pleroma/CHANGELOG.md

# Changelog
All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

## [unreleased]
### Added
- Add a generic settings store for frontends / clients to use.
- Explicit addressing option for posting.
- Optional SSH access mode. (Needs `erlang-ssh` package on some distributions).
- [MongooseIM](https://github.com/esl/MongooseIM) http authentication support.
- LDAP authentication
- External OAuth provider authentication
- A [job queue](https://git.pleroma.social/pleroma/pleroma_job_queue) for federation, emails, web push, etc.
- [Prometheus](https://prometheus.io/) metrics
- Support for Mastodon's remote interaction
- Mix Tasks: `mix pleroma.database bump_all_conversations`
- Mix Tasks: `mix pleroma.database remove_embedded_objects`
- Mix Tasks: `mix pleroma.database update_users_following_followers_counts`
- Mix Tasks: `mix pleroma.user toggle_confirmed`
- Federation: Support for `Question` and `Answer` objects
- Federation: Support for reports
- Configuration: `poll_limits` option
- Configuration: `safe_dm_mentions` option
- Configuration: `link_name` option
- Configuration: `fetch_initial_posts` option
- Configuration: `notify_email` option
- Configuration: Media proxy `whitelist` option
- Configuration: `report_uri` option
- Pleroma API: User subscriptions
- Pleroma API: Healthcheck endpoint
- Pleroma API: `/api/v1/pleroma/mascot` per-user frontend mascot configuration endpoints
- Admin API: Endpoints for listing/revoking invite tokens
- Admin API: Endpoints for making users follow/unfollow each other
- Admin API: added filters (role, tags, email, name) for users endpoint
- Admin API: Endpoints for managing reports
- Admin API: Endpoints for deleting and changing the scope of individual reported statuses
- AdminFE: initial release with basic user management accessible at /pleroma/admin/
- Mastodon API: [Scheduled statuses](https://docs.joinmastodon.org/api/rest/scheduled-statuses/)
- Mastodon API: `/api/v1/notifications/destroy_multiple` (glitch-soc extension)
- Mastodon API: `/api/v1/pleroma/accounts/:id/favourites` (API extension)
- Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/)
- Mastodon API: `POST /api/v1/accounts` (account creation API)
- Mastodon API: [Polls](https://docs.joinmastodon.org/api/rest/polls/)
- ActivityPub C2S: OAuth endpoints
- Metadata: RelMe provider
- OAuth: added support for refresh tokens
- Emoji packs and emoji pack manager
- Object pruning (`mix pleroma.database prune_objects`)
- OAuth: added job to clean expired access tokens
- MRF: Support for rejecting reports from specific instances (`mrf_simple`)
- MRF: Support for stripping avatars and banner images from specific instances (`mrf_simple`)
- MRF: Support for running subchains.
- Configuration: `skip_thread_containment` option

### Changed
- **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer
- Enforcement of OAuth scopes
- Add multiple use/time expiring invite token
- Restyled OAuth pages to fit with Pleroma's default theme
- Link/mention/hashtag detection is now handled by [auto_linker](https://git.pleroma.social/pleroma/auto_linker)
- NodeInfo: Return `safe_dm_mentions` feature flag
- Federation: Expand the audience of delete activities to all recipients of the deleted object
- Federation: Removed `inReplyToStatusId` from objects
- Configuration: Dedupe enabled by default
- Configuration: Added `extra_cookie_attrs` for setting non-standard cookie attributes. Defaults to ["SameSite=Lax"] so that remote follows work.
- Timelines: Messages involving people you have blocked will be excluded from the timeline in all cases instead of just repeats.
- Admin API: Move the user related API to `api/pleroma/admin/users`
- Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change
- Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications`
- Mastodon API: Add `languages` and `registrations` to `/api/v1/instance`
- Mastodon API: Provide plaintext versions of cw/content in the Status entity
- Mastodon API: Add `pleroma.conversation_id`, `pleroma.in_reply_to_account_acct` fields to the Status entity
- Mastodon API: Add `pleroma.tags`, `pleroma.relationship{}`, `pleroma.is_moderator`, `pleroma.is_admin`, `pleroma.confirmation_pending`, `pleroma.hide_followers`, `pleroma.hide_follows`, `pleroma.hide_favorites` fields to the User entity
- Mastodon API: Add `pleroma.show_role`, `pleroma.no_rich_text` fields to the Source subentity
- Mastodon API: Add support for updating `no_rich_text`, `hide_followers`, `hide_follows`, `hide_favorites`, `show_role` in `PATCH /api/v1/update_credentials`
- Mastodon API: Add `pleroma.is_seen` to the Notification entity
- Mastodon API: Add `pleroma.local` to the Status entity
- Mastodon API: Add `preview` parameter to `POST /api/v1/statuses`
- Mastodon API: Add `with_muted` parameter to timeline endpoints
- Mastodon API: Actual reblog hiding instead of a dummy
- Mastodon API: Remove attachment limit in the Status entity
- Mastodon API: Added support max_id & since_id for bookmark timeline endpoints.
- Deps: Updated Cowboy to 2.6
- Deps: Updated Ecto to 3.0.7
- Don't ship finmoji by default, they can be installed as an emoji pack
- Hide deactivated users and their statuses
- Posts which are marked sensitive or tagged nsfw no longer have link previews.
- HTTP connection timeout is now set to 10 seconds.
- Respond with a 404 Not implemented JSON error message when requested API is not implemented

