:warning: This is a pre-release! This has not been as widely tested as regular releases, although it is still tested on mastodon.social and some other servers. If you update to this release, you will not be able to safely downgrade to the existing stable releases. You will, however, be able to upgrade to later nightly releases as well as the upcoming 4.2.0 stable release.

:warning: This release is an important security release fixing major security issues (CVE-2023-42451, CVE-2023-42452, CVE-2023-42450).

Corresponding security releases are available for the 4.1.x branch, the 4.0.x branch and the 3.5.x branch.

Upgrade overview

This release contains upgrade notes that deviate from the norm:

ℹ️ Requires streaming API restart ℹ️ Requires database migrations ℹ️ Starting from this release, Mastodon will periodically check for updates (see below if you want to disable that behavior) :warning: Requires rebuilding Elasticsearch indexes :warning: The minimal supported version for Ruby has been bumped to 3.0 :warning: The minimal supported version for Node.js has been bumped to 16 :warning: The minimal supported version for PostgreSQL has been bumped to 10. Please note that using PostgreSQL 10 or 11 is deprecated and will not be supported in 4.3.0. :warning: The minimal supported version for LibreTranslate has been bumped to 1.3.3 :warning: The way database replicas are configured has changed :warning: Disables part of the StatsD integration by default :warning: Drops built-in clustering support from the streaming server :warning: Updated systemd unit files for the streaming server :warning: A configuration change is required for some S3-compatible storage providers :warning: We will stop bundling PgHero in a future release

For more information, scroll down to the upgrade instructions section.

Changelog (v4.2.0-rc2)

Added

• Add additional metrics for streaming (ThisIsMissEm)

Changed

• Change video bitrate to always fit within size limit (Gargron)

Fixed

• Fix hashtag bar being sometimes incorrectly hidden (ClearlyClaire)
• Fix crash when viewing a moderation appeal and the moderator account has been deleted (xrobau)
• Fix Web UI making duplicate search queries when scrolling (ClearlyClaire)
• Fix error in Web UI when server rules cannot be fetched (ClearlyClaire)
• Fix Setting.authorized_fetch not being properly taken into consideration (ClearlyClaire)
• Fix post edits not being forwarded as expected (ClearlyClaire)
• Fix dismiss button overlapping with text in dismissable banners (ClearlyClaire)
• Fix obsolete cache key in status cache invalidation logic (ClearlyClaire)
• Fix processing of min_id and max_id parameters in /api/v2/search (ClearlyClaire)

Security

• Fix incorrect URL normalization (CVE-2023-42450, GHSA-hcqf-fw2r-52g4)
• Fix missing HTML sanitization in translation API (CVE-2023-42452, GHSA-2693-xr3m-jhqr)
• Fix incorrect domain name normalization (CVE-2023-42451, GHSA-v3xf-c9qf-j667)

Changelog (v4.2.0-rc1)

