Major Sidekiq update

This release includes a major upgrade of the background processing system Sidekiq. To upgrade cleanly:

1. Stop diaspora*
2. Run RAILS_ENV=production bundle exec sidekiq and wait 5-10 minutes, then stop it again (hit CTRL+C)
3. Do a normal upgrade of diaspora*
4. Start diaspora*

Rails 4 - Manual action required

Please edit config/initializers/secret_token.rb, replacing secret_token with
secret_key_base.

# Old
Rails.application.config.secret_token = '***********...'

# New
Diaspora::Application.config.secret_key_base = '*************...'

You also need to take care to set RAILS_ENV and to clear the cache while precompiling assets: RAILS_ENV=production bundle exec rake tmp:cache:clear assets:precompile

Supported Ruby versions

This release drops official support for the Ruby 1.9 series. This means we will no longer test against this Ruby version or take care to choose libraries
that work with it. However that doesn't mean we won't accept patches that improve running diaspora* on it.

At the same time we adopt support for the Ruby 2.1 series and recommend running on the latest Ruby version of that branch. We continue to support the Ruby 2.0
series and run our comprehensive test suite against it.

Change in defaults.yml

The default for including jQuery from a CDN has changed. If you want to continue to include it from a CDN, please explicitly set the jquery_cdn setting to true in diaspora.yml.

Change in database.yml

For MySQL databases, replace charset: utf8 with encoding: utf8mb4 and change collation from utf8_bin to utf8mb4_bin in the file config/database.yml.
This is enables full UTF8 support (4bytes characters), including standard emoji characters.
See database.yml.example for reference.
Please make sure to stop Diaspora prior running this migration!

Experimental chat feature

This release adds experimental integration with XMPP for real-time chat. Please see our wiki for further informations.

Change in statistics.json schema

The way services are shown in the statistics.json route is changing. The keys relating to showing whether services are enabled or not are moving to their own container as "services": {....}, instead of having them all in the root level of the JSON.

The keys will still be available in the root level within the 0.5 release. The old keys will be removed in the 0.6 release.

New maintenance feature to automatically expire inactive accounts

Removing of old inactive users can now be done automatically by background processing. The amount of inactivity is set by after_days. A warning email will be sent to the user and after an additional warn_days, the account will be automatically closed.

This maintenance is not enabled by default. Podmins can enable it by for example copying over the new settings under settings.maintenance to their diaspora.yml file and setting it enabled. The default setting is to expire accounts that have been inactive for 2 years (no login).

Camo integration to proxy external assets

It is now possible to enable an automatic proxying of external assets, for example images embedded via Markdown or OpenGraph thumbnails loaded from insecure third party servers through a Camo proxy.

This is disabled by default since it requires the installation of additional packages and might cause some traffic. Check the wiki page for more information and detailed installation instructions.

Paypal unhosted button and currency

Podmins can now set the currency for donations, and use an unhosted button if they can't use
a hosted one. Note: you need to copy the new settings from diaspora.yml.example to your
diaspora.yml file. The existing settings from 0.4.x and before will not work any more.

Custom splash page changes

diaspora* no longer adds a div.container to wrap custom splash pages. This adds the ability for podmins to write home pages using Bootstrap's fluid design. Podmins who added a custom splash page in app/views/home/_show.{html,mobile}.haml need to wrap the contents into a div.container to keep the old design. You will find updated examples in our wiki.

