This matches the "websafe" upstream preset[0], and our current limit is too low for high-noise images (like a scene full of snow).
[0]: c7d070ec65/config/policy-websafe.xml (L58)
Noted its not the primary development environment, but 10.9 is out of support so just keep the the LTS tag.
MARIADB_AUTO_UPGRADE=1 facilitates in place upgrades.
closes#8452
The script changed from old unmaintained ya2yaml (which is broken with
current ruby version) to default `to_yaml` from ruby. That's why the
diff is "a bit" bigger than usual, because it looks like some keys are
sorted differently.
It's enough to check if the comment exists on the specified post, if it
doesn't exist at all, that check will also fail.
Also do that check directly on SQL level and just check if the comment
exist instead of looping through all comments.
There is no need to load all comments only to count them. Lets just let
the database do all the work. If there are no comments found, nothing
will happen anyway.
Also already filter the comments to only search for notifications for
own comments.
And add some tests :)
Now with likes on comments, diaspora also tries to fetch comments if it
receives a like for a comment it doesn't know yet. So this now also
allows to fetch comments with `/fetch/comment/<guid>`.
When liking a comment, the post also gets a participation, and if all
likes/comments get removed again, the participation also gets removed
again.
The only thing still not working properly is the frontend, but that is
already broken when unliking a post. So it shows an invalids state in
the frontend when unliking the post/comment.
Due to historic reasons with a comment the list of all likes was sent to the frontend.
This is needed just to detect if one of the likes is current users like.
So if sending just the own like, the frontend can do it's job.
When the frontend is refactured in any way, post and comment like handling should be improved.
Adapt to latest development
User likes
Set css class for inline likes on comment
Re-set participation on comment likes
Co-authored-by: Thorsten Claus <ThorstenClaus@web.de>
Otherwise this leaves it enabled if the processing failed, which then
makes other specs fail where they expect the image not being processed
(for example still have the initial set dimensions, instead of the one
read from image after processing).
This fix was heavily inspired by Mastodon's fix for GHSA-9928-3cp5-93fm.
So, thank you Cure53 for finding this issue, thank you Mozilla for
paying Cure53 to look into it, and thanks for Mastodon for fixing it.
The callbacks aren't used in cluster mode, and puma prints a warning
about that. This is fine, we don't need the callbacks in single-mode,
but can still keep it, in case somebody switches on cluster mode.
The problem is, the current puma version has a bug, where pumactl
crashes when trying to print these warnings, so lets just silence the
warnings. People running in single mode also don't need to care about
the warnings anyway.
Sidekiq 7 requires redis 6.2+, which isn't available in a lot of distros
yet :( So lets wait with this for a while.
This partially reverts commit a59505574a.
The old message, being 2048 chars long, apparently sometimes tripped up
Ferrum or Chrome itself. The new, shorter, message does that less or not
at all. It's still long enough, though, as the way we determine if a
status message is "too long" is by height only, so line-breaks work.
This is required for ruby 3.1 with rails 6.1, as they were removed from
being bundled with ruby 3.1. It can be removed with rails 7 again, as
they were added as a dependency to rails 7.
`deep_merge!` modifies the hash of the default translation, and it looks
like `I18n.t` always returns the same instance, so after that, the
default stays translated. So lets duplicate the hash first, before
modifying it, this also helps because we also add more keys below, which
probably also shouldn't be added to the original.
Some email providers (for example gmail) block emails if they have
emojis in the from header, as they could be confused with UI elements.
So the easy solution is to just filter all emojis from the name.
The normal `\p{Emoji}` selector also matches normal numbers, because of
the emoji-version of numbers (1️⃣), but the `\p{Emoji_Presentation}` then
doesn't match colored emojis anymore (❄️), so we need a mix of both to
find all emojis
There are no new releases anymore and the current version isn't
compatible with ruby 3.x.
As this feature wasn't really used a lot (Icelandic didn't even setup
inflections properly), it's probably not worth fighting for it, so lets
just drop it.
Related to #8369
Apparition4 isn't really maintained anymore and there are no new releases
and it always logs a lot of errors, making the output hard to read.
So lets switch to cuprite, as it also supports everything we need and is
still maintained.
Supersedes #8330
Yes, I know this is a very ugly workaround, but it works ...
Chrome now requires to add `about:blank` as parameter to open and be
able to use remote debugging. The jasmine-gem isn't supported anymore,
and we need to switch to the `jasmine-browser-runner`, I was working on
that a few months ago, but ran into problems.
As the jasmine-gem doesn't allow to add parameters without `--` infront
of it, lets just add a dummy parameter and add the required
`about:blank` with a space after that. This is ugly, but works for now,
until we can upgrade to the new jasmine version. We could also just
replace the `nil` of the last parameter with that value, but I think
that way it's clearer that this is a workaround and how it works.
Some imagemagick-versions (I tested Ubuntu 22.04 and debian bullseye)
always loose exif data when converting from jpg to webp. So this made
our CI fail now, but even if it wasn't failing before, some pods always
had and have versions which might loose the information anyway. So
having a setting to keep exif information is kinda pointless, if we
can't guarantee that the information isn't lost. Also, diaspora isn't a
photo sharing platform and we don't display exif information anywhere,
so I think we should just always strip exif data (which was already the
default before), as we don't need them.
The unique index doesn't work when the port is `NULL`. So use `-1`
instead for when using the default ports (80/443), as if we would use
the real ports, we could still have both 80 and 443 in the database at
the same time.
This URL is only used in the mobile UI, but when somebody then copies
the link and sends it to somebody on the desktop UI, they don't see
anything. So lets just redirect to the post containing the photo, so
there is at least something to show.
If there is no linked post, just redirect to the image instead.
Fixes#8352
Before the images were only pulled once and then never updated which
lead to really outdated images and OS dependencies. Now all images
(including the base image for the diaspora container) are pulled when
running `setup`. So the idea is to run the `setup` command from time to
time to bring everything up to date again.
Usernames that contained underscores were parsed by markdown first. This
broke the diaspora IDs and also added weird html at places where it
wasn't needed. Escaping them before sending the message through the
markdown parser fixes this issue.
As underscores are the only allowed character that can be used for
markdown that is also allowed inside a diaspora ID, this escaping can be
kept pretty simple.
This only fixes it for the mobile UI at the moment, for the desktop UI
it's probably better to fix it in markdown-it.
Related to #7975
As the docker-compose.yml contains variables, it can't just be used with
docker-compose directly. So this manually use docker-compose commands
with all the required environment variables set.
When puma was introduced in #8392 the default listen configuration was
set to only localhost, which makes sense for most development setups,
but when run within docker, it needs to listen on all IPs so the port
can be forwarded to be accessable outside of docker.
Because the new default makes sense without docker, I overwrite the
option with a environment variable only in the docker-setup. This also
ensures that it always contains the right value needed for the
docker-setup to work, no matter what was configured outside of docker.
Newly generated binstubs will check for the string
`This file was generated by Bundler` inside `bin/bundle`, so we'd have
to update that anyway.
Also, there is a non-zero chance the updated `bundle` binstub resolves
some of the setup-specific issues we've seen.
Newly generated binstubs will check for the string
`This file was generated by Bundler` inside `bin/bundle`, so we'd have
to update that anyway.
Also, there is a non-zero chance the updated `bundle` binstub resolves
some of the setup-specific issues we've seen.
The backend adds the total count for all pods, as well as the count for active pods.
In the frontend shows the new counts but without any further user interactions
This is the default bundler version that comes with ruby 2.7, and it
looks like ruby ruby 2.7 and bundler 2.3.18 have a problem with the new
splitted version where each gem source has it's own block and it
crashes.
To have less problems for podmins when updating, lets just downgrade
bundler and use the old lockfile format in next-minor. It's not a
problem anymore in develop as we don't have rails-assets anymore there,
as we switched to yarn.
This route was removed from the federation and doesn't exist anymore, so
checking for it doesn't make any sense.
But lets check if a server responds to /.well-known/nodeinfo instead.
All other software which supports the diaspora protocol should have this
endpoint by now. Parsing/validating nodeinfo is still handled
gracefully.
closes#8377
This was removed from the diaspora_federation gem, since it's not used
for the federation/discovery anymore since a long time. But old versions
of the ConnectionTester up to version 0.7.17 still check if this route
exist or else they mark the pod as offline. So lets add a dummy
host-meta with an empty response back, so the ConnectionTester is happy
again until we can remove this workaround again.
This isn't helpful at all for an api if you don't send a required
parameter and get an error response that just tells you what parameters
that were available.
This is a new feature with rails >= 6.1 and ruby >= 2.7, so this just
keeps the old behaviour of older rails/ruby versions.
When no `.sprockets-manifest-xxx.json` existed, every instance of
`Sprockets::Manifest` generated their own path with their own random
filename, and since this happened before the assets were actually
precompiled, they were all empty. So the error pages didn't find the
manifest and the non-digest assets also didn't have any assets to copy.
