Skip to content

Releases: mastodon/mastodon

v4.3.6

13 Mar 13:08
@oneiros oneiros
v4.3.6
cdcd77e
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.3.6 Latest
Latest

Mastodon

Warning

This includes important security fixes for everyone using SAML single-sign-on.

Corresponding releases are available for the 4.2.x branch and the 4.1.x branch.

Changelog

Security

  • Update dependencies

Fixed

Upgrade notes

To get the code for v4.3.6, use git fetch && git checkout v4.3.6.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 or newer
  • PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 18 or newer
  • ImageMagick (optional if using libvips): 6.9.7-7 or newer
  • libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.5.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

  1. Install dependencies with bundle install
  2. Restart all Mastodon processes.

When using docker

  1. Restart all Mastodon processes.

Contributors

ClearlyClaire
Assets 2
Loading

v4.2.19

13 Mar 13:08
@oneiros oneiros
v4.2.19
a58a2b5
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.2.19

Mastodon

Warning

This includes important security fixes for everyone using SAML single-sign-on.

Corresponding releases are available for the 4.3.x branch and the 4.1.x branch.

Changelog

Security

  • Update dependencies

Fixed

Upgrade notes

To get the code for v4.2.19, use git fetch && git checkout v4.2.19.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

The minimum supported Ruby version has been bumped from 3.0 to 3.1 in Mastodon v4.2.17. Otherwise, external dependencies have not changed since v4.2.4, the compatible PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 to 3.3
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.18.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

Contributors

ClearlyClaire
Loading

v4.1.24

13 Mar 13:08
@oneiros oneiros
v4.1.24
1565931
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.1.24

Mastodon

Caution

The 4.1.x branch will not receive any update—including security fixes—after 2025/04/08.

Warning

This includes important security fixes for everyone using SAML single-sign-on. We recommend upgrading to Mastodon 4.2 or 4.3 (see caution below) but if you are stuck on 4.1 and use SAML, you should at least update to this version.

Corresponding releases are available for the 4.3.x branch and the 4.2.x branch.

Caution

One of our dependencies has a known security vulnerability which Mastodon may be exposed to when using SAML for external authentication. If you are using SAML, we urge you to update to Mastodon 4.2 or 4.3.

Changelog

Security

  • Update dependencies

Fixed

Upgrade notes

To get the code for v4.1.24, use git fetch && git checkout v4.1.24.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.1.18, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

Warning

The minimum required Ruby version has been bumped to 3.0 in Mastodon v4.1.14.

External dependencies have not changed compared to v4.1.14, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0
  • PostgreSQL: 9.5 or newer
  • Elasticsearch (optional, for full-text search): 7.x
  • Redis: 4 or newer
  • Node: >= 14, < 18
  • ImageMagick: 6.9.7-7 or newer

Update steps

The following instructions are for updating from 4.1.23.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install

Both Docker and non-Docker:

  1. Restart all Mastodon processes

Contributors

ClearlyClaire
Loading

v4.3.5

10 Mar 09:15
@ClearlyClaire ClearlyClaire
v4.3.5
a8613b7
Compare
Choose a tag to compare
v4.3.5

Mastodon

Warning

A recently released version includes important security fixes.

Corresponding releases are available for the 4.2.x branch and the 4.1.x branch.

Changelog

Changed

Fixed

  • Fix processing errors for some HEIF images from iOS 18 (#34086 by @renchap)
  • Fix streaming server not filtering unknown-language posts from public timelines (#33774 by @ClearlyClaire)
  • Fix preview cards under Content Warnings not being shown in detailed statuses (#34068 by @ClearlyClaire)
  • Fix username and display name being hidden on narrow screens in moderation interface (#33064 by @ClearlyClaire)

Upgrade notes

To get the code for v4.3.5, use git fetch && git checkout v4.3.5.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 or newer
  • PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 18 or newer
  • ImageMagick (optional if using libvips): 6.9.7-7 or newer
  • libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.4.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

  1. Install dependencies with bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes.

When using docker

  1. Restart all Mastodon processes.

Contributors

renchap and ClearlyClaire
Loading

v4.2.18

10 Mar 09:16
@ClearlyClaire ClearlyClaire
v4.2.18
443871d
Compare
Choose a tag to compare
v4.2.18

Mastodon

Warning

A recently released version includes important security fixes.

Corresponding releases are available for the 4.3.x branch and the 4.1.x branch.

Changelog

Changed

Fixed

  • Fix processing errors for some HEIF images from iOS 18 (#34086 by @renchap)
  • Fix streaming server not filtering unknown-language posts from public timelines (#33774 by @ClearlyClaire)

Upgrade notes

To get the code for v4.2.18, use git fetch && git checkout v4.2.18.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

The minimum supported Ruby version has been bumped from 3.0 to 3.1 in Mastodon v4.2.17. Otherwise, external dependencies have not changed since v4.2.4, the compatible PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 to 3.3
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.17.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

Contributors

renchap and ClearlyClaire
Loading

v4.3.4

27 Feb 15:29
@ClearlyClaire ClearlyClaire
v4.3.4
c1f398a
Compare
Choose a tag to compare
v4.3.4

Mastodon

Warning

This release includes important security fixes.