Refactor

• Redesign contacts page #5153
• Improve profile page design on mobile #5084
• Port test suite to RSpec 3 #5170
• Port tag stream to Bootstrap #5138
• Consolidate migrations, if you need a migration prior 2013, checkout the latest release in the 0.4.x series first #5173
• Add tests for mobile sign up #5185
• Display new conversation form on conversations/index #5178
• Port profile page to Backbone #5180
• Pull punycode.js from rails-assets.org #5263
• Redesign profile page and port to Bootstrap #4657
• Unify stream selection links in the left sidebar #5271
• Refactor schema of statistics.json regarding services #5296
• Pull jquery.idle-timer.js from rails-assets.org #5310
• Pull jquery.placeholder.js from rails-assets.org #5299
• Pull jquery.textchange.js from rails-assets.org #5297
• Pull jquery.hotkeys.js from rails-assets.org #5368
• Reduce amount of useless background job retries and pull public posts when missing #5209
• Updated Weekly User Stats admin page to show data for the most recent week including reversing the order of the weeks in the drop down to show the most recent. #5331
• Convert some cukes to RSpec tests #5289
• Hidden overflow for long names on tag pages #5279
• Always reshare absolute root of a post #5276
• Convert remaining SASS stylesheets to SCSS #5342
• Update rack-protection #5403
• Cleanup diaspora.yml #5426
• Replace opengraph_parser with open_graph_reader #5462
• Make sure conversations without any visibilities left are deleted #5478
• Change tooltip for delete button in conversations view #5477
• Replace a modifier-rescue with a specific rescue #5491
• Port contacts page to backbone #5473
• Replace CSS vendor prefixes automatically #5532
• Use sentence case consistently throughout UI #5588
• Hide sign up button when registrations are disabled #5612
• Standardize capitalization throughout the UI #5588
• Display photos on the profile page as thumbnails #5521
• Unify not connected pages (sign in, sign up, forgot password) #5391
• Port remaining stream pages to Bootstrap #5715
• Port notification dropdown to Backbone #5707 #5761
• Add rounded corners for avatars #5733
• Move registration form to a partial #5764
• Add tests for liking and unliking posts #5741
• Rewrite slide effect in conversations as css transition for better performance #5776
• Various cleanups and improvements in the frontend code #5781 #5769 #5763 #5762 #5758 #5755 #5747 #5734 #5786 #5768
• Add specs and validations to the role model #5792
• Replace 'Make something' text by diaspora ball logo on registration page #5743

Bug fixes

• orca cannot see 'Add Contact' button #5158
• Move submit button to the right in conversations view #4960
• Handle long URLs and titles in OpenGraph descriptions #5208
• Fix deformed getting started popover #5227
• Use correct locale for invitation subject #5232
• Initial support for IDN emails
• Fix services settings reported by statistics.json #5256
• Only collapse empty comment box #5328
• Fix pagination for people/guid/contacts #5304
• Fix poll creation on Bootstrap pages #5334
• Show error message on invalid reset password attempt #5325
• Fix translations on mobile password reset pages #5318
• Handle unset user agent when signing out #5316
• More robust URL parsing for oEmbed and OpenGraph #5347
• Fix Publisher doesn't expand while uploading images #3098
• Drop unneeded and too open crossdomain.xml
• Fix hidden aspect dropdown on getting started page #5407
• Fix a few issues on Bootstrap pages #5401
• Improve handling of the more link on mobile stream pages #5400
• Fix prefilling publisher after getting started #5442
• Fix overflow in profile sidebar #5450
• Fix code overflow in SPV and improve styling for code tags #5422
• Correctly validate if local recipients actually want to receive a conversation #5449
• Improve consistency of poll answer ordering #5471
• Fix broken aspect selectbox on asynchronous search results #5488
• Replace %{third_party_tools} by the appropriate hyperlink in tags FAQ #5509
• Repair downloading the profile image from Facebook #5493
• Fix localization of post and comment timestamps on mobile #5482
• Fix mobile JS loading to quieten errors. Fixes also service buttons on mobile bookmarklet.
• Don't error out when adding a too long location to the profile #5614
• Correctly decrease unread count for conversations #5646
• Fix automatic scroll for conversations #5646
• Fix missing translation on privacy settings page #5671
• Fix code overflow for the mobile website #5675
• Strip Unicode format characters prior post processing #5680
• Disable email notifications for closed user accounts #5640
• Total user statistic no longer includes closed accounts #5041
• Don't add a space when rendering a mention #5711
• Fix flickering hovercards #5714 #5876
• Improved stripping markdown in post titles #5730
• Remove border from reply form for conversations #5744
• Fix overflow for headings, blockquotes and other elements #5731
• Correct photo count on profile page #5751
• Fix mobile sign up from an invitation #5754
• Set max-width for tag following button on tag page #5752
• Display error messages for failed password change #5580
• Display correct error message for too long tags #5783
• Fix displaying reshares in the stream on mobile #5790
• Remove bottom margin from lists that are the last element of a post. #5721
• Fix pagination design on conversations page #5791
• Prevent inserting posts into the wrong stream #5838
• Update help section #5857 #5859
• Fix asset precompilation check in script/server #5863
• Convert MySQL databases to utf8mb4 #5530 #5624 #5865
• Don't upcase labels on mobile sign up/sign in #5872