So lets create our own instance of `Sprockets::Manifest` here, AFTER
`assets:precompile`, which then loads the manifest json that was used
during precompile, so all precompiled assets are available.
closes#8366
This is to prepare for zeitwerk autoloader, and the old file couldn't be
autoloaded anyway, so the easiest is to just move it out of the models
folder.
markerb is dead and isn't compatible with rails 6 anymore. Removing it
means adding separate templates for text and html, this sadly means some
code duplication, but also luckily the templates aren't that
complicated, so the duplication is also very minimal.
This doesn't appear to be actually used, but if `gon` on not defined — which may happen in jasmine tests when run in random order — then it causes test failures.
Closes#8333
When I removed this and tested it locally, the feature spec still passed, but it is failing on CI, so it looks like we still need this `execute_script` use until we find a better Capybara strategy.
In addition to getting rid of an "execute_script" instance, this approach is slightly higher fidelity, as it renders the hovercard at the correct place on the page and doesn't reach into jQuery to trigger the hovercard.
This call to `execute_script` would directly call jQuery's `sortable` function on an element to make it sortable. However, this isn't necessary; the test can still drag the "Cat People" aspect to the desired position without it.
The apparition driver does not support "scroll_by" without going through "execute_script", but we can better express the intention of this test and make the scrolling action a bit more general by replacing "scroll a bit" with "scroll to [some element]" — in this case, we need to scroll until the "Change" button is visible so that we can press it.
This change_settings.feature spec is the only place that used "I scroll a bit".
This set of specs — in particular, all the calls to `this.view.$el.find(...).trigger('click') — are changing the environment in ways that cause I18n missing key errors elsewhere.
There are failures in `app_spec.js` if this spec file is run before it, and I haven't found a way to reset the environment to avoid the issue.
This is from Flaburgan: https://github.com/diaspora/diaspora/pull/8305/files
I can't find a better way around it. The specs that call `onChangedUnreadStatus` change the environment in ways we can't figure out how to reset cleanly.
This was failing if `app.aspect` got set by another spec than ran before it (such as one of the other specs in the same file, when run in a different order).
These tests were failing because of an error thrown from `this.header.render()`, unless `head_view_spec.js` had already been run to set app.notificationsCollection.
These cases of modifying app.stream can cause other specs to fail, depending on test order. Here we either don't modify them if the tests still pass without manually stubbing `addNow`, or we cache and restore the properties we need to test.
If a photo with the same filename already exists, generate a new random
filename, and re-federate the photo with that filename. This ensures
users can't modify their archive to overwrite other users photos.
We only store signatures for relayables if the author is external, but
if the author becomes external through a migration, the signature is
missing. Lets just use the old persons private key to still be able to
generate a signature for the export.
closes#8310
If the migration contains a new remote_photo_path migrate all photos of
the old person to this path. If the person was local before, cleanup old
uploaded files of the photos.
closes#8314
That way it can be re-used when sending the AccountMigrations to other
pods again if a message for the migrated account is received.
fixes#7902closes#8309
* Local contacts also start sharing again with imported user if they
were sharing with the old account
* Don't create empty contact entities for contacts which the imported
user doesn't share with and also maybe the contact doesn't share with
the importer
* Ensure people which were a contact in the archive still receive the
migration, even when the importer doesn't share with them, so they can
resend their contact message
fixes#8106 for real this time
Person.find_or_fetch_by_identifier raises an exception if person is not found localy and not fetchable. It never returns nil. These code changes take care about this behaviour and changes specs and code to behave equally.
Close#8273
Person.find_or_fetch_by_identifier raises an exception if person is not found localy and not fetchable. It never returns nil. These code changes take care about this behaviour and changes specs and code to behave equally.
Also related to #8253
This reverts b3ca504c40. We don't quite know why that was added, but we assume it's because of format strings. Some pre-2011 users exist that still have dots or dashes in their username, and those accounts are somewhat broken now.
closes#8266
Due to a bug in Rails, .truncate returns a frozen string if the string actually changed, but not if there are no changes. This leads to inconsistent behaviour, and broken tests.
This was fixed upstream, see https://github.com/rails/rails/pull/36109, but the fix did not make it into 5.2.x, so we have to work around for the time being.
This is a temporary workaround. Adding the real raw photo is quite a
challange and touches multiple components nobody wants to touch right
now. As this change is blocking an actual hotfix, this is fine, and will
be properly fixed at a later time.
We load another schema, https://diaspora.github.io/diaspora_federation/schemas/federation_entities.json,
that has overlapping definitions, namely #/definitions/post. When the definition from that schema is accessed
first, the json-schema gem caches it and is not smart enough to give precedence to the definition
within the schema document that contains the reference. So for now we have to disambiguate the references
likes this
Since we announce it in the supported metadata, some clients expect to be told what to use and don't fallback to the spec standard of
client_secret_basic on their own.
and replace it with our own Gem cache. This isn't pretty, as we have to manage that one ourselves, and pushing updates requires a core-team member, but rails-assets.org has become way too unreliable for us to be a viable option.
closes#8087
This should fix undefined method `og' for #<OpenGraphReader::Base:0x00007f73c53f2308 @bases={}>
for sites that have OpenGraph tags of other namespaces but no actual OpenGraph core tags
Only delete photos older than a day, so we don't delete photos for posts
which were uploaded 10 minutes ago and the author is still writing the
post for it.
closes#8041
This is not (and as far as I know, was never) used. If we want to make
standalone photos commentable, we can always add it back, but it would
also need to change federation for it to work, because comments support
only posts there. But for now it makes the code cleaner and easier to
remove it.
This ensures the hostname is downcase and thus subsequent third party library
assumptions hold, namely http-cookie (pulled through faraday-cookie_jar) doesn't
raise
closes#8021
This implements archive import feature.
The feature is divided in two main subfeatures: archive validation and archive import.
Archive validation performs different validation on input user archive. This can be
used without actually running import, e.g. when user wants to check the archive
before import from the frontend. Validators may add messages and modify the archive.
Validators are separated in two types: critical validators and non-critical validators.
If validations by critical validators fail it means we can't import archive.
If non-critical validations fail, we can import archive, but some warning messages
are rendered.
Also validators may change archive contents, e.g. when some entity can't be
imported it may be removed from the archive.
Validators' job is to take away complexity from the importer and perform the validations
which are not implemented in other parts of the system, e.g. DB validations or
diaspora_federation entity validations.
Archive importer then takes the modified archive from the validator and imports it.
In order to incapsulate high-level migration logic a MigrationService is
introduced. MigrationService links ArchiveValidator, ArchiveImporter and
AccountMigration.
Also here is introduced a rake task which may be used by podmins to run archive
import.
When people only write `https://` as image URL, this would fail with
`Addressable::URI::InvalidURIError: Absolute URI missing hierarchical segment: 'https://'`.
closes#7922
As a new, novice user, I ran into an issue where my postgresql
password contained special characters. After a brief conversation
with DenSchub on #diaspora, it was noted that while the example
database configuration had quotes added for mysql, but not for
postgresql, and it was suggested this be improved.
closes#7875
Previously we had only a Rails validation which ensured poll participation
uniqueness but this adds uniqueness control to the database level, so that
uniqueness is guaranteed even when changing data with avoiding Rails
validations.
closes#7798
Some podmins were confuse how they can disable this redirect and I think
the rule with two users can actually be a little confusing. I think the
main goal of this page to give the podmin a little start and I think
after they configured everything, the pod works and they found the link
to the wiki to make themself an admin, it is OK to remove the redirect.
Also it's bad for single-user pods where this page always stays active,
even if they are an admin, but have only one user. It's more useful for
single-user pods to have the login on the home page.
closes#7783
If a user scrolls just below the 1000px threshold and clicks the back-to-top button within 250ms, we'll never hide the button as the scroll event gets throttled away. That's rather inconvenient.
closes#7729
Camo only proxies images hosted somewhere else, so it doesn't make sense
to add the proxied versions to search engines. It only creates traffic
for camo when /camo/* urls are in search results.
closes#7726
I overlooked this when reviewing #6418 since it is excluded on travis
because of the @nophantomjs tag (so it didn't fail). But since we block
http:// embeds now, we need to use https:// for the tests.
This is normalized to "true" in the config after running bin/bundle, so
rerunning script/configure_bundler resets this back to 1 (which is the
same, but we don't need to change this back and forth every time).
When there were posts with many followed tags they were returned
multiple times, resulting in less than 15 unique posts. That resulted in
some posts to be missed in the stream.
Fixes#4503closes#7715
We only return `nil` when we know the person, but don't know the key or
the key is invalid, so it doesn't make sense to retry in this case. When
the person isn't known and can't be fetched we raise a DiscoveryError
which will be retried.
Also the errors were moved to the `Signable` module in the last release.
closes#7717
Use this tag for tests which can't work with PhantomJS, but which we
can run with Selenium using some other profile (not implemented here).
closes#6418
Currently, git checks are performed on server start, even when outside a git
repository.
