Trunk & Tidbits, March 2025

Greetings! We’re back, with our monthly update from the Mastodon engineering team.

Remember how last month was a bit lighter for news? Well, this time, we are making up for it and have a lot to share! Take a look below for team updates, some significant new features, and updates to the mobile apps. We also have very important information about changes with new (and old) software versions. Finally, there’s a bumper round-up of community news, and some fun projects you may have missed.

Events and team news

We are very excited to welcome Echo to the core team as a front-end developer. We extended our recruitment to include a second front-end developer, and found another great individual who will be joining us soon as well. Also on the team side, we opened a role for a designer to join the team, after we said goodbye to Sam recently.

In March, Andy was on stage at Fediverse House, a side event at SXSW run by our friends from Flipboard. This was a fun space which created opportunities to finally meet some of the members of our community in person (hi, @box464!) and to talk about Mastodon and the Fediverse. Andy was also a guest on the Fireside Fedi podcast, which you can watch as a video, or listen to in audio. Members of the team took part in more panels and events in March - for example, Felix was part of an EFF “Effecting Change” livestream that you can also check out. We aim to continue our outreach and communication over the coming months as the new organisation comes into focus.

If you have an account on one of our hosted instances (mastodon.social and mastodon.online), you may like to know that we now have an account that is run by the team that operates them - @staff@mastodon.social is where you can find updates and announcements related to these services. As noted in the account bio, you should continue to use the existing process for any account support and appeals requests.

Don’t forget that we also post technical and team updates on @MastodonEngineering@mastodon.social.

You’re also free to check out our LinkedIn page for non-engineering updates. It doesn’t federate, but, we’re there too.

Releases and updates

In March, we released a number of bugfixes, and a security fix. You should take a look at the most recent version for the Mastodon level you are running, but also check the release notes for any versions you may also have missed. In total, we shipped:

• 4.3.5, 4.3.6, and 4.3.7

• 4.2.18, 4.2.19, and 4.2.20

  • IMPORTANT: Mastodon 4.2.17 dropped support for Ruby 3.0 (this is no longer supported upstream). If you are running Mastodon 4.2 and Ruby 3.0, you can update as far as Mastodon 4.2.16 which contains the latest security fixes, but please note that this version has a known vulnerability if you are using SAML authentication with Mastodon. If you are running Mastodon 4.2.x with Ruby 3.0, we strongly encourage you to update to Ruby 3.2, and then use Mastodon 4.2.17 or above.

• 4.1.24, and 4.1.25.

  • If you are running Mastodon 4.1.x, note that it only supports Ruby 3.0 (which is no longer supported upstream) and is subject to the above SAML security issue.

Mastodon 4.1.25 is the final version of the Mastodon 4.1.x lifecycle. As of April 8, 2025 this version of the software is end of life and will no longer receive updates (including for security issues). You should upgrade to a supported version as soon as possible.

Looking ahead, we posted a notice about future versions of Mastodon (from 4.4 onwards), that will retire the use of Redis namespaces and the REDIS_NAMESPACE environment variable. If you have questions related to this future change, there’s a discussion post on GitHub.

Post by @MastodonEngineering@mastodon.social

View on Mastodon

Backend and web

In March, we reviewed and merged 167 Pull Requests (106 with translation and dependency updates removed) from 14 authors. Thank you for all of the contributions!

