mobilizon/CHANGELOG.md

148 KiB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

4.0.2 (2023-12-07)

Security issues

This release fixes different security issues reported by the potsda.mn collective. Please make sure to upgrade as soon as possible.

Fixed

  • Fixes XSS issues in notifier and participant and event contacts list formatting
  • fix(front-end): add more security fixes for formatted lists and notifier (1af8e37)

4.0.1 (2023-12-07)

Security issues

This release fixes different security issues reported by the potsda.mn collective. Please make sure to upgrade as soon as possible.

Added

  • Added a CLI task to test if emails configuration works properly

Fixed

  • Fixes XSS issues in groups descriptions, report contents, messages from anonymous participations and resources descriptions
  • Fixes Docker configuration that prevented the image to launch

Changed

  • Added back Debian Buster builds

Complete changelog

  • build(packages): add back Debian Buster as it seems people are still using it (795ef24)
  • build(packages): remove alpine packages as there's no demand for it (0caaf2b)
  • Translated using Weblate (Croatian) (9c88fae)
  • Translated using Weblate (Croatian) (623f4ee)
  • Translated using Weblate (Croatian) (1162dd0)
  • Translated using Weblate (Galician) (97c53bb)
  • Translated using Weblate (Galician) (e08b057)
  • Translated using Weblate (Galician) (ec5e436)
  • Translated using Weblate (Korean) (1a1ad52)
  • Translated using Weblate (Korean) (7b4c31d)
  • fix: always consider report content as text (ffff379)
  • fix: sanitize descriptions from resources (dc6647f)
  • fix(config): fix setting path for Mobilizon.Service.SiteMap (7d725bd)
  • fix(docker): fix getting configuration value from env MOBILIZON_SMTP_TLS (28063bd), closes #1381
  • fix(docker): fix getting default value for MOBILIZON_SMTP_SSL env (126727b)
  • fix(docker): use separate env for tzdata dir path (9907f88)
  • fix(emails): use tls_certificate_check to add tls config for mailer (db38550)
  • fix(front): anonymous participant text is plain text, avoid using v-html (2c12fbf)
  • fix(front): fix editing group (935799f)
  • fix(front): fix XSS because of bad operations when setting the group's summary (ded59be)
  • fix(front): put correct value for CONVERSATION_LIST enum value (94bf2e5)
  • fix(graphql): set default value for resource type parameter (09f4132)
  • feat(cli): add command to test emails send correctly (7210f86)
  • feat(docker): allow to configure loglevel at runtime through env variable (4855af8)
  • test: add new tests for XSS in actors summary (58e50e3)
  • style: linting front-end (41227d9)
  • refactor(activitypub): handle failure finding public key in actor keys (5b337f9)

4.0.0 (2023-12-05)

Breaking changes

Release (binary package) installations

  • We now produce packages for different distributions targets (Debian Bookworm, Debian Bullseye, Ubuntu Jammy, Ubuntu Focal, Ubuntu Bionic, Fedora 38 and Fedora 39). Be sure to pick the right one for your system, as there can be issues with OpenSSL versions differing from inside the Mobilizon package and on your system.
  • The https://joinmobilizon.org/latest-package URL now links to the latest package builded against Debian Bookworm. Make sure to follow the documentation if you're not using this.
  • There's also an arm64 package build on Debian Bullseye for now.

Source installations

  • Elixir 15 is now required
  • The content of the js directory is now at the root of the repository, so you don't need to cd js anymore
  • No need for yarn anymore, simply use npm instead for npm i and npm run build

New features

  • Event organizers and groups can be contacted through private messages (including PMs from 3rd-party micro-blogging fediverse services)
  • Event organizers can send private announcements to event participants (approved or not)

Improvements

  • Anonymous participation e-mails now contain links to cancel your participation
  • ActivityPub improvements for compatibility with https://event-federation.eu
  • ICS export fixes for descriptions and adding event status

Changes since 4.0.0-rc.1

  • refactor: to lower cyclomatic complexity (147096c)
  • fix(activitypub): compact ical:status in activitystream data (5e8f9af), closes #1378
  • fix(activitypub): fix receiving comments (f1084c1)
  • fix(backend): handle ecto errors when fetching and create entities (89d1ee4)
  • fix(front): fix tag loading (f81472e)
  • fix(front): make recipient field placeholder translatable (10ce812)
  • fix(front): only show participants & announcements menu items to organizers (c4d2ec6)
  • Translated using Weblate (Croatian) (a26ff98)
  • Translated using Weblate (Croatian) (1683f01)
  • Translated using Weblate (Croatian) (aa7f870)
  • Translated using Weblate (Croatian) (1ce34ea)
  • Translated using Weblate (Croatian) (5e7edc0)
  • Translated using Weblate (Croatian) (d777d88)
  • Translated using Weblate (Croatian) (0118d97)
  • Translated using Weblate (Croatian) (805e931)

4.0.0-rc.1 (2023-12-04)

  • fix: prevent sending group physical address if it's empty and allow empty text for timezone (32caebb), closes #1357
  • fix(activitypub): add missing externalParticipationUrl context (8795576), closes #1376
  • fix(backend): only send suspension notification emails when actor's suspended and not just deleted (9e41bc1)
  • docs(nginx): improve nginx configuration (6c992ca)

4.0.0-beta.2 (2023-12-01)

  • test: fix tests using verified routes (5fcf3d5)
  • feat: add links to cancel anonymous participations in emails (9e6b232)
  • feat(background): add a job to refresh participant stats (11e42d6)
  • feat(front): add dedicated page and route for event announcements (d831dff)
  • chore(i18n): update backend translations (6df16ef)
  • fix: fix creating participant stats (3f2a88f)
  • refactor: use Phoenix verified routes (b315e1d)

4.0.0-beta.1 (2023-11-30)

