (#1879)
• b0015a3 [bugfix] Delete from list timeline on status deletion (#1878)
• d7d6603 [bugfix] Fix slow joined home timeline query (#1867)
• 1d4137f [bugfix] Fix first item of thread dereferencing always being skipped (#1858)
• 1f39275 [bugfix] Allow lowercase emoji shortcode in frontend (#1851)
• 2358cf4 [bugfix] Overwrite API client closed errors with 499 - Client Closed Request (#1857)
• 9da20ee [bugfix] only attempt to populate account/statuses from DB if already exist (#1839)
• 70262d4 [fix] Fix link to remote emoji pgae (#1845)
• 46d4ec0 [bugfix/chore] Inbox post updates (#1821)
• 45f961a [bugfix] allow usernames of length 1 (#1823)

Documentation

• b0f0c8b [docs] Activate the edit feature (#1967)
• 747ea58 [docs] Clarify how to add a page (#1959)
• 95e2024 [docs] Apache setup for Caching assets and media (#2005) (#2005)
• 9ff4c20 [docs] Rework backups a bit (#1942)
• c4cf632 [docs] Clarify email requirement for OIDC (#1918)
• fab64a2 [docs] Disambiguate docker version, don't recommend opening localhost (#1913)
• 433b56d [docs] Add certificates and firewalling to advanced (#1888)
• 4990099 [docs] Made Advanced its own section (#1883)
• 84e1c7a [docs] Revamp the installation guide (#1877)
• 6f6b857 [docs] Add example tracing infrastructure (#1866)
• 45773a0 [bugfix/docs] AppArmor profile for SQLite (#1864)
• 186e849 [docs] Add Repology stats (#1859)
• 36fcd2e [docs] clarify other federation modes not yet implemented (#1849)
• 1f06914 [docs] Update + simplify roadmap, revise beta estimate (#1826)
• 681486f [docs]: semaphone ref & DEBUG usage for standalone testing (#1828)
• e096298 [bugfix/docs] Fix clear notifications API docs (#1831)

Chores / version bumps

• 6de5ca4 [chore]: Bump golang.org/x/net from 0.11.0 to 0.12.0 (#1973)
• 901770f [chore]: Bump golang.org/x/image from 0.8.0 to 0.9.0 (#1972)
• f5d6503 Bump semver from 6.3.0 to 6.3.1 in /web/source (#1981)
• a29b5af [chore]: Bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 (#1975)
• 65c8970 [chore] Fix password typos (#1966)
• 8868889 [chore] Skip webfinger test on CI (#1983)
• d9c69f6 [chore/performance] Remove remaining 'whereEmptyOrNull' funcs (#1946)
• 1218f97 [chore]: Bump github.com/minio/minio-go/v7 from 7.0.58 to 7.0.59 (#1941)
• e3e0f67 [chore]: Bump github.com/minio/minio-go/v7 from 7.0.56 to 7.0.58 (#1928)
• 4ad933b [chore]: Bump github.com/miekg/dns from 1.1.54 to 1.1.55 (#1929)
• 120743d [chore]: Bump github.com/tdewolff/minify/v2 from 2.12.6 to 2.12.7 (#1927)
• 33ccb71 [chore]: Bump golang.org/x/image from 0.7.0 to 0.8.0 (#1926)
• f56dd29 [chore]: Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 (#1908)
• 84eb7ea [chore] Fix Swagger paths for lists API endpoints (#1904)
• 70357a7 [chore]: Bump github.com/jackc/pgx/v5 from 5.3.1 to 5.4.1 (#1907)
• b560fe1 [chore]: Bump golang.org/x/net from 0.10.0 to 0.11.0 (#1909)
• 54f3387 [chore]: Bump golang.org/x/crypto from 0.9.0 to 0.10.0 (#1910)
• 24fbdf2 [chore] Refactor AP authentication, other small bits of tidying up (#1874)
• 5d19fb1 [chore]: Bump modernc.org/sqlite from 1.23.0 to 1.23.1 (#1884)
• b401bd1 [chore] update latest deps, ensure readme up to date (#1873)
• f1b70cc [chore]: Bump github.com/minio/minio-go/v7 from 7.0.55 to 7.0.56 (#1869)
• 7638a68 [chore]: Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1872)
• 97bc2e7 [chore] tidy + test timelines a bit better (#1865)
• 21c1552 [chore] Update versions, fix lint errors (#1860)
• 55aacaf [chore]: Bump github.com/gin-gonic/gin from 1.9.0 to 1.9.1 (#1855)
• 23705b3 [chore/frontend] refactor header templating, add apple-touch-icon (#1850)
• 049b02a [chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.23 to 1.0.24 (#1843)
• f620ee8 [chore]: Bump github.com/coreos/go-oidc/v3 from 3.5.0 to 3.6.0 (#1840)
• e50b228 [chore]: Bump github.com/ulule/limiter/v3 from 3.11.1 to 3.11.2 (#1841)
• 2e7043b [chore]: Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1842)
• 9ed96bc [chore]: Bump github.com/minio/minio-go/v7 from 7.0.53 to 7.0.55 (#1844)
• 5faeb4d [chore] tidy up media manager, add calling func to errors, build-scrip...

v0.10.0-rc3

Good morning sportsfans (ungendered, not-exclusive of fans of sports).

Comin' at you with another release candidate, huzzah! Not many changes over the previous, just some small fixups.

If you're already on v0.10.0-rc1/2 you can simply upgrade with no extra fancy steps. If you're on v0.9.0 or lower, please read the release notes from the first release candidate for upgrade steps.

Changelog

• f431974 [bugfix] more robust list timeline invalidation (#1995)
• 346ecab [bugfix] Add missing continue statement in prepareXBetweenIDs (#1996)

v0.10.0-rc2

Hello hello! Here's the second release candidate for 0.10.0!

If you're already on 0.10.0-rc1, you can update to this new release candidate with no fancy steps required.

If you're on 0.9.0 or lower, please read the release notes from the previous release candidate for upgrade steps etc, but replace 0.10.0-rc1 with 0.10.0-rc2 throughout.

Thank youuuuuuuuuuuu!

Changelog

• 12b6cdc [bugfix] Set Vary header correctly on cache-control (#1988)
• 8868889 [chore] Skip webfinger test on CI (#1983)
• 1951e6c [bugfix] Update account Update logic (#1984)
• 8d92b24 [bugfix] Align default values in the configuration file with the code (#1971)
• f5d6503 Bump semver from 6.3.0 to 6.3.1 in /web/source (#1981)
• 0d267fd [bugfix] Properly handle range > content-length (#1979)
• ca5492b [bugfix] Tidy up rss feed serving; don't error on empty feed (#1970)
• a29b5af [chore]: Bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 (#1975)
• f0dad43 [feature] Use Read/Write lock for config (#1969)
• 6de5ca4 [chore]: Bump golang.org/x/net from 0.11.0 to 0.12.0 (#1973)
• 901770f [chore]: Bump golang.org/x/image from 0.8.0 to 0.9.0 (#1972)
• 65c8970 [chore] Fix password typos (#1966)
• b0f0c8b [docs] Activate the edit feature (#1967)
• 6dbb8ba [bugfix] Fix delete follow req instead of follow (#1962)
• f40bb02 [bugfix] Delete mutual follow (requests) when receiving block from remote (#1960)
• 747ea58 [docs] Clarify how to add a page (#1959)
• 672386a [bugfix] Don't overflow on very wide status'es (#1956)