This commit verify the presence of a git repository (via `git status` exit
code), and perform checks only if it exists.
closes#7712
This is to let the author of the post know, that this pod is interested
in updates about this post.
The sending user is only used to verify that the participation was sent
from this pod, but lets use an admin/podmin account if available.
closes#7708
The limit was added in 2012 to prevent spam, but since the participants
need to be a mutual contact with the author nowadays, I don't think it's
a spam problem anymore.
Some people may remove their birthday date after the notification was
sent, which then breaks the notification page for other users. Let's
just display the date when the notification was created, and not display
the users updated birthday date. When users update from date A to B it
always looks weird anyway, when we display the same new date B twice on
different days, or display two different dates for the same user.
We could remove notifications when users change or remove their
birthday, but that would be way more complex and also we usually don't
remove notifications (not even for deleted posts).
Fixes#7689closes#7691
Some people may remove their birthday date after the notification was
sent, which then breaks the notification page for other users. Let's
just display the date when the notification was created, and not display
the users updated birthday date. When users update from date A to B it
always looks weird anyway, when we display the same new date B twice on
different days, or display two different dates for the same user.
We could remove notifications when users change or remove their
birthday, but that would be way more complex and also we usually don't
remove notifications (not even for deleted posts).
Fixes#7689closes#7691
Stop using `Bundler.settings.with`, because it will be removed from
Bundler 1.6.
Also, as described in #7653, we could use `Bundler.settings[:with]`, but
that would be internal API again, so it probably breaks again in the
future. That's why I added a `BundlerHelper` module to parse the
required optional group from our config files, without the use of any
internal Bundler API.
Fixes#7653
The notifications need to be grouped by the same date as they are
sorted, otherwise the date used for the group doesn't match all
timestamps in the group and also the groups are sorted by the wrong
date.
This fixes#7647, a regression of #7568.
closes#7648
This uses a lot of memory for big accounts. Also it doesn't make much
sense to rollback everything when something fails, it's better to delete
everything we can.
When we should have the signature but don't have it, the user data
export fails. There are a few comments from back in 2011 where the
signature is missing.
Also some podmins maybe messed with signatures in their database, which
would also break the exports now.
closes#7637
There are a few old oEmbed caches which have the title saved in binary
(because they contain Chinese characters). This fails with
`ActionView::Template::Error ("å" from ASCII-8BIT to UTF-8)`. Since I
found only very old OEmbed caches with this problem (newest from 2012),
I think we can just remove these. When I create a new oEmbed cache for
the same URL it creates it without `!binary`.
closes#7620
- Removed posts and non contacts from other's data
- Collections are exported in batches to lower memory footprint
- In base exporters create User object instead of keeping instance because it caches all associations
closes#7627
It is not included into the main test suite, because it has :performance tag.
One can run this test using command:
$ bin/rspec --tag performance spec/integration/export/memory_usage_spec.rb
This test creates additional fixtures set to speed up repeated runs.
Main purpose of fixtures for us is to speed up test runs. Rebuilding
fixtures each run makes them pointless. They will be rebuilt automatically
if some of "files_to_check" are changed, so we're protected from the case
when fixtures are outdated and don't load properly.
It was possible to run migration locally without providing old private
key. This way migration was performed but not dispatched, which obviously
leads to desynchronization of the federation state so let's validate sender
before performing any actual actions.
closes#7558
They were added a long time ago and they talk about rails 3 ... we have
rails 5 now and scripts in the bin folder, so I think we can remove
them.
closes#7596
This is an internal active record table and shouldn't be touched. When
this is truncated you need to fix it again by running
`bin/rails db:environment:set RAILS_ENV=test`
This is a temporary fix until there is a new version of
database_cleaner.
closes#7606
The locals option is only supported in ActionView::TestCase, so it is
ignored anyway (even worse, it disabled the complete assertion). I added
some more assertions to ensure the template is rendered with the correct
conversation.
closes#7588
This was in all stack traces, which confused people ...
We currently only support IE11, so the version check was already old
again ...
When we break old browser versions, we don't check that for other
browsers. So older IE browser just break, like very other older browser
too.
closes#7557
The user_email is the first field anyway, and login form as a
user_username field too, so it maybe happens that we already fill in the
user_username filed there before page load finished.
closes#7556
This commit introduces support for AccountMigration federation message
receive. It covers the cases when the new home pod for a user is remote
respective to the recepient pod of the message. It also allows to initiate
migration locally by a podmin from the rails console. This will give the
pods a possibility to understand the account migration event on the
federation level and thus future version which will implement migration
will be backward compatible with the pods starting from this commit.
This doesn't add any value in the post preview:
* Avatar is already at the left-hand side of the publisher
* Timestamp is always "less than a minute ago"
* Interactions are disabled in the preview anyway
We don't display these things in the comment preview either, they only
need space and don't add any value to the preview.
we released that in 0.5.0.0 in 2015, we do not support skipping majors
anyway, and this is broken in Rails 5, so let's remove this. If people
upgrade from before 0.5.0.0, they have to upgrade via 0.6.0.0, but
that's written in the documenation.
Although this is contrary to rails best-practises, we cannot provide a schema.rb that works for both MySQL and PostgreSQL, so we have no choice. Our migrations are maintained, so it should always be possible to get back to a "clean" database schema anyway.
... this breaks the Rails 5 upgrade, and it's actually no longer needed.
New installations will have the right size anyway, and even if some
older installations miss the migration by not updating for 2 years, it
still doesn't matter since there is no risk that we will ever have
emojis in our migration filenames.
The change in assets.rb should be enough, but it doesn't work, because
sprockets `after_initialize` runs before it and initializes sprockets
with unfiltered paths.
But the trick with the underscore works, because bootstrap-sass has
named the file `_bootstrap.scss`, and rails-assets-bootstrap has
`bootstrap.scss`, so with `_bootstrap` it uses the correct bootstrap.
The hashes don't work properly with rails 5, there are different classes
loaded when called from the rails engine with missing inheritance.
Also the hashes never worked well with spring.
This commit introduces changes to the user data export archive format.
This extends data set which is included in the archive. This data can be
then imported to other pods when this feature is implemented.
Also the commit adds the archive format json schema. ATM it is used in
automatic tests only, but in future it will also be used to validate
incoming archives.
Javascript refactorings for better maintainability:
* simplePreview function to avoid code duplication
* Preloaded conversation is processed in a slightly different way
* Split isPreviewOrTexareaNotEmpty function since it has more than one responsibility
This class implements methods that allow to query relayables (comments, likes, participations,
poll_participations) of other people for posts of the given person.
`Rails.application.assets` is only available when `config.assets.compile`
is true (which is false in production). So the old way with a separate
rake task doesn't work in production. But we can get the filename of the
precompiled file from `Rails.application.assets_manifest.assets`.
The quiet_assets gem doesn't support rails 5, but sprockets 3 now has a
config.assets.quiet option, which deprecates the quiet_assets gem. But
the logging gem has a no-op silence method, that's why the quiet option
doesn't work out-of-the-box. I added a little hack to use the silence
method from ActiveSupport, which is also used from the original rails
logger.
This improves the main stream when you have less or inactive contacts
and ignored an active person that posts many posts with tags. When the
person is only removed after collecting all post ids, you don't see
posts with tags from other people.
Up to now, scripts were loaded prior to the stylesheet in <head>. When
scripts are loaded before stylesheets, it is possible that scripts
execute on the DOM elements before styles are fully loaded. This can
yield unexpected results.
In the case of the features/desktop/signs_up.feature tests, it would
happen every so often that the scripts ran before styles were loaded.
For example, the app.views.Publisher class (responsible for actions
related to creating a new post) relies on the poll element being either
hidden (or poll options being defined). As per stylesheet, the poll is
hidden by default. But when the scripts run before the stylesheet has
loaded, the poll appears visible to the script and post submission is
disabled.
This is fixed by loading stylesheets prior to scripts. See SO for more
info: https://stackoverflow.com/a/1324720/6451879
Capybara's native#send_key function is slow when it is passed a string
longer than just a few characters. This often results in timeout issues
and Capybara (falsely) reporting feature as failing.
To fix this, we use the faster function #fill_in. This does not trigger
JavaScript events on the input, so we manually trigger them after
fill_in by just sending a single key. This can be any key but since we
do not want to modify the text in the input, non-text keys should be
used. For a list of non-text keys, see
http://www.rubydoc.info/github/jnicklas/capybara/Capybara%2FNode%2FElement%3Asend_keys
There is an alternative to the above:
1) Use #fill_in to enter all text except for the last character:
fill_in ..., with: "#{status_message_text} #{txt[0..-2]}"
2) And then use #send_key to send that last character:
find("#status_message_text").native.send_key(txt.last)
At the moment, both approaches work equally well but the second approach
is documented here just in case it becomes relevant in the future.
When `public/assets/` is a symlink, running `find public/assets ...`
does not return the correct result. By using `public/assets/`, find is
able to return the correct result regardless of whether the folder is an
actual folder or a symlink.
