this post was submitted on 07 Jun 2024
300 points (99.7% liked)

Announcements

23304 readers
2 users here now

Official announcements from the Lemmy project. Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates.

You can also find major news on join-lemmy.org

founded 5 years ago
MODERATORS
 

What is Lemmy?

Lemmy is a self-hosted social link aggregation and discussion platform. It is completely free and open, and not controlled by any company. This means that there is no advertising, tracking, or secret algorithms. Content is organized into communities, so it is easy to subscribe to topics that you are interested in, and ignore others. Voting is used to bring the most interesting items to the top.

Major Changes

This v0.19.4 release is a big one, with > 200 pull requests merged since v0.19.3. As such we can only give a general overview of the major changes in this post, and without going into detail. For more information, read the full changelogs at the bottom of this post.

Local Only Communities

Communities have a new visibility setting, which can be either Public (current behaviour) or LocalOnly. The latter means that the community won't federate, and can only be viewed by users who are logged in to the local instance. This can be useful for meta communities discussing moderation policies of the local instance, where outside users shouldn't be able to participate. It is also a first step towards implementing private communities. Local only communities still need more testing and should be considered experimental for now.

Image Proxying

There is a new config option called image_mode which provides a way to proxy external image links through the local instance. This prevents deanonymization attacks where an attacker uploads an image to his own server, embeds it in a Lemmy post and watches the IPs which load the image.

Instead if image_mode is set to ProxyAllImages, image urls are rewritten to be proxied through /api/v3/image_proxy. This can also improve performance and avoid overloading other websites. The setting works by rewriting links in new posts, comments and other places when they are inserted in the database. This means the setting has no effect on posts created before the setting was activated. And after disabling the setting, existing images will continue to be proxied. It should also be considered experimental.

Many thanks to @asonix for adding this functionality to pict-rs v0.5.

Post hiding

You can now hide a post as a dropdown option, and there is a new toggle to filter hidden posts in lemmy-ui. Apps can use the new show_hidden field on GetPosts to enable this.

Moderation enhancements

With the URL blocklist admins can prevent users from linking to specific sites.

Admins and mods can now view the report history and moderation history for a given post or comment.

The functionality to resolve reports automatically when a post is removed was previously broken and is now fixed. Additionally, reports for already removed items are now ignored.

The site.content_warning setting lets admins show a message to users before rendering any content. If it is active, nsfw posts can be viewed without login.

Mods and admins can now comment in locked posts.

Mods and admins can also use external tools such as LemmyAutomod for more advanced tools.

Media

There is a new functionality for users to list all images they have previously uploaded, and delete them if desired. It also allows admins to view and delete images hosted on the local instance.

When uploading a new avatar or banner, the old one is automatically deleted.

Instance admins should also checkout lemmy-thumbnail-cleaner which can delete thumbnails for old posts, and free significant amounts of storage.

Federation

Lemmy can now federate with Wordpress, Discourse and NodeBB. So far there was only minor testing and these projects are still under heavy development. If you encounter any issues federating with these platforms, open an issue either in the Lemmy repo or in the respective project's issue tracker. You can test it by fetching the following posts:

In order to improve interoperability with Mastodon and other microblogging platforms, Lemmy now automatically includes a hashtag with new posts. The hashtag is based on the community name, so posts to /c/lemmy will automatically have the hashtag #lemmy. This makes Lemmy posts much easier to discover.

Reliability and security of federation have been improved, and numerous bugs squashed. Signed fetch was broken and is fixed now.

Vote display user setting

There is now a user setting to change the way vote counts are displayed, called vote display mode.

You can specify which of the following vote data you'd like to see (or hide): Upvotes, Downvotes, Score, Upvote Percentage, or none of the above. The default (based on user feedback) is showing the upvotes + downvotes.

App developers will need to update their apps to support this setting.

RSS Feeds

RSS feeds now include post thumbnail and embedded images.

Security Audit

A security audit was recently performed on Lemmy. Big thanks to Radically Open Security for the generous funding, and to Sabrina Deibe and Joe Neeman for carrying out the audit. The focus was on federation logic, and discovered various problems in this area. Most of the problems are being mitigated as part of this release. Fortunately no critical security vulnerabilities were discovered.

This is already the third security audit of Lemmy, all organized by ROS. We're greatly indebted to them for their support.

Other Changes

Full Changelog

Upgrade instructions

Warning: This version requires both a Postgres and Pictrs version upgrade, which requires manual intervention.

Follow the upgrade instructions for ansible or docker.

If you need help with the upgrade, you can ask in our support forum or on the Matrix Chat.

Thanks to everyone

We'd like to thank our many contributors and users of Lemmy for coding, translating, testing, and helping find and fix bugs. We're glad many people find it useful and enjoyable enough to contribute.

Special thanks goes to Radically Open Security, @sleepless and @matc-pub for their work on lemmy-ui and lemmy-ui-leptos, @dullbananas for their help cleaning up the back-end, DB, and reviewing PRs, @phiresky for federation work, @MV-GH for their work on Jerboa and API suggestions, @asonix for developing pictrs, @ticoombs and @codyro for helping maintain lemmy-ansible, @kroese, @povoq, @flamingo-cant-draw, @aeharding, @Nothing4U, @db0, @MrKaplan, for helping with issues and troubleshooting, and too many more to count.