Features

• Don't pull jQuery from a CDN by default #5105
• Better character limit message #5151
• Remember whether a AccountDeletion was performed #5156
• Increased the number of notifications shown in drop down bar to 15 #5129
• Increase possible captcha length #5169
• Display visibility icon in publisher aspects dropdown #4982
• Add a link to the reported comment in the admin panel #5337
• Strip search query from leading and trailing whitespace #5317
• Add the "network" key to statistics.json and set it to "Diaspora" #5308
• Infinite scrolling in the notifications dropdown #5237
• Maintenance feature to automatically expire inactive accounts #5288
• Add LibreJS markers to JavaScript 5320
• Ask for confirmation when leaving a submittable publisher #5309
• Allow page-specific styling via individual CSS classes #5282
• Change diaspora logo in the header on hover #5355
• Display diaspora handle in search results #5419
• Show a message on the ignored users page when there are none #5434
• Truncate too long OpenGraph descriptions #5387
• Make the source code URL configurable #5410
• Prefill publisher on the tag pages #5442
• Don't include the content of non-public posts into notification mails #5494
• Allow to set unhosted button and currency for paypal donation #5452
• Add followed tags in the mobile menu #5468
• Replace Pagedown with markdown-it #5526
• Do not truncate notification emails anymore #4342
• Allows users to export their data in gzipped JSON format from their user settings page #5499
• Strip EXIF data from newly uploaded images #5510
• Hide user setting if the community spotlight is not enabled on the pod #5562
• Add HTML view for pod statistics #5464
• Added/Moved hide, block user, report and delete button in SPV #5547
• Added keyboard shortcuts r(reshare), m(expand Post), o(open first link in post) #5602
• Added dropdown to add/remove people from/to aspects in mobile view #5594
• Dynamically compute minimum and maximum valid year for birthday field #5639
• Show hovercard on mentions #5652
• Make help sections linkable #5667
• Add invitation link to contacts page #5655
• Add year to notifications page #5676
• Give admins the ability to lock & unlock accounts #5643
• Add reshares to the stream view immediately #5699
• Update and improve help section #5665, #5706
• Expose participation controls in the stream view #5511
• Reimplement photo export #5685
• Add participation controls in the single post view #5722
• Display polls on reshares #5782
• Remove footer from stream pages #5816

Update Redcarped, fixes OSVDB-120415.

Update Rails, fixes CVE-2014-7818.

• Fix XSS issue in poll qustions

New 'Terms of Service' feature and template

This release brings a new ToS feature that allows pods to easily display to users the terms of service they are operating on. This feature is not enabled by default. If you want to enable it, please add under settings in config/diaspora.yml the following and restart diaspora. If in doubt see config/diaspora.yml.example:

terms:
  enable: true

When enabled, the footer and sidebar will have a link to terms page, and signup will have a disclaimer indicating that creating an account means the user accepts the terms of use.

While the project itself doesn't restrict what kind of terms pods run on, we realize not all podmins want to spend time writing them from scratch. Thus there is a basic ToS template included that will be used unless a custom one available.

To modify (or completely rewrite) the terms template, create a file called app/views/terms/terms.haml or app/views/terms/terms.erb and it will automatically replace the default template, which you can find at app/views/terms/default.haml.

There are also two configuration settings to customize the terms (when using the default template). These are optional.

• settings.terms.jurisdiction - indicate here in which country or state any legal disputes are handled.
• settings.terms.minimum_age - indicate here if you want to show a minimum required age for creating an account.

