Releases: bookwyrm-social/bookwyrm
Releases · bookwyrm-social/bookwyrm
v0.8.7
This is mainly bug fixes for the previous release.
What's Changed
New Features 🎉
- Allow admins to delete invite codes and revoke sent invites by @diaxoaine in #3930
Bug Fixes 🐛
- Do not raise PermissionDenied errors on unsigned get requests by @hughrun in #3925
- fix federated server notes by @hughrun in #3938
Other Changes
- Revert "caching: set cache expire to 0 in debug mode" by @mouse-reeve in #3928
- Sort series books numerically by @diaxoaine in #3926
- Add
stopped readingheader rendering by @diaxoaine in #3927 - Landing page re-work by @mouse-reeve in #3920
- Switch celery pool to threads from gevent by @diaxoaine in #3932
New Contributors
- @diaxoaine made their first contribution in #3926
Full Changelog: v0.8.6...v0.8.7
Contributors
mouse-reeve, hughrun, and diaxoaine
Assets 2
v0.8.6
What's Changed
‼️ Breaking Changes & New Settings ⚙️
- Allow S3 Default ACL Override for Backblaze by @pilotMike in #3670
- nginx: move common upstream config to server_config by @ilkka-ollakka in #3881
- add custom security middleware by @hughrun in #3906
Updated Dependencies 🧸
- celery: pump version to 5.6.2 and change to gevent pool by @ilkka-ollakka in #3880
- build(deps-dev): bump pytest from 8.1.1 to 9.0.3 by @dependabot[bot] in #3893
- build(deps-dev): bump django from 5.2.9 to 5.2.14 by @dependabot[bot] in #3894
- build(deps-dev): bump pillow from 11.3.0 to 12.2.0 by @dependabot[bot] in #3892
- build(deps-dev): bump aiohttp from 3.13.3 to 3.13.4 by @dependabot[bot] in #3895
- build(deps-dev): bump requests from 2.32.4 to 2.33.0 by @dependabot[bot] in #3898
- build(deps-dev): bump markdown from 3.6 to 3.8.1 by @dependabot[bot] in #3896
- bind gunicorn to ipv6 and pump nginx to 1.30.1 by @ilkka-ollakka in #3884
New Features 🎉
- Make series a separate model by @hughrun in #3747
- Allow reviews without titles by @hughrun in #3886
- Refresh UI display of statuses by @mouse-reeve in #38
Bug Fixes 🐛
- Some tweaks to manifest.json by @WKobes in #3825
- fix(initdb): check linkdomain only name to be present by @ilkka-ollakka in #3857
- Fix template ids by @WKobes in #3869
- Prevent users being added when signature validated by @hughrun in #3891
- Security: Ineffective File Size Middleware by @tomaioo in #3901
Other Changes
- Tune user model indexing and re-enable admin dashbord charts by @ilkka-ollakka in #3860
- bw-dev: dev workflow improvements by @ilkka-ollakka in #3855
- anubis: add allow rules for rss feeds by @ilkka-ollakka in #3864
- Enable IPv6 for the main network so federation with IPv6-only instances is possible by @WKobes in #3846
- Improve CommonMark adherence in
README. by @RokeJulianLockhart in #3865 - Add contribution info front-and-center in the README by @mouse-reeve in #3872
- Redirect contributors to docs and ban agents by @hughrun in #3873
- Leave backups from dev flow by @ilkka-ollakka in #3874
- change .env.dev to .env.dev.example by @hughrun in #3885
- bw-dev: use dev rm in resetdb by @ilkka-ollakka in #3879
- caching: set cache expire to 0 in debug mode by @ilkka-ollakka in #3882
- replace JS_CACHE with ManifestStaticFilesStorage by @ilkka-ollakka in #3883
- Add github action to build and release containers by @ilkka-ollakka in #3841
- utilize build cache on workflow container build by @ilkka-ollakka in #3900
- fix(i18n): add missing translation block for group members heading by @enaktes9-hub in #3902
- Avoid using cached template loader in development by @mouse-reeve in #3833
- docker-compose(certbot): do infinite sleep with reverse_proxy NGINX-mode by @ilkka-ollakka in #3904
- Add more ruff validation for code quality checks by @mouse-reeve in #3909