### Fixed
- Added an FTS index on objects. Running `vacuum analyze` and setting a larger `work_mem` is recommended.
- Followers counter not being updated when a follower is blocked
- Deactivated users being able to request an access token
- Limit on request body in rich media/relme parsers being ignored resulting in a possible memory leak
- Proper Twitter Card generation instead of a dummy
- Deletions failing for users with a large number of posts
- NodeInfo: Include admins in `staffAccounts`
- ActivityPub: Crashing when requesting empty local user's outbox
- Federation: Handling of objects without `summary` property
- Federation: Add a language tag to activities as required by ActivityStreams 2.0
- Federation: Do not federate avatar/banner if set to default allowing other servers/clients to use their defaults
- Federation: Cope with missing or explicitly nulled address lists
- Federation: Explicitly ensure activities addressed to `as:Public` become addressed to the followers collection
- Federation: Better cope with actors which do not declare a followers collection and use `as:Public` with these semantics
- Federation: Follow requests from remote users who have been blocked will be automatically rejected if appropriate
- MediaProxy: Parse name from content disposition headers even for non-whitelisted types
- MediaProxy: S3 link encoding
- Rich Media: Reject any data which cannot be explicitly encoded into JSON
- Pleroma API: Importing follows from Mastodon 2.8+
- Twitter API: Exposing default scope, `no_rich_text` of the user to anyone
- Twitter API: Returning the `role` object in user entity despite `show_role = false`
- Mastodon API: `/api/v1/favourites` serving only public activities
- Mastodon API: Reblogs having `in_reply_to_id` - `null` even when they are replies
- Mastodon API: Streaming API broadcasting wrong activity id
- Mastodon API: 500 errors when requesting a card for a private conversation
- Mastodon API: Handling of `reblogs` in `/api/v1/accounts/:id/follow`
- Mastodon API: Correct `reblogged`, `favourited`, and `bookmarked` values in the reblog status JSON
- Mastodon API: Exposing default scope of the user to anyone
- Mastodon API: Make `irreversible` field default to `false` [`POST /api/v1/filters`]
- Mastodon API: Replace missing non-nullable Card attributes with empty strings
- User-Agent is now sent correctly for all HTTP requests.
- MRF: Simple policy now properly delists imported or relayed statuses

## Removed
- Configuration: `config :pleroma, :fe` in favor of the more flexible `config :pleroma, :frontend_configurations`

## [0.9.99999] - 2019-05-31
### Security
- Mastodon API: Fix lists leaking private posts

## [0.9.9999] - 2019-04-05
### Security
- Mastodon API: Fix content warnings skipping HTML sanitization

## [0.9.999] - 2019-03-13
Frontend changes only.
### Added
- Added floating action button for posting status on mobile
### Changed
- Changed user-settings icon to a pencil
### Fixed
- Keyboard shortcuts activating when typing a message
- Gaps when scrolling down on a timeline after showing new

## [0.9.99] - 2019-03-08
### Changed
- Update the frontend to the 0.9.99 tag
### Fixed
- Sign the date header in federation to fix Mastodon federation.