Rake task to email users

There is a new Rake task podmin:admin_mail available to allow podmins to easily send news and notices to users. The rake task triggers emails via the normal diaspora mailer mechanism (so they are embedded in the standard template) and takes the following parameters:

1. Users definition

• all - all users in the database (except deleted)
• active_yearly - users logged in within the last year
• active_monthly - users logged in within the last month
• active_halfyear - users logged in within the last 6 months

2. Path to message file

• Give here a path to a HTML or plain text file that contains the message.

3. Subject

• A subject for the email

Example shell command (depending on your environment);

RAILS_ENV=production bundle exec rake podmin:admin_mail['active_monthly','./message.html','Important message from pod']

Read more about specifying arguments to Rake tasks.

Refactor

• Port help pages to Bootstrap #5050
• Refactor Notification#notify #4945
• Port getting started to Bootstrap #5057
• Port people search page to Bootstrap #5077
• Clarify explanations and defaults in diaspora.yml.example #5088
• Consistent header spacing on Bootstrap pages #5108
• Port settings pages (account, profile, privacy, services) to Bootstrap #5039
• Port contacts and community spotlight pages to Bootstrap #5118
• Redesign login page #5112
• Change mark read link on notifications page #5141

Bug fixes

• Fix hiding of poll publisher on close #5029
• Fix padding in user menu #5047
• Fix self-XSS when renaming an aspect #5048
• Fix live updating when renaming an aspect #5049
• Use double quotes when embedding translations into Javascript #5055
• Fix regression in mobile sign-in (commit)
• Set mention notification as read when viewing post #5006
• Set sharing notification as read when viewing profile #5009
• Ensure a consistent border on text input elements #5069
• Escape person name in contacts json returned by Conversations#new
• Make sure all parts of the hovercard are always in front #5188

Features

• Port admin pages to bootstrap, polish user search results, allow accounts to be closed from the backend #5046
• Reference Salmon endpoint in Webfinger XRD to aid discovery by alternative implementations #5062
• Change minimal birth year for the birthday field to 1910 #5083
• Add scrolling thumbnail switcher in the lightbox #5102
• Add help section about keyboard shortcuts #5100
• Automatically add poll answers as needed #5109
• Add Terms of Service as an option for podmins, includes base template #5104
• Add rake task to send a mail to all users #5111
• Expose which services are configured in /statistics.json #5121
• In filtered notification views, replace "Mark all as read" with "Mark shown as read" #5122
• When ignoring a user remove his posts from the stream instantly #5127
• Allow to delete photos from the pictures stream #5131

0.4.0.1

Bug fixes

• Fix performance regression on stream loading with MySQL/MariaDB database backends #5014
• Fix issue with post reporting #5017

0.4.0.0

Ensure account deletions are run

A regression caused accounts deletions to not properly perform in some cases, see #4792.
To ensure these are reexecuted properly, please run RAILS_ENV=production bundle exec rake accounts:run_deletions
after you've upgraded.

Change in guid generation

This version will break federation to pods running on versions prior 0.1.1.0.

Read more in #4249 and #4883

Refactor

• Drop number of followers from tags page #4717
• Remove some unused beta code #4738
• Style improvements for SPV, use original author's avatar for reshares #4754
• Update image branding to the new decided standard #4702
• Consistent naming of conversations and messages #4756
• Improve stream generation time #4769
• Port help pages to backbone #4768
• Add participants to conversations menu #4656
• Update forgot_password and reset_password pages #4707
• Change jQuery CDN to jquery.com from googleapis.com #4765
• Update to jQuery 10
• Port publisher and bookmarklet to Bootstrap #4678
• Improve search page, add better indications #4794
• Port notifications and hovercards to Bootstrap #4814
• Replace .rvmrc by .ruby-version and .ruby-gemset #4854
• Reorder and reword items on user settings page #4912
• SPV: Improve padding and interaction counts #4426
• Remove auto 'mark as read' for notifications #4810
• Improve set read/unread in notifications dropdown #4869
• Refactor publisher: trigger events for certain actions, introduce 'disabled' state #4932