- bw-dev: rework dev command to a prefix by @ilkka-ollakka in #3905
- Adds arbitrary dev command runner to bw-dev by @mouse-reeve in #3915
New Contributors
- @ChrisW-B made their first contribution in #3441
- @pilotMike made their first contribution in #3670
- @dashohoxha made their first contribution in #3859
- @RokeJulianLockhart made their first contribution in #3865
- @enaktes9-hub made their first contribution in #3902
- @tomaioo made their first contribution in #3901
Full Changelog: v0.8.5...v0.8.6
Contributors
dashohoxha, mouse-reeve, and 9 other contributors
Assets 2
v0.8.5
What's Changed
Updated Dependencies 🧸
- pump nginx container version to current stable and enable file-descriptor/ssl session cache by @ilkka-ollakka in #3827
- Pump environs version to support reading secrets from file by @ilkka-ollakka in #3848
Bug Fixes 🐛
- Don't consider file type when checking for file link dupes by @mouse-reeve in #3824
- fix user exports when S3 used by @hughrun in #3823
- Fix reading goal year check to respect user's timezone by @LakshmiSravyaVedantham in #3849
- fix ISNI timeout error handling by @hughrun in #3850
Other Changes
- Fix Uncaught ReferenceError on DMs page by @hughrun in #3819
- Sets a empty string as default reading progress when unset by @WKobes in #3821
- No longer pull l10n branch in update locales command by @mouse-reeve in #3822
- Add missing JS map file by @iangreenleaf in #3766
- Dockerfile: mount cache for apt/npm/pip to improve rebuild times by @ilkka-ollakka in #3815
- build full bookwyrm container by @ilkka-ollakka in #3803
- Gets stylelint working in docker and in the github workflow by @mouse-reeve in #3818
- db-container: define shared memory size to be 128mb by default by @ilkka-ollakka in #3826
- Manually delete unused keys from redis activity cache by @mouse-reeve in #3282
- Updates unit test for file links by @mouse-reeve in #3830
- Uses old-style media queries to keep libsass happy by @mouse-reeve in #3831
- Updates locale reference file by @mouse-reeve in #3832
- Fix makemigrations running by @ilkka-ollakka in #3834
- tweak anubis rules by @ilkka-ollakka in #3835
- dev container refactoring and fixing bw-dev pytest by @ilkka-ollakka in #3838
- book query tuneups by @ilkka-ollakka in #3839
- docker compose fixes by @ilkka-ollakka in #3842
- initdb: fix case connectors have been changed from defaults by @ilkka-ollakka in #3844
- Anubis config fixes for paths by @ilkka-ollakka in #3851
- Reduce container default memory usage by @ilkka-ollakka in #3852
New Contributors
- @WKobes made their first contribution in #3821
- @iangreenleaf made their first contribution in #3766
- @LakshmiSravyaVedantham made their first contribution in #3849
Full Changelog: v0.8.4...v0.8.5
Contributors
iangreenleaf, mouse-reeve, and 4 other contributors
Assets 2
v0.8.4
What's Changed
‼️ Breaking Changes & New Settings ⚙️
- merge settings and requirements files to pyproject.toml by @ilkka-ollakka in #3697
Updated Dependencies 🧸
- Bump aiohttp from 3.12.14 to 3.13.3 by @dependabot[bot] in #3784
New Features 🎉
- Followed users filter in directory by @kasiarog in #3783
- add libris connector (Swedish libraries catalog) by @peppercoffee in #3798
Other Changes
- Add container entrypoint to do migrations and static collections on start by @ilkka-ollakka in #3759
- user_export: rework user export book db query by @ilkka-ollakka in #3789
- tune finding books queries by @ilkka-ollakka in #3808
- Fix: services.web.depends_on.db Additional property restart is not allowed by @bit-man in #3780
- housekeeping: use first isbn values to search missing covers by @ilkka-ollakka in #3799
- Improve indexing for edition and list models by @ilkka-ollakka in #3811
