A privacy-aware, distributed, open source social network.
AGPL-3.0 License
Bot releases are visible (Hide)
Diaspora* now uses TOML for the configuration file. We recommend you to migrate to this new format, as with the next major release (1.0) diaspora* will no longer read the YAML based configuration file at config/diaspora.yml
. To do so, please copy config/diaspora.toml.example
to config/diaspora.toml
and migrate your configuration.
With the release of diaspora* Version 0.9, we now officially support building applications on top of the diaspora* API! Please check out the official API documentation for instructions, and please do file bugs if you notice something that could be improved!
We are looking forward to seeing many creative applications!
After a discussion with our community on Discourse, we decided to remove the pieces of XMPP chat integration that were put in place a while ago. When we first added the chat support, we merged the implementation in an unfinished state in the hopes that the open issues will be addressed eventually, and the implementation would end up more polished. This ended up not being the case. After careful consideration and discussion, we did not manage to come up with clear reasons why we need a chat implementation, so we decided that the best way forward would be to remove it.
Although the chat was never enabled per default and was marked as experimental, some production pods did set up the integration and offered an XMPP service to their users. After this release, diaspora* will no longer contain a chat applet, so users will no longer be able to use the webchat inside diaspora*. The existing module that is used to enable users to authenticate to Prosody using their diaspora* credentials will continue to work, but contact list synchronization might not work without further changes to the Prosody module, which is developed independently from this project.
With this release, we switched from unicorn
to puma
to run our applications. For podmins running the default setup, this should significantly reduce memory usage, with similar or even better frontend performance! However, as great as this change is, some configuration changes are required.
single_process_mode
and embed_sidekiq_worker
configurations have been removed. This mode was never truly a "single-process" mode, as it just spawned the Background Workers inside the runserver. If you're using script/server
to start your pod, this change does not impact you, but if you're running diaspora* using other means, and you relied on this "single"-process mode, please ensure that Sidekiq workers get started.listen
configuration has changed. If you have not set that field in your configuration, you can skip this. Otherwise, make sure to adjust your configuration accordingly:
unix:tmp/diaspora.sock
into unix://tmp/diaspora.sock
.unix:/run/diaspora/diaspora.sock
to unix:///run/diaspora/diaspora.sock
.127.0.0.1:3000
to tcp://127.0.0.1:3000
.PORT
environment variable and the -p
parameter to script/server
have been removed. If you used that to run diaspora* on a non-standard port, please use the listen
configuration.unicorn_worker
configuration has been dropped. With Puma, there should not be a need to increase the number of workers above a single worker in any pod of any size.unicorn_timeout
configuration has been renamed to web_timeout
.script/server
, you have to update your setup. If you previously called bin/bundle exec unicorn -c config/unicorn.rb
to run diaspora*, you now have to run bin/puma -C config/puma.rb
! Please update your systemd-Units or similar accordingly.We use yarn to install the frontend dependencies now, so you need to have that installed. See here for how to install it: https://yarnpkg.com/en/docs/install
We recommend setting up new pods using Ruby 3.3, and updating existing pods to this version as well. Ruby 2.7 is EOL and no longer supported.
If you're currently running your production pod with ./script/server
in a tmux or something similar, please be careful. We made some internal changes that result in the script no longer automatically restarting the server if it crashes - instead, it will just shut down. We strongly recommend running your pod using your system's unit manager, for example with this systemd unit.
factory_girl
with factory_bot
#8218
diaspora_federation
, remove support for old federation protocol #8368
therubyracer
#8337
unicorn
with puma
#8392
strip_exif
flag and always remove exif data from uploaded images #8417
apparition
with cuprite
#8418
i18n-inflector-rails
for translations #8420
lower(name)
index on tags to speed up ActsAsTaggableOn #8206
Published by denschub over 1 year ago
This release addresses possible security issues when processing images uploaded by users that is affecting some system configurations.
This fix was heavily inspired by Mastodon's fix for GHSA-9928-3cp5-93fm, and while diaspora*s attack surface is significantly smaller and some operating systems do ship a restrictive ImageMagick policy, this release makes sure that everyone is safe.
Thank you Cure53 for finding this issue, thank you Mozilla for paying Cure53 to look into it, and thanks for Mastodon for fixing it.
Published by SuperTux88 about 2 years ago
Published by SuperTux88 about 2 years ago
assets:precompile
a lot #8362
rvm install 2.7
. #8366
/.well-known/host-meta
, check for /.well-known/nodeinfo
instead #8377
Published by denschub over 2 years ago
Published by SuperTux88 over 2 years ago
chat_enabled
flag from archive export #8265
AccountMigration
if receiving message to a migrated account #8288
Published by jhass over 3 years ago
http://
links in the UI with their https://
counterparts #8207
Photo#ownserhip_of_status_message
validation #8214
Published by denschub over 4 years ago
rvm install 2.6
. #7929
Published by SuperTux88 over 4 years ago
Published by SuperTux88 over 5 years ago
Published by SuperTux88 over 5 years ago
Published by SuperTux88 over 5 years ago
Published by SuperTux88 almost 6 years ago
Published by SuperTux88 almost 6 years ago
web+diaspora://
handler description #7909
Published by SuperTux88 almost 6 years ago
Fixes a potential cross-site scripting issue with maliciously crafted OpenGraph metadata on the mobile interface.
Published by denschub about 6 years ago
statistic.json
#7867
database.yml.example
to fields that may contain special characters #7875
script/configure_bundler
#7830
web+diaspora://
link handler #7826
Published by SuperTux88 over 6 years ago
poll_id
and author_id
#7798
Published by SuperTux88 over 6 years ago
Published by SuperTux88 over 6 years ago
Fixes a possible cross-site scripting issue with maliciously crafted OpenGraph metadata.
Published by SuperTux88 over 6 years ago