Added

• Add full-text search of opted-in public posts and rework search operators (Gargron, jsgoldstein, ClearlyClaire, ClearlyClaire, jsgoldstein, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, ClearlyClaire, Gargron, Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron, ClearlyClaire, Gargron, Gargron, Gargron, ClearlyClaire, Gargron, Gargron, Gargron, Gargron, Gargron, arbolitoloco1, tribela) This introduces a new public_statuses Elasticsearch index for public posts by users who have opted in to their posts being searchable (toot#indexable flag). This also revisits the other indexes to provide more useful indexing, and adds new search operators such as from:me, before:2022-11-01, after:2022-11-01, during:2022-11-01, language:fr, has:poll, or in:library (for searching only in posts you have written or interacted with). Results are now ordered chronologically.
• Add admin notifications for new Mastodon versions (ClearlyClaire) This is done by querying https://api.joinmastodon.org/update-check every 30 minutes in a background job. That URL can be changed using the UPDATE_CHECK_URL environment variable, and the feature outright disabled by setting that variable to an empty string (UPDATE_CHECK_URL=).
• Add “Privacy and reach” tab in profile settings (Gargron, ClearlyClaire) This reorganized scattered privacy and reach settings to a single place, as well as improve their wording.
• Add display of out-of-band hashtags in the web interface (Gargron, arbolitoloco1, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron)
• Add role badges to the web interface (ClearlyClaire, Gargron)
• Add ability to pick domains to forward reports to using the forward_to_domains parameter in POST /api/v1/reports (ClearlyClaire, ClearlyClaire) The forward_to_domains REST API parameter is a list of strings. If it is empty or omitted, the previous behavior is maintained. The forward parameter still needs to be set for forward_to_domains to be taken into account. The forwarded-to domains can only include that of the original author and people being replied to.
• Add forwarding of reported replies to servers being replied to (Gargron, ClearlyClaire)
• Add ONE_CLICK_SSO_LOGIN environment variable to directly link to the Single-Sign On provider if there is only one sign up method available (CSDUMMI, ClearlyClaire, CSDUMMI, ClearlyClaire)
• Add webhook templating (Gargron)
• Add webhooks for local status.created, status.updated, account.updated and report.updated (VyrCossont, VyrCossont, VyrCossont)
• Add exclusive lists (dariusk, necropolina, ClearlyClaire)
• Add a confirmation screen when suspending a domain (ClearlyClaire, ClearlyClaire)
• Add support for importing lists (ClearlyClaire, mgmn, ClearlyClaire)
• Add optional hCaptcha support (ClearlyClaire, ClearlyClaire, Gargron, ClearlyClaire)
• Add lines to threads in web UI (Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire, teeerevor, renchap)
• Add new onboarding flow to web UI (Gargron, Gargron, Gargron, ClearlyClaire, ThisIsMissEm, Gargron, stevenjlm, ClearlyClaire, ClearlyClaire, Gargron, ClearlyClaire)
• Add S3_DISABLE_CHECKSUM_MODE environment variable for compatibility with some S3-compatible providers (ClearlyClaire)
• Add auto-refresh of accounts we get new messages/edits of (ClearlyClaire)
• Add Elasticsearch cluster health check and indexes mismatch check to dashboard (ClearlyClaire, ClearlyClaire, ClearlyClaire)
• Add admin API for managing tags (rrgeorge)
• Add a link to hashtag timelines from the Trending hashtags moderation interface (gunchleoc)
• Add timezone to datetimes in e-mails (ClearlyClaire)
• Add authorized_fetch server setting in addition to env var (ClearlyClaire)
• Add avatar image to webfinger responses (tvler)
• Add debug logging on signature verification failure (ClearlyClaire, ClearlyClaire)
• Add explicit error messages when DeepL quota is exceeded (lutoma)
• Add Elasticsearch/OpenSearch version to “Software” in admin dashboard (ClearlyClaire)
• Add data-nosnippet attribute to remote posts and local posts with noindex (ClearlyClaire)
• Add support for federating memorial attribute (rrgeorge)
• Add Cherokee and Kalmyk to languages dropdown (gunchleoc, gunchleoc)
• Add DELETE /api/v1/profile/avatar and DELETE /api/v1/profile/header to the REST API (danielmbrasil, ClearlyClaire)
