Changelog

Added

• Add language dropdown to compose form in web UI (Gargron, ykzts)
• Add warning for limited accounts in web UI (Gargron)
• Add limited attribute to accounts in REST API (Gargron)

Changed

• Change RSS feeds (Gargron, tribela)
  • Titles are now date and time of post
  • Bodies now render all content faithfully, including polls and emojis
  • All media attachments are included with Media RSS
• Change "dangerous" to "sensitive" in privacy policy and web UI (Gargron)
• Change unconfirmed accounts to not be visible in REST API (ClearlyClaire)
• Change tootctl search deploy to improve performance (Gargron, Gargron)
• Change search indexing to use batches to minimize resource usage (Gargron)

Fixed

• Fix follower and other counters being able to go negative (Gargron)
• Fix unnecessary query when creating a status (ClearlyClaire)
• Fix warning an account outside of a report closing all reports for that account (ClearlyClaire)
• Fix error when resolving a link that redirects to a local post (ClearlyClaire)
• Fix preferred posting language returning unusable value in REST API (Gargron)
• Fix race condition error when external status is reblogged (ykzts)
• Fix missing string for appeal validation error (Gargron)
• Fix block/mute lists showing a follow button in web UI (ClearlyClaire)
• Fix Redis configuration not being changed by mastodon:setup (ClearlyClaire)
• Fix streaming notifications not using quick filter logic in web UI (ClearlyClaire)
• Fix ambiguous wording on appeal actions in admin UI (ClearlyClaire)
• Fix floating action button obscuring last element in web UI (ClearlyClaire)
• Fix account warnings not being recorded in audit log (ClearlyClaire)
• Fix leftover icons for direct visibility statuses (Steffo99)
• Fix link verification requiring case sensitivity on links (sgolemon)
• Fix embeds not setting their height correctly (rinsuki)

Security

• Fix concurrent unfollowing decrementing follower count more than once (Gargron)
• Fix being able to appeal a strike unlimited times (Gargron)
• Fix being able to report otherwise inaccessible statuses (Gargron)
• Fix empty votes arbitrarily increasing voters count in polls (Gargron)
• Fix moderator identity leak when approving appeal of sensitive marked statuses (Gargron)
• Fix suspended users being able to access APIs that don't require a user (Gargron)
• Fix confirmation redirect to app without Location header (Gargron)

Upgrade notes

To get the code for v3.5.3, use git fetch && git checkout v3.5.3.

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

Dependencies have not changed. To summarize, the dependency requirements for v3.5.3 are:

• Ruby: 2.6 up to 3.1
• PostgreSQL: 9.5 or newer
• Elasticsearch (optional, for full-text search): 7.x
• Redis: 4 or newer
• Node: 12 or newer

Update steps

The following instructions are for updating from 3.5.2.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

• Install dependencies: bundle install and yarn install

Both Docker and non-Docker:

1. Precompile the assets:
   • Non-Docker: RAILS_ENV=production bundle exec rails assets:precompile
   • Docker: The assets are already precompiled during the build step
2. Restart all Mastodon processes