## [0.9.9] - 2019-02-22
This is our first stable release.
Add a changelog 2019-04-12 23:31:18 +02:00			`# Changelog`
			`All notable changes to this project will be documented in this file.`

			`The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).`

			`## [unreleased]`
			`### Added`
Setting Store: Document in changelog. 2019-05-31 19:15:44 +02:00			`- Add a generic settings store for frontends / clients to use.`
Docs: Add Explicit addressing to Readme and changelog. 2019-06-04 10:49:57 +02:00			`- Explicit addressing option for posting.`
Update CHANGELOG.md 2019-05-22 13:07:51 +02:00			- Optional SSH access mode. (Needs `erlang-ssh` package on some distributions).
MongooseIM: Add documentation. 2019-05-21 18:57:36 +02:00			`- [MongooseIM](https://github.com/esl/MongooseIM) http authentication support.`
Add a changelog 2019-04-12 23:31:18 +02:00			`- LDAP authentication`
			`- External OAuth provider authentication`
			`- A [job queue](https://git.pleroma.social/pleroma/pleroma_job_queue) for federation, emails, web push, etc.`
			`- [Prometheus](https://prometheus.io/) metrics`
			`- Support for Mastodon's remote interaction`
Update CHANGELOG 2019-05-16 20:17:09 +02:00			- Mix Tasks: `mix pleroma.database bump_all_conversations`
Add a changelog entry for removing embded objects mix task 2019-04-18 23:26:46 +02:00			- Mix Tasks: `mix pleroma.database remove_embedded_objects`
Remove duplicated entries in users' following lists 2019-05-16 22:04:08 +02:00			- Mix Tasks: `mix pleroma.database update_users_following_followers_counts`
Feature/896 toggling confirmation 2019-05-16 15:23:41 +02:00			- Mix Tasks: `mix pleroma.user toggle_confirmed`
Add a changelog entry for polls 2019-06-03 09:55:16 +02:00			- Federation: Support for `Question` and `Answer` objects
Add a changelog 2019-04-12 23:31:18 +02:00			`- Federation: Support for reports`
Add a changelog entry for polls 2019-06-03 09:55:16 +02:00			- Configuration: `poll_limits` option
Add a changelog 2019-04-12 23:31:18 +02:00			- Configuration: `safe_dm_mentions` option
			- Configuration: `link_name` option
			- Configuration: `fetch_initial_posts` option
changes 2019-04-17 09:27:51 +02:00			- Configuration: `notify_email` option
update Changelog 2019-04-26 01:27:38 +02:00			- Configuration: Media proxy `whitelist` option
add report uri and report to 2019-05-16 07:49:40 +02:00			- Configuration: `report_uri` option
Extend Mastodon API with public endpoint for getting Favorites timeline of any user (#789) 2019-04-23 04:47:43 +02:00			`- Pleroma API: User subscriptions`
Feature/826 healthcheck endpoint 2019-04-22 09:19:53 +02:00			`- Pleroma API: Healthcheck endpoint`
Add changelog entry for mascot config 2019-05-20 15:19:42 +02:00			- Pleroma API: `/api/v1/pleroma/mascot` per-user frontend mascot configuration endpoints
Add a changelog 2019-04-12 23:31:18 +02:00			`- Admin API: Endpoints for listing/revoking invite tokens`
			`- Admin API: Endpoints for making users follow/unfollow each other`
Merge develop Merge conflict in lib/pleroma/activity.ex 2019-05-08 16:34:36 +02:00			`- Admin API: added filters (role, tags, email, name) for users endpoint`
Add Reports to Admin API 2019-05-16 21:09:18 +02:00			`- Admin API: Endpoints for managing reports`
			`- Admin API: Endpoints for deleting and changing the scope of individual reported statuses`
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements. 2019-05-14 21:47:23 +02:00			`- AdminFE: initial release with basic user management accessible at /pleroma/admin/`
Add a changelog 2019-04-12 23:31:18 +02:00			`- Mastodon API: [Scheduled statuses](https://docs.joinmastodon.org/api/rest/scheduled-statuses/)`
			- Mastodon API: `/api/v1/notifications/destroy_multiple` (glitch-soc extension)
Extend Mastodon API with public endpoint for getting Favorites timeline of any user (#789) 2019-04-23 04:47:43 +02:00			- Mastodon API: `/api/v1/pleroma/accounts/:id/favourites` (API extension)
