Skip Navigation

Lemmy upgrades overnight.

Overnight you may experiences errors or downtime as there’s three different things receiving an upgrade. I’ll shoot to start after midnight EST.

Feel free to join the telegram or matrix server in case there’s any major issues that need to be communicated.

Major Changes

This v0.19.4 release is a big one, with > 200 pull requests merged since v0.19.3. As such we can only give a general overview of the major changes in this post, and without going into detail. For more information, read the full changelogs at the bottom of this post.

Local Only Communities

Communities have a new visibility setting, which can be either Public (current behaviour) or LocalOnly. The latter means that the community won’t federate, and can only be viewed by users who are logged in to the local instance. This can be useful for meta communities discussing moderation policies of the local instance, where outside users shouldn’t be able to participate. It is also a first step towards implementing private communities. Local only communities still need more testing and should be considered experimental for now.

Image Proxying

There is a new config option called image_modewhich provides a way to proxy external image linksthrough the local instance. This prevents deanonymization attacks where an attacker uploads an image to his own server, embeds it in a Lemmy post and watches the IPs which load the image.

Instead if image_mode is set to ProxyAllImages, image urls are rewritten to be proxied through /api/v3/image_proxy. This can also improve performance and avoid overloading other websites. The setting works by rewriting links in new posts, comments and other places when they are inserted in the database. This means the setting has no effect on posts created before the setting was activated. And after disabling the setting, existing images will continue to be proxied. It should also be considered experimental.

Many thanks to @asonix for adding this functionality to pict-rs v0.5.

Post hiding

You can now hide a post as a dropdown option, and there is a new toggle to filter hidden posts in lemmy-ui. Apps can use the new show_hiddenfield on GetPosts to enable this.

Moderation enhancements

With the URL blocklist admins can prevent users from linking to specific sites.

Admins and mods can now view the report historyand moderation history for a given post or comment.

The functionality to resolve reports automatically when a post is removed was previously broken and is now fixed. Additionally, reports for already removed items are now ignored.

The site.content_warning setting lets admins show a message to users before rendering any content. If it is active, nsfw posts can be viewed without login, after consenting.

Mods and admins can now comment in locked posts.

Mods and admins can also use external tools such as LemmyAutomod for more advanced cases.

Media

There is a new functionality for users to list all images they have previously uploaded, and delete them if desired. It also allows admins to view and delete images hosted on the local instance.

When uploading a new avatar or banner, the old one is automatically deleted.

Instance admins should also checkout lemmy-thumbnail-cleaner which can delete thumbnails for old posts, and free significant amounts of storage.

Federation

Lemmy can now federate with WordpressDiscourseand NodeBB. So far there was only minor testing and these projects are still under heavy development. If you encounter any issues federating with these platforms, open an issue either in the Lemmy repo or in the respective project’s issue tracker. You can test it by fetching the following posts:

In order to improve interoperability with Mastodon and other microblogging platforms, Lemmy now automatically includes a hashtag with new posts. The hashtag is based on the community name, so posts to /c/lemmy will automatically have the hashtag #lemmy. This makes Lemmy posts much easier to discover.

Reliability and security of federation have been improved, and numerous bugs squashed. Signed fetch was broken and is fixed now.

Vote display user setting

There is now a user setting to change the way vote counts are displayed, called vote display mode.

You can specify which of the following vote data you’d like to see (or hide): Upvotes, Downvotes, Score, Upvote Percentage, or none of the above. The default (based on user feedback) is showing the upvotes + downvotes.

App developers will need to update their apps to support this setting.

RSS Feeds

RSS feeds now include post thumbnail and embedded images.

Security Audit

A security audit was recently performed on Lemmy. Big thanks to Radically Open Security for the generous funding, and to Sabrina Deibe and Joe Neeman for carrying out the audit. The focus was on federation logic, and discovered various problems in this area. Most of the problems are being mitigated as part of this release. Fortunately no critical security vulnerabilities were discovered.

This is already the third security audit of Lemmy, all organized by ROS. We’re greatly indebted to them for their support.

Other Changes

0.19.5 has also just dropped

This is a smaller bugfix release, with the following changes:

Lemmy

Lemmy-UI

0
0 comments