[ci skip]
Use old style for Style/PercentLiteralDelimiters for now. Maybe we can
change this in the future, because the ruby style guide suggests to use
`[]` (which is also the new default for rubocop).
closes #7443#
This changes links from /posts/:id to /posts/:guid where the links are
not clicked very often. ID search is faster than guid search so we can't
change it everywhere, but these links are not very useful for clicking,
but can be used for easier guid look up.
closes#7453
Breaking a public key of a person can be used to "block" receiving posts
from this person on the pod. So we should handle that case better and
not just trigger many retries for something that will fail again.
closes#7448
This is now broken since more than half a year, so I think we can just
remove it.
Podmins shouldn't use this anyway, because it does bad things, like
replacing NULL with an empty string when editing something. If we really
need an admin interface for something, we should add it to our own admin
panel at /admins/dashboard.
Fixes#7027 and #6413closes#7440
The previous version logged the encrypted private messages of the new
protocol, which only makes the logfiles bigger without any benefit,
because it's encrypted anyway ...
closes#7435
Here we also set autoDispose to false. This is an option that was introduced
sometime after our last bump. Default is true and it disposes timeago object
if it is not in DOM. But that is the way we initialize timeago objects, therefore
if we have autoDispose=true then they will be disposed before they inserted in DOM.
So by using autoDispose=false we enforce previous behavior that worked fine for us.
Pass destroyModel from post control view to post view
and don't listen to the remove event in the post view
anymore. The `remove` function will be called from the
base view.
Fixes#5445
We don't need to change new to old syntax when we receive a post from a
newer pod, since we can handle the new syntax. This is only needed when
sending it to older pods.
related to #7392
Thor was upgraded again in #7345, but there are still "warnings" looking
like errors when using "db:migrate" for example. So lets pin it until it is
safe to upgrade.
closes#7351
This new version now has fog-core as dependency instead of fog. Now we
can only add fog-aws as dependency and remove all other fog provider.
closes#7289
The issue from a jasmine spec introduced by #7227 caused the testsuite that runs in a browser to be redirected out of the jasmine runner and therefore not finished.
closes#7299
When fetching notifications this merges existing notifications and changes
their appearance in the dropdown if the html or the unread status changed.
This doesn't update all notifications in the dropdown but only those that are
returned by the server.
Related to #7247.
First of all: thank you very much for helping us out!
## Things you need to know before contributing
If you want to get in touch with other diaspora\* developers, [check our wiki][how-we-communicate] for information on how we communicate. Feel free to ask if you have any questions!
Everyone interacting with our code, issue trackers, chat rooms, mailing lists, the wiki, and the discourse forum is expected to follow the [diaspora\* code of conduct][code-of-conduct].
## Report a security issue
Found a security issue? Please disclose it responsibly. We have a team of developers listening to [security@diasporafoundation.org][sec-mail]. The PGP fingerprint is [AB0D AB02 0FC5 D398 03AB 3CE1 6F70 243F 27AD 886A][pgp].
## Contributing to translations
We use [WebTranslateIt][webtranslateit] to manage translations of the app interface. Please read [our wiki page][translation-wiki] to find out more about this. If your language is featured on WebTranslateIt, please do **not** open a pull request to update translations. If it is not already featured on WebTranslateIt, please read the wiki article above to find out how to proceed.
## Contributing to the code
**Before opening a pull request** please read [how to contribute][contribute]. Doing things the right way from the start will save us time and mean that your contribution can be integrated quicker!
- Follow our [git workflow][git-workflow] method. In particular, *do not* open a pull request from the `master` or the `develop` branch.
- Follow our [styleguide][styleguide] and run pronto, our syntax analyzer, **locally before opening a pull request**. See [our wiki][pronto] for information on how to do this.
- [Write tests][testing-workflow].
- Use meaningful commit-messages and split larger tasks, e.g. refactoring, into separate commits. This makes the review process much easier.
## Other ways to contribute
You don’t know code? No worries, there are plenty other ways to help the diaspora* project! Please find out how you can help [on our wiki][other-ways].
* Improved compatibility with non-specification-compliant OpenGraph metadata [#8465](https://github.com/diaspora/diaspora/pull/8465)
## Bug fixes
* Fix processing for a specific set of uploaded images, like scenes full of snow, by allowing for a larger on-disk cache for ImageMagick [#8460](https://github.com/diaspora/diaspora/pull/8460)
* Fix a bug with parsing certain OpenGraph metadata structures [#8463](https://github.com/diaspora/diaspora/pull/8463)
## Features
* For admins, the offending content's author is now visible in the reports overview [#8464](https://github.com/diaspora/diaspora/pull/8464)
# 0.9.0.0
## New configuration file!
Diaspora\* now uses TOML for the configuration file. We recommend you to migrate to this new format, as with the next major release (1.0) diaspora\* will no longer read the YAML based configuration file at `config/diaspora.yml`. To do so, please copy `config/diaspora.toml.example` to `config/diaspora.toml` and migrate your configuration.
## API!
With the release of diaspora\* Version 0.9, we now officially support building applications on top of the diaspora\* API! Please check out [the official API documentation](https://diaspora.github.io/api-documentation/) for instructions, and please do file bugs if you notice something that could be improved!
We are looking forward to seeing many creative applications!
## The chat integration has been removed
After [a discussion with our community on Discourse](https://discourse.diasporafoundation.org/t/2718), we decided to remove the pieces of XMPP chat integration that were put in place a while ago. When we first added the chat support, we merged the implementation in an unfinished state in the hopes that the open issues will be addressed eventually, and the implementation would end up more polished. This ended up not being the case. After careful consideration and discussion, we did not manage to come up with clear reasons why we need a chat implementation, so we decided that the best way forward would be to remove it.
Although the chat was never enabled per default and was marked as experimental, some production pods did set up the integration and offered an XMPP service to their users. After this release, diaspora\* will no longer contain a chat applet, so users will no longer be able to use the webchat inside diaspora\*. The existing module that is used to enable users to authenticate to Prosody using their diaspora\* credentials will continue to work, but contact list synchronization might not work without further changes to the Prosody module, which is developed independently from this project.
## Changes around the appserver and related configuration
With this release, we switched from `unicorn` to `puma` to run our applications. For podmins running the default setup, this should significantly reduce memory usage, with similar or even better frontend performance! However, as great as this change is, some configuration changes are required.
- The `single_process_mode` and `embed_sidekiq_worker` configurations have been removed. This mode was never truly a "single-process" mode, as it just spawned the Background Workers inside the runserver. If you're using `script/server` to start your pod, this change does not impact you, but if you're running diaspora\* using other means, and you relied on this "single"-process mode, please ensure that Sidekiq workers get started.
- The format of the `listen` configuration has changed. If you have not set that field in your configuration, you can skip this. Otherwise, make sure to adjust your configuration accordingly:
- Listening to Unix sockets with a relative path has changed from `unix:tmp/diaspora.sock` into `unix://tmp/diaspora.sock`.
- Listening to Unix sockets with an absolute path has changed from `unix:/run/diaspora/diaspora.sock` to `unix:///run/diaspora/diaspora.sock`.
- Listening to a local port has changed from `127.0.0.1:3000` to `tcp://127.0.0.1:3000`.
- The `PORT` environment variable and the `-p` parameter to `script/server` have been removed. If you used that to run diaspora\* on a non-standard port, please use the `listen` configuration.
- The `unicorn_worker` configuration has been dropped. With Puma, there should not be a need to increase the number of workers above a single worker in any pod of any size.
- The `unicorn_timeout` configuration has been renamed to `web_timeout`.
- **If you don't run your pod with `script/server`**, you have to update your setup. If you previously called `bin/bundle exec unicorn -c config/unicorn.rb` to run diaspora\*, you now have to run `bin/puma -C config/puma.rb`! Please update your systemd-Units or similar accordingly.
## Yarn for frontend dependencies
We use yarn to install the frontend dependencies now, so you need to have that installed. See here for how to install it: https://yarnpkg.com/en/docs/install
## Suggested Ruby version: 3.3
We recommend setting up new pods using Ruby 3.3, and updating existing pods to this version as well. Ruby 2.7 is EOL and no longer supported.
## Changes to script/server for production pods
If you're currently running your production pod with `./script/server` in a tmux or something similar, please be careful. We made some internal changes that result in the script no longer automatically restarting the server if it crashes - instead, it will just shut down. We strongly recommend running your pod using your system's unit manager, for example with [this systemd unit](https://wiki.diasporafoundation.org/Automatic_startup_methods#Recommended:_systemd).
## Security
* Fix a potential 2FA brute force attack ([CVE-2024-0227](https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-chcr-x7hc-8fp8)).
Thanks to Christian Reitter ([Radically Open Security](https://www.radicallyopensecurity.com/)) and Chris MacNaughton ([Centauri Solutions](https://centauri.solutions)).