  • fix: add a final fallback if we have default_language: nil in instance config (cd53062)
  • fix: build pictures at correct location and fix Plug.Static (3c288c5)
  • fix: don't show passed/finished events in related events section (69e4a5c)
  • fix: fix Dockerfile copying assets path (16cd377)
  • fix: normalize suggested username (4960387)
  • fix: set correct watcher config for E2E tests (f47889b)
  • fix: various fixes (b635937)
  • fix(announcements): load group announcements (7ef85fe)
  • fix(api): allow localhost as a valid uri host for applications (49b070d)
  • fix(api): fix allowing posting event private announcement (1831495)
  • fix(docker): add sitemap folder (bd38449)
  • fix(docker): allow to configure SMTP TLS (2ecdf05)
  • fix(docker): convert smtp tls sni to char list (b3be7c6)
  • fix(export): fix iCalendar export description HTML conversion (d7daafc), closes #888
  • fix(front): hide all categories card if we don't have even one (5e86ef1)
  • fix(histoire): fix URL to Framapiaf avatars (0613f7f)
  • fix(i18n): fix typos in translation sources (2ecd55d)
  • fix(i18n): update spanish translations (cfebc35)
  • add simplified Chinese mapping (02af9a4)
  • Added translation using Weblate (Korean) (a11fab6)
  • Added translation using Weblate (Korean) (c529a83)
  • Added translation using Weblate (Tatar) (cefdaf8)
  • Fix docker development: (9705978)
  • fix fullAddressAutocomplete component not loading results (83da88c)
  • Fix typo in ctl help text (495d163)
  • Fix typos (66e89b9)
  • introduce VITE_HOST env var and pass it to the node watcher vite --host (bfb7e3c)
  • remove unnecessary function (8a1b122)
  • resolve result promise in a shorter way (f81804d)
  • Translated using Weblate (Croatian) (e510e09)
  • Translated using Weblate (Czech) (d702ca2)
  • Translated using Weblate (Czech) (9224f89)
  • Translated using Weblate (Czech) (c14dffb)
  • Translated using Weblate (Czech) (a7d70d5)
  • Translated using Weblate (French) (c7ba003)
  • Translated using Weblate (German) (7732f87)
  • Translated using Weblate (Indonesian) (d065193)
  • Translated using Weblate (Italian) (b5e9f62)
  • Translated using Weblate (Italian) (e8e1a62)
  • Translated using Weblate (Italian) (84fc175)
  • Translated using Weblate (Italian) (5b64388)
  • Translated using Weblate (Italian) (5e3dedb)
  • Translated using Weblate (Italian) (afe4dd2)
  • Translated using Weblate (Italian) (fa0ae83)
  • Translated using Weblate (Italian) (181a5a7)
  • Translated using Weblate (Italian) (827caa3)
  • Translated using Weblate (Italian) (d08d350)
  • Translated using Weblate (Italian) (e9d38c2)
  • Translated using Weblate (Italian) (a4578f3)
  • Translated using Weblate (Polish) (d62c31e)
  • Translated using Weblate (Polish) (a8ea217)
  • Translated using Weblate (Polish) (42537af)
  • Translated using Weblate (Polish) (fb0a74e)
  • Translated using Weblate (Polish) (2458076)
  • Translated using Weblate (Polish) (46ffc8c)
  • Translated using Weblate (Polish) (f0d7807)
  • Translated using Weblate (Portuguese (Brazil)) (9f78c73)
  • Translated using Weblate (Portuguese (Brazil)) (802ab78)
  • Translated using Weblate (Spanish) (ee5ee8d)
  • Translated using Weblate (Spanish) (66c49e4)
  • Translated using Weblate (Tatar) (ba5f8f8)
  • Update translation files (9aa9cd2)
  • WIP (b5672ce)
  • build: downgrade Sentry since it doesn't want to compile (b2bacbf)
  • build: only run ecto create & migrate & tz_world update on prepare_test task, not main test one (8d11073)
  • build: replace @pluralsh/socket with @framasoft/socket (435bd9d)
  • build: replace @vueuse/head with @unhead/vue (5602164)
  • build: switch from yarn to npm to manage js dependencies and move js contents to root (2e72f6f)
  • build(deps): replace absinthe socket library with fork (ec397aa)
  • build(docker): optimize image size (f34099d), closes #1012
  • ci: bump node version in CI (3205512)
  • ci: fix handling pages deploy with existing public folder (1228ec1)
  • ci: install python3 instead of python (5d65981)
  • ci: Release on multiple distributions & fix Docker multiple-step build (262d1fc)
  • test: fix ActivityPub headers test (f248660)
  • test: fix front-end tests (105d3b5)
  • test: fix histoire configuration (bfbc299)
  • test: fix tests (c731f0f)
  • test: fix unit backend tests (e051df1)
  • chore: fix prettier configuration and run it (c255cea)
  • chore: update Sobelow security ignores (1d0398d)
  • chore: upgrade deps (99c80c6)
  • chore(deps): update geo_postgis to 3.5.0 for Elixir 1.15 compat (3936eb4)
  • chore(deps): upgrade dependencies (3d9beaa)
  • chore(i18n): add missing translation key (6ecfa48)
  • chore(i18n): update gettext dependency and regenerate translation files (d7ad934)
  • chore(i18n): update translation templates (70e9ce0)
  • refactor: use dedicated email for event announcements (b97f1c9)
  • docs(dev.md): keep some info about structure (d130b15)
  • feat(export): add event status in iCalendar exports (7a1bfca)
  • feat(federation): expose public activities as announcements in relay outbx & rfrsh profile aftr fllw (85e4715)

3.2.0 (2023-09-07)

Features

  • cli: allow the mobilizon.users.delete command to delete multiple users by email domain or ip (bc50ab6)
  • export: add date of participant creation in participant exports (fef60ed), closes #1343
  • notifications: add missing notifications when an user registers to an event (da532c7), closes #1344
  • reports: allow reports to hold multiple events (f2ac3e2)
  • reports: allow to suspend a profile or a user account directly from the report view (69588db)
  • reports: improve reportview and allow removing content + resolve report automatically (b105c50)
  • reports: show suspended status next to reported profile (b9a165a)
  • Add option to link an external registration provider for events (2de6937)
  • back: add admin setting to disable external event feature (f6611e8)
  • improve group creation view 3f601748
  • auth: pre-initialize registration fields with information from 3rd-party provider (7e49345), closes #1105

