Skip to content

Releases: hometown-fork/hometown

Hometown v1.1.1 (Mastodon 4.2.10)

04 Jul 15:34
Compare
Choose a tag to compare

This is a security release and a major feature release that keeps us up to date with Mastodon v4.2.9. To briefly summarize: Hometown had previously been on Mastodon v4.0.x. Mastodon no longer provides security updates for v4.0.x, so this critical update required me to bump Hometown to Mastodon v4.2. This means there are a bunch of new features that come along with the security updates. I'm sorry for the inconvenience, as your Hometown experience will change a bit in ways I don't have a ton of control over.

Thank you once again to [@nachtjasmin](https://github.com/nachtjasmin) for the help with this merge.

Changelog

The really big changes for users are:

  • there is now full-text search for public posts from all over the place where users have opted in to have their posts full-text-searchable. If you go to Preferences -> Public profile -> Privacy and reach individual users can can OPT-IN their posts via the "Include public posts in search results" option.
  • I can no longer maintain the custom web mobile UI with the retractable sidebar. It diverged too much from Mastodon and was really problematic to maintain. I'm going to see if I can do it "smarter" for a future release because tbh I really miss it but for now the mobile web interface is going to be more cluttered than #Hometown users are used to. Sorry about that.

Please see the Mastodon 4.2.0 release notes for details. You can check the release notes up to 4.2.9 as well, though they are mostly bugfixes minus a big moderation change for admin teams that I highlight below.

You can see the security-release specific notes at the 4.2.10 release.

Dependencies

External dependencies have changed since v4.0.15+hometown-1.1.1, with the Ruby, PostgreSQL and Node.js minimum version being higher.

  • Ruby: 3.0 to 3.2.3
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Tip

If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it [on this page](mastodon#25776).

Moderation and registration changes

Important

This update changes registrations to be closed by default.

Running a social media platform where anyone can sign up without active moderation is dangerous.

Mastodon changed the default, so that opening registrations is always a conscious choice. If you have never changed or saved the registrations mode yourself, this update will switch your server to not accepting new users. Simply change the setting again after the update if you wish to restore the old behavior.

Database replica configuration

The way Mastodon handles read replicas has changed, removing the makara gem and using native Rails support instead.

This changes how database replicas are configured. Instead of editing config/database.yml, you should use an unmodified one and use the REPLICA_DB_NAME, along with REPLICA_DB_USER, REPLICA_DB_PASS, REPLICA_DB_HOST and REPLICA_DB_PORT, if they differ from the primary database.

If you are using DATABASE_URL, you can configure your read replica in a similar way using REPLICA_DATABASE_URL.

Note from Hometown: you aren't using database replicas or have no idea what this is about... don't sweat it, you're fine.

Streaming server changes

We have dropped built-in clustering support from the streaming server, which means, depending on the load you are facing, that you may need to run multiple instances of it and configure a load-balancer.

Unless you are using Docker, it is recommended that you update your mastodon-streaming unit scripts with the ones we provide:

  1. sudo cp ~mastodon/live/dist/mastodon-streaming*.service /etc/systemd/system/
  2. sudo systemctl daemon-reload
  3. sudo systemctl restart mastodon-streaming

If you then need to run more than one mastodon-streaming server, you can:

  1. Start a new instance with sudo systemctl start mastodon-streaming@port (e.g. mastodon-streaming@4001)
  2. Edit your nginx configuration file to add the new server to the load-balancing (an example is provided in the comments in dist/nginx.conf)

Automatic update checking

Starting from this release, Mastodon will periodically check for updates by querying https://api.joinmastodon.org/update-check every 30 minutes in a background job.

That URL can be changed using the UPDATE_CHECK_URL environment variable, and the feature outright disabled by setting that variable to an empty string (UPDATE_CHECK_URL=).

Note from Hometown: at some future date I will provide a url you can point to in order to get notified of Hometown updates. For now I'm leaving it as the Mastodon update URL, mostly so I get the nag and remember to update it.

Update steps

These are instructions for upgrading from Hometown v4.0.15+hometown-1.1.1.

As always, make sure you have backups of the database before performing any upgrades. A postgres backup command would look something like this:

pg_dump -Fc -U postgres mastodon_production > name_of_the_backup.dump
  1. git remote update && git checkout v4.2.10+hometown-1.1.1

  2. If you are using rbenv, [update the list of available versions](https://github.com/rbenv/ruby-build/wiki#updating-ruby-build) and install Ruby 3.2.3 by doing RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install in the Mastodon install directory (e.g. /home/mastodon/live)

  3. Ensure that you are using Node.js v16 or newer -- note that if you encounter weird errors with your streaming server you may need to update to Node 18, but I only encountered that issue on my dev machine and not in production so hopefully you won't either!