## Refactor
* Add bootstrapping for using ECMAScript 6 with automatic transpiling for compatibility [#7581](https://github.com/diaspora/diaspora/pull/7581) [#8397](https://github.com/diaspora/diaspora/pull/8397)
* Remove backporting of mention syntax [#7788](https://github.com/diaspora/diaspora/pull/7788)
* Enable Content-Security-Policy header by default [#7781](https://github.com/diaspora/diaspora/pull/7781)
* Do not show getting started after account import [#8036](https://github.com/diaspora/diaspora/pull/8036)
* Remove the JSXC/Prosody integration [#8069](https://github.com/diaspora/diaspora/pull/8069) [#8341](https://github.com/diaspora/diaspora/pull/8341)
* Replace `factory_girl` with `factory_bot` [#8218](https://github.com/diaspora/diaspora/pull/8218)
* Drop relay support [#8243](https://github.com/diaspora/diaspora/pull/8243)
* Use yarn to manage the frontend dependencies [#8364](https://github.com/diaspora/diaspora/pull/8364)
* Upgrade to latest `diaspora_federation`, remove support for old federation protocol [#8368](https://github.com/diaspora/diaspora/pull/8368)
* Remove support for `therubyracer` [#8337](https://github.com/diaspora/diaspora/issues/8337)
* Replace `unicorn` with `puma` [#8392](https://github.com/diaspora/diaspora/pull/8392)
* Drop `strip_exif` flag and always remove exif data from uploaded images [#8417](https://github.com/diaspora/diaspora/pull/8417)
* Replace `apparition` with `cuprite` [#8418](https://github.com/diaspora/diaspora/pull/8418)
* Remove `i18n-inflector-rails` for translations [#8420](https://github.com/diaspora/diaspora/pull/8420)
* Add ruby 3 support [#8423](https://github.com/diaspora/diaspora/pull/8423) [#8426](https://github.com/diaspora/diaspora/pull/8426) [#8427](https://github.com/diaspora/diaspora/pull/8427) [#8448](https://github.com/diaspora/diaspora/pull/8448)
* Add CORS headers to nodeinfo endpoints to allow for client-side fetching [#8436](https://github.com/diaspora/diaspora/pull/8436)
* Replace eye with foreman [#8449](https://github.com/diaspora/diaspora/pull/8449)
## Bug fixes
* Fix multiple photos upload progress bar [#7655](https://github.com/diaspora/diaspora/pull/7655)
* Photo-upload file picker now correctly restricts possible file types [#8205](https://github.com/diaspora/diaspora/pull/8205)
* Make inline code inside links show the link color [#8387](https://github.com/diaspora/diaspora/pull/8387)
* Fix fetching public posts on first account search was missing some data [#8390](https://github.com/diaspora/diaspora/pull/8390)
* Add redirect from mobile UI photo URLs to post when not using mobile UI [#8400](https://github.com/diaspora/diaspora/pull/8400)
* Escape mentions before markdown parsing in mobile UI [#8398](https://github.com/diaspora/diaspora/pull/8398)
* Cleanup duplicate pods in database [#8403](https://github.com/diaspora/diaspora/pull/8403)
* Fix scrolling issue after closing photo viewer on photos page [#8404](https://github.com/diaspora/diaspora/pull/8404)
* Filter unicode emojis from email headers [#8421](https://github.com/diaspora/diaspora/pull/8421)
* Do not show disabled services anymore [#8406](https://github.com/diaspora/diaspora/pull/8406)
* Update search endpoint to be aware of ignored users [#8363](https://github.com/diaspora/diaspora/pull/8363)
## Features
* Add client-side cropping of profile image uploads [#7581](https://github.com/diaspora/diaspora/pull/7581)
* Add client-site rescaling of post images if they exceed the maximum possible size [#7734](https://github.com/diaspora/diaspora/pull/7734)
* For pods running PostgreSQL, make sure that no upper-case/mixed-case tags exist, and create a `lower(name)` index on tags to speed up ActsAsTaggableOn [#8206](https://github.com/diaspora/diaspora/pull/8206)
* Allow podmins/moderators to see all local public posts to improve moderation [#8232](https://github.com/diaspora/diaspora/pull/8232) [#8320](https://github.com/diaspora/diaspora/pull/8320)
* Add support for directly paste images to upload them [#8237](https://github.com/diaspora/diaspora/pull/8237)
* Add support for webp images and convert new png/jpg to webp to save space and bandwidth [#8358](https://github.com/diaspora/diaspora/pull/8358)
* Show total and active pods count in the pods list for podmins [#8383](https://github.com/diaspora/diaspora/pull/8383)
* Allow to select multiple aspects when posting on mobile [#8217](https://github.com/diaspora/diaspora/pull/8217)
* Add info links to drawer in mobile UI [#8405](https://github.com/diaspora/diaspora/pull/8405)
* Tell users that there is no help in mobile version, allow to switch to desktop [#8407](https://github.com/diaspora/diaspora/pull/8407)
* Add Smart App Banner on iOS devices [#8409](https://github.com/diaspora/diaspora/pull/8409)
* Add a more detailed modal when reporting a post or a comment [#8035](https://github.com/diaspora/diaspora/pull/8035)
* Re-introduce likes on comments [#8203](https://github.com/diaspora/diaspora/pull/8203) [#8439](https://github.com/diaspora/diaspora/pull/8439) [#8442](https://github.com/diaspora/diaspora/pull/8442)
* New redesigned registration page [#8285](https://github.com/diaspora/diaspora/pull/8285)
* Allow comments to be fetched [#8441](https://github.com/diaspora/diaspora/pull/8441)
# 0.7.18.2
To avoid potential security issues, diaspora\* now makes sure that ImageMagick image processing always runs with a restricted `policy.xml`, regardless of the global system settings.
# 0.7.18.1
## Bug fixes
* Update binstubs to fix diaspora\* being unable to start when multiple bundler versions were available [#8392](https://github.com/diaspora/diaspora/pull/8392/commits/bfd42a1914a99ac9c71ecb16bbf6fa5bb118148a)
# 0.7.18.0
## Refactor
* Fix order-dependent jasmine test failures and switch to random order [#8333](https://github.com/diaspora/diaspora/pull/8333)
* Get rid of some uses of "execute\_script" in feature specs [#8331](https://github.com/diaspora/diaspora/pull/8331)
* Fix deprecation warnings for sidekiq 7.0 [#8359](https://github.com/diaspora/diaspora/pull/8359)
* Remove entypo-rails dependency to prepare for rails 6 [#8361](https://github.com/diaspora/diaspora/pull/8361)
* Remove compass-rails dependency which is not supported anymore [#8362](https://github.com/diaspora/diaspora/pull/8362)
* Switch to sassc-rails which speeds up `assets:precompile` a lot [#8362](https://github.com/diaspora/diaspora/pull/8362)
* Remove markerb dependency which doesn't exist anymore [#8365](https://github.com/diaspora/diaspora/pull/8365)
* Upgrade to rails 6.1 [#8366](https://github.com/diaspora/diaspora/pull/8366)
* Update the suggested Ruby version to 2.7. If you run into trouble during the update and you followed our installation guides, run `rvm install 2.7`. [#8366](https://github.com/diaspora/diaspora/pull/8366)
* Upgrade to bundler 2 [#8366](https://github.com/diaspora/diaspora/pull/8366)
* Stop checking `/.well-known/host-meta`, check for `/.well-known/nodeinfo` instead [#8377](https://github.com/diaspora/diaspora/pull/8377)
* Fix that no mails were sent after photo export [#8365](https://github.com/diaspora/diaspora/pull/8365)
* Fix people with quotes in the name causing issues with mail sender [#8365](https://github.com/diaspora/diaspora/pull/8365)
## Features
* Render posts and comments as HTML in HTML mails [#8365](https://github.com/diaspora/diaspora/pull/8365)
* Add NodeInfo 2.1 support and also read newer versions of NodeInfo [#8379](https://github.com/diaspora/diaspora/pull/8379)
# 0.7.17.0
## Security
* Bump Rails to 5.2.7 to address [CVE-2022-22577](https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533) and [CVE-2022-27777](https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534) [#8350](https://github.com/diaspora/diaspora/pull/8350)
* Do not allow the user to mass assign their own password and 2fa settings alongside other parameters. Reported by Breno Vitório (@brenu) - thank you! [#8351](https://github.com/diaspora/diaspora/pull/8351)
## Bug fixes
* Don't suggest to retry exports on failure [#8343](https://github.com/diaspora/diaspora/pull/8343)
# 0.7.16.0
## Security
* Update rails to fix [CVE-2022-23633](https://github.com/advisories/GHSA-wh98-p28r-vrc9) [#8336](https://github.com/diaspora/diaspora/pull/8336)
## Refactor
* Cache local posts/comments count for statistics [#8241](https://github.com/diaspora/diaspora/pull/8241)
* Fix html-syntax in some handlebars templates [#8251](https://github.com/diaspora/diaspora/pull/8251)
* Remove `chat_enabled` flag from archive export [#8265](https://github.com/diaspora/diaspora/pull/8265)
* Change thumbnails in image slideshow to squares [#8275](https://github.com/diaspora/diaspora/pull/8275)
* Replace uglifier with terser for JS compression [#8268](https://github.com/diaspora/diaspora/pull/8268)
## Bug fixes
* Ensure the log folder exists [#8287](https://github.com/diaspora/diaspora/pull/8287)
* Limit name length in header [#8313](https://github.com/diaspora/diaspora/pull/8313)
* Fix fallback avatar in hovercards [#8316](https://github.com/diaspora/diaspora/pull/8316)
* Use old person private key for export if relayable author migrated away [#8310](https://github.com/diaspora/diaspora/pull/8310)
## Features
* Add tags to tumblr posts [#8244](https://github.com/diaspora/diaspora/pull/8244)
* Add blocks to the archive export [#8263](https://github.com/diaspora/diaspora/pull/8263)