- Add anubis to filter spam/bot traffic by @ilkka-ollakka in #3788
- django components version pumps by @ilkka-ollakka in #3814
New Contributors
- @bit-man made their first contribution in #3780
- @peppercoffee made their first contribution in #3798
Full Changelog: v0.8.3...v0.8.4
Contributors
bit-man, ilkka-ollakka, and 3 other contributors
Assets 2
v0.8.3
What's Changed
Updated Dependencies 🧸
- Bump django from 5.2.8 to 5.2.9 by @dependabot[bot] in #3751
- Linter migration to Ruff by @kasiarog in #3750
Bug Fixes 🐛
- fix is_api_request by @hughrun in #3748
- Fix Safari dropdown arrow by @cnaples79 in #3743
Other Changes
- Tweak to forced password reset migration by @mouse-reeve in #3738
- Add background jobs to find and add missing covers by @hughrun in #3669
- Adds admin panel for triggering forced password resets by @mouse-reeve in #3736
- Allow an instance to disable federation by @mouse-reeve in #3421
- Striptags on book description in tags by @kasiarog in #3745
- Include books' pages in CSV export by @ccamara in #3755
- fix mock in test_existings_authors_aliases_add_author_helper by @hughrun in #3756
- add bloom-index for book/edition deduplication_fields by @ilkka-ollakka in #3775
- Fix IntegrityError when resolve_remote_id returns None by @nycterent in #3763
- refactor common nginx configs to locations-file by @ilkka-ollakka in #3774
- Add possiblity to create new list from book page #3633 by @babastienne in #3761
- docker-compose: use healthchecks and service_healthy dependencies to define star order of containers by @ilkka-ollakka in #3757
- dev-tools: use node container image as source instead of apt by @ilkka-ollakka in #3758
New Contributors
- @kasiarog made their first contribution in #3745
- @cnaples79 made their first contribution in #3743
- @babastienne made their first contribution in #3761
Full Changelog: v0.8.2...v0.8.3
Contributors
nycterent, ccamara, and 7 other contributors
Assets 2
v0.8.2
Important
This update includes important security fixes.
Upgrading to BookWyrm v0.8.2
All environments
Warning
Version 0.8.0 included a major upgrade to the required Postgres version. If you are migrating from a version prior to v0.8.0, you must follow the v0.8.0 upgrade instructions to ensure your database is properly upgraded.
Warning
This release includes a database migration
- ALWAYS BACK UP YOUR DATABASE BEFORE UPGRADING and ideally know how you can restore it if something goes wrong.
Docker
Run ./bw-dev update
Non-docker
Follow the instructions for dockerless upgrades.
What's Changed
Updated Dependencies 🧸
- Bump django from 5.2.3 to 5.2.8 by @dependabot[bot] in #3728
Other Changes
- Comments out inefficient queries by @mouse-reeve in #3726
- isbn_10: fix datamigration and management command by @ilkka-ollakka in #3727
- Modifies delete user flow by @mouse-reeve in #3732
- Fixes admin page stats by @mouse-reeve in #3734
- Adds flow to force users to reset their passwords by @mouse-reeve in #3733
Full Changelog: v0.8.1...v0.8.2
Contributors
mouse-reeve, ilkka-ollakka, and dependabot
Assets 2
v0.8.1
This is a bugfix release. It is strongly recommended to patch as soon as possible.
Upgrading to BookWyrm v0.8.1
All environments
Warning
This release includes a data migration
- ALWAYS BACK UP YOUR DATABASE BEFORE UPGRADING and ideally know how you can restore it if something goes wrong.
- This patch includes a data migration and adds a new management command (
fix_isbn10_entries). Both of these repair 11-digit ISBN-10 entries caused by a bug inv0.8.0. You do not need to run the new command when updating, but you may wish to use it in the future to fix any books that are added or merged from a federated server.
