Skip to content

Releases: mastodon/mastodon

v4.3.4

27 Feb 15:29
@ClearlyClaire ClearlyClaire
v4.3.4
c1f398a
Compare
Choose a tag to compare
v4.3.4 Latest
Latest

Mastodon

Warning

This release includes important security fixes.

Corresponding releases are available for the 4.2.x branch and the 4.1.x branch.

Note

If you are using nightly builds, do not use this release but update to nightly.2025-02-28-security or newer instead. If you are on the main branch, update to the latest commit.

Changelog

Security

Changed

Fixed

Upgrade notes

To get the code for v4.3.4, use git fetch && git checkout v4.3.4.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 or newer
  • PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 18 or newer
  • ImageMagick (optional if using libvips): 6.9.7-7 or newer
  • libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.3.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

  1. Install dependencies with bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes.

When using docker

  1. Restart all Mastodon processes.

Contributors

mjankowski, Gargron, and 4 other contributors
Assets 2
Loading

v4.2.17

27 Feb 15:59
@ClearlyClaire ClearlyClaire
v4.2.17
5d8c091
Compare
Choose a tag to compare
v4.2.17

Mastodon

Warning

This release includes important security fixes.

Corresponding releases are available for the 4.3.x branch and the 4.1.x branch.

Note

This version fixes a vulnerability issue when using SAML but drops support for Ruby 3.0 in the process.
If you configured SAML authentication on your Mastodon instance and use Ruby 3.0, we recommend that you update your Ruby version to 3.2, then update to Mastodon v4.2.17 or later.
If you can't use Ruby 3.1 or later but don't use SAML, updating past v4.2.16 is not as critical.

Changelog (v4.2.17)

Security

  • Update dependencies

Removed

  • Remove support for Ruby 3.0

Changelog (v4.2.16)

Security

Fixed

Upgrade notes

To get the code for v4.2.17, use git fetch && git checkout v4.2.17.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

The minimum supported Ruby version has been bumped from 3.0 to 3.1. Otherwise, external dependencies have not changed since v4.2.4, the compatible PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 to 3.2
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.15.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

Contributors

mjankowski, ClearlyClaire, and ShadowJonathan
Loading

v4.2.16

27 Feb 15:39
@ClearlyClaire ClearlyClaire
v4.2.16
015858a
Compare
Choose a tag to compare
v4.2.16

Mastodon

Warning

This release includes important security fixes.

Corresponding releases are available for the 4.3.x branch and the 4.1.x branch.

Caution

One of our dependencies has a known security vulnerability which Mastodon may be exposed to when using SAML for external authentication.
We have released v4.2.17 which fixes this issue and we encourage you to update to it (or 4.3), but it unfortunately drops support for Ruby 3.0.

Changelog

Security

Fixed

Upgrade notes

To get the code for v4.2.16, use git fetch && git checkout v4.2.16.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0 to 3.2
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.15.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

Contributors

mjankowski, ClearlyClaire, and ShadowJonathan
Loading

v4.1.23

27 Feb 15:47
@ClearlyClaire ClearlyClaire
v4.1.23
378e90f
Compare
Choose a tag to compare
v4.1.23

Mastodon

Caution

The 4.1.x branch will not receive any update—including security fixes—after 2025/04/08.

Warning

This release includes important security fixes.

Corresponding releases are available for the 4.3.x branch and the 4.2.x branch.

Caution

One of our dependencies has a known security vulnerability which Mastodon may be exposed to when using SAML for external authentication. If you are using SAML, we urge you to update to Mastodon 4.2 or 4.3.

Changelog

Security

Fixed

Upgrade notes

To get the code for v4.1.23, use git fetch && git checkout v4.1.23.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.1.18, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

Warning

The minimum required Ruby version has been bumped to 3.0 in Mastodon v4.1.14.