  4. Install dependencies: bundle install and yarn install --frozen-lockfile

  5. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile

  6. Run the pre-deployment database migrations by specifying the SKIP_POST_DEPLOYMENT_MIGRATIONS=true environment variable: SKIP_POST_DEPLOYMENT_MIGRATIONS=true RAILS_ENV=production bundle exec rails db:migrate

  7. Restart all Mastodon processes

  8. Run the post-deployment database migrations: RAILS_ENV=production bundle exec rails db:migrate

  9. If you use Elasticsearch, rebuild the search indexes with RAILS_ENV=production bin/tootctl search deploy --reset-chewy

Troubleshooting note from an admin: "One issue I ran into was that I had to grant permissions to my mastodon db user to adjust the public SCHEMA in my pg db. No previous migration had required that so it tripped me up a bit."

Hometown v1.1.1 (Mastodon 4.0.15)

16 Feb 15:35
ba20b7d
Compare
Choose a tag to compare

This is a security release that keeps us up to date with Mastodon v4.0.15. (Yes this is two security releases by Mastodon in two days, sorry, I am just passing on the upstream changes here.) Please see the 4.0.15 release notes for details.

Thank you once again to @nachtjasmin and @mistydemeo for the help with this merge.

Changelog

Please see the Mastodon 4.0.15 release notes for details.

Upgrade steps

These are instructions for upgrading from Hometown v4.0.14+1.1.1.

As always, make sure you have backups of the database before performing any upgrades. A postgres backup command would look something like this: pg_dump -Fc -U postgres mastodon_production > name_of_the_backup.dump

  • git remote update && git checkout v4.0.15+hometown-1.1.1
  • Install dependencies: bundle install and yarn install --frozen-lockfile
  • Restart all Mastodon processes

Hometown v1.0.8 (Mastodon 3.5.19)

16 Feb 15:49
Compare
Choose a tag to compare

This is a security release that keeps us up to date with Mastodon v3.5.19.

Changelog

Please see the 3.5.19 release notes for details.

Upgrade steps

These are instructions for upgrading from Hometown v3.5.17+hometown-1.0.8.

As always, make sure you have backups of the database before performing any upgrades. A postgres backup command would look something like this: pg_dump -Fc -U postgres mastodon_production > name_of_the_7backup.dump

  • git remote update && git checkout v3.5.19+hometown-1.0.8
  • Install dependencies: bundle install and yarn install --frozen-lockfile
  • Restart all Mastodon processes

Hometown v1.1.1 (Mastodon 4.0.14)

14 Feb 18:44
3c9599f
Compare
Choose a tag to compare

This is a security release that keeps us up to date with Mastodon v4.0.14. Please see the 4.0.14 release notes for details. This is (probably??) the last security update provided for Mastodon 4.0.x by the Mastodon team. We have a new Hometown version that will be available in February that is up to date with v4.2.x so keep an eye out for that one!

Thank you once again to @nachtjasmin and @mistydemeo for the help with this merge.

Changelog

Please see the Mastodon 4.0.14 release notes for details.

Upgrade steps

These are instructions for upgrading from Hometown v4.0.13+1.1.1.

As always, make sure you have backups of the database before performing any upgrades. A postgres backup command would look something like this: pg_dump -Fc -U postgres mastodon_production > name_of_the_backup.dump

  • git remote update && git checkout v4.0.14+hometown-1.1.1
  • Install dependencies: bundle install and yarn install --frozen-lockfile
  • Restart all Mastodon processes

Hometown v1.1.1 (Mastodon 4.0.13)

01 Feb 15:45
13fa4f7
Compare
Choose a tag to compare

This is a security release that keeps us up to date with Mastodon v4.0.13. Please see the 4.0.13 release notes for details. This is the last security update provided for Mastodon 4.0.x by the Mastodon team. We have a new Hometown version that will be available in February that is up to date with v4.2.x so keep an eye out for that one!

Thank you once again to @nachtjasmin the help with this merge.

Changelog

⚠️ Fix insufficient origin validation (CVE-2024-23832, GHSA-3fjr-858r-92rw)

Upgrade steps

These are instructions for upgrading from Hometown v4.0.10+1.1.1.

As always, make sure you have backups of the database before performing any upgrades. A postgres backup command would look something like this: pg_dump -Fc -U postgres mastodon_production > name_of_the_backup.dump

  • git remote update && git checkout v4.0.13+hometown-1.1.1
  • Install dependencies: bundle install and yarn install --frozen-lockfile
  • Restart all Mastodon processes

Hometown v1.0.8 (Mastodon 3.5.17)

01 Feb 15:56
3fd984f
Compare
Choose a tag to compare

This is a security release that keeps us up to date with Mastodon v3.5.17. Please see the 3.5.17 release notes for details. This is the last security update provided for Mastodon 3.5.x by the Mastodon team. We have a new Hometown version that will be available in February that is up to date with v4.2.x so keep an eye out for that one!

Thank you once again to @nachtjasmin the help with this merge.

Changelog

⚠️ Fix insufficient origin validation (CVE-2024-23832, GHSA-3fjr-858r-92rw)

Upgrade steps

These are instructions for upgrading from Hometown v3.5.14+hometown-1.0.8.

There is no need to precompile assets for this release, but please note that the minimal supported ImageMagick version has been bumped to 6.9.7-7. If you are on an older ImageMagick and you do this upgrade, you'll get errors trying to upload images and incoming thumbnails will be broken images, among other problems. Some tips for fixing the ImageMagick problems can be found here.

