0.8.0 • Federation 2: Electric Boogaloo

Backwards Compatibility

Versia Server 0.8.0 is not backwards-compatible with 0.7.0. This release includes some breaking changes to the database schema and configuration file.

Please see Database Changes and New Configuration for more information.

Features

Federation

• 🦄 Updated to Versia 0.5.
• 📦 Added support for new Versia features:
  • Instance Messaging Extension
  • Shared Inboxes
• 🔗 Changed entity URIs to be more readable (example.org/objects/:id → example.org/{notes,likes,...}/:id)

API

• 📲 Added Push Notifications support.
• 📖 Overhauled OpenAPI schemas to match Mastodon API docs
• 👷 Improved Roles API to allow for full role control (create, update, delete, assign).
• ✏️ <div> and <span> tags are now allowed in Markdown.
• 🔥 Removed nonstandard /api/v1/accounts/id endpoint (the same functionality was already possible with other endpoints).
• ✨️ Implemented rate limiting support for API endpoints.
• 🔒 Implemented is_indexable and is_hiding_collections fields to the Accounts API.
• ✨️ Muting other users now lets you specify a duration, after which the mute will be automatically removed.
• 📰 All accounts now have an RSS/Atom feed attached to them.

CLI

• ⌨️ New commands!
  • ✨️ cli user token to generate API tokens.
• 👷 Error messages are now prettier!

Frontend

The way frontend is built and served has been changed. In the past, it was required to have a second process serving a frontend, which versia-server would proxy requests to. This is no longer the case.

Versia Server now serves static files directly from a configurable path, and versia-fe has been updated to support this.

Backend

• 🚀 Upgraded Bun to 1.2.13
• 🔥 Removed dependency on the pg_uuidv7 extension. Versia Server can now be used with "vanilla" PostgreSQL.
• 🖼️ Simplified media pipeline: this will improve S3 performance
  • 📈 It is now possible to disable media proxying for your CDN (offloading considerable bandwidth to your more optimized CDN).
• 👷 Outbound federation, inbox processing, data fetching and media processing are now handled by a queue system.
  • 🌐 An administration panel is available at /admin/queues to monitor and manage queues.
• 🔥 Removed support for from-source installations, as Versia Server is designed around containerization and maintaining support was a large burden.
• ❄️ A Nix package is now available for this project, packaged as a Flake. A NixOS module is also provided.

New Configuration

Configuration parsing and validation has been overhauled. Unfortunately, this means that since a bunch of options have been renamed, you'll need to redownload the default configuration file and reapply your changes.

Database Changes

Various media-related attributes have been merged into a single Medias table. This will require a migration in order to preserve the old data.

Since very few instances are running 0.7.0, we have decided to "rawdog it" instead of making a proper migration script (as that would take a ton of time that we don't have).

In the case that you've been running secret instances in the shadows, let us know and we'll help you out.

Bug Fixes

• 🐛 All URIs in custom Markdown text are now correctly proxied.
• 🐛 Fixed several issues with the ActivityPub Federation Bridge preventing it from operating properly.
• 🐛 Fixed incorrect content-type on some media when using S3.
• 🐛 All media content-type is now correctly fetched, instead of guessed from the file extension as before.
• 🐛 Fixed OpenAPI schema generation and /docs endpoint.
• 🐛 Logs folder is now automatically created if it doesn't exist.
• 🐛 Media hosted on the configured S3 bucket and on the local filesystem is no longer unnecessarily proxied.
• 🐛 Likes and Shares now federate properly.

0.8.0-rc.0

This is the first release candidate for v0.8.0 of Versia Server.

The full changelog is available here.

0.7.0 • The Auth & APIs Update

Warning

This release marks the rename of the project from Lysand to Versia.

Backwards Compatibility

Versia Server 0.7.0 is backwards compatible with 0.6.0. However, some new features may not be available to older clients. Notably, versia-fe has had major improvements and will not work with 0.6.0.

