Notices by Sharkey - Official Account (sharkey@sharkey.team)

Note that for users who run develop, they will need to wait for this MR to be merged into develop for the patches.

We've officially released version 2024.2.3 of Sharkey!

This update contains critical security fixes. Please update as soon as possible. Disclosures for the relevant vulnerabilities will be made available once instances have been patched.

Please be patient, GitLab is not behaving which is preventing us from pushing our changes- hence why we allocated a window of time.

Almost time!

@puniko@mk.absturztau.be Fingers crossed 🥴

Heads up- we'll be making a major security release for Sharkey later today (between 2025-04-27T19:00:00.000Z and 2025-04-27T21:00:00.000Z) in coordination with Iceshrimp and Misskey. Please make sure to update your instances as soon as possible.

Hello everyone, we've just released a new version of Sharkey! This is the first release in the 2025.2 series, despite the .2- we had to make use of that due to technical limitations in the upstream merge workflow we use.

Here's what we've been working on:
- A fix for an annoying corepack/pnpm error.
- Optimizations to SQL-based note search.
- Support for tsvector full-text search.
- Support for filtering by Module and Flash file types.
- Fixes for quote preview.
- Fixes for hashtags and tag search.
- Allow user-initiated object lookups to redirect. (makes the lookup function 100x more likely to actually work instead of throwing a vague error).
- Add missing translations in various places.
- Bulk fixes and refactoring of Mastodon API. (it may work better with some clients, and several known bugs are fixed.)
- Option to regenerate vapid keys without a CLI command.
- Revision 2 of the new rate limit system- improved performance, simpler API, and the "role template" rate limit factor now applies to unauthenticated / logged-out requests.
- Fixes for docker build & deployment.
- Fixes for BSD build & deployment.
- Add a "follow back" button to "user followed you" notifications.
- Buttons to accept/reject follow requests directly from a user's profile.
- Various rate limit fixes and adjustments.
- Improved support for MFM and HTML ruby.
- Improved browser language detection, especially in cases where we don't have an exact-match language file.
- Robots.txt can be configured through admin settings, instead of using the reverse-proxy.
- Federation fixes and improvements, particularly for software which produces null for Person.discoverable.
- Build and development tooling improvements.
- Fixes for import limits and config settings.
- Fixes for reactions
- Fixes for note visibility in streaming API
- Shift-click to automatically boost w/ visibility
- Fixes to emoji sorting, search, and categorization.
- Emoji import now honours the import.downloadTimeout setting
- Laxer validation for admin-controlled HTML.
- Add some missing MFM to the cheat sheet.
- Record the person who created an invite code.
- Classic and narrow UI layout fixes.
- Fixes for RSS widgets
- Remove unused "email notification type" settings to avoid user confusion.
- Remove duplicate role badges
- Add file extension to locally-stored media (allows the reverse-proxy to directly serve media)
- The IP address that the server listens on is now configurable
- Users can set a default CW
- Moderators can force a CW for a user
- Moderators can remove the "quote" feature for specific users (local or remote) and remote instances
- Optional separate Redis connection for rate-limiting purposes
- Ability to log all AP objects- note that this respects deletes, and is optional, as a debugging aid.
- Better support for PeerTube thumbnails
- Better interoperability with SocialHome

Here's what we've pulled in from upsteam:
- A new experimental custom emoji manager using a spreadsheet UI
- Support for PGroonga full-text search, which gives accuracy closer to Meilisearch with dramatically less system load and deployment headache.
- We can log full SQL queries for development
- A bunch of bug fixes for login, note hiding, MFM, and others.
- Remove unused "view source" button.
- Fixes to data saver mode.
- Fixes to Deck UI.
- Add missing translations in various places.

Hey fedi! This is the new home of the official #Sharkey account!