Corresponding releases are available for the 4.2.x branch and the 4.1.x branch.

Note

If you are using nightly builds, do not use this release but update to nightly.2025-02-28-security or newer instead. If you are on the main branch, update to the latest commit.

Changelog

Security

Changed

Fixed

Upgrade notes

To get the code for v4.3.4, use git fetch && git checkout v4.3.4.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 or newer
  • PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 18 or newer
  • ImageMagick (optional if using libvips): 6.9.7-7 or newer
  • libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.3.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

  1. Install dependencies with bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes.

When using docker

  1. Restart all Mastodon processes.

Contributors

mjankowski, Gargron, and 4 other contributors
Loading

v4.2.17

27 Feb 15:59
@ClearlyClaire ClearlyClaire
v4.2.17
5d8c091
Compare
Choose a tag to compare
v4.2.17

Mastodon

Warning

This release includes important security fixes.

Corresponding releases are available for the 4.3.x branch and the 4.1.x branch.

Note

This version fixes a vulnerability issue when using SAML but drops support for Ruby 3.0 in the process.
If you configured SAML authentication on your Mastodon instance and use Ruby 3.0, we recommend that you update your Ruby version to 3.2, then update to Mastodon v4.2.17 or later.
If you can't use Ruby 3.1 or later but don't use SAML, updating past v4.2.16 is not as critical.

Changelog (v4.2.17)

Security

  • Update dependencies

Removed

  • Remove support for Ruby 3.0

Changelog (v4.2.16)

Security

Fixed

Upgrade notes

To get the code for v4.2.17, use git fetch && git checkout v4.2.17.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

The minimum supported Ruby version has been bumped from 3.0 to 3.1. Otherwise, external dependencies have not changed since v4.2.4, the compatible PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 to 3.2
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.15.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

Contributors

mjankowski, ClearlyClaire, and ShadowJonathan
Loading

v4.2.16

27 Feb 15:39
@ClearlyClaire ClearlyClaire
v4.2.16
015858a
Compare
Choose a tag to compare
v4.2.16

Mastodon

Warning

This release includes important security fixes.

Corresponding releases are available for the 4.3.x branch and the 4.1.x branch.

Caution

One of our dependencies has a known security vulnerability which Mastodon may be exposed to when using SAML for external authentication.
We have released v4.2.17 which fixes this issue and we encourage you to update to it (or 4.3), but it unfortunately drops support for Ruby 3.0.

Changelog

Security

Fixed

Upgrade notes

To get the code for v4.2.16, use git fetch && git checkout v4.2.16.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0 to 3.2
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer

Update steps

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.15.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

Contributors

mjankowski, ClearlyClaire, and ShadowJonathan
Loading

v4.1.23

27 Feb 15:47
@ClearlyClaire ClearlyClaire
v4.1.23
378e90f
Compare
Choose a tag to compare
v4.1.23

Mastodon

Caution

The 4.1.x branch will not receive any update—including security fixes—after 2025/04/08.

Warning

This release includes important security fixes.

Corresponding releases are available for the 4.3.x branch and the 4.2.x branch.

Caution

One of our dependencies has a known security vulnerability which Mastodon may be exposed to when using SAML for external authentication. If you are using SAML, we urge you to update to Mastodon 4.2 or 4.3.

Changelog

Security

Fixed

Upgrade notes

To get the code for v4.1.23, use git fetch && git checkout v4.1.23.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Important

Since v4.1.18, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

Warning

The minimum required Ruby version has been bumped to 3.0 in Mastodon v4.1.14.

External dependencies have not changed compared to v4.1.14, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0
  • PostgreSQL: 9.5 or newer
  • Elasticsearch (optional, for full-text search): 7.x
  • Redis: 4 or newer
  • Node: >= 14, < 18
  • ImageMagick: 6.9.7-7 or newer

Update steps

The following instructions are for updating from 4.1.22.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile

Both Docker and non-Docker:

  1. Restart all Mastodon processes

Contributors

mjankowski and ClearlyClaire
Loading

v4.3.3

16 Jan 10:56
@ClearlyClaire ClearlyClaire
v4.3.3
faed9bf
Compare
Choose a tag to compare
v4.3.3

Mastodon

Changelog

Security

Fixed

Upgrade notes

To get the code for v4.3.3, use git fetch && git checkout v4.3.3.

Note

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.3.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 or newer
  • PostgreSQL: 12 or newer. PostgreSQL versions 14.0 to 14.3 are not supported as they contain a critical data-corruption bug (see v4.3.0 release notes)
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 18 or newer
  • ImageMagick (optional if using libvips): 6.9.7-7 or newer
  • libvips (optional, instead of ImageMagick): 8.13 or newer

Update steps

The following instructions are for updating from 4.3.2.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, please read the v4.3.0 release notes, as there have been multiple important changes.

Non-docker

Tip

The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

  1. Install dependencies with bundle install
  2. Restart all Mastodon processes.

When using docker

  1. Restart all Mastodon processes.

Contributors

mjankowski, jesseplusplus, and 2 other contributors
Loading