Bug fixes

• Fix user account deletion #4953 and #4963
• Fix email body language when invite a friend #4832
• Improve time agos by updating the plugin #4281
• Do not add a space after adding a mention #4767
• Fix active user statistics by saving a last seen timestamp for users #4802
• Render HTML in atom user feed #4835
• Fix plaintext mode of Mentionable #4831
• Fixed Atom Feed Error if reshared Post is deleted #4841
• Show hovercards in the notification drop-down for users on the same pod #4843
• The photo stream no longer repeats after the last photo #4787
• Fix avatar alignment for hovercards in the notifications dropdown #4853
• Do not parse hashtags inside Markdown links #4856
• Restore comment textarea content after revealing more comments #4858
• OpenGraph: don't make description into links #4708
• Don't cut off long tags in stream posts #4878
• Do not replace earlier appearances of the name while mentioning somebody #4882
• Catch exceptions when trying to decode an invalid URI #4889
• Redirect to the stream when switching the mobile publisher to desktop #4917
• Parsing mention witch contain in username special characters #4919
• Do not show your own hovercard #4758
• Hit Nominatim via https #4968

Features

• You can report a single post or comment by clicking the correct icon in the controler section #4517 #4781
• Add permalinks for comments #4577
• New menu for the mobile version #4673
• Added comment count to statistic to enable calculations of posts/comments ratios #4799
• Add filters to notifications controller #4814
• Activate hovercards in SPV and conversations #4870
• Added possibility to conduct polls #4861 #4894 #4897 #4899

• Bump Rails to 3.2.17, fixes CVE-2014-0081, CVE-2014-0082. For more information see http://weblog.rubyonrails.org/2014/2/18/Rails_3_2_17_4_0_3_and_4_1_0_beta2_have_been_released/

0.3.0.2

Bug fixes

• Use youtube HTTPS scheme for oEmbed #4743
• Fix infinite scroll on aspect streams #4729
• Fix hovercards #4782
• Bump kaminari to fix admin panel #4714

0.3.0.1

Bug fixes

• Fix regression caused by using after_commit with nested '#save' which lead to an infinite recursion #4715

0.3.0.0

Pod statistics

A new feature has been added to allow pods to report extra statistics. Automatically after this code change, the route /statistics.json contains some basic data that was also available before via page headers (pod name, version, status of signups). But also, optionally podmins can enable user and post counts in the diaspora.yml configuration file. The counts are by default switched off, so if you want to report the total user, active user and local post counts, please edit your diaspora.yml configuration with the example values in diaspora.yml.example and uncomment the required lines as indicated.

Ruby 2.0

We now recommend using Ruby 2.0 with Diaspora. If you're using RVM make sure to run:

rvm get stable
rvm install 2.0.0
cd ~/diaspora
git pull
cd - && cd ..

For more details see https://wiki.diasporafoundation.org/Updating

Refactor

• Remove old SPV code #4612
• Move non-model federation stuff into lib/ #4363
• Build a color palette to uniform color usage #4437 #4469 #4479
• Rename bitcoin_wallet_id setting to bitcoin_address #4485
• Batch insert posts into stream collection for a small speedup #4341
• Ported fileuploader to Backbone and refactored publisher views #4480
• Refactor 404.html, fix #4078
• Remove the (now useless) last post link from the user profile. #4540
• Refactor ConversationsController, move query building to User model. #4547
• Refactor the Twitter service model #4387
• Refactor ConversationsController#create, move more stuff to User model #4551
• Refactor MessagesController#create, move stuff to User model #4556
• Reorder the left bar side menu to put the stream first #4569
• Improve notifications and conversations views design on mobile #4593
• Slight redesign of mobile publisher #4604
• Port conversations to Bootstrap #4622
• Remove participants popover and improve conversations menu #4644

