All Versions
92
Latest Version
Avg Release Cycle
143 days
Latest Release
67 days ago

Changelog History
Page 1

  • v0.9.1.0 Changes

    April 07, 2026

    πŸ›  Ohai there, it's been a while! We just released a new minor version, and while it isn't too exciting, it contains a bunch of security fix in both our code and external dependencies, as well as some bugfixes, and one nice feature! Given that this is a security update, we encourage podmins to update as soon as possible.

    πŸ”’ Security

    • πŸ›  Fixed a vulnerability in the OpenID Connect API implementation, where an attacker could use malicious client registrations to trigger HTTP requests within the diaspora* pod's private network. This was originally reported by @offensiveee, and while the report came in as a bunch of lowest-possible-effort GenAI slop disclosures, the underlying issue is valid.

    πŸ”¨ Refactor

    • πŸ‘Œ Improved compatibility with non-specification-compliant OpenGraph metadata #8465

    πŸ› Bug fixes

    • πŸ›  Fix processing for a specific set of uploaded images, like scenes full of snow, by allowing for a larger on-disk cache for ImageMagick #8460
    • πŸ›  Fix a bug with parsing certain OpenGraph metadata structures #8463
    • πŸ– Handle minimagick errors when uploading photos to the API #8469

    πŸ”‹ Features

    • For admins, the offending content's author is now visible in the reports overview #8464
    • Mark notifications as read, when you block a person #8456

  • v0.9.0.0 Changes

    June 16, 2024

    πŸ†• New configuration file!

    πŸš€ Diaspora* now uses TOML for the configuration file. We recommend you to migrate to this new format, as with the next major release (1.0) diaspora* will no longer read the YAML based configuration file at config/diaspora.yml. To do so, please copy config/diaspora.toml.example to config/diaspora.toml and migrate your configuration.

    API!

    πŸ— With the release of diaspora* Version 0.9, we now officially support building applications on top of the diaspora* API! Please check out the official API documentation for instructions, and please do file bugs if you notice something that could be improved!

    πŸ‘€ We are looking forward to seeing many creative applications!

    🚚 The chat integration has been removed

    πŸ’… After a discussion with our community on Discourse, we decided to remove the pieces of XMPP chat integration that were put in place a while ago. When we first added the chat support, we merged the implementation in an unfinished state in the hopes that the open issues will be addressed eventually, and the implementation would end up more polished. This ended up not being the case. After careful consideration and discussion, we did not manage to come up with clear reasons why we need a chat implementation, so we decided that the best way forward would be to remove it.

    Although the chat was never enabled per default and was marked as experimental, some production pods did set up the integration and offered an XMPP service to their users. After this release, diaspora* will no longer contain a chat applet, so users will no longer be able to use the webchat inside diaspora*. The existing module that is used to enable users to authenticate to Prosody using their diaspora* credentials will continue to work, but contact list synchronization might not work without further changes to the Prosody module, which is developed independently from this project.

    πŸ”„ Changes around the appserver and related configuration

    πŸš€ With this release, we switched from unicorn to puma to run our applications. For podmins running the default setup, this should significantly reduce memory usage, with similar or even better frontend performance! However, as great as this change is, some configuration changes are required.

    • πŸ–¨ The single_process_mode and embed_sidekiq_worker configurations have been removed. This mode was never truly a "single-process" mode, as it just spawned the Background Workers inside the runserver. If you're using script/server to start your pod, this change does not impact you, but if you're running diaspora* using other means, and you relied on this "single"-process mode, please ensure that Sidekiq workers get started.

    • πŸ”§ The format of the listen configuration has changed. If you have not set that field in your configuration, you can skip this. Otherwise, make sure to adjust your configuration accordingly:

      • Listening to Unix sockets with a relative path has changed from unix:tmp/diaspora.sock into unix://tmp/diaspora.sock.
      • Listening to Unix sockets with an absolute path has changed from unix:/run/diaspora/diaspora.sock to unix:///run/diaspora/diaspora.sock.
      • Listening to a local port has changed from 127.0.0.1:3000 to tcp://127.0.0.1:3000.

    • πŸ”§ The PORT environment variable and the -p parameter to script/server have been removed. If you used that to run diaspora* on a non-standard port, please use the listen configuration.