Bug Fixes

  • add inets and ssl to extra_applications in test env (af46bea)
  • apps: add missing app scopes (7e98097)
  • apps: make sure we can set status for an application token (1a6095d)
  • backend: fix config cache not being used everytime (ed3cd58)
  • backend: handle email not being sent when resending registration instructions (b2492a3)
  • create event time/date allignment (3de90a3)
  • docker: fix Qemu segfaulting on arm64 (8e3f90f), closes #1241 #1249
  • federation: fix getting pictures from Gruppe actors (7c5f8b2)
  • fix Elixir 1.15 depreciations (da70427)
  • fix some typescript issues with pwa (e351d3c)
  • front: avoid crashing if we don't have configuration data in time when in guard (7916261)
  • front: fix alignment of some input elements on event edition form (50695fc)
  • front: fix changing language not being saved to the user's settings (010a5e4)
  • front: fix comment not showing up when replying in a discussion (cc8f02d)
  • front: fix confirm anonymous participation (f99267c)
  • front: fix discussion edition panel always showing up (fee0e38)
  • front: fix display of participants list (c6b83c4)
  • front: fix map (8f84ba1), closes #1314
  • front: fix missing type causing eslint error (c76dba3)
  • front: fix selecting all participants in participant view (beef3ff)
  • front: fix showing error message when app to approve doesn't exist (12cbff1)
  • front: fix some alignment of some UI elements in mobile event view (8c313b5)
  • front: properly handle error when approving app (086d208)
  • front: properly handle post not found (8db31c9)
  • front: reduce horizontal padding on main element (f3c218f)
  • lint: fix lint after upgrades (60aceb4)
  • mail: fix sending mail on OTP26 (f54fff5), closes #1341
  • push: fix push subscriptions registration (fdf87ea)
  • pwa: improvements to the PWA configuration (04c5ac1)
  • reports: make front-end handle nullified reported_id and reported_id (afd2ffe)
  • reports: remove on delete cascade for reports (4f530ca)
  • front: fix behavior of local toggle for profiles & groups view depending on domain value (84f62cd)
  • i18n: add missing translations (af670f3)
  • back: allow any other type of actor to be suspended (92b222b)
  • back: only try to insert activities for groups (cfc9843)
  • front: don't return promise if result is not finished loading for tags (8c14ba4)
  • front: fix getting result from interactable object in InteractView (31b2d06)
  • docker: make Docker entrypoint port configurable via $MOBILIZON_DATABASE_PORT (13099e0)
  • front: fix fetching and rendering profile mentions and fetching tags (895378a)
  • sitemap: save generated sitemaps in configurable directory (f28109a), closes #1321
  • auth: small front fixes in 3rd-party auth provider callback (bde7206)
  • config: rollback Mailer tls setting to :never by default (3d63c12)
  • docker: fix entrypoint PostgreSQL extensions creations not using MOBILIZON_DATABASE_PORT (9b49918), closes #1321 #1321
  • front: fixes in EditIdentity view (7e13e2b)

3.2.0-beta.5 (2023-09-06)

Bug Fixes

  • docker: make Docker entrypoint port configurable via $MOBILIZON_DATABASE_PORT (13099e0)
  • front: fix fetching and rendering profile mentions and fetching tags (895378a)
  • sitemap: save generated sitemaps in configurable directory (f28109a), closes #1321

3.2.0-beta.4 (2023-09-05)

Bug Fixes

  • back: allow any other type of actor to be suspended (92b222b)
  • back: only try to insert activities for groups (cfc9843)
  • front: don't return promise if result is not finished loading for tags (8c14ba4)
  • front: fix getting result from interactable object in InteractView (31b2d06)

3.2.0-beta.3 (2023-09-04)

Bug Fixes

  • i18n: add missing translations (af670f3)

Features

  • Add option to link an external registration provider for events (2de6937)
  • back: add admin setting to disable external event feature (f6611e8)
  • improve group creation view 3f601748

3.2.0-beta.2 (2023-09-01)

Fixes a CI issue that prevented 3.2.0-beta.2 being released.

Bug Fixes

  • front: fix behavior of local toggle for profiles & groups view depending on domain value (84f62cd)

3.2.0-beta.1 (2023-09-01)

Features

  • cli: allow the mobilizon.users.delete command to delete multiple users by email domain or ip (bc50ab6)
  • export: add date of participant creation in participant exports (fef60ed), closes #1343
  • notifications: add missing notifications when an user registers to an event (da532c7), closes #1344
  • reports: allow reports to hold multiple events (f2ac3e2)
  • reports: allow to suspend a profile or a user account directly from the report view (69588db)
  • reports: improve reportview and allow removing content + resolve report automatically (b105c50)
  • reports: show suspended status next to reported profile (b9a165a)

Bug Fixes

  • add inets and ssl to extra_applications in test env (af46bea)
  • apps: add missing app scopes (7e98097)
  • apps: make sure we can set status for an application token (1a6095d)
  • backend: fix config cache not being used everytime (ed3cd58)
  • backend: handle email not being sent when resending registration instructions (b2492a3)
  • create event time/date allignment (3de90a3)
  • docker: fix Qemu segfaulting on arm64 (8e3f90f), closes #1241 #1249
  • federation: fix getting pictures from Gruppe actors (7c5f8b2)
  • fix Elixir 1.15 depreciations (da70427)
  • fix some typescript issues with pwa (e351d3c)
  • front: avoid crashing if we don't have configuration data in time when in guard (7916261)
  • front: fix alignment of some input elements on event edition form (50695fc)
  • front: fix changing language not being saved to the user's settings (010a5e4)
  • front: fix comment not showing up when replying in a discussion (cc8f02d)
  • front: fix confirm anonymous participation (f99267c)
  • front: fix discussion edition panel always showing up (fee0e38)
  • front: fix display of participants list (c6b83c4)
  • front: fix map (8f84ba1), closes #1314
  • front: fix missing type causing eslint error (c76dba3)
  • front: fix selecting all participants in participant view (beef3ff)
  • front: fix showing error message when app to approve doesn't exist (12cbff1)
  • front: fix some alignment of some UI elements in mobile event view (8c313b5)
  • front: properly handle error when approving app (086d208)
  • front: properly handle post not found (8db31c9)
  • front: reduce horizontal padding on main element (f3c218f)
  • lint: fix lint after upgrades (60aceb4)
  • mail: fix sending mail on OTP26 (f54fff5), closes #1341
  • push: fix push subscriptions registration (fdf87ea)
  • pwa: improvements to the PWA configuration (04c5ac1)
  • reports: make front-end handle nullified reported_id and reported_id (afd2ffe)
  • reports: remove on delete cascade for reports (4f530ca)