* Allow points and dashes in the username [#8266](https://github.com/diaspora/diaspora/pull/8266)
* Add support for footnotes in markdown [#8277](https://github.com/diaspora/diaspora/pull/8277)
* Send `AccountMigration` if receiving message to a migrated account [#8288](https://github.com/diaspora/diaspora/pull/8288)
* Add podmin mail address to the footer [#8242](https://github.com/diaspora/diaspora/pull/8242)
* Add username to password-reset mail [#8037](https://github.com/diaspora/diaspora/pull/8037)
* Resend account migration and deletion for closed recipients [#8309](https://github.com/diaspora/diaspora/pull/8309)
* Add sharing status to hovercards [#8317](https://github.com/diaspora/diaspora/pull/8317)
* Migrate photo URLs and cleanup old uploaded photos [#8314](https://github.com/diaspora/diaspora/pull/8314)
# 0.7.15.0
## Refactor
* Replaced some `http://` links in the UI with their `https://` counterparts [#8207](https://github.com/diaspora/diaspora/pull/8207)
* Testing: Replaced phantomjs with headless Chrome/Chromium [#8234](https://github.com/diaspora/diaspora/pull/8234)
## Bug fixes
* Update comment counter when deleting a comment in the Single Post View [#7938](https://github.com/diaspora/diaspora/pull/7938)
* Link diaspora only poduptime list [#8174](https://github.com/diaspora/diaspora/pull/8174)
* Delete a user's invitation code during account deletion [#8202](https://github.com/diaspora/diaspora/pull/8202)
* Removed support for defunct Uni Heidelberg OSM tile server, Mapbox is now required if you want to show maps [#8215](https://github.com/diaspora/diaspora/pull/8215)
* Render only two fractional digits in the posts per user/day admin statistics [#8227](https://github.com/diaspora/diaspora/pull/8227)
* Make aspect dropdowns scrollable [#8213](https://github.com/diaspora/diaspora/pull/8213)
* Support and recommend TOML as configuration format [#8132](https://github.com/diaspora/diaspora/pull/8132)
# 0.7.14.0
## Refactor
* Update the suggested Ruby version to 2.6. If you run into trouble during the update and you followed our installation guides, run `rvm install 2.6`. [#7929](https://github.com/diaspora/diaspora/pull/7929)
## Bug fixes
* Don't link to deleted users in admin user stats [#8063](https://github.com/diaspora/diaspora/pull/8063)
* Properly validate a profile's gender field length instead of failing with a database error. [#8127](https://github.com/diaspora/diaspora/pull/8127)
## Features
# 0.7.13.0
## Security
* Fixes [USN-4274-1](https://usn.ubuntu.com/4274-1/), a potential Denial-of-Service vulnerability in Nokogiri. [#8108](https://github.com/diaspora/diaspora/pull/8108)
## Refactor
* Set better example values for unicorn stdout/stderr log settings [#8058](https://github.com/diaspora/diaspora/pull/8058)
* Replace dependency on rails-assets.org with custom gems cache at gems.diasporafoundation.org [#8087](https://github.com/diaspora/diaspora/pull/8087)
## Bug fixes
* Fix error while trying to fetch some sites with invalid OpenGraph data [#8049](https://github.com/diaspora/diaspora/pull/8049)
* Don't show sign up link on mobile when registrations are disabled [#8060](https://github.com/diaspora/diaspora/pull/8060)
## Features
* Add cronjob to cleanup pending photos which were never posted [#8041](https://github.com/diaspora/diaspora/pull/8041)
* Improve handling of mixed case hostnames while fetching OpenGraph data [#8021](https://github.com/diaspora/diaspora/pull/8021)
* Fix "remember me" with two factor authentication enabled [#8031](https://github.com/diaspora/diaspora/pull/8031)
## Features
* Add line mentioning diaspora\* on the splash page [#7966](https://github.com/diaspora/diaspora/pull/7966)
* Improve communication about signing up on closed pods [#7896](https://github.com/diaspora/diaspora/pull/7896)
# 0.7.11.0
## Refactor
* Enable paranoid mode for devise [#8003](https://github.com/diaspora/diaspora/pull/8003)
* Refactor likes cucumber test [#8002](https://github.com/diaspora/diaspora/pull/8002)
## Bug fixes
* Fix old photos without remote url for export [#8012](https://github.com/diaspora/diaspora/pull/8012)
## Features
* Add a manifest.json file as a first step to make diaspora\* a Progressive Web App [#7998](https://github.com/diaspora/diaspora/pull/7998)
* Allow `web+diaspora://` links to link to a profile with only the diaspora ID [#8000](https://github.com/diaspora/diaspora/pull/8000)
* Support TOTP two factor authentication [#7751](https://github.com/diaspora/diaspora/pull/7751)
# 0.7.10.0
## Refactor
* Replace dandelion.jpg with a public domain photo [#7976](https://github.com/diaspora/diaspora/pull/7976)
## Bug fixes
* Fix incorrect post sorting on tag streams and tag searches for tags containing the word "activity" [#7959](https://github.com/diaspora/diaspora/issues/7959)
# 0.7.9.0
## Refactor
* Improve public stream performance and cleanup unused indexes [#7944](https://github.com/diaspora/diaspora/pull/7944)
* Improve wording of "Toggle mobile" [#7926](https://github.com/diaspora/diaspora/pull/7926)
## Bug fixes
* Do not autofollow back a user you are ignoring [#7913](https://github.com/diaspora/diaspora/pull/7913)
* Fix photos gallery when too many thumbnails are shown [#7943](https://github.com/diaspora/diaspora/pull/7943)
* Fix extended profile visibility switch showing the wrong state [#7955](https://github.com/diaspora/diaspora/pull/7955)
## Features
* Support ignore users on mobile [#7884](https://github.com/diaspora/diaspora/pull/7884)
# 0.7.8.0
## Refactor
* Make setting up a development environment 9001% easier by adding a Docker-based setup [#7870](https://github.com/diaspora/diaspora/pull/7870)
* Add the ability to assign roles in the admin panel [#7868](https://github.com/diaspora/diaspora/pull/7868)
* Improve memory usage with libjemalloc if available [#7919](https://github.com/diaspora/diaspora/pull/7919)
# 0.7.7.1
Fixes a potential cross-site scripting issue with maliciously crafted OpenGraph metadata on the mobile interface.
# 0.7.7.0
## Refactor
* Remove mention of deprecated `statistic.json` [#7867](https://github.com/diaspora/diaspora/pull/7867)
* Add quotes in `database.yml.example` to fields that may contain special characters [#7875](https://github.com/diaspora/diaspora/pull/7875)
* Removed broken, and thus deprecated, Facebook integration [#7874](https://github.com/diaspora/diaspora/pull/7874)
## Bug fixes
* Add compatibility with macOS to `script/configure_bundler` [#7830](https://github.com/diaspora/diaspora/pull/7830)
* Fix comment and like notifications on posts without text [#7857](https://github.com/diaspora/diaspora/pull/7857) [#7853](https://github.com/diaspora/diaspora/pull/7853)
* Fix issue with some language fallbacks not working correctly [#7861](https://github.com/diaspora/diaspora/pull/7861)
* Make sure URLs are encoded before sending them to camo [#7871](https://github.com/diaspora/diaspora/pull/7871)
## Features
* Add `web+diaspora://` link handler [#7826](https://github.com/diaspora/diaspora/pull/7826)
# 0.7.6.0
## Refactor
* Add unique index to poll participations on `poll_id` and `author_id` [#7798](https://github.com/diaspora/diaspora/pull/7798)
* Add 'completed at' date to account migrations [#7805](https://github.com/diaspora/diaspora/pull/7805)
* Handle duplicates for TagFollowing on account merging [#7807](https://github.com/diaspora/diaspora/pull/7807)
* Add link to the pod in the email footer [#7814](https://github.com/diaspora/diaspora/pull/7814)
## Bug fixes
* Fix compatibility with newer glibc versions [#7828](https://github.com/diaspora/diaspora/pull/7828)
* Allow fonts to be served from asset host in CSP [#7825](https://github.com/diaspora/diaspora/pull/7825)
## Features
* Support fetching StatusMessage by Poll GUID [#7815](https://github.com/diaspora/diaspora/pull/7815)
* Always include link to diaspora in facebook cross-posts [#7774](https://github.com/diaspora/diaspora/pull/7774)
# 0.7.5.0
## Refactor
* Remove the 'make contacts in this aspect visible to each other' option [#7769](https://github.com/diaspora/diaspora/pull/7769)
* Remove the requirement to have at least two users to disable the /podmin redirect [#7783](https://github.com/diaspora/diaspora/pull/7783)
* Randomize start times of daily Sidekiq-Cron jobs [#7787](https://github.com/diaspora/diaspora/pull/7787)
## Bug fixes
* Prefill conversation form on contacts page only with mutual contacts [#7744](https://github.com/diaspora/diaspora/pull/7744)
* Fix profiles sometimes not loading properly in background tabs [#7740](https://github.com/diaspora/diaspora/pull/7740)
* Show error message when creating posts with invalid aspects [#7742](https://github.com/diaspora/diaspora/pull/7742)
* Fix mention syntax backport for two immediately consecutive mentions [#7777](https://github.com/diaspora/diaspora/pull/7777)
* Fix link to 'make yourself an admin' [#7783](https://github.com/diaspora/diaspora/pull/7783)
* Fix calculation of content lengths when cross-posting to twitter [#7791](https://github.com/diaspora/diaspora/pull/7791)
## Features
* Make public stream accessible for logged out users [#7775](https://github.com/diaspora/diaspora/pull/7775)
* Add account-merging support when receiving an account migration [#7803](https://github.com/diaspora/diaspora/pull/7803)
# 0.7.4.1
Fixes a possible cross-site scripting issue with maliciously crafted OpenGraph metadata.
