Check out our GitHub!

Kitsune

v0.0.1-pre.3: Breaking release conventions

v0.0.1-pre.3 Aug 28 2023 at 09:36 UTC

What? Another release after two weeks? Yes!

This time we don't just wait two months, we throw out another preview release after two weeks!
Mainly because I really got excited about some of the big things we added, so I wanted to push that out. We also have a security fix in this release

Feel free to join one of the chat options to chat with us!
Both of them are connected via a bridge, so it doesn't matter which one you join

Security fixes

We had a bug that enabled attackers to use a maliciously crafted activity to

  • exhaust the connection pool if it was configured with less than 50 connections
  • crash the server with an stack overflow

These issues have been solved with this release. We reduced the maximum recursion depth for thread fetching to 30 and changed the internals to handle database connections with more care.

Thanks @tesaguri for reporting this issue and helping with the testing and fixing!

Highlights

Language detection

As many of you know, in Mastodon you can tag your posts with a language to assist with translation and such, but what if these tags are wrong?
Well, we had the same concerns for Kitsune, so we came up with a solution: N-gram-based language detection models!

With posts over 100 characters, the language detection we utilise can pretty confidently tell what language you are posting in, and will tag the language accordingly.
The choice of your client will still have precedence, so if your client sends us a language, we won't even attempt to guess the language.

We think that this is a good way forward, to have more and reliable language tagging for posts

Better SQL full-text search

This is linked to the previous point! We now do language-specific tokenization for posts. Meaning your English posts will be tokenized differently from your German posts and those are tokenized differently from your Korean posts, and so on!

To support more languages, your instance admin needs to install the tokenizer in their PostgreSQL database. No further configuration needed!
Kitsune will automatically detect the newly installed tokenizer on start-up and will start using it for new posts.

Note: This automatic tokenizer detection assumes the name of the tokenizer's REGCONFIG is equal to the english name of the language. This holds true for most languages.

Webfinger domain support

(Thanks @tesaguri for adding this feature!)

You can now specify a webfinger-domain value in your configuration, making Mastodon refer to your instance by, for example, example.org instead of fedi.example.org.

Kitsune does not yet respect these webfinger domains, this is planned however and tracked in #285

Updating posts

(Thanks @Zeerooth for adding this feature!)

You can now edit your posts! Made a typo or wanted to word something differently? You can now just use the edit feature of the Mastodon client!

Reposts

(Thanks @Zeerooth for adding this feature!)

You can now repost posts on Kitsune! This feature has been missing for a while and is now here!

Captchas for sign-up

(Thanks @Zeerooth for adding this feature!)

You can now choose between hCaptcha and mCaptcha as backends for a captcha service! This will help prevent issues with spam accounts and lessen moderation burden.

Note that these two options are fully accessible. Both of these options support navigation via your keyboard and are accessible to vision-impaired users.

  • hCaptcha offers a so-called "accessibility cookie" where you can contact their support to give your browser a cookie that makes it automatically by-pass the verification
  • mCaptcha is fully built around proof-of-work, meaning there will be no "choose a picture" challenges. Your browser will simply solve a mathematical puzzle and send us the solution.

If you want an additional Captcha service that isn't covered right now, feel free to open an issue!

Smaller changes

  • Character limits are now correctly enforced
  • Test coverage has been extended a bit (thanks @tesaguri)
  • Tests are now mocked, enabling reproducible tests in offline environments (thanks @tesaguri)

This release has incompatible database changes to the previous release. Until we publish a full first alpha, we reserve us the right to continue making these kinds of breaking changes.

Now follows the GitHub-generated changelog:

What's Changed

New Contributors

Full Changelog: https://github.com/kitsune-soc/kitsune/compare/v0.0.1-pre.2...v0.0.1-pre.3