Features

• Upgraded Bun to 1.1.34. This brings performance upgrades and better stability.
• Added support for the ActivityPub Federation Bridge.
• Added support for the Sonic search indexer.
• Note deletions are now federated.
• Note edits are now federated.
• Added support for Sentry.
• Added option for more federation debug logging.
• Added Roles API.
• Added Permissions API and enabled it for every route.
• Added TOS and Privacy Policy endpoints.
• Added Challenge API. (basically CAPTCHAS). This can be enabled/disabled by administrators. No versia-fe support yet.
• Added ability to refetch user data from remote instances.
• Added ability to change the username of a user. (Mastodon API extension).
• Added an endpoint to get a user by its username.
• Add OpenID Connect registration support. Admins can now disable username/password registration entirely and still allow users to sign up via OpenID Connect.
• Add option to never convert vector images to a raster format.
• Refactor logging system to be more robust and easier to use. Log files are now automatically rotated.
• Add support for HTTP proxies.
• Add support for serving Versia over a Tor hidden service.
• Add global server error handler, to properly return 500 error messages to clients.
• Sign all federation HTTP requests.
• Add JSON schema for configuration file.
• Rewrite federation stack
• Updated federation to Versia 0.4
• Implement OAuth2 token revocation
• Add new Plugin API

Plugin System

A new plugin system for extending Versia Server has been added in this release!

Note

This is an internal feature and is not documented. Support for third-party plugins will be given on a "if we have time" basis, until the API is fully stabilized and documented

Plugins using this framework support:

• Plugin hotswapping and hotreloading
• Manifest files (JSON, JSON5, JSONC supported) with metadata (JSON schema provided)
• Installation by dropping a folder into the plugins/ directory
• Support for plugins having their own NPM dependencies
• Support for storing plugins' configuration in the main config.toml (single source of truth)
• Schema-based strict config validation (plugins can specify their own schemas)
• Full type-safety
• Custom hooks
• FFI compatibility (with bun:ffi or Node's FFI)
• Custom API route registration or overriding or middlewaring
• Automatic OpenAPI schema generation for all installed plugins
• End-to-end and unit testing supported
• Automatic user input validation for API routes with schemas (specify a schema for the route and the server will take care of validating everything)
• Access to internal database abstractions
• Support for sending raw SQL to database (type-safe!)
• Plugin autoload on startup with override controls (enable/disable)

As a demonstration of the power of this system and an effort to modularize the codebase further, OpenID functionality has been moved to a plugin. This plugin is required for login.

Bug Fixes

• Fix favouriting/unfavouriting sometimes returning negative counts.
• Non-images will now properly be uploaded to object storage.
• Make account searches case-insensitive
• Fix image decoding error when passing media through proxy.
• OpenID Connect now correctly remembers and passes state parameter.
• OpenID Connect will not reject some correct but weird redirect URIs.
• Markdown posts will not have invisible anchor tags anymore (this messed up accessibility).
• Reverse proxies incorrectly reporting an HTTPS request as HTTP will now be handled correctly during OpenID Connect flows.
• API Relationships will now correctly return requested_by.
• Make process wait for Ctrl+C to exit on error, instead of exiting immediately. This fixes some issues with Docker restarting endlessly.
• Animated media will now stay animated when uploaded.
• Some instance metadata will no longer be missing from /api/v2/instabnce endpoint. In fact, it will now be more complete than Mastodon's implementation.
• The Origin HTTP header will no longer be used to determine the origin of a request. This was a security issue.
• New notes will no longer incorrectly be federated to all remote users at once.
• Fix Elk Client not being able to log in.

Removals

• Remove old logging system, to be replaced by a new one.
• Removed Meilisearch support, in favor of Sonic. Follow instructions in the installation guide to set up Sonic.
• Removed explicit Glitch-FE support. Glitch-FE will still work, but must be hosted separately like any other frontend.

Miscellaneous

• Remove Node.js from Docker build.
• Update all dependencies.

v0.7.0-rc.0

This is a pre-release for Versia Server 0.7.

The full release will happen on November 21st, 2024.

Please check the changelog for changes. Full patch notes will be posted on release day.

Lysand 0.6

0.6 • General Improvements

After over 15,000 altered lines of code from 0.5, Lysand 0.6 is now available. Many features have been added in this release, including:

• Support for OpenID Connect account linking (not in Lysand-FE yet)
• OIDC-only mode to prevent logging in using identifier/password
• New, rewritten CLI that's more reliable and friendly
• Password resets (can also be done via CLI)
• Full documentation updates for all Lysand-specific API routes
• User emoji upload support (not in Lysand-FE yet), as well as global emojis which are uploadable by admins
  • Administrators should use the CLI to manage emojis, as it has a built-in emoji pack importer for example
• Much more detailed configuration validation
• Our @lysand-org/federation package now powers federation validation and encryption
• Multi-threaded mode (up to as many CPU threads as you have)
• Better Mastodon API compatibility
• Custom frontend settings (look in frontend.settings in the sample config)
• Many bugfixes
• Almost every Markdown/HTML tag is now allowed in posts, including videos, audio, media, font tags and semantic HTML elements. All media is proxied through Lysand's internal proxy. Only a couple of HTML attributes are allowed on each element (no style or class for example) to prevent XSS attacks.
• Federation is now fixed and works again

