Kitsune
v0.0.1-pre.3: Breaking release conventions
What? Another release after two weeks? Yes!
This time we don't just wait two months, we throw out another preview release after two weeks!
Mainly because I really got excited about some of the big things we added, so I wanted to push that out.
We also have a security fix in this release
Feel free to join one of the chat options to chat with us!
Both of them are connected via a bridge, so it doesn't matter which one you join
Security fixes
We had a bug that enabled attackers to use a maliciously crafted activity to
- exhaust the connection pool if it was configured with less than 50 connections
- crash the server with an stack overflow
These issues have been solved with this release. We reduced the maximum recursion depth for thread fetching to 30 and changed the internals to handle database connections with more care.
Thanks @tesaguri for reporting this issue and helping with the testing and fixing!
Highlights
Language detection
As many of you know, in Mastodon you can tag your posts with a language to assist with translation and such, but what if these tags are wrong?
Well, we had the same concerns for Kitsune, so we came up with a solution: N-gram-based language detection models!
With posts over 100 characters, the language detection we utilise can pretty confidently tell what language you are posting in, and will tag the language accordingly.
The choice of your client will still have precedence, so if your client sends us a language, we won't even attempt to guess the language.
We think that this is a good way forward, to have more and reliable language tagging for posts
Better SQL full-text search
This is linked to the previous point! We now do language-specific tokenization for posts. Meaning your English posts will be tokenized differently from your German posts and those are tokenized differently from your Korean posts, and so on!
To support more languages, your instance admin needs to install the tokenizer in their PostgreSQL database. No further configuration needed!
Kitsune will automatically detect the newly installed tokenizer on start-up and will start using it for new posts.
Note: This automatic tokenizer detection assumes the name of the tokenizer's REGCONFIG
is equal to the english name of the language. This holds true for most languages.
Webfinger domain support
(Thanks @tesaguri for adding this feature!)
You can now specify a webfinger-domain
value in your configuration, making Mastodon refer to your instance by, for example, example.org
instead of fedi.example.org
.
Kitsune does not yet respect these webfinger domains, this is planned however and tracked in #285
Updating posts
(Thanks @Zeerooth for adding this feature!)
You can now edit your posts! Made a typo or wanted to word something differently? You can now just use the edit feature of the Mastodon client!
Reposts
(Thanks @Zeerooth for adding this feature!)
You can now repost posts on Kitsune! This feature has been missing for a while and is now here!
Captchas for sign-up
(Thanks @Zeerooth for adding this feature!)
You can now choose between hCaptcha and mCaptcha as backends for a captcha service! This will help prevent issues with spam accounts and lessen moderation burden.
Note that these two options are fully accessible. Both of these options support navigation via your keyboard and are accessible to vision-impaired users.
- hCaptcha offers a so-called "accessibility cookie" where you can contact their support to give your browser a cookie that makes it automatically by-pass the verification
- mCaptcha is fully built around proof-of-work, meaning there will be no "choose a picture" challenges. Your browser will simply solve a mathematical puzzle and send us the solution.
If you want an additional Captcha service that isn't covered right now, feel free to open an issue!
Smaller changes
- Character limits are now correctly enforced
- Test coverage has been extended a bit (thanks @tesaguri)
- Tests are now mocked, enabling reproducible tests in offline environments (thanks @tesaguri)
This release has incompatible database changes to the previous release. Until we publish a full first alpha, we reserve us the right to continue making these kinds of breaking changes.
Now follows the GitHub-generated changelog:
What's Changed
- test: Use mocked HTTP clients by @tesaguri in https://github.com/kitsune-soc/kitsune/pull/296
- Language detection for posts by @aumetra in https://github.com/kitsune-soc/kitsune/pull/293
- Add
webfinger-domain
configuration by @tesaguri in https://github.com/kitsune-soc/kitsune/pull/297 - Add SECURITY.md by @aumetra in https://github.com/kitsune-soc/kitsune/pull/300
- Add captcha by @Zeerooth in https://github.com/kitsune-soc/kitsune/pull/299
- Bump rustls-webpki from 0.100.1 to 0.100.2 by @dependabot in https://github.com/kitsune-soc/kitsune/pull/301
- Small changes and updates by @aumetra in https://github.com/kitsune-soc/kitsune/pull/302
- Wrapper around the Postgres connection pool by @aumetra in https://github.com/kitsune-soc/kitsune/pull/303
- Add a test for fetching infinitely long reply chains by @tesaguri in https://github.com/kitsune-soc/kitsune/pull/305
- Update, boost and unboost a status using mastodon api by @Zeerooth in https://github.com/kitsune-soc/kitsune/pull/306
- Use
garde
for validation by @aumetra in https://github.com/kitsune-soc/kitsune/pull/311 - Add character limit tests by @aumetra in https://github.com/kitsune-soc/kitsune/pull/314
- Add post source functionality by @aumetra in https://github.com/kitsune-soc/kitsune/pull/315
- Fix transaction state panic by @aumetra in https://github.com/kitsune-soc/kitsune/pull/316
- Add code of conduct by @aumetra in https://github.com/kitsune-soc/kitsune/pull/317
- Fix issue #319 by @perillamint in https://github.com/kitsune-soc/kitsune/pull/320
- Update dependencies by @aumetra in https://github.com/kitsune-soc/kitsune/pull/321
- Use
devenv
for development shells by @aumetra in https://github.com/kitsune-soc/kitsune/pull/324 - Bump version to v0.0.1-pre.3 by @aumetra in https://github.com/kitsune-soc/kitsune/pull/325
New Contributors
- @tesaguri made their first contribution in https://github.com/kitsune-soc/kitsune/pull/296
Full Changelog: https://github.com/kitsune-soc/kitsune/compare/v0.0.1-pre.2...v0.0.1-pre.3