3.1.3 (2023-06-21)

Bug Fixes

  • groups: fix unauthenticated access to groups because of missing read:group:members permission (3714925), closes #1311

3.1.2 (2023-06-21)

Bug Fixes

  • activity settings: fix saving activity settings (6c1e1e9), closes #1251
  • apps: fix pruning old application device activations (dd00620)
  • backend: filter out nil tags before starting looking for existing ones (f04d2b9)
  • deps: fix compatibility with elixir-plug/mime 2.0.5 (d63999c)
  • discussions: handle changeset errors when updating discussion (ca06ec3)
  • exports: properly handle export format not being handled (a76b1ca)
  • federation: allow federated usernames with capitals (d502164)
  • federation: handle fetch_actor with a map (552ab4c)
  • federation: handle string values for tags when constructing mentions (2729d5e)
  • federation: ignore mentions from everything that's not a AP Person (56f341e)
  • federation: only refresh instances once a day (6745590)
  • federation: prevent fetching own relay actor (b981f91)
  • federation: restrict fetch_group first arg to binaries (e8d34b4)
  • federation: rotate relay keys on startup if missing private keys (5381eaa)
  • front: add missing title to Participants View page (a5a86a5)
  • front: fix displaying user activity settings checkboxes (8e21c30), closes #1251
  • front: fix wrong key name for dialog.confirm() option (c8f49e1)
  • front: fix wrong value for timezone when it has no prefix (2dd0e13), closes #1275
  • group: fix getting group members count (f749518), closes #1303
  • participant exports: fix participants by returning the export type as well as the file path (49b04c9)
  • participant: handle re-confirming participation (5cc5c99)

Features

  • graphql: validate timezone id as a GraphQL Scalar (845bb6a), closes #1299

3.1.1 (2023-06-02)

Features

  • anti-spam: allow to only scan for spam in profiles or events (c971287)

Bug Fixes

  • front: fix group settings getting unresponsive because of reactive bug (f1e119c), closes #1298
  • search: fix global search sorting (39e24c3), closes #1297

3.1.0 (2023-05-31)

Features

  • API: Allow to create apps, with permissions and both Authorization Code Flow and Device Flow
  • addresses: Allow to enter manual addresses (85d643d)
  • docker: Specify the folder where tzdata downloads data so that it can be used in a volume (4bb0625), closes #1280
  • spam: Introduce checking new accounts, events & comments for spam with the help of Akismet (317a343)
  • rate-limiting: Introduce rate-limiting on some endpoints (c07ba3a5)
  • front: improve padding on event tags (7fa452d)
  • front: make admin profile view linkable directly with parameters (08ce7e2)
  • front: make profile members link to profile on group admin view and the reverse (96129d2)
  • front: make profiles and group admin views default to local (3e0324d)
  • front: redirect user to homepage on disconnect when currently on private page (d5a6df9), closes #1278
  • front: show skeleton content on event view until the event is loaded (dc3b93f)
  • i18n: activate croatian language (94182ae)
  • i18n: activate japanese language (6bd8034), closes #1293
  • post: show post visibily in PostListItem component (ec7ca4d)

Bug Fixes

  • global-search: Add option values in debug log before calling global search service (8141bb0)
  • apps: Fix cleaning application data background job (aa20f69)
  • apps: Show message when the user doesn't have approved apps yet (e0ee9c1)
  • auth: Handle logging-in with disabled auth provider (a22a5e3)
  • backend: Fix Mobilizon.Events.list_participations_for_user_query/1 (bcf6fd8)
  • backend: Handle CLDR data having no standard property for a language (dbe2da7)
  • backend: Ignore group mentions for now (b5f106b)
  • back: Improve error message when requesting reset passwords and new instructions (1c1d0d4)
  • back: Replace NaiveDateTime uses with DateTime for consistency (8ea00e7)
  • back: Various small fixes in backend (2a57340)
  • bind pagination current prop (4bcf572)
  • federation: Account suspension should use actor in question as author and not relay actor (79b48da)
  • feeds: Only provide future events in ICS/Atom feeds (f3a4431), closes #1246
  • Fix type of variable in navbar (50ab531)
  • follow-instances: Show correct error message when trying to follow already following actor (d969c66)
  • front: Fix about sections titles (487f406)
  • front: Fix autocomplete attribute in o-inputitems after Oruga new version BC (d2ba732)
  • front: Fix behaviour when deleting an event from event list (cfd10ea)
  • front: Fix event list month order (63c9ed6), closes #1244
  • front: Fix instances list pagination (8543204), closes #1277
  • front: Fix pagination display on dark mode (4375438)
  • front: Fix style of My Events participations (35b07dc)
  • front: Focus report comment input in report modal (2c28312), closes #1236
  • front: Handle "Failed to fetch dynamically imported module" errors by refreshing the page (3d21a06)
  • front: Improve Delete account modal UI (c420bbc)
  • front: Improve resend inscription instructions view and show error when appropriate (5563052)
  • front: No cache-only for config (8dcb76c)
  • front: Small UI fixes on identity pickers (6faafd6)
  • i18n: Update translations (3b7dbcd)
  • map: Fix style of the map marker (c7b90cd)
  • map: Only show map details when needed (23b5e59)
  • map: Only show marker if we have it's position (f0cc5ff)
  • password-reset: Lower time before being available to reset password or resend instructions (73eb460)
  • search: Fix event search order (a4e7ee3)
  • typespec: Fix missing return type in typespec (2043c98)
  • Change the way preferredUsername is synced (a73e5a08)
  • datetimepicker: change colors for day & time selectors on dark mode (b18e8fd3)
  • Save IP and login date from directly registered accounts (1db5c4ae)
  • Make sure every cache is properly cleared when managing an event (f531c39b)
  • Add page title for Categories view (0775814e)
  • Fix notifications settings not working (31fd99bd)
  • discussionlistitem: remove unecessary parameter in vue router target (779812c)
  • emails: make sure group notification emails are only sent once per email (927e95f)
  • frontend: event edition UI improvements (0e14a36)
  • frontend: only show map on event edition when we have an address or we want to put in details (02867e6)
  • front: fix showing current group avatar & banners (20b4aaa)
  • front: fix showing current identity avatar & banners (d0f4721)
  • front: improve UI of the glossary page (d47b69d)
  • front: increase padding next to arrow down in <select> elements (94f186c)
  • front: remove cache-only for ABOUT GraphQL details on homepage (6858bcb)
  • front: remove leftover console.logs (6da0dba)
  • front: reset page number to 1 when search criteria changes (d73bafe), closes #1272
  • front: various UI improvements for group page (b097567)
  • graphql: fix calling GET_GROUP (2933ee0)
  • group: rephrase "Public Page" to "Announcements", as all posts are not necessary public (b0a564f), closes #900
  • i18n: fix Swedish translations error that prevented Participate button from showing up (643a5b5), closes #1281
  • rich media: fix error handling when resource preview URL leads to empty parsed data (850b4e2), closes #1279
  • sharepostmodal: only show the share warning message if the post is accessible by link (8e626dc)
  • apps: fix device flow authorization process (9a457fb)
  • apps: fix typo in redirect_uri parameter (5664625)
  • apps: show scope from device activation in authorize device view (c9d2074)
  • front: fix homepage event and groups cards snapping (8809db5)
  • front: fix selecting addresses in autocomplete (e0488dd)
  • include user role in moderator role (c4d6019)