# 0.7.4.0
## Refactor
* Don't print a warning when starting the server outside a Git repo [#7712](https://github.com/diaspora/diaspora/pull/7712)
* Make script/server work on readonly filesystems [#7719](https://github.com/diaspora/diaspora/pull/7719)
* Add camo paths to the robots.txt [#7726](https://github.com/diaspora/diaspora/pull/7726)
## Bug fixes
* Prevent duplicate mention notifications when the post is received twice [#7721](https://github.com/diaspora/diaspora/pull/7721)
* Fixed a compatiblitiy issue with non-diaspora\* webfingers [#7718](https://github.com/diaspora/diaspora/pull/7718)
* Don't retry federation for accounts without a valid public key [#7717](https://github.com/diaspora/diaspora/pull/7717)
* Fix stream generation for tagged posts with many followed tags [#7715](https://github.com/diaspora/diaspora/pull/7715)
* Fix incomplete Occitan date localizations [#7731](https://github.com/diaspora/diaspora/pull/7731)
## Features
* Add basic html5 audio/video embedding support [#6418](https://github.com/diaspora/diaspora/pull/6418)
* Add the back-to-top button to all pages [#7729](https://github.com/diaspora/diaspora/pull/7729)
# 0.7.3.1
Re-updating the German translations to fix some UX issues that were introduced by recent translation efforts.
# 0.7.3.0
## Refactor
* Work on the data downloads: Fixed general layout of buttons, added a timestamp and implemented auto-deletion of old exports [#7684](https://github.com/diaspora/diaspora/pull/7684)
* Increase Twitter character limit to 280 [#7694](https://github.com/diaspora/diaspora/pull/7694)
* Improve password autocomplete with password managers [#7642](https://github.com/diaspora/diaspora/pull/7642)
* Remove the limit of participants in private conversations [#7705](https://github.com/diaspora/diaspora/pull/7705)
* Send blocks to the blocked persons pod for better UX [#7705](https://github.com/diaspora/diaspora/pull/7705)
* Send a dummy participation on all incoming public posts to increase interaction consistency [#7708](https://github.com/diaspora/diaspora/pull/7708)
## Bug fixes
* Fix invite link on the contacts page when the user has no contacts [#7690](https://github.com/diaspora/diaspora/pull/7690)
* Fix the mobile bookmarklet when called without parameters [#7698](https://github.com/diaspora/diaspora/pull/7698)
* Properly build the #newhere message for people who got invited [#7702](https://github.com/diaspora/diaspora/pull/7702)
* Fix the admin report view for posts without text [#7706](https://github.com/diaspora/diaspora/pull/7706)
* Upgrade Nokogiri to fix [a disclosed vulnerability in libxml2](https://github.com/sparklemotion/nokogiri/issues/1714)
## Features
* Check if redis is running in script/server [#7685](https://github.com/diaspora/diaspora/pull/7685)
# 0.7.2.1
Fixes notifications when people remove their birthday date [#7691](https://github.com/diaspora/diaspora/pull/7691)
Fixes an issue with installing and running diaspora\* with today released bundler v1.16.0.
# 0.7.1.0
## Ensure account deletions are run
There were some issues causing accounts deletions to not properly perform in some cases, see
[#7631](https://github.com/diaspora/diaspora/issues/7631) and [#7639](https://github.com/diaspora/diaspora/pull/7639).
To ensure these are reexecuted properly, please run `RAILS_ENV=production bin/rake migrations:run_account_deletions`
after you've upgraded.
## Refactor
* Remove title from profile photo upload button [#7551](https://github.com/diaspora/diaspora/pull/7551)
* Remove Internet Explorer workarounds [#7557](https://github.com/diaspora/diaspora/pull/7557)
* Sort notifications by last interaction [#7568](https://github.com/diaspora/diaspora/pull/7568) [#7648](https://github.com/diaspora/diaspora/pull/7648)
* Remove tiff support from photos [#7576](https://github.com/diaspora/diaspora/pull/7576)
* Remove reference from reshares when original post is deleted [#7578](https://github.com/diaspora/diaspora/pull/7578)
* Merge migrations from before 0.6.0.0 to CreateSchema [#7580](https://github.com/diaspora/diaspora/pull/7580)
* Remove auto detection of languages with highlightjs [#7591](https://github.com/diaspora/diaspora/pull/7591)
* Increase visual spacing between list items [#7401](https://github.com/diaspora/diaspora/pull/7401)
* Remove unused gem and cucumber step [#7410](https://github.com/diaspora/diaspora/pull/7410)
* Disable CSP header when `report_only` and no `report_uri` is set [#7367](https://github.com/diaspora/diaspora/pull/7367)
## Bug fixes
* Don't hide posts when blocking someone from the profile [#7379](https://github.com/diaspora/diaspora/pull/7379)
* Disable autocomplete for the conversation form recipient input [#7375](https://github.com/diaspora/diaspora/pull/7375)
* Fix sharing indicator on profile page for blocked users [#7382](https://github.com/diaspora/diaspora/pull/7382)
* Remove post only after a successful deletion on the server [#7385](https://github.com/diaspora/diaspora/pull/7385)
* Fix an issue where pod admins could get logged out when using sidekiq-web [#7395](https://github.com/diaspora/diaspora/pull/7395)
* Add avatar fallback for typeahead and conversations [#7414](https://github.com/diaspora/diaspora/pull/7414)
## Features
* Add links to liked and commented pages [#5502](https://github.com/diaspora/diaspora/pull/5502)
# 0.6.4.1
Fixes a possible Remote Code Execution ([CVE-2016-4658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658)) and a possible DoS ([CVE-2016-5131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131)) by updating Nokogiri, which in turn updates libxml2.