Docker
Run ./bw-dev update
Non-docker
Follow the instructions for dockerless upgrades. It is important that you complete the migration stage (venv/bin/python3 manage.py migrate) as this will apply a fix to incorrect ISBN entries.
What's Changed
Bug Fixes 🐛
- book: fix validation for 979 prefixed isbn-13 and isbn_13_to_10 function by @ilkka-ollakka in #3710
- parse review dates for book imports by @hughrun in #3715
Other Changes
- edit_book: improve author search matching on some names and aliases by @ilkka-ollakka in #3714
Full Changelog: v0.8.0...v0.8.1
Contributors
ilkka-ollakka and hughrun
Assets 2
v0.8.0
Important
This update includes important security fixes.
User exports and imports
User import and export files will now both be saved to /exports in local storage by default. Import files will be deleted once the import is completed.
Instance administrators should manually check your images directory (local and S3 storage) for any user export files (ending in .gz). These should be deleted as a matter of priority as they are publicly available. You are also strongly encouraged to delete any files in S3 exports directories, especially is you are using Backblaze (B2) or Cloudflare (R2) S3-compatible storage as your bucket may be unsecured.
If you wish to use S3 storage for export files instead of local storage, you must set the following values in your .env file:
USE_S3_FOR_EXPORTS=trueEXPORTS_S3_CUSTOM_DOMAINEXPORTS_STORAGE_BUCKET_NAME
The following new .env values for are optional, and will default to the equivalent S3 env values if not set:
EXPORTS_ACCESS_KEY_IDEXPORTS_SECRET_ACCESS_KEYEXPORTS_S3_REGION_NAMEEXPORTS_S3_ENDPOINT_URL
Important
This update changes default values
The default file upload limit is now 100MiB. This can be changed by defining MAX_UPLOAD_MiB in .env, as a number representing mebibytes. This may change again in future after enough time is provided for legacy user export files to be imported to new instances.
User import and export files now default to save to /exports in local storage. If you wish to use S3 storage for user import/export files instead of local storage, you must set USE_S3_FOR_EXPORTS=truein your .env file.
Warning
This version has new minimum versions for dependencies
Postgres version
The minimum Postgres version is now 14 (17 preferred). Follow the BookWyrm upgrade instructions below to ensure a smooth migration.
Django version
The Django version is now 5.2.
Environment variables
New env variables
NGINX_SETUP- this actually changed in0.7.5but was not mentioned in the release notes. Possible values arereverse_proxyorhttps. If not set, defaults tohttps. If you are using a reverse-proxy or working in a development environment (including when usinglocalhost), set this toreverse-proxy. See the documentation on NGINX_SETUP for more information.
Changes and deprecations to env values
USE_HTTPSis no longer used. HTTPS will now always be assumed unlessDOMAIN=localhost. This ensures that it is not possible to run in production on thehttpprotocol. If you were previously running in production withUSE_HTTPSset toFalse(or not set at all) you may have some user and object IDs withhttpURLs. You should ensure that you have http to https forwarding in place for your IDs work correctly.DEBUGnow defaults tofalserather thantrue. This makes production installs more secure by default, but may require adjustment for existing development environments.- If not set,
PORTwill now default to443unlessDOMAINislocalhost, in which case it will default to80. This is different to previous behaviour, where if unset,PORTwas1333.
Upgrading to BookWyrm v0.8.0
All environments
- ALWAYS BACK UP YOUR DATABASE BEFORE UPGRADING and ideally know how you can restore it if something goes wrong.
