tag:blog.diasporafoundation.org,2005:/feedThe diaspora* blog2023-07-10T00:00:31Ztag:blog.diasporafoundation.org,2005:Blogpost/762023-07-10T00:00:31Z2023-07-10T00:00:31Zdiaspora* security release 0.7.18.2Diaspora* Foundation<p>We just released a new diaspora* version, which addresses possible security issues when processing images uploaded by users that is affecting some system configurations.</p>
<p>This fix was heavily inspired by Mastodon's fix for <a href="https://github.com/mastodon/mastodon/security/advisories/GHSA-9928-3cp5-93fm">GHSA-9928-3cp5-93fm</a>, and while diaspora*s attack surface is significantly smaller and some operating systems do ship a restrictive ImageMagick policy, this release makes sure that everyone is safe.</p>
<p>Thank you Cure53 for finding this issue, thank you Mozilla for paying Cure53 to look into it, and thanks for Mastodon for fixing it.</p>
<h3>Updating</h3>
<p>For podmins, update instructions are available as usual <a href="https://wiki.diasporafoundation.org/Updating#Updating_a_production_install_to_a_new_minor_version">in the wiki</a>. As that this update includes security fixes, please update as soon as possible.</p>
<p>If you are a user not running your own pod, there is nothing you need to do!</p>
tag:blog.diasporafoundation.org,2005:Blogpost/752022-09-10T00:04:55Z2022-09-10T00:04:55Zdiaspora* version 0.7.18.1 released!Diaspora* Foundation<p>We just released diaspora* version 0.7.18.1 which fixes an issue when multiple bundler versions were available that results in diaspora* being unable to start.</p>
<h3>Updating</h3>
<p>Podmins who already run 0.7.18.0 without issues don't need to update (but feel free to do anyway). For podmins still on older version, it fixes some possible issues when updating. Update instructions are available as usual <a href="https://wiki.diasporafoundation.org/Updating#Updating_a_production_install_to_a_new_minor_version">in the wiki</a>.</p>
<p>If you are a user not running your own pod, there is nothing you need to do!</p>
tag:blog.diasporafoundation.org,2005:Blogpost/742022-08-29T18:54:03Z2022-08-29T22:48:59Zdiaspora*'s 10 years in community handsDiaspora* Foundation<p>This weekend marked the 10th anniversary since the diaspora* project was handed over by its founders to the community. Ten years – time really does fly!</p>
<p>During that time we’ve made many fundamental improvements to the software that this network runs on, from standardizing the process of making improvements to the code to completely rewriting the federation protocol on which communication between pods is based. We’ve also stabilized performance in many ways, and we've added many improvements to the user interface and new features.</p>
<p>Over the past couple of years things have been a bit quieter as our team of volunteer developers has been hard at work on some really huge and complex tasks. The most fundamental of these have been creating a feature to allow members to move their account from one pod to another, and creating an API to allow apps to interact with diaspora* more easily and in more interesting ways.</p>
<p>With these major improvements included, our next release will be a quantum leap forward for the project, and so we’re going to release it as <strong>diaspora* 1.0</strong>!</p>
<p>We hoped we might be able to release version 1.0 on the date of our 10th anniversary, but limits on our resources have meant that these big new features are not yet ready. If you think that you could help with some coding or reviewing tasks to get us over the line, please let us know! We'd love some help from our wider community, and we can’t wait to be able to offer these new features to you all.</p>
<p>Thanks to you all for being part of diaspora*'s amazing community!</p>
tag:blog.diasporafoundation.org,2005:Blogpost/732022-07-31T22:05:31Z2022-07-31T22:05:31Zdiaspora* version 0.7.18.0 released!Diaspora* Foundation<p>As announced, a new minor release is now released. Over the past three months, we have managed to collect <strong>113 commits</strong> made by <strong>3 contributors</strong> for this minor release.</p>
<p>A huge thanks to all the contributors from diaspora*'s amazing community! If you want to help make diaspora* even better, please <a href="https://wiki.diasporafoundation.org/Getting_started_with_contributing">check out our getting started guide</a>. Please <a href="https://github.com/diaspora/diaspora/releases/tag/v0.7.18.0">see the changelog</a> for a complete list of changes made in this release.</p>
<h3>Notable Changes</h3>
<ul>
<li>We updated the recommended Ruby version to 2.7. If you followed our installation guides, run <code>rvm install 2.7</code> to install it!</li>
<li>We updated to bundler 2 and rails 6.1.</li>
<li>Switched to <code>sassc-rails</code> which makes <code>assets:precompile</code> a lot faster.</li>
<li>HTML notification emails now contain the correctly formatted posts and comments.</li>
</ul>
<h3>Updating</h3>
<p>For podmins, update instructions are available as usual <a href="https://wiki.diasporafoundation.org/Updating#Updating_a_production_install_to_a_new_minor_version">in the wiki</a>. For those of you who have been testing the release candidate, run <code>git checkout master</code> before the update to get back to the stable release branch.</p>
<p>If you are a user not running your own pod, there is nothing you need to do!</p>
tag:blog.diasporafoundation.org,2005:Blogpost/722022-04-27T19:23:20Z2022-04-27T19:23:20Zdiaspora* version 0.7.17.0 released with security fixes!Diaspora* Foundation<p>We just released a new diaspora* version, which addresses two critical security issues in the Ruby on Rails framework, as well as one medium security issue in our code discovered by a security researcher.</p>
<p>A huge thanks to all the contributors from diaspora*'s amazing community! If you want to help make diaspora* even better, please <a href="https://wiki.diasporafoundation.org/Getting_started_with_contributing">check out our getting started guide</a>. Please <a href="https://github.com/diaspora/diaspora/releases/tag/v0.7.17.0">see the changelog</a> for a complete list of changes made in this release.</p>
<h3>Updating</h3>
<p>For podmins, update instructions are available as usual <a href="https://wiki.diasporafoundation.org/Updating#Updating_a_production_install_to_a_new_minor_version">in the wiki</a>. As that this update includes security fixes, please update as soon as possible.</p>
<p>If you are a user not running your own pod, there is nothing you need to do!</p>