    • πŸ”§ The unicorn_worker configuration has been dropped. With Puma, there should not be a need to increase the number of workers above a single worker in any pod of any size.

    • πŸ”§ The unicorn_timeout configuration has been renamed to web_timeout.

    • If you don't run your pod with script/server , you have to update your setup. If you previously called bin/bundle exec unicorn -c config/unicorn.rb to run diaspora*, you now have to run bin/puma -C config/puma.rb! Please update your systemd-Units or similar accordingly.

    Yarn for frontend dependencies

    πŸ‘€ We use yarn to install the frontend dependencies now, so you need to have that installed. See here for how to install it: https://yarnpkg.com/en/docs/install

    πŸ’Ž Suggested Ruby version: 3.3

    ⚑️ We recommend setting up new pods using Ruby 3.3, and updating existing pods to this version as well. Ruby 2.7 is EOL and no longer supported.

    πŸ”„ Changes to script/server for production pods

    If you're currently running your production pod with ./script/server in a tmux or something similar, please be careful. We made some internal changes that result in the script no longer automatically restarting the server if it crashes - instead, it will just shut down. We strongly recommend running your pod using your system's unit manager, for example with this systemd unit.

    πŸ”’ Security

    πŸ”¨ Refactor

    • βž• Add bootstrapping for using ECMAScript 6 with automatic transpiling for compatibility #7581 #8397
    • βœ‚ Remove backporting of mention syntax #7788
    • πŸ”’ Enable Content-Security-Policy header by default #7781
    • Do not show getting started after account import #8036
    • βœ‚ Remove the JSXC/Prosody integration #8069 #8341
    • Replace factory_girl with factory_bot #8218
    • ⬇️ Drop relay support #8243
    • πŸ‘‰ Use yarn to manage the frontend dependencies #8364
    • ⬆️ Upgrade to latest diaspora_federation, remove support for old federation protocol #8368
    • βœ‚ Remove support for therubyracer #8337
    • Replace unicorn with puma #8392
    • ⬇️ Drop strip_exif flag and always remove exif data from uploaded images #8417
    • Replace apparition with cuprite #8418
    • βœ‚ Remove i18n-inflector-rails for translations #8420
    • βž• Add ruby 3 support #8423 #8426 #8427 #8448
    • βž• Add CORS headers to nodeinfo endpoints to allow for client-side fetching #8436
    • Replace eye with foreman #8449

    πŸ› Bug fixes

    • πŸ›  Fix multiple photos upload progress bar #7655
    • Photo-upload file picker now correctly restricts possible file types #8205
    • πŸ‘‰ Make inline code inside links show the link color #8387
    • πŸ›  Fix fetching public posts on first account search was missing some data #8390
    • βž• Add redirect from mobile UI photo URLs to post when not using mobile UI #8400
    • πŸ“œ Escape mentions before markdown parsing in mobile UI #8398
    • Cleanup duplicate pods in database #8403
    • πŸ›  Fix scrolling issue after closing photo viewer on photos page #8404
    • Filter unicode emojis from email headers #8421
    • Do not show disabled services anymore #8406
    • ⚑️ Update search endpoint to be aware of ignored users #8363

    πŸ”‹ Features

    • βž• Add client-side cropping of profile image uploads #7581
    • βž• Add client-site rescaling of post images if they exceed the maximum possible size #7734
    • βž• Add backend for archive import #7660 #8254 #8264 #8010 #8260 #8302 #8298
    • For pods running PostgreSQL, make sure that no upper-case/mixed-case tags exist, and create a lower(name) index on tags to speed up ActsAsTaggableOn #8206
    • πŸ‘ Allow podmins/moderators to see all local public posts to improve moderation #8232 #8320
    • βž• Add support for directly paste images to upload them #8237
    • βž• Add support for webp images and convert new png/jpg to webp to save space and bandwidth [#8358](https://git...

  • v0.8.0.0 Changes

    πŸ†• New configuration file!

    πŸš€ We already recommended you to move to our new TOML based configuration file. With this release diaspora* will no longer read the YAML based configuration file at config/diaspora.yml. If you have not yet done so, please copy config/diaspora.toml.example to config/diaspora.toml and migrate your configuration.