3.1.0-rc.2 (2023-05-30)

Bug Fixes

  • apps: fix device flow authorization process (9a457fb)
  • apps: fix typo in redirect_uri parameter (5664625)
  • apps: show scope from device activation in authorize device view (c9d2074)
  • front: fix homepage event and groups cards snapping (8809db5)
  • front: fix selecting addresses in autocomplete (e0488dd)

3.1.0-rc.1 (2023-05-30)

Bug Fixes

  • discussionlistitem: remove unecessary parameter in vue router target (779812c)
  • emails: make sure group notification emails are only sent once per email (927e95f)
  • frontend: event edition UI improvements (0e14a36)
  • frontend: only show map on event edition when we have an address or we want to put in details (02867e6)
  • front: fix showing current group avatar & banners (20b4aaa)
  • front: fix showing current identity avatar & banners (d0f4721)
  • front: improve UI of the glossary page (d47b69d)
  • front: increase padding next to arrow down in <select> elements (94f186c)
  • front: remove cache-only for ABOUT GraphQL details on homepage (6858bcb)
  • front: remove leftover console.logs (6da0dba)
  • front: reset page number to 1 when search criteria changes (d73bafe), closes #1272
  • front: various UI improvements for group page (b097567)
  • graphql: fix calling GET_GROUP (2933ee0)
  • group: rephrase "Public Page" to "Announcements", as all posts are not necessary public (b0a564f), closes #900
  • i18n: fix Swedish translations error that prevented Participate button from showing up (643a5b5), closes #1281
  • rich media: fix error handling when resource preview URL leads to empty parsed data (850b4e2), closes #1279
  • sharepostmodal: only show the share warning message if the post is accessible by link (8e626dc)

Features

  • front: improve padding on event tags (7fa452d)
  • front: make admin profile view linkable directly with parameters (08ce7e2)
  • front: make profile members link to profile on group admin view and the reverse (96129d2)
  • front: make profiles and group admin views default to local (3e0324d)
  • front: redirect user to homepage on disconnect when currently on private page (d5a6df9), closes #1278
  • front: show skeleton content on event view until the event is loaded (dc3b93f)
  • i18n: activate croatian language (94182ae)
  • i18n: activate japanese language (6bd8034), closes #1293
  • post: show post visibily in PostListItem component (ec7ca4d)

3.1.0-beta.2 (2023-05-23)

Bug Fixes

  • include user role in moderator role (c4d6019)

3.1.0-beta.1 (2023-05-17)

Features

  • API: Allow to create apps, with permissions and both Authorization Code Flow and Device Flow
  • addresses: Allow to enter manual addresses (85d643d)
  • docker: Specify the folder where tzdata downloads data so that it can be used in a volume (4bb0625), closes #1280
  • spam: Introduce checking new accounts, events & comments for spam with the help of Akismet (317a343)
  • rate-limiting: Introduce rate-limiting on some endpoints (c07ba3a5)

Bug Fixes

  • global-search: Add option values in debug log before calling global search service (8141bb0)
  • apps: Fix cleaning application data background job (aa20f69)
  • apps: Show message when the user doesn't have approved apps yet (e0ee9c1)
  • auth: Handle logging-in with disabled auth provider (a22a5e3)
  • backend: Fix Mobilizon.Events.list_participations_for_user_query/1 (bcf6fd8)
  • backend: Handle CLDR data having no standard property for a language (dbe2da7)
  • backend: Ignore group mentions for now (b5f106b)
  • back: Improve error message when requesting reset passwords and new instructions (1c1d0d4)
  • back: Replace NaiveDateTime uses with DateTime for consistency (8ea00e7)
  • back: Various small fixes in backend (2a57340)
  • bind pagination current prop (4bcf572)
  • federation: Account suspension should use actor in question as author and not relay actor (79b48da)
  • feeds: Only provide future events in ICS/Atom feeds (f3a4431), closes #1246
  • Fix type of variable in navbar (50ab531)
  • follow-instances: Show correct error message when trying to follow already following actor (d969c66)
  • front: Fix about sections titles (487f406)
  • front: Fix autocomplete attribute in o-inputitems after Oruga new version BC (d2ba732)
  • front: Fix behaviour when deleting an event from event list (cfd10ea)
  • front: Fix event list month order (63c9ed6), closes #1244
  • front: Fix instances list pagination (8543204), closes #1277
  • front: Fix pagination display on dark mode (4375438)
  • front: Fix style of My Events participations (35b07dc)
  • front: Focus report comment input in report modal (2c28312), closes #1236
  • front: Handle "Failed to fetch dynamically imported module" errors by refreshing the page (3d21a06)
  • front: Improve Delete account modal UI (c420bbc)
  • front: Improve resend inscription instructions view and show error when appropriate (5563052)
  • front: No cache-only for config (8dcb76c)
  • front: Small UI fixes on identity pickers (6faafd6)
  • i18n: Update translations (3b7dbcd)
  • map: Fix style of the map marker (c7b90cd)
  • map: Only show map details when needed (23b5e59)
  • map: Only show marker if we have it's position (f0cc5ff)
  • password-reset: Lower time before being available to reset password or resend instructions (73eb460)
  • search: Fix event search order (a4e7ee3)
  • typespec: Fix missing return type in typespec (2043c98)
  • Change the way preferredUsername is synced (a73e5a08)
  • datetimepicker: change colors for day & time selectors on dark mode (b18e8fd3)
  • Save IP and login date from directly registered accounts (1db5c4ae)
  • Make sure every cache is properly cleared when managing an event (f531c39b)
  • Add page title for Categories view (0775814e)
  • Fix notifications settings not working (31fd99bd)