• Add ES_PRESET option to customize numbers of shards and replicas (Gargron, ClearlyClaire) This can have a value of single_node_cluster (default), small_cluster (uses one replica) or large_cluster (uses one replica and a higher number of shards).
• Add CACHE_BUSTER_HTTP_METHOD environment variable (renchap, ClearlyClaire)
• Add support for DB_PASS when using DATABASE_URL (ThisIsMissEm)
• Add GET /api/v1/instance/languages to REST API (danielmbrasil)
• Add primary key to preview_cards_statuses join table (ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire)
• Add client-side timeout on resend confirmation button (Gargron)
• Add published date and author to news on the explore screen in web UI (Gargron)
• Add lang attribute to various UI components (c960657, c960657, c960657, c960657)
• Add stricter protocol fields validation for accounts (ClearlyClaire)
• Add support for Azure blob storage (mistydemeo, mistydemeo)
• Add toast with option to open post after publishing in web UI (Gargron, Signez, Gargron)
• Add canonical link tags in web UI (Gargron)
• Add button to see results for polls in web UI (Gargron)
• Add at-symbol prepended to mention span title (forsamori)
• Add users index on unconfirmed_email (ClearlyClaire, ClearlyClaire)
• Add superapp index on oauth_applications (ClearlyClaire)
• Add index to backups on user_id column (mjankowski)
• Add onboarding prompt when home feed too slow in web UI (Gargron, ClearlyClaire, Gargron, renchap, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron)
• Add POST /api/v1/conversations/:id/unread API endpoint to mark a conversation as unread (ClearlyClaire)
• Add translate="no" to outgoing mentions and links (ClearlyClaire)
• Add unsubscribe link and headers to e-mails (Gargron, c960657)
• Add logging of websocket send errors (ThisIsMissEm)
• Add time zone preference (Gargron, ClearlyClaire)
• Add legal as report category (Gargron, renchap, ClearlyClaire)
• Add data-nosnippet so Google doesn't use trending posts in snippets for / (ClearlyClaire)
• Add card with who invited you to join when displaying rules on sign-up (ClearlyClaire)
• Add missing primary keys to accounts_tags and statuses_tags (ClearlyClaire)
• Add support for custom sign-up URLs (ClearlyClaire, renchap, ClearlyClaire, mgmn) This is set using SSO_ACCOUNT_SIGN_UP and reflected in the REST API by adding registrations.sign_up_url to the /api/v2/instance endpoint.
• Add polling and automatic redirection to /start on email confirmation (ClearlyClaire)
• Add ability to block sign-ups from IP using the CLI (danielmbrasil)
• Add ALT badges to media that has alternative text in web UI (Gargron, c960657
• Add ability to include accounts with pending follow requests in lists (ClearlyClaire, ClearlyClaire)
• Add trend management to admin API (rrgeorge)
  • POST /api/v1/admin/trends/statuses/:id/approve
  • POST /api/v1/admin/trends/statuses/:id/reject
  • POST /api/v1/admin/trends/links/:id/approve
  • POST /api/v1/admin/trends/links/:id/reject
  • POST /api/v1/admin/trends/tags/:id/approve
  • POST /api/v1/admin/trends/tags/:id/reject
  • GET /api/v1/admin/trends/links/publishers
  • POST /api/v1/admin/trends/links/publishers/:id/approve
  • POST /api/v1/admin/trends/links/publishers/:id/reject
• Add user handle to notification mail recipient address (HeitorMC)
• Add progress indicator to sign-up flow (Gargron)
• Add client-side validation for taken username in sign-up form (Gargron)
• Add --approve option to tootctl accounts create (danielmbrasil)
• Add “In Memoriam” banner back to profiles (ClearlyClaire, ClearlyClaire) This adds the memorial attribute to the Account REST API entity.
• Add colour to follow button when hashtag is being followed (c960657)
• Add further explanations to the profile link verification instructions (drzax)
• Add a link to Identity provider's account settings from the account settings (CSDUMMI, ClearlyClaire)
• Add support for streaming server to connect to postgres with self-signed certs through the sslmode URL parameter (ramuuns)
• Add support for specifying S3 storage classes through the S3_STORAGE_CLASS environment variable (hyl)
• Add support for incoming rich text (ClearlyClaire)
• Add support for Ruby 3.2 (tenderlove, casperisfine, ClearlyClaire)
• Add API parameter to safeguard unexpected mentions in new posts (ClearlyClaire)