Add a changelog 2019-04-12 23:31:18 +02:00			`- Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/)`
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements. 2019-05-14 21:47:23 +02:00			- Mastodon API: `POST /api/v1/accounts` (account creation API)
Add a changelog entry for polls 2019-06-03 09:55:16 +02:00			`- Mastodon API: [Polls](https://docs.joinmastodon.org/api/rest/polls/)`
Add a changelog 2019-04-12 23:31:18 +02:00			`- ActivityPub C2S: OAuth endpoints`
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements. 2019-05-14 21:47:23 +02:00			`- Metadata: RelMe provider`
fix format Modified-by: Maksim Pechnikov <parallel588@gmail.com> 2019-05-06 19:51:03 +02:00			`- OAuth: added support for refresh tokens`
Add the emoji packs & finmoji removal to the changelog 2019-04-20 14:17:21 +02:00			`- Emoji packs and emoji pack manager`
add changelog entry for object pruning 2019-05-21 03:22:27 +02:00			- Object pruning (`mix pleroma.database prune_objects`)
[#699] add worker to clean expired oauth tokens 2019-05-22 17:44:50 +02:00			`- OAuth: added job to clean expired access tokens`
update documentation for the new MRF features [no-ci] 2019-05-22 07:55:09 +02:00			- MRF: Support for rejecting reports from specific instances (`mrf_simple`)
			- MRF: Support for stripping avatars and banner images from specific instances (`mrf_simple`)
update CHANGELOG for mrf_subchain 2019-06-04 07:37:31 +02:00			`- MRF: Support for running subchains.`
updated changelog 2019-06-03 20:05:45 +02:00			- Configuration: `skip_thread_containment` option
Add a changelog 2019-04-12 23:31:18 +02:00
			`### Changed`
Put an actual description of the vulnerability and add Breaking: to breaking changes 2019-04-13 20:17:10 +02:00			`- Breaking: Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer`
Add a changelog 2019-04-12 23:31:18 +02:00			`- Enforcement of OAuth scopes`
			`- Add multiple use/time expiring invite token`
			`- Restyled OAuth pages to fit with Pleroma's default theme`
			`- Link/mention/hashtag detection is now handled by [auto_linker](https://git.pleroma.social/pleroma/auto_linker)`
			- NodeInfo: Return `safe_dm_mentions` feature flag
			`- Federation: Expand the audience of delete activities to all recipients of the deleted object`
Remove inReplyToStatusId 2019-04-15 10:50:36 +02:00			- Federation: Removed `inReplyToStatusId` from objects
Add a changelog 2019-04-12 23:31:18 +02:00			`- Configuration: Dedupe enabled by default`
Add extra_cookie_attrs to changelog 2019-04-16 16:24:24 +02:00			- Configuration: Added `extra_cookie_attrs` for setting non-standard cookie attributes. Defaults to ["SameSite=Lax"] so that remote follows work.
update Changelog 2019-04-26 01:27:38 +02:00			`- Timelines: Messages involving people you have blocked will be excluded from the timeline in all cases instead of just repeats.`
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements. 2019-05-14 21:47:23 +02:00			- Admin API: Move the user related API to `api/pleroma/admin/users`
			- Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change
Add a changelog 2019-04-12 23:31:18 +02:00			- Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications`
			- Mastodon API: Add `languages` and `registrations` to `/api/v1/instance`
			`- Mastodon API: Provide plaintext versions of cw/content in the Status entity`
Add a changelog entry for `pleroma.in_reply_to_account_acct` 2019-04-22 11:02:41 +02:00			- Mastodon API: Add `pleroma.conversation_id`, `pleroma.in_reply_to_account_acct` fields to the Status entity
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs 2019-04-24 19:01:42 +02:00			- Mastodon API: Add `pleroma.tags`, `pleroma.relationship{}`, `pleroma.is_moderator`, `pleroma.is_admin`, `pleroma.confirmation_pending`, `pleroma.hide_followers`, `pleroma.hide_follows`, `pleroma.hide_favorites` fields to the User entity
