v4.3.4

Warning

This release includes important security fixes.

Changelog

Security

• Update dependencies
• Change HTML sanitization to remove unusable and unused embed tag (mastodon#34021 by @ClearlyClaire, GHSA-mq2m-hr29-8gqf)
• Fix rate-limit on sign-up email verification (GHSA-v39f-c9jj-8w7h)
• Fix improper disclosure of domain blocks to unverified users (GHSA-94h4-fj37-c825)

Changed

• Change preview cards to be shown when Content Warnings are expanded (mastodon#33827 by @ClearlyClaire)
• Change warnings against changing encryption secrets to be even more noticeable (mastodon#33631 by @ClearlyClaire)
• Change mastodon:setup to prevent overwriting already-configured servers (mastodon#33603, mastodon#33616, and mastodon#33684 by @ClearlyClaire and @mjankowski)
• Change notifications from moderators to not be filtered (mastodon#32974 and mastodon#33654 by @ClearlyClaire and @mjankowski)

Fixed

• Fix GET /api/v2/notifications/:id and POST /api/v2/notifications/:id/dismiss for ungrouped notifications (mastodon#33990 by @ClearlyClaire)
• Fix issue with some versions of libvips on some systems (mastodon#33853 by @kleisauke)
• Fix handling of duplicate mentions in incoming status Update (mastodon#33911 by @ClearlyClaire)
• Fix inefficiencies in timeline generation (mastodon#33839 and mastodon#33842 by @ClearlyClaire)
• Fix emoji rewrite adding unnecessary curft to the DOM for most emoji (mastodon#33818 by @ClearlyClaire)
• Fix tootctl feeds build not building list timelines (mastodon#33783 by @ClearlyClaire)
• Fix flaky test in /api/v2/notifications tests (mastodon#33773 by @ClearlyClaire)
• Fix incorrect signature after HTTP redirect (mastodon#33757 and mastodon#33769 by @ClearlyClaire)
• Fix polls not being validated on edition (mastodon#33755 by @ClearlyClaire)
• Fix media preview height in compose form when 3 or more images are attached (mastodon#33571 by @ClearlyClaire)
• Fix preview card sizing in “Author attribution” in profile settings (mastodon#33482 by @ClearlyClaire)
• Fix processing of incoming notifications for unfilterable types (mastodon#33429 by @ClearlyClaire)
• Fix featured tags for remote accounts not being kept up to date (mastodon#33372, mastodon#33406, and mastodon#33425 by @ClearlyClaire and @mjankowski)
• Fix notification polling showing a loading bar in web UI (mastodon#32960 by @Gargron)
• Fix accounts table long display name (mastodon#29316 by @WebCoder49)
• Fix exclusive lists interfering with notifications (mastodon#28162 by @ShadowJonathan)

Upgrade notes

To get the code for v4.3.4, use git fetch && git checkout v4.3.4.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 3.1 or newer
• PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
• Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
• LibreTranslate (optional, for translations): 1.3.3 or newer
• Redis: 4 or newer
• Node: 18 or newer
• ImageMagick (optional if using libvips): 6.9.7-7 or newer
• libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.3.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

1. Install dependencies with bundle install
2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
3. Restart all Mastodon processes.

When using docker

1. Restart all Mastodon processes.