Trunk & Tidbits, March 2025

Renaud Chaput

CTO

Andy Piper

Head of Communications

Greetings! We’re back, with our monthly update from the Mastodon engineering team.

Remember how last month was a bit lighter for news? Well, this time, we are making up for it and have a lot to share! Take a look below for team updates, some significant new features, and updates to the mobile apps. We also have very important information about changes with new (and old) software versions. Finally, there’s a bumper round-up of community news, and some fun projects you may have missed.

Events and team news

We are very excited to welcome Echo to the core team as a front-end developer. We extended our recruitment to include a second front-end developer, and found another great individual who will be joining us soon as well. Also on the team side, we opened a role for a designer to join the team, after we said goodbye to Sam recently.

In March, Andy was on stage at Fediverse House, a side event at SXSW run by our friends from Flipboard. This was a fun space which created opportunities to finally meet some of the members of our community in person (hi, @box464) and to talk about Mastodon and the Fediverse. Andy was also a guest on the Fireside Fedi podcast, which you can watch as a video, or listen to in audio.

If you have an account on one of our hosted instances (mastodon.social and mastodon.online), you may like to know that we now have an account that is run by the team that operates them - @staff@mastodon.social is where you can find updates and announcements related to these services. As noted in the account bio, you should continue to use the existing process for any account support and appeals requests.

Don’t forget that we also post technical and team updates on @MastodonEngineering@mastodon.social.

You’re also free to check out our LinkedIn page for non-engineering updates. It doesn’t federate, but, we’re there too.

Releases and updates

In March, we released a number of bugfixes, and a security fix. You should take a look at the most recent version for the Mastodon level you are running, but also check the release notes for any versions you may also have missed. In total, we shipped:

  • 4.3.5, 4.3.6, and 4.3.7

  • 4.2.18, 4.2.19, and 4.2.20

    • IMPORTANT: Mastodon 4.2.17 dropped support for Ruby 3.0 (this is no longer supported upstream). If you are running Mastodon 4.2 and Ruby 3.0, you can update as far as Mastodon 4.2.16 which contains the latest security fixes, but please note that this version has a known vulnerability if you are using SAML authentication with Mastodon. If you are running Mastodon 4.2.x with Ruby 3.0, we strongly encourage you to update to Ruby 3.2, and then use Mastodon 4.2.17 or above.
  • 4.1.24, and 4.1.25.

    • If you are running Mastodon 4.1.x, note that it only supports Ruby 3.0 (which is no longer supported upstream) and is subject to the above SAML security issue.

Mastodon 4.1.25 is the final version of the Mastodon 4.1.x lifecycle. As of April 8, 2025 this version of the software is end of life and will no longer receive updates (including for security issues). You should upgrade to a supported version as soon as possible.

Looking ahead, we posted a notice about future versions of Mastodon (from 4.4 onwards), that will retire the use of Redis namespaces and the REDIS_NAMESPACE environment variable. If you have questions related to this future change, there’s a discussion post on GitHub.

Post by @MastodonEngineering@mastodon.social
View on Mastodon

Backend and web

In March, we reviewed and merged 167 Pull Requests (106 with translation and dependency updates removed) from 14 authors. Thank you for all of the contributions!

  • api Added new fields in the instance endpoint to get the instance’s about, terms of service and privacy policy pages, so apps can display them (including during signup). Github PR #33849 (by ClearlyClaire)
  • api Added an attribute to the instance endpoint to understand whether a reason is required for sign ups. Github PR #34280 (by ClearlyClaire)
  • new feature Updated the Terms of Service feature to add a publication date, allowing users to review the ToS before they take action. Github PR #33993 (by Gargron)
  • new feature Added a way for admins to do basic age verification to help with local law compliance. It achieves this by asking for the user birth date when signing up and checking it against the configured age. The birth date is not stored anywhere. Right now, it will reject sign ups where the birth date is not provided (for example, from API clients that do not support entering it), but we plan to properly handle this case before the feature is released. Github PR #34150 (by Gargron)
  • interface The Emoji picker now supports Emojis from Unicode 15.0 (and a PR is in the works for 15.1). Github PR #33395 (by eramdam)
  • admin Add a way for admins to send an announcement by email to all users. Github PR #33928 (by ClearlyClaire)
  • new feature Jonny has been working for several months to add a way to fetch replies from other servers, to solve the common issue of only seeing a part of conversations. The first part of this work has been merged. It is not enabled by default for now, as we need to ensure that it behaves correctly and does not significantly increase the requests made to other servers - but, this is a huge first step. Further PRs will be required to update the interface, and ensure that apps can support this as well. Github PR #32615 (by sneakers-the-rat) Github PR #34147 (by ClearlyClaire) Github PR #34151 (by ClearlyClaire)
  • api The API now supports the Deprecation header from RFC9745. We recommend that application developers look for this header in responses, and display a warning when it is present in development mode, to detect usage of deprecated APIs. See the documentation for more information. Github PR #34262 (by ClearlyClaire)
  • new feature A new v2 filter action has been added: blur. It is similar to warn, but only applies to attached media. If you’ve implemented v2 filters according to our documentation, your client should be handling unknown types as warn, which is a reasonable fallback for blur. Documentation: Create a filter and filter action entity Github PR #34256 (by ClearlyClaire)
  • new feature Support for Fediverse Auxiliary Service Providers has been merged. No capabilities are implemented yet, but this is the first step towards supporting Fediscovery in Mastodon, and opens the door for many other exciting features. Github PR #34031 (by oneiros)
  • interface The media modal behaviour on mobile has been improved, with better gesture support. Github PR #34210 (by Gargron)
  • admin admin.sign_up notifications can now be grouped. Github PR #34298 (by ClearlyClaire)

Android

Version 2.9.5 was released, with some minor bug fixes and tweaks. We’re also working on support for the age verification on sign-up changes mentioned above.

iOS

With the release of 2025.01, grouped notifications are now available on iOS! Favorites, boosts, and follows that occur close together are grouped with similar notifications, as they are on the web. Also, follow requests can be approved or rejected right from the notifications list.

You’ll also see a bunch of improvements around post visibility (“Public”, “Unlisted”, etc.) throughout the app. When composing a new post, the visibility setting is now just below the publish button, making it much more obvious. When viewing your timeline, private mentions and replies are now marked with headers similar to those on the web, and posts that are not public now show an icon to indicate their visibility. Several other long-standing issues around post visibility have also been resolved.

Quite a few other fixes are included in this update as well, and we’re hard at work on a follow-up to address additional issues.

Fediscovery

We merged the first Fediscovery-related PR into Mastodon (see above). This includes basic support for managing FASP (Fediverse Auxiliary Service Providers), of which Discovery providers will be the first kind. This is still behind a feature flag and does not provide any user-visible functionality, but it enables a couple of things. Expect to see more in the coming months.

We also started work on the next discovery capability: “Account Recommendations”. A first specification draft will be published in April.

Testing of an initial Fediscovery implementation is ongoing. Demonstrating that this is not a Mastodon-only service, the Smithereen project has been working with the current code.

Post by @grishka@mastodon.social
View on Mastodon

Community news

This was a big month across the community.

That was a lot of news! We are excited to see the community continuing to share interesting apps and examples. Let us know if you’re building something cool, and we may feature it in a future post.

Thank you

Mastodon is a platform that empowers communities and fosters connections. It thrives when people contribute! We appreciate all of the support. Please consider donating to help us to keep improving the software.

Thank you for supporting Mastodon

We develop and maintain the free and open-source software that powers the social web. There is no capital behind this—we rely entirely on your support through platforms like Patreon.