Bug fixes

• Highlight down arrow at the user menu on hover #4441
• Make invite code input width consistent across browsers #4448
• Fix style of contacts in profile sidebar #4451
• Fix profile mobile when logged out #4464
• Fix preview with more than one mention #4450
• Fix size of images in the SPV #4471
• Adjust 404 message description to not leak logged out users if a post exists or not #4477
• Make I18n system more robust against missing keys in pluralization data
• Prevent overflow of too long strings in the single post view #4487
• Disable submit button in sign up form after submission to avoid email already exists error #4506
• Do not pull the 404 pages assets from Amazon S3 #4501
• Fix counter background does not cover more than 2 digits on profile #4499
• Fix commenting upon submission fail #4005
• Fix date color and alignment in the notifications dropdown #4502
• Add a white background to images shown in the lightbox #4475
• Refactor getting_started page, test if facebook is available, fix #4520
• Avoid publishing empty posts #4542
• Force comments sort order in mobile spv #4578
• Fix getting started page for mobile #4536
• Refactor mobile header, fix #4579
• Fix avatar display on mobile profile #4591
• Add lightbox to unauthenticated header, fix #4432
• Fix "more picture" indication (+n) on mobile by adding a link on the indication #4592
• Display errors when photo upload fails #4509
• Fix posting to Twitter by correctly catching exception #4627
• Change "Show n more comments"-link, fix #3119
• Specify Firefox version for Travis-CI #4623
• Remove location when publisher is cleared by user
• On signup form errors, don't empty previous values by user, fix #4663
• Remove background from badges in header #4692

Features

• Add oEmbed content to the mobile view #4343
• One click to select the invite URL #4447
• Disable "mark all as read" link if all notifications are read #4463
• Collapse aspect list and tag followings list when switching to other views #4462
• Highlight current stream in left sidebar #4445
• Added ignore user icon on user profile #4417
• Improve the management of the contacts visibility settings in an aspect #4567
• Add actions on aspects on the contact page #4570
• Added a statistics route with general pod information, and if enabled in pod settings, total user, half year/monthly active users and local post counts #4602
• Add indication about markdown formatting in the publisher #4589
• Add captcha to signup form #4659
• Update Underscore.js 1.3.1 to 1.5.2, update Backbone.js 0.9.2 to 1.1.0 #4662

Gem updates

Added:

• atomic (1.1.14)
• bcrypt-ruby (3.1.2)
• backbone-on-rails (1.1.0.0)
• devise thread_safe (0.1)
• eco (1.0.0)
• eco-source (1.1.0.rc.1)
• ejs (1.1.1)
• galetahub-simple_captcha (0.1.5)
• thread_safe (0.1.3)
• zip-zip (0.2)

Removed:

• bcrypt-ruby
• rb-kqueue
• slim
• temple

Updated:

• acts_as_api 0.4.1 -> 0.4.2
• capybara 2.1.0 -> 2.2.1
• celluloid (0.13.0 -> 0.15.2
• chunky_png 1.2.8 -> 1.2.9
• client_side_validations 3.2.5 -> 3.2.6
• coderay 1.0.9 -> 1.1.0
• connection_pool 1.0.0 -> 1.2.0
• crack 0.4.0 -> 0.4.1
• cucumber 1.3.5 -> 1.3.10
• cucumber-rails 1.3.1 -> 1.4.0
• database_cleaner 1.1.0 -> 1.2.0
• devise 3.0.2 -> 3.2.2
• diff-lcs 1.2.4 -> 1.2.5
• ethon 0.5.12 -> 0.6.2
• excon 0.25.3 -> 0.31.0
• factory_girl 4.2.0 -> 4.3.0
• factory_girl_rails 4.2.0 -> 4.3.0
• faraday 0.8.8 -> 0.8.9
• ffi 1.9.0 -> 1.9.3
• fog 1.14.0 -> 1.19.0
• foreigner 1.4.2 -> 1.6.1
• fuubar 1.1.1 -> 1.3.2
• gherkin 2.12.0 -> 2.12.2
• guard 1.8.2 -> 2.2.5
• guard-cucumber 1.4.0 -> 1.4.1
• guard-rspec 3.0.2 -> 4.2.4
• haml 4.0.3 -> 4.0.5
• i18n-inflector-rails 1.0.6 -> 1.0.7
• json 1.8.0 -> 1.8.1
• jwt 0.1.8 -> 0.1.10
• kaminari 0.14.1 -> 0.15.0
• kgio 2.8.0 -> 2.8.1
• listen 1.2.2 -> 2.4.0
• mini_magick 3.6.0 -> 3.7.0
• mini_profile 0.5.1 -> 0.5.2
• mobile-fu 1.2.1 -> 1.2.2
• multi_json 1.7.9 -> 1.8.4
• multi_test 0.0.2 -> 0.0.3
• mysql2 0.3.13 -> 0.3.14
• net-ssh 2.6.8 -> 2.7.0
• nokogiri 1.6.0 -> 1.6.1
• omniauth-facebook 1.4.1 -> 1.6.0
• omniauth-twitter 1.0.0 -> 1.0.1
• orm_adapter 0.4.0 -> 0.5.0
• pry 0.9.12.2 -> 0.9.12.4
• rack-google-analytics 0.11.0 -> 0.14.0
• rack-rewrite 1.3.3 -> 1.5.0
• rails_autolink 1.1.0 -> 1.1.5
• raindrops 0.11.0 -> 0.12.0
• rake 10.1.0 -> 10.1.1
• rb-fsevent 0.9.3 -> 0.9.4
• rb-inotify 0.9.0 -> 0.9.3
• redis 3.0.4 -> 3.0.6
• redis-namespace 1.3.0 -> 1.4.1
• rspec 2.13.0 -> 2.14.1
• rspec-core 2.13.1 -> 2.14.7
• rspec-expectations 2.13.0 -> 2.14.4
• rspec-mocks 2.13.1 -> 2.14.4
• rspec-rails 2.13.2 -> 2.14.1
• ruby-oembed 0.8.8 -> 0.8.9
• ruby-progressbar 1.1.1 -> 1.4.0
• selenium-webdriver 2.34.0 -> 2.39.0
• sidekiq 2.11.1 -> 2.17.2
• slop 3.4.6 -> 3.4.7
• spork 1.0.0rc3 -> 1.0.0rc4
• strong_parameters 0.2.1 -> 0.2.2
• test_after_commit 0.2.0 -> 0.2.2
• timers 1.0.0 -> 1.1.0
• timecop 0.6.1 -> 0.7.1
• typhoeus 0.6.3 -> 0.6.7
• unicorn 4.6.3 -> 4.8.0
• webmock 1.13.0 -> 1.16.1
• will_paginate 3.0.4 -> 3.0.5