3.0.3 - 2022-12-22

Fixed

  • Add missing OpenSSL 1.1 in Docker image

3.0.2 - 2022-12-22

Fixed

  • Fix unfollowing group
  • Limit the size of the IP(v6) field in the user admin view
  • Fix terms and privacy view
  • Use the correct value of current locale
  • Fix editing group events as a group moderator
  • Consider timezone for start time also when end date is hidden
  • Fix loading group members in organizer picker
  • Fix changing email & password
  • Add missing icon
  • Fix instances filter
  • Fix logging from 3rd-party auth provider

3.0.1 - 2022-11-22

Fixed

  • Compatibility with Python 3.11 for exports that reply on Python code.
  • Formatting of fallback locales
  • Allow to specify database port for Docker configuration
  • Assets in production environment
  • Changing event uuid didn't change event data
  • Make sure maximumAttendeeCapacity is a number, not a string
  • Prevent AP collection page number being < 1
  • Fix approving/rejecting group members and followers
  • Fix 3rd-party auth links
  • Test Intl.ListFormat availability and add fallback
  • Set correct Content-Type on all AP endpoints
  • Don't notify group members & followers from new draft event
  • Register missing ExitToApp icon
  • Fix comment display

3.0.0 - 2022-11-08

Added

  • Add global search support, allowing to use https://search.joinmobilizon.org as a centralized event and group database
  • Add ability to filter search by categories and language
  • Add ability to explore search results on a map view
  • Add dark theme support and setting to toggle light/dark mode
  • Add categories view
  • Allow to disable non-SSO login
  • Support CSP report_uri, report_to and the Report-To and Reporting-Endpoints headers
  • Support for Elixir 1.14 and Erlang OTP 25.

Changed

  • Homepage has been redesigned
  • Search view has been redesigned
  • Internal illustration pictures are now only served using WebP.
  • Improved the pertinence of related events
  • Light front-end performance improvements
  • Various UI and A11Y fixes on the event page
  • Handle categories page being empty
  • UI improvements of comments
  • UI improvements of reports
  • Various UI improvement in event and group view
  • Add breadcrumb trail on Post view
  • Always lowercase the emails before trying to reset password
  • Make text editor heading level start at h3, h4, h5
  • Remove obscure reference to Douglas Adams
  • Don't inline phoenix manifest
  • Show a proper error message when failure to register to an event
  • Order categories by translated label
  • Show registration button also if registration allow list is used
  • Add logging for when cached iCalendar feed data can't be found
  • Add an error log when we try to update the relay actor
  • Lower loglevel of error when creating a new person
  • Add unique constraint on event URL
  • Allow to view more than 10 drafts events on my events view
  • Add CSP Policy for pictures
  • Don't treat notification for a deleted event as an error
  • Truncate resource description preview after 350 characters
  • Lower loglevel of resource insertion error
  • Resources and discussions views improvements
  • Add context to error when removing an upload file following actor suspension
  • Allow for resource providers to register a csp policy
  • Add loading="lazy" to some images, except categories in viewport
  • Add GraphQL operation name, user ID and actor name in logs
  • Add empty alt attribute to uploaded pictures (for now)
  • Allow release build failures in CI for all non-amd64 architectures
  • Increase timeout needed to build page
  • Handle nothing found by unsplash for location

Fixed

  • Fixed deleting actor when participations association is not preloaded
  • Fixed rendering JSON-LD for an event with a single address (no online location)
  • Address selector
  • Group location edition
  • Reconfigure plug at runtime with env
  • Fix global search term
  • Fix custom icons in metadata list
  • Handle unknown icon
  • Only preload svg pictures on homepage
  • Don't add empty search parameters to global search engine
  • Fix getting categories from global search engine
  • Remove unused deps
  • Only show one pagination bar when searching in both events & groups
  • Run build multiarch release on tags too
  • Don't start mobilizon server when running migrations
  • Run phx.digest before mix release
  • Fix event card background color behind picture
  • Fix position of the « no events found » message
  • Add distinct clause to search events
  • Fix showing past events on group page
  • Fix display of group invitations
  • Fix leaving a group
  • Fix group events order
  • Prevent loading group membership status before we get person information
  • Prefix setInterval with window
  • Fix fetching events with addresses that's not objects
  • Fix dashboard view
  • Fix anonymous & remote participation pages
  • Fix anonymous/remote participation button
  • Do not list drafts in upcoming / old events event if instance moderator
  • Make sure group is refreshed after action
  • Fix deleting person detached from user
  • Fix pagination number text color in dark theme
  • Fix post sharing URL
  • Fix current format status of text not displayed in text editor
  • Fix moving resources
  • Fix multiselect of resources
  • Properly handle un-needed background jobs
  • Properly handle replying to an event that has been deleted
  • Propertly handle other errors when receiving a comment
  • Fix event integrations
  • Prevent loading authorized groups when current actor isn't loading in OrganizerPickerWrapper
  • Fix building CSP policy
  • Fix event map view
  • Various front-end fixes
  • Handle error when fetching object from tombstone
  • Fixed upcoming event groups display on homepage view
  • Fixed Ecto Dev warning on compilation
  • Adapt white parts in Mobilizon logo to current color
  • Register missing BellOutline and BellOffOutline icons
  • Don't load group status when unlogged
  • Fix order of useHead registration on JoinGroupWithAccount view
  • Fix profile@instance translation
  • Handle :http_not_found as an error when deleting an object
  • Handle suspending actors with special type
  • Add fallback handler for can_send_activity?
  • Properly log if we can't notify group follower