    API!

    πŸ— With the release of diaspora* Version 0.8.0.0, we now officially support building applications on top of the diaspora* API! Please check out the official API documentation for instructions, and please do file bugs if you notice something that could be improved!

    πŸ‘€ We are looking forward to seeing many creative applications!

    🚚 The chat integration has been removed

    πŸ’… After a discussion with our community on Discourse, we decided to remove the pieces of XMPP chat integration that were put in place a while ago. When we first added the chat support, we merged the implementation in an unfinished state in the hopes that the open issues will be addressed eventually, and the implementation would end up more polished. This ended up not being the case. After careful consideration and discussion, we did not manage to come up with clear reasons why we need a chat implementation, so we decided that the best way forward would be to remove it.

    Although the chat was never enabled per default and was marked as experimental, some production pods did set up the integration and offered an XMPP service to their users. After this release, diaspora* will no longer contain a chat applet, so users will no longer be able to use the webchat inside diaspora*. The existing module that is used to enable users to authenticate to Prosody using their diaspora* credentials will continue to work, but contact list synchronization might not work without further changes to the Prosody module, which is developed independently from this project.

    Yarn for frontend dependencies

    πŸ‘€ We use yarn to install the frontend dependencies now, so you need to have that installed. See here for how to install it: https://yarnpkg.com/en/docs/install

    πŸ”¨ Refactor

    • βž• Add bootstrapping for using ECMAScript 6 with automatic transpiling for compatibility #7581
    • βœ‚ Remove backporting of mention syntax #7788
    • πŸ”’ Enable Content-Security-Policy header by default #7781
    • Do not show getting started after account import #8036
    • βœ‚ Remove the JSXC/Prosody integration #8069 #8341
    • Replace factory_girl with factory_bot #8218
    • ⬇️ Drop relay support #8243
    • πŸ‘‰ Use yarn to manage the frontend dependencies #8364
    • ⬆️ Upgrade to latest diaspora_federation, remove support for old federation protocol #8368

    πŸ› Bug fixes

    • πŸ›  Fix multiple photos upload progress bar #7655
    • Photo-upload file picker now correctly restricts possible file types #8205

    πŸ”‹ Features

    • βž• Add client-side cropping of profile image uploads #7581
    • βž• Add client-site rescaling of post images if they exceed the maximum possible size #7734
    • βž• Add backend for archive import #7660 #8254 #8264 #8010 #8260 #8302 #8298
    • For pods running PostgreSQL, make sure that no upper-case/mixed-case tags exist, and create a lower(name) index on tags to speed up ActsAsTaggableOn #8206
    • πŸ‘ Allow podmins/moderators to see all local public posts to improve moderation #8232 #8320
    • βž• Add support for directly paste images to upload them #8237
    • βž• Add support for webp images and convert new png/jpg to webp to save space and bandwidth #8358
    • πŸ‘‰ Show total and active pods count in the pods list for podmins #8383

  • v0.7.18.2 Changes

    July 10, 2023

    πŸš€ This release addresses possible security issues when processing images uploaded by users that is affecting some system configurations.

    πŸš€ This fix was heavily inspired by Mastodon's fix for GHSA-9928-3cp5-93fm, and while diaspora*s attack surface is significantly smaller and some operating systems do ship a restrictive ImageMagick policy, this release makes sure that everyone is safe.

    Thank you Cure53 for finding this issue, thank you Mozilla for paying Cure53 to look into it, and thanks for Mastodon for fixing it.

  • v0.7.18.1 Changes

    September 10, 2022

    πŸ› Bug fixes

    • ⚑️ Update binstubs to fix diaspora* being unable to start when multiple bundler versions were available #8392