• api Added new fields in the instance endpoint to get the instance’s about, terms of service and privacy policy pages, so apps can display them (including during signup). — PR #33849 (by ClearlyClaire)
• api Added an attribute to the instance endpoint to understand whether a reason is required for sign ups. — PR #34280 (by ClearlyClaire)
• new feature Updated the Terms of Service feature to add a publication date, allowing users to review the ToS before they take action. — PR #33993 (by Gargron)
• new feature Added a way for admins to do basic age verification to help with local law compliance. It achieves this by asking for the user birth date when signing up and checking it against the configured age. The birth date is not stored anywhere. Right now, it will reject sign ups where the birth date is not provided (for example, from API clients that do not support entering it), but we plan to properly handle this case before the feature is released. — PR #34150 (by Gargron)
• interface The Emoji picker now supports Emojis from Unicode 15.0 (and a PR is in the works for 15.1). — PR #33395 (by eramdam)
• admin Add a way for admins to send an announcement by email to all users. — PR #33928 (by ClearlyClaire)
• new feature Jonny has been working for several months to add a way to fetch replies from other servers, to solve the common issue of only seeing a part of conversations. The first part of this work has been merged. It is not enabled by default for now, as we need to ensure that it behaves correctly and does not significantly increase the requests made to other servers - but, this is a huge first step. Further PRs will be required to update the interface, and ensure that apps can support this as well. — PR #32615 (by sneakers-the-rat) — PR #34147 (by ClearlyClaire) — PR #34151 (by ClearlyClaire)
• api The API now supports the Deprecation header from RFC9745. We recommend that application developers look for this header in responses, and display a warning when it is present in development mode, to detect usage of deprecated APIs. See the documentation for more information. — PR #34262 (by ClearlyClaire)
• new feature A new v2 filter action has been added: blur. It is similar to warn, but only applies to attached media. If you’ve implemented v2 filters according to our documentation, your client should be handling unknown types as warn, which is a reasonable fallback for blur. Documentation: Create a filter and filter action entity — PR #34256 (by ClearlyClaire)
• new feature Support for Fediverse Auxiliary Service Providers has been merged. No capabilities are implemented yet, but this is the first step towards supporting Fediscovery in Mastodon, and opens the door for many other exciting features. — PR #34031 (by oneiros)
• interface The media modal behaviour on mobile has been improved, with better gesture support. — PR #34210 (by Gargron)
• admin admin.sign_up notifications can now be grouped. — PR #34298 (by ClearlyClaire)

Android

Version 2.9.5 was released, with some minor bug fixes and tweaks. We’re also working on support for the age verification on sign-up changes mentioned above.

iOS

With the release of 2025.01, grouped notifications are now available on iOS! Favorites, boosts, and follows that occur close together are grouped with similar notifications, as they are on the web. Also, follow requests can be approved or rejected right from the notifications list.

You’ll also see a bunch of improvements around post visibility (“Public”, “Unlisted”, etc.) throughout the app. When composing a new post, the visibility setting is now just below the publish button, making it much more obvious. When viewing your timeline, private mentions and replies are now marked with headers similar to those on the web, and posts that are not public now show an icon to indicate their visibility. Several other long-standing issues around post visibility have also been resolved.

Quite a few other fixes are included in this update as well, and we’re hard at work on a follow-up to address additional issues.

Fediscovery

We merged the first Fediscovery-related PR into Mastodon (see above). This includes basic support for managing FASP (Fediverse Auxiliary Service Providers), of which Discovery providers will be the first kind. This is still behind a feature flag and does not provide any user-visible functionality, but it enables a couple of things. Expect to see more in the coming months.

We also started work on the next discovery capability: “Account Recommendations”. A first specification draft will be published in April.

Testing of an initial Fediscovery implementation is ongoing. Demonstrating that this is not a Mastodon-only service, the Smithereen project has been working with the current code.

Post by @grishka@mastodon.social

View on Mastodon

Community news

This was a big month across the community.

• The Nivenly Foundation - stewards of the Hachyderm.io instance - announced their Fediverse Security Fund, which will sponsor contributors who responsibly disclose security vulnerabilities in popular open source Fediverse software. This is a great initiative, and we are happy to see it.
• There was a big update to Phanpy, a progressive web app client for Mastodon.
• Fedi Archive is an iOS app that allows you to open and browse Mastodon account archives directly on device.
• The great @halcy, maintainer of the Mastodon.py client library for Python, shared some fun posts, including a FUSE filesystem built on Mastodon (!), demos of Mastodon.py with client-side PyScript, and a series of fun and silly examples built on the Mastodon API. Take a look, you may get inspired!
  • … Andy did get inspired, and ran with the FUSE idea, but it is still not something we recommend as a way to use Mastodon 😊
• Tom Casavant continues to contribute to getting Mastodon into all the right places, and submitted a pull request to add Mastodon trends as a widget for Glance.
• A new iOS app called Sabertooth appeared.
• If you use Discord, then you should find that embeds of Mastodon posts just got much nicer.
  • by the way, if you support us on Patreon, you can get access to our Discord server.
• Fred Rocha wrote a blog post about how he uses Mastodon in 2025.

That was a lot of news! We are excited to see the community continuing to share interesting apps and examples. Let us know if you’re building something cool, and we may feature it in a future post.

Thank you

Mastodon is a platform that empowers communities and fosters connections. It thrives when people contribute! We appreciate all of the support. Please consider donating to help us to keep improving the software.