Security

  • Correctly escape user-defined names in emails

Internal

  • Build on Elixir 1.14.1 and Erlang OTP 25.
  • Migrate from Vue 2 and Vue Class Component to Vue 3 and the Composition API
  • Migrate from Bulma and Buefy to TailwindCSS and Oruga

Tests

Unit Tests

  • Rewrote tests using Vitest

E2E Tests

  • Renabled E2E tests
  • Rewrote tests from Cypress to Playwright

3.0.0-rc.6 - 2022-11-07

Fixed

  • Fixed upcoming event groups display on homepage view
  • Fixed Ecto Dev warning on compilation

3.0.0-rc.5 - 2022-11-06

Changed

  • Allow release build failures in CI for all non-amd64 architectures

3.0.0-rc.4 - 2022-11-06

Changed

  • Add loading="lazy" to some images, except categories in viewport
  • Add GraphQL operation name, user ID and actor name in logs
  • Add empty alt attribute to uploaded pictures (for now)

Fixed

  • Fix building CSP policy
  • Fix event map view
  • Various front-end fixes
  • Handle error when fetching object from tombstone

3.0.0-rc.3 - 2022-11-04

Added

  • Support CSP report_uri, report_to and the Report-To and Reporting-Endpoints headers

Changed

  • Add CSP Policy for pictures
  • Don't treat notification for a deleted event as an error
  • Truncate resource description preview after 350 characters
  • Lower loglevel of resource insertion error
  • Resources and discussions views improvements
  • Add context to error when removing an upload file following actor suspension
  • Allow for resource providers to register a csp policy

Fixed

  • Fix moving resources
  • Fix multiselect of resources
  • Properly handle un-needed background jobs
  • Properly handle replying to an event that has been deleted
  • Propertly handle other errors when receiving a comment
  • Fix event integrations
  • Prevent loading authorized groups when current actor isn't loading in OrganizerPickerWrapper

3.0.0-rc.2 - 2022-11-02

Added

  • Add setting to toggle light/dark mode
  • Allow to disable non-SSO login

Changed

  • UI improvements of comments
  • UI improvements of reports
  • Various UI improvement in event and group view
  • Add breadcrumb trail on Post view
  • Always lowercase the emails before trying to reset password
  • Make text editor heading level start at h3, h4, h5
  • Remove obscure reference to Douglas Adams
  • Don't inline phoenix manifest
  • Show a proper error message when failure to register to an event
  • Order categories by translated label
  • Show registration button also if registration allow list is used
  • Add logging for when cached iCalendar feed data can't be found
  • Add an error log when we try to update the relay actor
  • Lower loglevel of error when creating a new person
  • Add unique constraint on event URL
  • Allow to view more than 10 drafts events on my events view

Fixed

  • Fix event card background color behind picture
  • Fix position of the « no events found » message
  • Add distinct clause to search events
  • Fix showing past events on group page
  • Fix display of group invitations
  • Fix leaving a group
  • Fix group events order
  • Prevent loading group membership status before we get person information
  • Prefix setInterval with window
  • Fix fetching events with addresses that's not objects
  • Fix dashboard view
  • Fix anonymous & remote participation pages
  • Fix anonymous/remote participation button
  • Do not list drafts in upcoming / old events event if instance moderator
  • Make sure group is refreshed after action
  • Fix deleting person detached from user
  • Fix pagination number text color in dark theme
  • Fix post sharing URL
  • Fix current format status of text not displayed in text editor

Security

  • Correctly escape user-defined names in emails

3.0.0-rc.1 - 2022-10-18

No changes since beta.3

3.0.0-beta.3 - 2022-10-17

Fixed

  • Don't add empty search parameters to global search engine
  • Fix getting categories from global search engine
  • Remove unused deps
  • Only show one pagination bar when searching in both events & groups
  • Run build multiarch release on tags too
  • Don't start mobilizon server when running migrations
  • Run phx.digest before mix release

3.0.0-beta.2 - 2022-10-11

Changed

  • Improved the pertinence of related events
  • Light front-end performance improvements
  • Various UI and A11Y fixes on the event page
  • Handle categories page being empty

Fixed

  • Address selector
  • Group location edition
  • Reconfigure plug at runtime with env
  • Fix global search term
  • Fix custom icons in metadata list
  • Handle unknown icon
  • Only preload svg pictures on homepage

3.0.0-beta.1 - 2022-09-27

Added

  • Add global search support, allowing to use https://search.joinmobilizon.org as a centralized event and group database
  • Add ability to filter search by categories and language
  • Add ability to explore search results on a map view
  • Add dark theme support
  • Add categories view
  • Support for Elixir 1.14 and Erlang OTP 25.

Changed

  • Homepage has been redesigned
  • Search view has been redesigned
  • Internal illustration pictures are now only served using WebP.