Move settings to Source subentity 2019-04-25 08:14:35 +02:00			- Mastodon API: Add `pleroma.show_role`, `pleroma.no_rich_text` fields to the Source subentity
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs 2019-04-24 19:01:42 +02:00			- Mastodon API: Add support for updating `no_rich_text`, `hide_followers`, `hide_follows`, `hide_favorites`, `show_role` in `PATCH /api/v1/update_credentials`
Add a changelog 2019-04-12 23:31:18 +02:00			- Mastodon API: Add `pleroma.is_seen` to the Notification entity
			- Mastodon API: Add `pleroma.local` to the Status entity
			- Mastodon API: Add `preview` parameter to `POST /api/v1/statuses`
			- Mastodon API: Add `with_muted` parameter to timeline endpoints
			`- Mastodon API: Actual reblog hiding instead of a dummy`
			`- Mastodon API: Remove attachment limit in the Status entity`
differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip] 2019-05-13 20:35:45 +02:00			`- Mastodon API: Added support max_id & since_id for bookmark timeline endpoints.`
Add a changelog 2019-04-12 23:31:18 +02:00			`- Deps: Updated Cowboy to 2.6`
			`- Deps: Updated Ecto to 3.0.7`
Add the emoji packs & finmoji removal to the changelog 2019-04-20 14:17:21 +02:00			`- Don't ship finmoji by default, they can be installed as an emoji pack`
Update CHANGELOG 2019-05-14 13:40:21 +02:00			`- Hide deactivated users and their statuses`
add Changelog entry 2019-05-17 22:43:31 +02:00			`- Posts which are marked sensitive or tagged nsfw no longer have link previews.`
http: bump connection timeout to 10 seconds 2019-05-21 06:58:26 +02:00			`- HTTP connection timeout is now set to 10 seconds.`
Respond with a 404 Not implemented JSON error message when requested API is not implemented 2019-05-21 03:40:29 +02:00			`- Respond with a 404 Not implemented JSON error message when requested API is not implemented`
Add a changelog 2019-04-12 23:31:18 +02:00
			`### Fixed`
Search: Add fts index on objects table. 2019-05-03 19:15:55 +02:00			- Added an FTS index on objects. Running `vacuum analyze` and setting a larger `work_mem` is recommended.
Add a changelog 2019-04-12 23:31:18 +02:00			`- Followers counter not being updated when a follower is blocked`
			`- Deactivated users being able to request an access token`
			`- Limit on request body in rich media/relme parsers being ignored resulting in a possible memory leak`
Make rate limiting for Mastodon Registration API less agressive and enable it by default. As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements. 2019-05-14 21:47:23 +02:00			`- Proper Twitter Card generation instead of a dummy`
Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into feature/845-improve-status-deletion 2019-05-06 18:45:22 +02:00			`- Deletions failing for users with a large number of posts`
Add a changelog 2019-04-12 23:31:18 +02:00			- NodeInfo: Include admins in `staffAccounts`
			`- ActivityPub: Crashing when requesting empty local user's outbox`
			- Federation: Handling of objects without `summary` property
			`- Federation: Add a language tag to activities as required by ActivityStreams 2.0`
			`- Federation: Do not federate avatar/banner if set to default allowing other servers/clients to use their defaults`
			`- Federation: Cope with missing or explicitly nulled address lists`
			- Federation: Explicitly ensure activities addressed to `as:Public` become addressed to the followers collection
			- Federation: Better cope with actors which do not declare a followers collection and use `as:Public` with these semantics
update Changelog 2019-04-26 01:27:38 +02:00			`- Federation: Follow requests from remote users who have been blocked will be automatically rejected if appropriate`
Add a changelog 2019-04-12 23:31:18 +02:00			`- MediaProxy: Parse name from content disposition headers even for non-whitelisted types`