Changed

• Change hashtags to be displayed separately when they are the last line of a post (renchap, renchap, renchap)
• Change reblogs to be excluded from "Posts and replies" tab in web UI (Gargron)
• Change interaction modal in web interface (Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire, mgmn, tribela, ClearlyClaire, ClearlyClaire)
• Change design of link previews in web UI (Gargron, ClearlyClaire, Gargron, Gargron, Gargron, Gargron, c960657)
• Change "direct message" nomenclature to "private mention" in web UI (Gargron)
• Change translation feature to cover Content Warnings, poll options and media descriptions (c960657, S-H-GAMELINKS, c960657, ClearlyClaire)
• Change account search to match by text when opted-in (jsgoldstein, Gargron)
• Change import feature to be clearer, less error-prone and more reliable (ClearlyClaire, mgmn)
• Change local and federated timelines to be tabs of a single “Live feeds” column (ClearlyClaire, Gargron, mgmn, Plastikmensch, ClearlyClaire)
• Change user archive export to be faster and more reliable, and export .zip archives instead of .tar.gz ones (ClearlyClaire, TheEssem)
• Change mastodon-streaming systemd unit files to be templated (e-nomem)
• Change statsd integration to disable sidekiq metrics by default (mjankowski, mjankowski, ClearlyClaire) This deprecates statsd support and disables the sidekiq integration unless STATSD_SIDEKIQ is set to true. This is because the nsa gem is unmaintained, and its sidekiq integration is known to add very significant overhead. Later versions of Mastodon will have other ways to get the same metrics.
• Change replica support to native Rails adapter (krainboltgreene, Gargron, Gargron, Gargron, Gargron, ClearlyClaire, ClearlyClaire, ClearlyClaire, ClearlyClaire) This is a breaking change, dropping makara support, and requiring you to update your database configuration if you are using replicas. To tell Mastodon to use a read replica, you can either set the REPLICA_DB_NAME environment variable (along with REPLICA_DB_USER, REPLICA_DB_PASS, REPLICA_DB_HOST, and REPLICA_DB_PORT, if they differ from the primary database), or the REPLICA_DATABASE_URL environment variable if your configuration is based on DATABASE_URL.
• Change DCT method used for JPEG encoding to float (electroCutie)
• Change from node-redis to ioredis for streaming (gmemstr)
• Change private statuses index to index without crutches (ClearlyClaire)
• Change video compression parameters (Gargron, Gargron, Gargron)
• Change admin e-mail notification settings to be their own settings group (ClearlyClaire)
• Change opacity of the delete icon in the search field to be more visible (AntoninDelFabbro)
• Change Account Search to prioritize username over display name (jsgoldstein)
• Change follow recommendation materialized view to be faster in most cases (renchap, ClearlyClaire)
• Change robots.txt to block GPTBot (Foritus)
• Change header of hashtag timelines in web UI (Gargron, ClearlyClaire)
• Change streaming /metrics to include additional metrics (ThisIsMissEm)
• Change indexing frequency from 5 minutes to 1 minute, add locks to schedulers (Gargron)
• Change column link to add a better keyboard focus indicator (teeerevor)
• Change poll form element colors to fit with the rest of the ui (teeerevor, teeerevor, ClearlyClaire)
• Change 'favourite' to 'favorite' for American English (marekr, gunchleoc, nabijaczleweli)
• Change ActivityStreams representation of suspended accounts to not use a blank name (ClearlyClaire)
• Change focus UI for keyboard only input (teeerevor, Gargron, Gargron)
• Change thread view to scroll to the selected post rather than the post being replied to (ClearlyClaire)
• Change links in multi-column mode so tabs are open in single-column mode (Signez, Signez, ClearlyClaire, Signez, Signez)
• Change searching with # to include account index (jsgoldstein)
• Change label and design of sensitive and unavailable media in web UI (Gargron, Gargron, Gargron)
• Change button colors to increase hover/focus contrast and consistency (teeerevor, Gargron)
• Change dropdown icon above compose form from ellipsis to bars in web UI (Gargron)
• Change header backgrounds to use fewer different colors in web UI (Gargron)
• Change files to be deleted in batches instead of one-by-one (Gargron, S-H-GAMELINKS, ClearlyClaire)
• Change emoji picker icon (iparr)
• Change edit profile page (Gargron, c960657)
• Change "bot" label to "automated" (Gargron)
• Change design of dropdowns in web UI (Gargron)
• Change wording of “Content cache retention period” setting to highlight destructive implications (ClearlyClaire)
• Change autolinking to allow carets in URL search params (renchap)
• Change share action from being in action bar to being in dropdown in web UI (Gargron)
• Change remote report processing to accept reports with long comments, but truncate them (ThisIsMissEm)
• Change sessions to be ordered from most-recent to least-recently updated (frankieroberto)
• Change vacuum scheduler to also delete expired tokens and unused application records (ClearlyClaire, ClearlyClaire)
• Change "Sign in" to "Login" (Gargron)
• Change domain suspensions to also be checked before trying to fetch unknown remote resources (ClearlyClaire)
• Change media components to use aspect-ratio rather than compute height themselves (ClearlyClaire, ClearlyClaire, ClearlyClaire)
• Change logo version in header based on screen size in web UI (Gargron)
• Change label from "For you" to "People" on explore screen in web UI (Gargron)
• Change logged-out WebUI HTML pages to be cached for a few seconds (ClearlyClaire)
• Change unauthenticated responses to be cached in REST API (Gargron, ClearlyClaire, ClearlyClaire)
• Change HTTP caching logic (Gargron, ClearlyClaire)
• Change hashtags and mentions in bios to open in-app in web UI (Gargron)
• Change styling of the recommended accounts to allow bio to be more visible (chike00)
• Change account search in moderation interface to allow searching by username including the leading @ (HeitorMC)
• Change all components to use the same error page in web UI (Gargron)
• Change search pop-out in web UI (Gargron)
• Change user settings to be stored in a more optimal way (Gargron, c960657, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron, Gargron, ClearlyClaire, jsgoldstein, ClearlyClaire)
• Change media upload limits and remove client-side resizing (Gargron)
• Change design of account rows in web UI (Gargron, Gargron, Gargron, ClearlyClaire)
• Change log-out to use Single Logout when using external log-in through OIDC (CSDUMMI)
• Change sidekiq-bulk's batch size from 10,000 to 1,000 jobs in one Redis call (ClearlyClaire)
• Change translation to only be offered for supported languages (c960657, c960657) This adds the /api/v1/instance/translation_languages REST API endpoint that returns an object with the supported translation language pairs in the form:

  {
    "fr": ["en", "de"]
  }
  

  (where fr is a supported source language and en and de or supported output language when translating a fr string)
• Change compose form checkbox to native input with appearance: none (ClearlyClaire)
• Change posts' clickable area to be larger (c960657)
• Change followed_by link to location=all if account is local on /admin/accounts/:id page (tribela)

Removed

• Remove support for Node.js 14 (renchap)
• Remove support for Ruby 2.7 (nschonni)
• Remove clustering from streaming API (ThisIsMissEm)
• Remove anonymous access to the streaming API (ClearlyClaire)
• Remove obfuscation of reply count in web UI (Gargron)
• Remove kmr from language selection, as it was a duplicate for ku (gunchleoc, ClearlyClaire)
• Remove 16:9 cropping from web UI (Gargron)
• Remove back button from bookmarks, favourites and lists screens in web UI (Gargron)
• Remove display name input from sign-up form (Gargron)
• Remove tai locale (c960657)
• Remove empty Kushubian (csb) local files (nschonni)
• Remove Permissions-Policy header from all responses (Gargron)

Fixed

• Fix filters not being applying in the explore page (ClearlyClaire)
• Fix being unable to load past a full page of filtered posts in Home timeline (ClearlyClaire)
• Fix log-in flow when involving both OAuth and external authentication (CSDUMMI)
• Fix broken links in account gallery (c960657)
• Fix blocking subdomains of an already-blocked domain (ClearlyClaire)
• Fix migration handler not updating lists (ClearlyClaire)
• Fix paragraph margins resulting in irregular read-more cut-off in web UI (Gargron)
• Fix notification permissions being requested immediately after login (ClearlyClaire)
• Fix performances of profile directory (ClearlyClaire, ClearlyClaire)
• Fix mute button and volume slider feeling disconnected in web UI (Gargron, ClearlyClaire)
• Fix “Scoped order is ignored, it's forced to be batch order.” warnings (ClearlyClaire)
• Fix blocked domain appearing in account feeds (ClearlyClaire)
• Fix moderator rights inconsistencies (ClearlyClaire)
• Fix crash when encountering invalid URL (ClearlyClaire)
• Fix invalid Content-Type header for WebP images (c960657)
• Fix minor inefficiencies in tootctl search deploy (ClearlyClaire)
• Fix filter form in profiles directory overflowing instead of wrapping (arbolitoloco1)
• Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (danielmbrasil)
• Fix inefficiencies in PlainTextFormatter (ClearlyClaire)
• Fix sign up steps progress layout in right-to-left locales (ClearlyClaire)
• Fix bug with “favorited by” and “reblogged by“ view on posts only showing up to 40 items (timothyjrogers, timothyjrogers)
• Fix bad search type heuristic (Gargron)
• Fix not being able to negate prefix clauses in search (Gargron)
• Fix timeout on invalid set of exclusionary parameters in /api/v1/timelines/public (danielmbrasil)
• Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (yufushiro)
• Fix uploading of video files for which ffprobe reports 0/0 average framerate (NicolaiSoeborg)
• Fix cached posts including stale stats (ClearlyClaire)
• Fix adding column with default value taking longer on Postgres >= 11 (Gargron)
• Fix light theme select option for hashtags (teeerevor)
• Fix AVIF attachments (c960657)
• Fix incorrect URL normalization when fetching remote resources (c960657, c960657)
• Fix being unable to filter posts for individual Chinese languages (gunchleoc)
• Fix preview card sometimes linking to 4xx error pages (c960657)
• Fix emoji picker button scrolling with textarea content in single-column view (ClearlyClaire)
• Fix missing border on error screen in light theme in web UI (Gargron)
• Fix UI overlap with the loupe icon in the Explore Tab (gol-cha)
• Fix unexpected redirection to /explore after sign-in (ClearlyClaire)
• Fix /api/v1/statuses/:id/unfavourite and /api/v1/statuses/:id/unreblog returning non-updated counts (c960657)
• Fix clicking the “Back” button sometimes leading out of Mastodon (c960657, CSFlorin, S-H-GAMELINKS, ClearlyClaire)
• Fix processing of null ActivityPub activities (tribela)
• Fix hashtag posts not being removed from home feed on hashtag unfollow (ClearlyClaire)