Support development

We (@dessalines and @nutomic) have been working full-time on Lemmy for over three years. This is largely thanks to support from NLnet foundation, as well as donations from individual users.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. A recurring donation is the best way to ensure that open-source software like Lemmy can stay independent and alive, and helps us grow our little developer co-op to support more full-time developers.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 48 points 5 months ago (1 children)

Thank you for all the hard work!

[–] [email protected] 27 points 5 months ago
[–] [email protected] 43 points 5 months ago

Big thanks to all maintainers and contributors!

[–] [email protected] 34 points 5 months ago* (last edited 5 months ago) (1 children)

Good to hear it’s out 🎉 I’m so hyped for the image proxy. Storing images permanently was costly.

[–] [email protected] 22 points 5 months ago

Yep, major thanks to @asonix for adding this to pict-rs.

[–] [email protected] 31 points 5 months ago (1 children)

Congratulations on yet another release filled with enhancements that improve user experience. 🎉

[–] [email protected] 18 points 5 months ago
[–] [email protected] 25 points 5 months ago (1 children)

Great stuff peeps! Looks like my future is very busy with having to do a complex pictrs upgrade and then a postgres and finally lemmy. Oof! 😅

[–] [email protected] 13 points 5 months ago (1 children)

Thx! Let me know if the postgres upgrade helper script I provided has any issues.

[–] [email protected] 9 points 5 months ago (2 children)

My postgres is on bare metal, so I don't think the script is setup for that,is it?

[–] [email protected] 4 points 5 months ago (1 children)

The script will be useless to you, besides for referencing what to do.

Export, remove pg15, install pg16, import. I think you can streamline with both installed at once as they correctly version. You could also use the in place upgrade. Aptly named: pg_upgradeclusters

But updating to 0.19.4, you do not need to go to pg16... but... you should, because of the benefits!

[–] [email protected] 2 points 5 months ago (1 children)

What benefits do you mean?

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago)

A faster db. Just the regular performance benefits, https://www.postgresql.org/about/news/postgresql-16-released-2715/

Also, Lemmy is built against v16 (now) so at some point it will eventually no longer JustWork

[–] [email protected] 4 points 5 months ago

The script is pretty easy to read and follow along manually if you need to.

[–] [email protected] 21 points 5 months ago* (last edited 5 months ago) (1 children)

In order to improve interoperability with Mastodon and other microblogging platforms, Lemmy now automatically includes a hashtag with new posts. The hashtag is based on the community name, so posts to /c/lemmy will automatically have the hashtag #lemmy. This makes Lemmy posts much easier to discover.

this should be interesting

for reference, this is what it looks like on Mastodon, the post to [email protected] it gets the hashtag for announcements

https://mastodon.social/@[email protected]/112576601493225058

it's not really part of the message text, it's separate

image proxying also sounds good

[–] [email protected] 6 points 5 months ago

I'm pretty sure thats due to how mastodon renders hashtags at the end of a post. Not due to how Lemmy sends it.

[–] [email protected] 17 points 5 months ago

That's great progress, thanks for all the work!
Glad to see enhanced federation with rest of fediverse - a small detail : the link for 'Automatically includes a hashtag with new posts' should point to pull #4533 (not #4398 ) - should help discoverability from mastodon, especially if community tags become customisable.

[–] [email protected] 15 points 5 months ago

Awesome! Thank you!

[–] [email protected] 14 points 5 months ago

che-poggers

Thanks for all the hard work

[–] [email protected] 13 points 5 months ago

That's an impressive list of QoL updates, thanks :)

[–] [email protected] 12 points 5 months ago (2 children)

I know pre 1.x.x is kind of a wild west for versioning but uh is there any logic to the version numbers here? I'd think a new feature would be a minor version bump, not patch

[–] [email protected] 26 points 5 months ago (2 children)

The convention in many Rust projects is usually that before 1.0, the patch version behaves like the minor version and the minor version behaves like a major version. So once there are breaking changes, they go to 0.20.0.

[–] [email protected] 13 points 5 months ago

This is correct, and we've been following this for lemmy too.

[–] [email protected] 7 points 5 months ago* (last edited 5 months ago)

This is the case with a lot of apps that follow SemVer, even though it's not an official part of the spec. It's not specific to Rust.

The other common thing I see is that if it's been at 0.x for a long time, the minor version number eventually gets "promoted" to a major version number once the app is stable. For example, React went from 0.14.x to 15.0.0.

[–] [email protected] 15 points 5 months ago (1 children)

That's my bad really. Currently we're using the patch semver to denote non-breaking changes, and the minor for breaking.

We're holding off on a major release until the API reaches stable, which like all open source projects we're reticent to do because then it puts a lot of pressure on us to match the standard of enterprise-level software developed by a large corporation.