			`- MediaProxy: S3 link encoding`
			`- Rich Media: Reject any data which cannot be explicitly encoded into JSON`
Mention Mastodon 2.8+ follow import fix in changelog 2019-04-20 20:28:08 +02:00			`- Pleroma API: Importing follows from Mastodon 2.8+`
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs 2019-04-24 19:01:42 +02:00			- Twitter API: Exposing default scope, `no_rich_text` of the user to anyone
			- Twitter API: Returning the `role` object in user entity despite `show_role = false`
Add a changelog 2019-04-12 23:31:18 +02:00			- Mastodon API: `/api/v1/favourites` serving only public activities
			- Mastodon API: Reblogs having `in_reply_to_id` - `null` even when they are replies
			`- Mastodon API: Streaming API broadcasting wrong activity id`
			`- Mastodon API: 500 errors when requesting a card for a private conversation`
Handle `reblogs` on the first follow request in MastoAPI 2019-04-19 07:35:05 +02:00			- Mastodon API: Handling of `reblogs` in `/api/v1/accounts/:id/follow`
Set correct values in the MastoAPI reblog status view 2019-04-15 19:32:14 +02:00			- Mastodon API: Correct `reblogged`, `favourited`, and `bookmarked` values in the reblog status JSON
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs 2019-04-24 19:01:42 +02:00			`- Mastodon API: Exposing default scope of the user to anyone`
Make irreversible field default to false in filters 2019-05-13 20:05:33 +02:00			- Mastodon API: Make `irreversible` field default to `false` [`POST /api/v1/filters`]
Replace missing non-nullable Card attributes with empty strings 2019-05-30 23:03:31 +02:00			`- Mastodon API: Replace missing non-nullable Card attributes with empty strings`
add CHANGELOG entry 2019-05-17 22:31:39 +02:00			`- User-Agent is now sent correctly for all HTTP requests.`
mrf: simple policy: fix matching imported activitypub and ostatus statuses 2019-05-26 03:57:22 +02:00			`- MRF: Simple policy now properly delists imported or relayed statuses`
Add a changelog 2019-04-12 23:31:18 +02:00
remove deprecated PleromaFE configuration 2019-05-14 19:52:08 +02:00			`## Removed`
Feature/896 toggling confirmation 2019-05-16 15:23:41 +02:00			- Configuration: `config :pleroma, :fe` in favor of the more flexible `config :pleroma, :frontend_configurations`
remove deprecated PleromaFE configuration 2019-05-14 19:52:08 +02:00
Mastodon API: Fix lists leaking private posts Our previous list visibility resolver grabbed posts if either follower collection of the user in a list who is followed is in `to` or if follower collection of the user in a list was in `cc`. This not only missed unlisted posts but also lead to leaking private posts when `fix_explicit_addressing` mistakingly started putting follower collections to `cc` (also fixed in this MR). Reported by @kurisu@iscute.moe via a DM 2019-05-31 14:25:17 +02:00			`## [0.9.99999] - 2019-05-31`
			`### Security`
			`- Mastodon API: Fix lists leaking private posts`

Add a changelog 2019-04-12 23:31:18 +02:00			`## [0.9.9999] - 2019-04-05`
			`### Security`
Put an actual description of the vulnerability and add Breaking: to breaking changes 2019-04-13 20:17:10 +02:00			`- Mastodon API: Fix content warnings skipping HTML sanitization`
Add a changelog 2019-04-12 23:31:18 +02:00
			`## [0.9.999] - 2019-03-13`
			`Frontend changes only.`
			`### Added`
			`- Added floating action button for posting status on mobile`
			`### Changed`
			`- Changed user-settings icon to a pencil`
			`### Fixed`
			`- Keyboard shortcuts activating when typing a message`
			`- Gaps when scrolling down on a timeline after showing new`

			`## [0.9.99] - 2019-03-08`
			`### Changed`
			`- Update the frontend to the 0.9.99 tag`
			`### Fixed`
			`- Sign the date header in federation to fix Mastodon federation.`

			`## [0.9.9] - 2019-02-22`
			`This is our first stable release.`