- Check the environment variables you have set in
.envagainst the notes above, and make any necessary changes
Docker
- You will need to stop your containers in order to upgrade:
docker compose down - Upgrade postgres to version 17:
./bw-dev upgrade_db_version - Upgrade BookWyrm:
./bw-dev update(NOTE: if you have previously commented out thedocker-compose buildstage you must uncomment this first in order to correctly rebuild with Django 5.2)
Non-docker
- Check that your postgresql version is at least
14(17is preferred). If necessary, upgrade according to the postgres instructions or using the relevant procedure for your operating system - Follow the BookWyrm upgrade documentation for dockerless
What's Changed
‼️ Breaking Changes & New Settings ⚙️
- change DEBUG default to True by @hughrun in #3576
- Deprecate USE_HTTPS by @hughrun in #3588
- Make file-upload limit configurable and inform when import-file is too big by @ilkka-ollakka in #3627
- Prefer existing book data from the fedi when importing user accounts by @hughrun in #3653
- Allow S3 Default ACL Override by @hughrun in #3699
Updated Dependencies 🧸
- update aiohttp requirement to fix connectivity to services behind cloudflare by @ilkka-ollakka in #3536
- fix
bw-dev setupfailing and remove--buildfrombw-dev upby @hughrun in #3561 - update requests dependency to 2.23.3 by @ilkka-ollakka in #3571
- requirements: update django-celery-beat and django-sass-processor by @ilkka-ollakka in #3617
- requirements: upgrade psycopg2 to psycopg3 by @ilkka-ollakka in #3605
- update postgresql to version 17 and add bw-dev command to upgrade current database volume by @ilkka-ollakka in #3615
- Upgrade django to 5.2 LTS by @ilkka-ollakka in #3616
- requirements: pump pillow to 11.3 by @ilkka-ollakka in #3674
New Features 🎉
- show finna links/update button in book info if finna key is present by @ilkka-ollakka in #3642
- Add ability to view and terminate user sessions by @hughrun in #3664
- Improve sort title handling by @hughrun in #3666
- Make form error messages more obvious by @hughrun in #3665
- Improve Unicode support in slugs and URL patterns by @talmuth in #3692
- Add DublinCore metadata to Book page by @jakkarth in #3694
Bug Fixes 🐛
- Exclude deleted items in user export by @ilkka-ollakka in #3586
- Bugfix/show rating shown without existing ratings by @mario-kromer in #3577
- fix s3 exports storage location by @hughrun in #3602
- fix opensearch base url missing by @hughrun in #3603
- add isbn10 and isbn13 validators to Edition model by @ilkka-ollakka in #3573
- Fix shelf RSS items to use shelved date rather than book publication date by @timothyjrogers in #3634
- Don't require authentication to view user's non-private groups by @timothyjrogers in #3637
- Fix #3632: Add anchor link to scroll to reviews section by @AdityaDeshmukh1 in #3646
- Updated EXIF removal to support large image uploads by @timothyjrogers in #3651
- https: send x-forwarded-proto from nginx and use it in django by @ilkka-ollakka in #3673
- Guess series number from series-info in openlibrary connector via regex by @ilkka-ollakka in #3657
- fix Inventaire covers not appearing in book search by @hughrun in #3678
- Fix follower/following AP requests returning wrong JSON data by @hughrun in #3686
Other Changes
- search: use default confidence of 0.1 on search instead of disabling min_confidence by @ilkka-ollakka in #3553
- inventaire: scale confidence linearly based on search score by @ilkka-ollakka in #3554
- Split nginx config files and fix flower access config by @ilkka-ollakka in #3540
- use gunicorn in main branch also by @ilkka-ollakka in #3557
- normalize rank to be 0..1 from database searches by @ilkka-ollakka in #3555
- remove port 8000 from docker-compose as unnecessary for web container by @ilkka-ollakka in #3541
- Fix randomly failing importer test jobs by add job ordering by @ilkka-ollakka in #3572
- RFC: Automatically handle nginx domain and make letsencrypt setup simpler by @ilkka-ollakka in #3543
- define testpaths for pytest to speed up pytest-run by @ilkka-ollakka in #3587
- Add bw-dev create_secrets -command by @i...