• Fix for "follows you" indicator in light web UI not readable (vmstan)
• Fix incorrect line break between icon and number of reposts & favourites (edent)
• Fix sounds not being loaded from assets host (Signez)
• Fix buttons showing inconsistent styles (teeerevor, ClearlyClaire, ClearlyClaire, ClearlyClaire)
• Fix trend calculation working on too many items at a time (Gargron)
• Fix dropdowns being disabled for logged out users in web UI (Gargron, ClearlyClaire)
• Fix explore page being inaccessible when opted-out of trends in web UI (Gargron)
• Fix re-activated accounts possibly getting deleted by AccountDeletionWorker (ClearlyClaire)
• Fix /api/v2/search not working with following query param (danielmbrasil)
• Fix inefficient query when requesting a new confirmation email from a logged-in account (ClearlyClaire)
• Fix unnecessary concurrent calls to /api/*/instance in web UI (mgmn)
• Fix resolving local URL for remote content (ClearlyClaire)
• Fix search not being easily findable on smaller screens in web UI (Gargron, ClearlyClaire)
• Fix j/k keyboard shortcuts on some status lists (ClearlyClaire)
• Fix missing validation on default_privacy setting (ClearlyClaire)
• Fix incorrect pagination headers in /api/v2/admin/accounts (danielmbrasil)
• Fix non-interactive upload container being given a button role and tabIndex (ClearlyClaire)
• Fix always redirecting to onboarding in web UI (Gargron)
• Fix inconsistent use of middle dot (·) instead of bullet (•) to separate items (j-f1)
• Fix spacing of middle dots in the detailed status meta section (j-f1)
• Fix prev/next buttons color in media viewer (renchap)
• Fix email addresses not being properly updated in tootctl maintenance fix-duplicates (mjankowski)
• Fix unicode surrogate pairs sometimes being broken in page title (eai04191)
• Fix various inefficient queries against account domains (ClearlyClaire)
• Fix video player offering to expand in a lightbox when it's in an iframe (ClearlyClaire)
• Fix post embed previews (ClearlyClaire)
• Fix inadequate error handling in several API controllers when given invalid parameters (danielmbrasil, danielmbrasil, danielmbrasil, danielmbrasil, danielmbrasil, danielmbrasil)
• Fix uncaught ActiveRecord::StatementInvalid in Mastodon::IpBlocksCLI (danielmbrasil)
• Fix various edge cases with local moves (ClearlyClaire)
• Fix tootctl accounts cull crashing when encountering a domain resolving to a private address (ClearlyClaire)
• Fix tootctl accounts approve --number N not aproving the N earliest registrations (danielmbrasil)
• Fix being unable to clear media description when editing posts (c960657)
• Fix unavailable translations not falling back to English (mgmn)
• Fix anonymous visitors getting a session cookie on first visit (ClearlyClaire, ClearlyClaire, ClearlyClaire)
• Fix cutting off first letter of hashtag links sometimes in web UI (Gargron)
• Fix crash in tootctl accounts create --reattach --force (ClearlyClaire, danielmbrasil)
• Fix characters being emojified even when using Variation Selector 15 (text) (ClearlyClaire, ClearlyClaire)
• Fix uncaught ActiveRecord::StatementInvalid exception in Mastodon::AccountsCLI#approve (danielmbrasil)
• Fix email confirmation skip option in tootctl accounts modify USERNAME --email EMAIL --confirm (danielmbrasil)
• Fix tooltip for dates without time (c960657)
• Fix missing loading spinner and loading more on scroll in Private Mentions column (c960657)
• Fix account header image missing from /settings/profile on narrow screens (c960657)
• Fix height of announcements not being updated when using reduced animations (c960657)
• Fix inconsistent radius in advanced interface drawer (thislight)
• Fix loading more trending posts on scroll in the advanced interface (OmmyZhang)
• Fix poll ending notification for edited polls (c960657)
• Fix max width of media in /about and /privacy-policy (mgmn)
• Fix streaming API not being usable without DATABASE_URL (Gargron)
• Fix external authentication not running onboarding code for new users (ClearlyClaire)

Upgrade notes

To get the code for v4.2.0-rc2, use git fetch && git checkout v4.2.0-rc2.