As always, make sure you have backups of the database before performing any upgrades. A postgres backup command would look something like this: pg_dump -Fc -U postgres mastodon_production > name_of_the_backup.dump

  • git remote update && git checkout v3.5.17+hometown-1.0.8
  • Install dependencies: bundle install and yarn install --frozen-lockfile
  • Restart all Mastodon processes

Hometown v1.1.1 (Mastodon 4.0.10)

20 Sep 03:16
3b69a29
Compare
Choose a tag to compare

This is a security release that keeps us up to date with Mastodon v4.0.10. Please see the 4.0.10 release notes for details.

Thank you @nachtjasmin the help with this merge.

⚠️ This release is an important security release fixing major security issues (CVE-2023-42451, CVE-2023-42452).

Also, the Mastodon team will no longer provide security updates for version 4.0.x after 2023-10-31. The next release of Hometown will happen before then and will bump us up to version 4.2.x.

Upgrade steps

These are instructions for upgrading from Hometown v4.0.6+1.1.1.

There is no need to precompile assets for this release, but please note that the minimal supported ImageMagick version has been bumped to 6.9.7-7. If you are on an older ImageMagick and you do this upgrade, you'll get errors trying to upload images and incoming thumbnails will be broken images, among other problems. Some tips for fixing the ImageMagick problems can be found here.

As always, make sure you have backups of the database before performing any upgrades. A postgres backup command would look something like this: pg_dump -Fc -U postgres mastodon_production > name_of_the_backup.dump

  • git remote update && git checkout v4.0.10+hometown-1.1.1
  • Install dependencies: bundle install and yarn install --frozen-lockfile
  • Restart all Mastodon processes (yes really all processes - specifically the streaming API process needs restarting so if you are trying to be clever to retain uptime... just restart it all)

Hometown v1.0.8 (Mastodon 3.5.14)

20 Sep 02:41
Compare
Choose a tag to compare

This is a security release that keeps us up to date with Mastodon v3.5.14. Please see the 3.5.14 release notes for details.

⚠️ This release is an important security release fixing a major security issue (CVE-2023-42451).

End of life

Mastodon will not be updating the v3.5 branch, including security fixes, after 2023-12-31. I (Darius) like/need to keep this project up to date with upstream so I am also not planning to update our Mastodon v3.5-compatible Hometown versions after that date.

Upgrade steps

These are instructions for upgrading from Hometown v3.5.10+1.0.8.

There is no need to precompile assets for this release, but please note that the minimal supported ImageMagick version has been bumped to 6.9.7-7. If you are on an older ImageMagick and you do this upgrade, you'll get errors trying to upload images and incoming thumbnails will be broken images, among other problems. Some tips for fixing the ImageMagick problems can be found here.

As always, make sure you have backups of the database before performing any upgrades. A postgres backup command would look something like this: pg_dump -Fc -U postgres mastodon_production > name_of_the_backup.dump

  • git remote update && git checkout v3.5.14+hometown-1.0.8
  • Install dependencies: bundle install and yarn install
  • Restart all Mastodon processes (yes really all processes - specifically the streaming API process needs restarting so if you are trying to be clever to retain uptime... just restart it all)

Hometown v1.0.8 (Mastodon 3.5.10)

09 Jul 22:08
Compare
Choose a tag to compare

This is a security release that keeps us up to date with Mastodon v3.5.10. Please see the 3.5.10 release notes for details.

Upgrade steps

These are instructions for upgrading from Hometown v3.5.5+1.0.8.

There is no need to precompile assets for this release, but please note that the minimal supported ImageMagick version has been bumped to 6.9.7-7. If you are on an older ImageMagick and you do this upgrade, you'll get errors trying to upload images and incoming thumbnails will be broken images, among other problems.

  • git remote update && git checkout v3.5.10+hometown-1.0.8
  • Install dependencies: bundle install and yarn install
  • Restart all Mastodon processes (yes really all processes - specifically the streaming API process needs restarting so if you are trying to be clever to retain uptime... just restart it all)

Hometown v1.1.1 (Mastodon 4.0.6)

07 Jul 18:08
Compare
Choose a tag to compare

This is a security release (and bugfix to the security release) that keeps us up to date with Mastodon v4.0.6. Please see the 4.0.6 release notes for details.

If you installed 4.0.5 please update it to this version, it contains critical bugfixes from the Mastodon team!

Thank you @nachtjasmin and @mistydemeo for their help getting the 4.0.5 merge out while I was traveling.

Upgrade steps

These are instructions for upgrading from Hometown v4.0.4+1.1.1 or v4.0.5+1.1.1.

There is no need to precompile assets for this release, but please note that the minimal supported ImageMagick version has been bumped to 6.9.7-7. There are also instructions at the 4.0.5 release notes for hardening your nginx configuration - this is not required but it's recommended by the Mastodon team.

  • git remote update && git checkout v4.0.6+hometown-1.1.1
  • Install dependencies: bundle install and yarn install
  • Restart all Mastodon processes (yes really all processes - specifically the streaming API process needs restarting so if you are trying to be clever to retain uptime... just restart it all)