# 0.6.4.0
## Refactor
* Unify link colors [#7318](https://github.com/diaspora/diaspora/pull/7318)
* Increase time to wait before showing the hovercard [#7319](https://github.com/diaspora/diaspora/pull/7319)
* Remove some unused color-theme overrides [#7325](https://github.com/diaspora/diaspora/pull/7325)
* Change color of author-name on hover [#7326](https://github.com/diaspora/diaspora/pull/7326)
* Add like and reshare services [#7337](https://github.com/diaspora/diaspora/pull/7337)
## Bug fixes
* Fix path to `bundle` in `script/server` [#7281](https://github.com/diaspora/diaspora/pull/7281)
* Update comment in database example config [#7282](https://github.com/diaspora/diaspora/pull/7282)
* Make the \#newhere post public again [#7311](https://github.com/diaspora/diaspora/pull/7311)
* Remove whitespace from author link [#7330](https://github.com/diaspora/diaspora/pull/7330)
* Fix autosize in modals [#7339](https://github.com/diaspora/diaspora/pull/7339)
* Only display invite link on contacts page if invitations are enabled [#7342](https://github.com/diaspora/diaspora/pull/7342)
* Fix regex for hashtags for some languages [#7350](https://github.com/diaspora/diaspora/pull/7350)
* Create asterisk.png without digest after precompile [#7322](https://github.com/diaspora/diaspora/pull/7322)
## Features
* Add support for [Liberapay](https://liberapay.com) donations [#7290](https://github.com/diaspora/diaspora/pull/7290)
* Added a link to the community guidelines :) [#7298](https://github.com/diaspora/diaspora/pull/7298)
# 0.6.3.0
## Refactor
* Increase the spacing above and below post contents [#7267](https://github.com/diaspora/diaspora/pull/7267)
* Replace fileuploader-custom with FineUploader [#7083](https://github.com/diaspora/diaspora/pull/7083)
* Always show mobile reaction counts [#7207](https://github.com/diaspora/diaspora/pull/7207)
* Refactor mobile alerts for error responses [#7227](https://github.com/diaspora/diaspora/pull/7227)
* Switch content and given reason in the reports overview [#7180](https://github.com/diaspora/diaspora/pull/7180)
## Bug fixes
* Fix background color of year on notifications page with dark theme [#7263](https://github.com/diaspora/diaspora/pull/7263)
* Fix jasmine tests in firefox [#7246](https://github.com/diaspora/diaspora/pull/7246)
* Prevent scroll to top when clicking 'mark all as read' in the notification dropdown [#7253](https://github.com/diaspora/diaspora/pull/7253)
* Update existing notifications in dropdown on fetch [#7270](https://github.com/diaspora/diaspora/pull/7270)
* Fix link to post on mobile photo page [#7274](https://github.com/diaspora/diaspora/pull/7274)
* Fix some background issues on dark mobile themes [#7278](https://github.com/diaspora/diaspora/pull/7278)
## Features
* Add links to the aspects and followed tags pages on mobile [#7265](https://github.com/diaspora/diaspora/pull/7265)
* diaspora\* is now available in Gàidhlig, Occitan, and Schwiizerdütsch
# 0.6.2.0
## Refactor
* Use string-direction gem for rtl detection [#7181](https://github.com/diaspora/diaspora/pull/7181)
* Reduce i18n.load side effects [#7184](https://github.com/diaspora/diaspora/pull/7184)
* Force jasmine fails on syntax errors [#7185](https://github.com/diaspora/diaspora/pull/7185)
* Don't display mail-related view content if it is disabled in the pod's config [#7190](https://github.com/diaspora/diaspora/pull/7190)
* Use typeahead.js from rails-assets.org [#7192](https://github.com/diaspora/diaspora/pull/7192)
* Refactor ShareVisibilitesController to use PostService [#7196](https://github.com/diaspora/diaspora/pull/7196)
* Unify desktop and mobile head elements [#7194](https://github.com/diaspora/diaspora/pull/7194) [#7209](https://github.com/diaspora/diaspora/pull/7209)
* Refactor flash messages on ajax errors for comments, likes, reshares and aspect memberships [#7202](https://github.com/diaspora/diaspora/pull/7202)
* Only require AWS-module for fog [#7201](https://github.com/diaspora/diaspora/pull/7201)
* Only show community spotlight links on the contacts page if community spotlight is enabled [#7213](https://github.com/diaspora/diaspora/pull/7213)
* Require spec\_helper in .rspec [#7223](https://github.com/diaspora/diaspora/pull/7223)
* Make the CSRF mail a bit more friendly [#7238](https://github.com/diaspora/diaspora/pull/7238) [#7241](https://github.com/diaspora/diaspora/pull/7241)
## Bug fixes
* Fix fetching comments after fetching likes [#7167](https://github.com/diaspora/diaspora/pull/7167)
* Hide 'reshare' button on already reshared posts [#7169](https://github.com/diaspora/diaspora/pull/7169)
* Only reload profile header when changing aspect memberships [#7183](https://github.com/diaspora/diaspora/pull/7183)
* Fix visiblity on invitation modal when opening it from the stream [#7191](https://github.com/diaspora/diaspora/pull/7191)
* Add avatar fallback on tags page [#7198](https://github.com/diaspora/diaspora/pull/7198)
* Update notifications when changing the stream [#7199](https://github.com/diaspora/diaspora/pull/7199)
* Fix 500 on mobile commented and liked streams [#7219](https://github.com/diaspora/diaspora/pull/7219)
## Features
* Show spinner when loading comments in the stream [#7170](https://github.com/diaspora/diaspora/pull/7170)
* Add a dark color theme [#7152](https://github.com/diaspora/diaspora/pull/7152)
* Added setting for custom changelog URL [#7166](https://github.com/diaspora/diaspora/pull/7166)
* Show more information of recipients on conversation creation [#7129](https://github.com/diaspora/diaspora/pull/7129)
* Update notifications every 5 minutes and when opening the notification dropdown [#6952](https://github.com/diaspora/diaspora/pull/6952)
* Show browser notifications when receiving new unread notifications [#6952](https://github.com/diaspora/diaspora/pull/6952)
* Only clear comment textarea when comment submission was successful [#7186](https://github.com/diaspora/diaspora/pull/7186)
* Add support for graceful unicorn restarts [#7217](https://github.com/diaspora/diaspora/pull/7217)
# 0.6.1.0
Note: Although this is a minor release, the configuration file changed because the old Mapbox implementation is no longer valid, and the current implementation requires additional fields. Chances are high that if you're using the old integration, it will be broken anyway. If you do use Mapbox, please check out the `diaspora.yml.example` for new parameters.
### A privacy-aware, distributed, open source social network
**master:** [](http://travis-ci.org/diaspora/diaspora)
**next-minor:** [](http://travis-ci.org/diaspora/diaspora)
[](https://coveralls.io/github/diaspora/diaspora?branch=next-minor)|
**develop:** [](http://travis-ci.org/diaspora/diaspora)
[](https://coveralls.io/github/diaspora/diaspora?branch=develop) |
You don't have to install diaspora* to use the network. There are many servers connected to diaspora*s network which are open to anyone, and you can create an account on one of these servers. Have a look at our [tips for finding a home](https://wiki.diasporafoundation.org/Choosing_a_pod), or you can just go straight to the [list of open servers](http://podupti.me) to sign up.
You don't have to install diaspora\* to use the network. There are many servers connected to diaspora\*s network which are open to anyone, and you can create an account on one of these servers. Have a look at our [tips for finding a home](https://wiki.diasporafoundation.org/Choosing_a_pod), or you can just go straight to the [list of open servers](https://diaspora.fediverse.observer) to sign up.
Want to own your data and install diaspora*? Whether you just want to try it out, want to install it on your server or want to contribute and need a development setup, our [installation guides](https://wiki.diasporafoundation.org/Installation) will get you started!
Want to own your data and install diaspora\*? Whether you just want to try it out, want to install it on your server or want to contribute and need a development setup, our [installation guides](https://wiki.diasporafoundation.org/Installation) will get you started!
## Questions?
@@ -31,10 +22,10 @@ Still haven't found an answer? Talk to us! Read [how we communicate](https://wik
## Contribute
To keep diaspora* growing and improving we need all help we can get. Whether you can contribute [code](https://wiki.diasporafoundation.org/Getting_started_with_contributing), [ideas](https://wiki.diasporafoundation.org/How_we_communicate#Loomio), [translations](https://wiki.diasporafoundation.org/Contribute_translations), [bug reports](https://wiki.diasporafoundation.org/How_to_report_a_bug) or simply extend the community as a [helpful user](https://wiki.diasporafoundation.org/Welcoming_committee) or [pod administrator](https://wiki.diasporafoundation.org/Installation), your help is welcome!
To keep diaspora\* growing and improving we need all help we can get. Whether you can contribute [code](https://wiki.diasporafoundation.org/Getting_started_with_contributing), [ideas](https://wiki.diasporafoundation.org/How_we_communicate#Discourse), [translations](https://wiki.diasporafoundation.org/Contribute_translations), [bug reports](https://wiki.diasporafoundation.org/How_to_report_a_bug) or simply extend the community as a [helpful user](https://wiki.diasporafoundation.org/Welcoming_committee) or [pod administrator](https://wiki.diasporafoundation.org/Installation), your help is welcome!
Everyone interacting in diaspora’s codebases, issue trackers, chat rooms, mailing lists, the wiki, and the Loomio group is expected to follow the diaspora\* [code of conduct](/CODE_OF_CONDUCT.md).
Everyone interacting in diaspora’s codebases, issue trackers, chat rooms, the wiki, and the Discourse is expected to follow the diaspora\* [code of conduct](/CODE_OF_CONDUCT.md).
## Security
Found a security issue? Please disclose it responsibly. We have a team of developers listening to [security@diasporafoundation.org](mailto:security@diasporafoundation.org). The PGP fingerprint is [AB0D AB02 0FC5 D398 03AB 3CE1 6F70 243F 27AD 886A](https://pgp.mit.edu/pks/lookup?op=get&search=0x6F70243F27AD886A).
See [`SECURITY.md`](/SECURITY.md) for instructions on how to responsibly report a security vulnerability.
We support the latest stable release, as well as the current state of the `next-minor` and `develop` branches. Security issues for older releases are out of scope.
## Reporting a Vulnerability
Found a security issue? Please disclose it responsibly. We have a team of developers listening to [security@diasporafoundation.org](mailto:security@diasporafoundation.org). The PGP fingerprint is [AB0D AB02 0FC5 D398 03AB 3CE1 6F70 243F 27AD 886A](https://pgp.mit.edu/pks/lookup?op=get&search=0x6F70243F27AD886A).
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