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have changed since v4.1.7, with the Ruby, PostgreSQL and Node.js minimum version being higher.

• Ruby: 3.0 to 3.2
• PostgreSQL: 10 or newer
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 16 or newer
• ImageMagick: 6.9.7-7 or newer

If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it on this page.

Database replica configuration

The way Mastodon handles read replicas has changed, removing the makara gem and using native Rails support instead.

This changes how database replicas are configured. Instead of editing config/database.yml, you should use an unmodified one and use the REPLICA_DB_NAME, along with REPLICA_DB_USER, REPLICA_DB_PASS, REPLICA_DB_HOST and REPLICA_DB_PORT, if they differ from the primary database.

If you are using DATABASE_URL, you can configure your read replica in a similar way using REPLICA_DATABASE_URL.

StatsD integration

We have identified the current implementation of the StatsD integration for sidekiq to cause a lot of overhead. Therefore, we have disabled it by default, but since we do not have an alternative yet, it is still available by setting the following environment variable: STATSD_SIDEKIQ=true.

Please note that StatsD integration is deprecated and will not be supported in 4.3.0.

S3-compatible configuration change

If you experience issues with file uploads after this update, you may need to set S3_DISABLE_CHECKSUM_MODE=true, as our S3 library now defaults to use a feature that is not implemented by every S3-compatible provider.

Streaming server changes

We have dropped built-in clustering support from the streaming server, which means, depending on the load you are facing, that you may need to run multiple instances of it and configure a load-balancer.

Unless you are using Docker, it is recommended that you update your mastodon-streaming unit scripts with the ones we provide:

1. sudo cp ~mastodon/live/dist/mastodon-streaming*.service /etc/systemd/system/
2. sudo systemctl daemon-reload
3. sudo systemctl restart mastodon-streaming

If you then need to run more than one mastodon-streaming server, you can:

1. Start a new instance with sudo systemctl start mastodon-streaming@port (e.g. mastodon-streaming@4001)
2. Edit your nginx configuration file to add the new server to the load-balancing (an example is provided in the comments in dist/nginx.conf)

Automatic update checking

Starting from this release, Mastodon will periodically check for updates by querying https://api.joinmastodon.org/update-check every 30 minutes in a background job. That URL can be changed using the UPDATE_CHECK_URL environment variable, and the feature outright disabled by setting that variable to an empty string (UPDATE_CHECK_URL=).

Update steps

The following instructions are for updating from 4.1.7.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

0. If you are using rbenv, update the list of available versions and install Ruby 3.2.2 by doing RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install in the Mastodon install directory (e.g. /home/mastodon/live)
1. Install dependencies: bundle install and yarn install --frozen-lockfile
2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
3. Run the pre-deployment database migrations by specifying the SKIP_POST_DEPLOYMENT_MIGRATIONS=true environment variable: SKIP_POST_DEPLOYMENT_MIGRATIONS=true RAILS_ENV=production bundle exec rails db:migrate
4. Restart all Mastodon processes
5. Run the post-deployment database migrations: RAILS_ENV=production bundle exec rails db:migrate
6. If you use Elasticsearch, rebuild the search indexes with RAILS_ENV=production bin/tootctl search deploy --reset-chewy

Using Docker:

1. Run the pre-deployment database migrations by specifying the SKIP_POST_DEPLOYMENT_MIGRATIONS=true environment variable: docker-compose run --rm -e SKIP_POST_DEPLOYMENT_MIGRATIONS=true web bundle exec rails db:migrate
2. Restart all Mastodon processes
3. Run the post-deployment database migrations: docker-compose run --rm web bundle exec rails db:migrate
4. If you use Elasticsearch, rebuild the search indexes with docker-compose run --rm web bin/tootctl search deploy --reset-chewy