External dependencies have not changed compared to v4.1.14, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0
  • PostgreSQL: 9.5 or newer
  • Elasticsearch (optional, for full-text search): 7.x
  • Redis: 4 or newer
  • Node: >= 14, < 18
  • ImageMagick: 6.9.7-7 or newer

Update steps

The following instructions are for updating from 4.1.22.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile

Both Docker and non-Docker:

  1. Restart all Mastodon processes

Contributors

mjankowski and ClearlyClaire
Loading

v4.3.3

16 Jan 10:56
@ClearlyClaire ClearlyClaire
v4.3.3
faed9bf
Compare
Choose a tag to compare
v4.3.3

Mastodon

Changelog

Security

Fixed

Upgrade notes

To get the code for v4.3.3, use git fetch && git checkout v4.3.3.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 or newer
  • PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 18 or newer
  • ImageMagick (optional if using libvips): 6.9.7-7 or newer
  • libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.2.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

  1. Install dependencies with bundle install
  2. Restart all Mastodon processes.

When using docker

  1. Restart all Mastodon processes.

Contributors

mjankowski, jesseplusplus, and 2 other contributors
Loading

v4.2.15

16 Jan 11:02
@ClearlyClaire ClearlyClaire
v4.2.15
bf4d0f0
Compare
Choose a tag to compare
v4.2.15

Mastodon

Changelog

Security

Fixed

Upgrade notes

To get the code for v4.2.15, use git fetch && git checkout v4.2.15.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0 to 3.2
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.14.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

Contributors

ClearlyClaire and vmstan
Loading

v4.1.22

16 Jan 11:06
@ClearlyClaire ClearlyClaire
v4.1.22
b225eda
Compare
Choose a tag to compare
v4.1.22

Mastodon

Changelog

Security

Fixed

Upgrade notes

To get the code for v4.1.22, use git fetch && git checkout v4.1.22.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.1.18, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

Warning

The minimum required Ruby version has been bumped to 3.0 in Mastodon v4.1.14.

External dependencies have not changed compared to v4.1.14, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0
  • PostgreSQL: 9.5 or newer
  • Elasticsearch (optional, for full-text search): 7.x
  • Redis: 4 or newer
  • Node: >= 14, < 18
  • ImageMagick: 6.9.7-7 or newer

Update steps

The following instructions are for updating from 4.1.21.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install

Both Docker and non-Docker:

  1. Restart all Mastodon processes

Contributors

ClearlyClaire and vmstan
Loading

v4.3.2

03 Dec 15:27
@ClearlyClaire ClearlyClaire
v4.3.2
13ab4b5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.3.2

Mastodon

Changelog

Added

Changed

Fixed

Security

  • Update dependencies

Upgrade notes

To get the code for v4.3.2, use git fetch && git checkout v4.3.2.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 or newer
  • PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 18 or newer
  • ImageMagick (optional if using libvips): 6.9.7-7 or newer
  • libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.1.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

  1. Install dependencies with bundle install and yarn install --immutable
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes.

When using docker

  1. Restart all Mastodon processes.

Contributors

mjankowski, ThisIsMissEm, and 10 other contributors
Loading

v4.2.14

03 Dec 15:30
@ClearlyClaire ClearlyClaire
v4.2.14
d94c734
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.2.14

Mastodon

Changelog

Added

Fixed

  • Fix inactive users' timelines being backfilled on follow and unsuspend (#33094 by @ClearlyClaire)
  • Fix direct inbox delivery pushing posts into inactive followers' timelines (#33067 by @ClearlyClaire)
  • Fix TagFollow records not being correctly handled in account operations (#33063 by @ClearlyClaire)
  • Fix pushing hashtag-followed posts to feeds of inactive users (#33018 by @Gargron)
  • Fix and improve batch attachment deletion handling when using OpenStack Swift (#32637 by @hugogameiro)
  • Fix tl language native name (#32606 by @seav)

Upgrade notes

To get the code for v4.2.14, use git fetch && git checkout v4.2.14.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0 to 3.2
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.13.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install and yarn install --frozen-lockfile
  2. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

Contributors

Gargron, ClearlyClaire, and 2 other contributors
Loading

v4.1.21

03 Dec 15:31
@ClearlyClaire ClearlyClaire
v4.1.21
a222e7a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.1.21

Mastodon

Changelog

Fixed

Security

  • Update dependencies

Upgrade notes

To get the code for v4.1.21, use git fetch && git checkout v4.1.21.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.1.18, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

Warning

The minimum required Ruby version has been bumped to 3.0 in Mastodon v4.1.14.

External dependencies have not changed compared to v4.1.14, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0
  • PostgreSQL: 9.5 or newer
  • Elasticsearch (optional, for full-text search): 7.x
  • Redis: 4 or newer
  • Node: >= 14, < 18
  • ImageMagick: 6.9.7-7 or newer

Update steps

The following instructions are for updating from 4.1.20.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install and yarn install --frozen-lockfile

Both Docker and non-Docker:

  1. Restart all Mastodon processes

Contributors

ClearlyClaire and seav
Loading