Linking your account to an OpenID Connect in Lysand-FE

If you hold the keys o, i, d and c at the same time in the front page, then you will be redirected to the first OIDC provider specified in your instance's config. This is intended for testing while we add a profile management panel to Lysand-FE

Lysand-FE Changes

The latest version of Lysand-FE as of release is required to function with Lysand 0.6. Similarly, Lysand 0.6 is required to run any version of Lysand-FE released

• Emojis now autocomplete automatically
• Stability fixes and bugfixes
• Service worker now prompts you to update Lysand-FE without needing a hard reload
• Nicer scrollbars that are still fully accessible (please report any accessibility issues, we take this very seriously)
• Markdown rendering improvements

Breaking changes

Some internal API endpoints and some endpoints used by custom frontends have been changed. Lysand-FE has been updated, please see the API docs for more info.

Lysand 0.5

0.5 • Major Stability Fixes

Lysand 0.5 brings greatly improved stability, better route validation and a fully updated shiny frontend.

• Lysand-FE now supports login, timelines, users, following, sending posts, replies, quotes and more
• File uploads have been fixed and will no longer break
• Federation improvements with more data federated
• Login will no longer randomly break
• All media is now proxied to avoid data leakage
• Lysand Protocol version has been updated to 3.0 (for what was already working)

Note

Lysand-FE is developed separately from Lysand Server, but they are designed to work together so its releases are published here.

Notable issues still present:

• Kaiteki and Elk still do not work properly. For Kaiteki, this is due to using odd URIs during the login process (fixable on our end): for Elk, this seems to be on their end, I can't really debug it.

As always, please report any bugs you may find.

Lysand 0.4.1

0.4.1 • Glitch Support

This release adds full support for running the glitch-soc frontend on Lysand (and even other Mastodon forks, but Glitch is officially included)!

You can follow the documentation to set it up.

Note

Enabling Glitch-FE still lets you use any Mastodon client to access Lysand, but it makes your instance easier to access for new users

Lysand 0.4

0.4 • The Federation Update

After a month of work, Lysand 0.4 is finally out now!

This release adds:

• Support for inbound and outbound federation with other Lysand instances: This is limited to follow requests and sending notes for now
• Full Docker support: Docker is now the default way to run a production Lysand instance
• Automatic database migrations: Database is now automatically migrated without needing to run prisma commands (Prisma has been removed)
• Better stability: Lysand 0.4 brings refactoring into API routes that strictly validates all data sent to it, preventing accidental 500 errors
• Better logging: All server errors are now logged properly instead of displaying an ugly stack trace in the logs. Additionally, console logs are now colored and have dates formatted
• Non-monolithic architecture: Hosting the database, API layer and frontend separately on entirely different servers (and even having multiple of those at once) is now possible!
• Many bugfixes: Many bugs to existing routes and client incompabilities have been eradicated.
• Official production instance: An official instance, https://social.lysand.org is now up for testing purposes! (do not expect this instance to be stable, as it follows the main branch). It also has a sister at https://social2.lysand.org for federation testing.

In progress:

• ActivityPub compatibility: @CutestNekoAqua is now working on an ActivityPub bridge for Lysand, allowing you to federate with fediverse instances (this is a work in progress)
• Lysand-FE: A custom frontend for Lysand instances is being developed as an official client

As always, please report any bugs or feature requests at the issue tracker!

Lysand Server 0.3.0

This release is a complete rewrite of most subsystems in Lysand with a goal to make every single component independently testable.

There are not many new features, but most components have been upgraded with better reliability and performance. Documentation has also been updated to help you work with this new version.

The most noticeable external changes will be the new, better CLI with better command syntax parsing, many more options than before, complete help flags for every command and better reliability: tests have also been refactored to be able to run without a Lysand Server instance running.

In the near future, this will allow us to to end-to-end testing directly in GitHub Actions independently of individual machines.

Once compiled, the full Lysand Server 0.3 is around ~1100 kB (without the Bun runtime) and completely starts up in ~51ms.

---

Why has there been so much delay between 0.2 and 0.3?

My main computer broke and I had to wait for a new one to arrive, which took months; also, health issues

Where do I get this?

Please follow the instructions in the README to install Lysand.

Lysand Server v0.2.0

New Features

• Optional search with Meilisearch (without it, search is disabled)
• New CLI commands for managing emojis, importing emoji packs and rebuilding indexes
• Full custom emoji support in posts, display names and bios
• Performance improvements