Even though lemmy has many thousands of monthly active users, we're still really an beta-level software developed by a handful of people.

[–] [email protected] 8 points 5 months ago* (last edited 5 months ago)

Honestly, that strategy feels like the most sensible one, since the real world often does not (or can not afford to) care to wait for v1.0.0 before using software. It's no wonder so many programming ecosystems have adopted it.

I find it a bit of a shame it's not part of the semver specification itself, which only states:

  1. (paraphrased) do whatever you want haha

My point is, I don't think that's "your bad." It's just how it is, and the best there currently is. Unless you think there's something that could've been done better, in which case I'm curious as to what, if you're willing to share.

[–] [email protected] 12 points 5 months ago
[–] [email protected] 12 points 5 months ago

Mr. Dessalines and Principal Nutomic were in the closet making 19.4 and I used one of the pre-releases and the pre-release gave me Havana Syndrome and made me into a Manchurian Candidate!

[–] [email protected] 11 points 5 months ago

Amazing! So many features that people have been requesting. Really impressive release 🫡

[–] [email protected] 10 points 5 months ago
[–] [email protected] 8 points 5 months ago* (last edited 5 months ago)

Well that settles it, I had my doubts if I should create an account and commit yo this platform as I wasn't sure if it was here to stay or not and if something like sublinks or piefed will come out on top but yeah its this update that answered it for me and I have made a permanent account lol.

[–] [email protected] 7 points 5 months ago

That's some good improvements you have there. Great work, and thank you.

[–] [email protected] 7 points 5 months ago

lemm.ee have upp'd to 0.19.4, and presumably turned on the Image Proxying thing - this is what I get for: https://lemm.ee/post/34040618

{"error":"unknown","message":"Request error: error sending request for url ([http://127.0.0.1:8080/image/original?proxy=https://ichef.bbci.co.uk/news/1024/branded_news/be3c/live/2a45fdb0-20ee-11ef-a3ab-e73c00cc3104.jpg)](http://127.0.0.1:8080/image/original?proxy=https://ichef.bbci.co.uk/news/1024/branded_news/be3c/live/2a45fdb0-20ee-11ef-a3ab-e73c00cc3104.jpg)): operation timed out"}

[–] [email protected] 6 points 5 months ago

Incredible update, well worth the wait!

Congrats to everyone involved :D

[–] [email protected] 5 points 5 months ago

The "automatically includes a hashtag with new posts" link goes to the wrong PR.

[–] [email protected] 5 points 5 months ago

This looks like a fantastic update! Huge thanks to everyone involved!

[–] [email protected] 3 points 5 months ago (2 children)

Any plans to enable server plugins/ extensions?

Or are those already possible?

Thanks

[–] [email protected] 6 points 5 months ago

No that's not merged yet, still needs more feedback from plugin devs.

[–] [email protected] 5 points 5 months ago

there is an in-progress proof of concept here https://github.com/LemmyNet/lemmy/pull/4695

if you have a Github account you can "subscribe" to that to get email updates about it

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago)

The upgrade went smoothly for me. Be smart with your backups with this one!

Upgrading to postgres 16 was the hardest part. You need to pg_dump the lemmy database, upgrade to postgres 16 (which will complain in the logs that the current data isn't compatible), delete the database folder (don't delete the backup file from pg_dump!), then import the backup file into postgres 16.

I had already upgraded pict-rs to version 0.5+ so that was easy.

Then I compared the new lemmy.hjson with what I already had to get the new pict-rs setting for proxied images (turned off for now).

Overall a lot more complex than previous upgrades.

Be smart with your backups with this one!

One more thing to consider if you're using Debian 12 is it comes with postgres 15, so if you you're using the bare metal to make backups, you'll need to install postgres 16 using the instructions here.

[–] [email protected] 3 points 5 months ago

something that didn't get mentioned but I think is nice, the Chat view has been fixed!

https://github.com/LemmyNet/lemmy-ui/issues/1639#issuecomment-2172090390

I believe it was fixed here https://github.com/LemmyNet/lemmy-ui/pull/2480

it even allows sorting in either direction, you can do Chat view with New or Old sort!

[–] [email protected] 2 points 5 months ago

Amazing work! Thanks a lot!! Took me a few days to get to it but I have upgraded now and it looks great 😄

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago)

https://pfefferle.org/hello-lemmy-part2/ this is offline. Is there other example?

https://pfefferle.org/openweb-icons/ this other post is working

[–] [email protected] 2 points 5 months ago (1 children)

It's good to see enhancement in moderations tools , there was a lot of feedback on that so i am happy this is being worked on.

With that said donations seem at a all time low (3,524), lower then when the new website started reporting donations ($3,962). on june 2 it was €4,010 , could the lemmy.ml censorship drama be related to this? maybe there is a way to mitigate this event?

[–] [email protected] 3 points 5 months ago (1 children)

could the lemmy.ml censorship drama be related to this?

I think it’s just cooling down from Reddit migration. Same thing with Voyager donations (albeit smaller scale).

load more comments (1 replies)
load more comments
view more: next ›