Fixed

  • Fixed deleting actor when participations association is not preloaded
  • Fixed rendering JSON-LD for an event with a single address (no online location)

Internal

  • Build on Elixir 1.14 and Erlang OTP 25.
  • Migrate from Vue 2 and Vue Class Component to Vue 3 and the Composition API
  • Migrate from Bulma and Buefy to TailwindCSS and Oruga

Tests

Unit Tests

  • Rewrote tests using Vitest

E2E Tests

  • Renabled E2E tests
  • Rewrote tests from Cypress to Playwright

2.1.0 - 2022-05-16

Added

  • Added an event category field. Administrators can extend the pre-configured list of categories through configuration.
  • Added possibility for administrators to have analytics (Matomo, Plausible supported) and error handling (Sentry supported) on front-end.
  • Redesigned federation admin section with dedicated instance pages
  • Allow to filter moderation reports by domain
  • Added a button to go to past events of a group if it has no upcoming events
  • Add Überauth CAS Strategy
  • Add a CLI command to delete actors

Changed

  • Changed mailer library from Bamboo to Swoosh, should fix emails being considered spam. Some configuration changes are required, see UPGRADE.md.
  • Expose some fields to ActivityStreams event representation: isOnline, remainingAttendeeCapacity and participantCount
  • Expose a new field to ActivityStreams group representation: memberCount
  • Improve group creation errors feedback
  • Only display locality in event card
  • Stale groups are now excluded from group search
  • Event default visibility is now set according to group privacy setting
  • Remove Koena Connect button
  • Hide the whole metadata block if group has no description
  • Increase task timeout in Refresher to 60 seconds
  • Allow webfinger to be fetched over http (not https) in dev mode
  • Improve reactions when approving/rejecting an instance follow
  • Improve instance admin view for mobile
  • Allow to reject instance following
  • Allow instance to have non-standard ports
  • Add pagination to the instances list
  • Eventually fetch actors in mentions
  • Improve IdentityPicker, JoinGroupWithAccount and ActorInline components
  • Various group and posts improvements
  • Update schema.graphql file
  • Add "Accept-Language" header to sentry request metadata
  • Hide address blocks when address has no real data
  • Remove obsolete attribute type="text/css" from <style> tags
  • Improve actor cards integration
  • Use upstream dependencies for Ueberauth providers
  • Include ongoing events in search
  • Send push notification into own task
  • Add appropriate timeouts for Repo.transactions
  • Add a proper error message when adding an instance follow that doesn't respond
  • Allow the instance to be followed from Mastodon (through relays)
  • Remove unused fragment from FETCH_PERSON GraphQL query

Fixed

  • Fixed actor refreshment being impossible
  • Fixed ical export for undefined datetimes
  • Fixed parsing links with hashtag characters
  • Fixed fetching link details from Twitter
  • Fixed Thunderbird accessing ICS feed endpoint with special Accept HTTP header
  • Make sure every ICS/Feed caches are emptied when modifying entities
  • Fixed time issues with DST changes
  • Fixed group preview card not truncating description
  • Fixed redirection after login
  • Fixed user admin section showing button to confirm user when the user is already confirmed
  • Fixed creating event from group view not always setting the group as organizer
  • Fixed invalid addresses blocking event metadata preview rendering
  • Fixed group deletion with comments that caused foreign key issues
  • Fixed incoming Accept activities from participations we don't already have
  • Fixed resources that didn't have metadata size limits
  • Properly fallback to UTC when sending notifications and the user doesn't have a timezone setting set
  • Fix posts creation
  • Fix rejecting instance follow
  • Fix pagination of group events
  • Add proper fallback for when a TZ isn't registered
  • Hide side of report modal on low width screens
  • Fix Telegram Logo being replaced with Mastodon logo in ShareGroupModal
  • Change URL for Mastodon Share Manager
  • Fix receiving Flag activities on federated events
  • Fix activity notifications by preloading user.activity_settings
  • Fix text overflow on group card description
  • Exclude tags with more than 40 characters from being extracted
  • Avoid duplicate tags with different casing
  • Fix invalid HTML (<div> inside <label>)
  • Fix latest group not refreshing in admin section
  • Add missing "relay@" part of federated address to follow
  • Fix Ueberauth use of CSRF with session
  • Fix being an administrator when using 3rd-party auth provider
  • Make sure activity recipient can't be nil
  • Make sure users can't create profiles or groups with non-valid patterns
  • Add description field to address representation
  • Make sure prompt show the correct message and not just "Continue?" in mix mode
  • Make sure activity notification recaps can't be sent multiple times
  • Fix group notification of new event being sent multiple times
  • Fix links to group page in group membership emails and participation
  • Fix clicking on map crashing the app

Translations

  • Arabic
  • Basque
  • Belarusian
  • Bengali
  • Catalan
  • Chinese (Traditional)
  • Croatian
  • Czech
  • Danish
  • Dutch
  • Esperanto
  • Finnish
  • French
  • Gaelic
  • Galician
  • German
  • Hebrew
  • Hungarian
  • Indonesian
  • Italian
  • Japanese
  • Kabyle
  • Kannada
  • Norwegian Nynorsk
  • Occitan
  • Persian
  • Polish
  • Portuguese
  • Portuguese (Brazil)
  • Russian
  • Slovenian
  • Spanish
  • Swedish
  • Welsh

2.1.0-rc.6 - 2022-05-11

Changes since rc.5:

  • Allow the instance to be followed from Mastodon (through relays)
  • Make sure activity recipient can't be nil
  • Make sure users can't create profiles or groups with non-valid patterns
  • Add description field to address representation
  • Make sure prompt show the correct message and not just "Continue?" in mix mode
  • Add a CLI command to delete actors
  • Make sure activity notification recaps can't be sent multiple times
  • Fix group notification of new event being sent multiple times
  • Fix links to group page in group membership emails and participation
  • Fix clicking on map crashing the app
  • Remove unused fragment from FETCH_PERSON GraphQL query

2.1.0-rc.5 - 2022-05-06

Changes since rc.4:

  • Add appropriate timeouts for Repo.transactions
  • Remove OS-specific packages
  • Remove refresh instance triggers
  • Add a proper error message when adding an instance follow that doesn't respond

2.1.0-rc.4 - 2022-05-03

Changes since rc.3:

  • Use upstream dependencies for Ueberauth providers
  • Fix Ueberauth use of CSRF with session
  • Fix being an administrator when using 3rd-party auth provider
  • Include ongoing events in search
  • Send push notification into own task
  • Add Überauth CAS Strategy

2.1.0-rc.3 - 2022-04-24

Changes since rc.2:

  • Fix activity notifications by preloading user.activity_settings
  • Add "Accept-Language" header to sentry request metadata
  • Hide address blocks when address has no real data
  • Fix text overflow on group card description
  • Exclude tags with more than 40 characters from being extracted
  • Avoid duplicate tags with different casing
  • Fix invalid HTML (
    inside
  • Remove attribute type="text/css" from