  • v0.7.18.0 Changes

    July 31, 2022

    πŸ”¨ Refactor

    • πŸ›  Fix order-dependent jasmine test failures and switch to random order #8333
    • Get rid of some uses of "execute_script" in feature specs #8331
    • πŸ›  Fix deprecation warnings for sidekiq 7.0 #8359
    • βœ‚ Remove entypo-rails dependency to prepare for rails 6 #8361
    • βœ‚ Remove compass-rails dependency which is not supported anymore #8362
    • 🍱 Switch to sassc-rails which speeds up assets:precompile a lot #8362
    • βœ‚ Remove markerb dependency which doesn't exist anymore #8365
    • ⬆️ Upgrade to rails 6.1 #8366
    • ⚑️ Update the suggested Ruby version to 2.7. If you run into trouble during the update and you followed our installation guides, run rvm install 2.7. #8366
    • ⬆️ Upgrade to bundler 2 #8366
    • Stop checking /.well-known/host-meta, check for /.well-known/nodeinfo instead #8377
    • πŸ– Handle NodeInfo timeouts gracefully #8380

    πŸ› Bug fixes

    • πŸ›  Fix that no mails were sent after photo export #8365
    • πŸ›  Fix people with quotes in the name causing issues with mail sender #8365

    πŸ”‹ Features

    • Render posts and comments as HTML in HTML mails #8365
    • βž• Add NodeInfo 2.1 support and also read newer versions of NodeInfo #8379

  • v0.7.17.0 Changes

    April 27, 2022

    πŸ”’ Security

    • ⬆️ Bump Rails to 5.2.7 to address CVE-2022-22577 and CVE-2022-27777 #8350
    • Do not allow the user to mass assign their own password and 2fa settings alongside other parameters. Reported by Breno VitΓ³rio (@brenu) - thank you! #8351

    πŸ› Bug fixes

    • Don't suggest to retry exports on failure #8343

  • v0.7.16.0 Changes

    February 11, 2022

    πŸ”’ Security

    πŸ”¨ Refactor

    • Cache local posts/comments count for statistics #8241
    • πŸ›  Fix html-syntax in some handlebars templates #8251
    • βœ‚ Remove chat_enabled flag from archive export #8265
    • πŸ”„ Change thumbnails in image slideshow to squares #8275
    • Replace uglifier with terser for JS compression #8268

    πŸ› Bug fixes

    • 🌲 Ensure the log folder exists #8287
    • Limit name length in header #8313
    • πŸ›  Fix fallback avatar in hovercards #8316
    • πŸ‘‰ Use old person private key for export if relayable author migrated away #8310

    πŸ”‹ Features

    • βž• Add tags to tumblr posts #8244
    • βž• Add blocks to the archive export #8263
    • πŸ‘ Allow points and dashes in the username #8266
    • βž• Add support for footnotes in markdown #8277
    • Send AccountMigration if receiving message to a migrated account #8288
    • βž• Add podmin mail address to the footer #8242
    • βž• Add username to password-reset mail #8037
    • Resend account migration and deletion for closed recipients #8309
    • βž• Add sharing status to hovercards #8317
    • Migrate photo URLs and cleanup old uploaded photos #8314

  • v0.7.15.0 Changes

    April 18, 2021

    πŸ”¨ Refactor

    • πŸ’» Replaced some http:// links in the UI with their https:// counterparts #8207
    • βœ… Testing: Replaced phantomjs with headless Chrome/Chromium #8234

    πŸ› Bug fixes

    • ⚑️ Update comment counter when deleting a comment in the Single Post View #7938
    • πŸ”— Link diaspora only poduptime list #8174
    • βœ‚ Delete a user's invitation code during account deletion #8202
    • ⬆️ Bump mimemagic #8231
    • βœ‚ Removed support for defunct Uni Heidelberg OSM tile server, Mapbox is now required if you want to show maps #8215
    • Render only two fractional digits in the posts per user/day admin statistics #8227
    • πŸ‘‰ Make aspect dropdowns scrollable #8213
    • Fix Photo#ownserhip_of_status_message validation #8214

    πŸ”‹ Features

    • πŸ‘Œ Support and recommend TOML as configuration format #8132

  • v0.7.14.0 Changes

    June 14, 2020

    πŸ”¨ Refactor

    • ⚑️ Update the suggested Ruby version to 2.6. If you run into trouble during the update and you followed our installation guides, run rvm install 2.6. #7929

    πŸ› Bug fixes

    • Don't link to deleted users in admin user stats #8063
    • Properly validate a profile's gender field length instead of failing with a database error. #8127

    πŸ”‹ Features