• Bump rails to version 3.2.16, fixes several security issues, see http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
• Bump recommended Ruby version to 1.9.3-p484, see https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/

Start versioning diaspora*

New configuration system!

Copy over config/diaspora.yml.example to config/diaspora.yml and migrate your settings! An updated Heroku guide including basic hints on howto migrate is here.

The new configuration system allows all possible settings to be overriden by environment variables. This makes it possible to deploy heroku without checking any credentials into git. Read the top of config/diaspora.yml.example for an explanation on how to convert the setting names to environment variables.

Environment variable changes:

deprectated

• REDISTOGO_URL in favour of REDIS_URL or ENVIRONMENT_REDIS

removed

• application_yml - Obsolete, all settings are settable via environment variables now

renamed

• SINGLE_PROCESS_MODE -> ENVIRONMENT_SINGLE_PROCESS_MODE
• SINGLE_PROCESS -> ENVIRONMENT_SINGLE_PROCESS_MODE
• NO_SSL -> ENVIRONMENT_REQUIRE_SSL
• ASSET_HOST -> ENVIRONMENT_ASSETS_HOST

Gem changes

Updated gems

• omniauth-tumblr 1.0 -> 1.1
• rails_admin git -> 0.1.1
• activerecord-import 0.2.10 -> 0.2.11
• fog 1.4.0 -> 1.6.0
• asset_sync 0.4.2 -> 0.5.0
• jquery-rails 2.0.2 -> 2.1.3

Removed gems

The following gems and their related files were removed as they aren't widely enough used to justify maintenance for them by the core developers. If you use them please maintain them in your fork.

• airbrake
• newrelic_rpm
• rpm_contrib
• heroku_san

The following gems were removed because their are neither used in daily development or are just CLI tools that aren't required to be loaded from the code:

• heroku
• oink
• yard

Publisher

Refactoring of the JavaScript code; it is now completely rewritten to make use of Backbone.js.
This paves the way for future improvements such as post preview or edit toolbar/help.

Removal of 'beta' code

The feature-flag on users and all the code in connection with experimental UX changes got removed/reverted. Those are the parts that became Makr.io.
The single-post view will also be revamped/reverted, but that didn't make it into this release.

JS lib updates

Cleanup in maintenance scripts and automated build environment

• Fix syntax error in French Javascript pluralization rule.

Fix exception when the root of a reshare of a reshare got deleted #3546

Refactor

script/server

• Uses foreman now
• Reduce startup time by reducing calls to script/get_config.rb
• config/script_server.yml is removed and replaced by the server section in config/diaspora.yml
  Have a look at the updated example!
• Thin is dropped in favour of unicorn
• Already set versions of RAILS_ENV and DB are now prefered over those set in config/diaspora.yml
• Heroku setups: ENVIRONMENT_UNICORN_EMBED_RESQUE_WORKER got renamed to SERVER_EMBED_RESQUE_WORKER

Other

• MessagesController. #3657
• Fixed setting: follow_diasporahq has now to be set to true to enable following the DiasporaHQ account. Was false
• Removal of some bash-/linux-isms from most of the scripts, rework of 'script/install.sh' output methods. #3679

Features

• Add "My Activity" icon mobile -Author Icon-. #3687
• Add password_confirmation field to registration page. #3647
• When posting to Twitter, behaviour changed so that URL to post will only be added to the post when length exceeds 140 chars or post contains uploaded photos.
• Remove markdown formatting from post message when posting to Facebook or Twitter.

Bug Fixes

• Fix missing X-Frame headers #3739
• Fix image path for padlocks #3682
• Fix posting to Facebook and Tumblr. Have a look at the updated services guide for new Facebook instructions.
• Fix overflow button in mobile reset password. #3697
• Fix issue with interacted_at in post fetcher. #3607
• Fix error with show post Community Spotlight. #3658
• Fix javascripts problem with read/unread notifications. #3656
• Fix error with open/close registrations. #3649
• Fix javascripts error in invitations facebox. #3638
• Fix css overflow problem in aspect dropdown on welcome page. #3637
• Fix empty page after authenticating with other services. #3693
• Fix posting public posts to Facebook. #2882, #3650
• Fix error with invite link box shows on search results page even if invites have been turned off. #3708
• Fix misconfiguration of Devise to allow the session to be remembered. #3472
• Fix problem with show reshares_count in stream. #3700
• Fix error with notifications count in mobile. #3721
• Fix conversation unread message count bug. #2321

Gem updates

• bootstrap-sass 2.1.0.0 -> 2.1.1.0
• capybara 1.1.2 -> 1.1.3
• carrierwave 0.6.2 -> 0.7.1
• client_side_validations 3.1.4 -> 3.2.1
• database_cleaner 0.8 -> 0.9.1
• faraday_middleware 0.8.8 -> 0.9.0
• foreman 0.59 -> 0.60.2
• fuubar 1.0.0 -> 1.1.0
• debugger 1.2.0 -> 1.2.1
• gon 4.0.0 -> 4.0.1
• guard
  • guard-cucumber 1.0.0 -> 1.2.2
  • guard-rspec 0.7.3 -> 2.1.1
  • guard-spork 0.8.0 -> 1.2.3
  • rb-inotify -> 0.8.8, new dependency
• handlebars_assets 0.6.5 -> 0.6.6
• omniauth-facebook 1.3.0 -> 1.4.1
• omniauth-twitter 0.0.11 -> 0.0.13
• rails_admin 0.1.1 -> 0.2.0
• rails-i18n -> 0.7.0
• rack-rewrite 1.2.1 -> 1.3.1
• redcarpet 2.1.1 -> 2.2.2
• resque 1.22.0 -> 1.23.0
• rspec-rails 2.11.0, 2.11.4
• selenium-webdriver 2.25.0 -> 2.26.0
• timecop 0.5.1 -> 0.5.3
• twitter 2.0.2 -> 4.2.0
• unicorn 4.3.1 -> 4.4.0, now default
• webmock 1.8.10 -> 1.8.11

And their dependencies.

• Upgrade to Rails 3.2.10 as per CVE-2012-5664. Read more

• Upgrade to Rails 3.2.11 (CVE-2012-0155, CVE-2012-0156). Read more

• Upgrade to Devise 2.1.3 Read more