Contributors
talmuth, jakkarth, and 8 other contributors
Assets 2
v0.7.5
What's Changed
Updated Dependencies 🧸
- Bump aiohttp from 3.10.2 to 3.10.11 by @dependabot in #3473
- Bump django from 4.2.18 to 4.2.20 by @dependabot in #3520
Other Changes
- possible fix for #3372 - user export timeouts by @hughrun in #3378
- Fix CSS path prefix when S3 storage is used by @lo48576 in #3384
- Use a simpler query for books to show on the landing page by @mouse-reeve in #3374
- Add an up-to-date sqlparse to requirements.txt by @dato in #3400
- Avoid empty <title> in templates by @dato in #3402
- In-memory Celery backend for tests by @dato in #3151
- Fix reading progress
start_datebug by @dato in #3401 - Trim search whitespace by @timothyjrogers in #3410
- Narrowed is_authenticated check in verfication_modal to only restrict… by @timothyjrogers in #3411
- csv import and export fixes by @hughrun in #3135
- Hide ratings by @mouse-reeve in #3418
- Sets edit status header to indicate status type by @mouse-reeve in #3416
- Order user shelf previews by book shelved date by @matthewmincher in #3394
- sign all AP requests by @hughrun in #3434
- Fix IntegrityError caused by duplicate periodic task creation by @Guanchishan in #3451
- show Wikidata link on author page by @Guanchishan in #3454
- Fix post dates being inconsistent by @hughrun in #3437
- Prevent invite requests from blocked domains by @hughrun in #3476
- add Finna API connector by @ilkka-ollakka in #3498
- Add STATIC_ROOT to .env.example to fix CSS loading issues by @Guanchishan in #3452
- Add author born/death years to search results by @tkbremnes in #3474
- Included value of Accept header in Vary header generated for get requ… by @timothyjrogers in #3516
- Removed login_required from viewing public lists from user profiles by @timothyjrogers in #3518
- Updated locations that process a cover file upload to strip EXIF data… by @timothyjrogers in #3524
- Replace imghdr with use of pil.Image.format by @ilkka-ollakka in #3519
- Fix statuses creating duplicate Editions by @hughrun in #3471
- Import goodreads key when importing goodreads csv by @ilkka-ollakka in #3515
- User import and export improvements by @hughrun in #3431
- RSS for shelves by @mattkatz in #3013
- add CONTRIBUTING and minor updates to other meta docs. by @hughrun in #3532
- Make non-BookWyrm connectors default to a lower priority by @hughrun in #3531
- add django generated migrations for updated timezones by @ilkka-ollakka in #3534
- importer: add openreads importer by @ilkka-ollakka in #3511
- Make remote follow username regex comply to rfc 7565 by @timothyjrogers in #3528
- Duplicate authors by @hughrun in #3535
- Manage connectors from admin web UI by @hughrun in #3530
- Update locales and simplifies bw-dev command for loading locales by @mouse-reeve in #3544
New Contributors
- @lo48576 made their first contribution in #3384
- @timothyjrogers made their first contribution in #3410
- @matthewmincher made their first contribution in #3394
- @Guanchishan made their first contribution in #3451
- @ilkka-ollakka made their first contribution in #3498
- @tkbremnes made their first contribution in #3474
- @mattkatz made their first contribution in #3013
Full Changelog: v0.7.4...v0.7.5
Contributors
mattkatz, dato, and 9 other contributors
Assets 2
v0.7.4
What's Changed
Updated Dependencies 🧸
- Bump pillow from 10.2.0 to 10.3.0 by @dependabot in #3347
- Bump aiohttp from 3.9.2 to 3.9.4 by @dependabot in #3359
- Bump requests from 2.31.0 to 2.32.0 by @dependabot in #3369
Other Changes
- Fix detection of
unlistedposts by @dato in #3258 - bulk-fmt: bracket-wrap calls to patch() for better readability by @dato in #3320
- Remove twitter from README.md by @ccamara in #3334
- flower 2.0.1 fixes a few link bugs (particularly for favicon) by @prolibre in #3337
- Update CodeQL workflows to v3 by @Minnozz in #3343
- Fix resource leaks by @Minnozz in #3339
- Add index on Status.remote_id by @Minnozz in #3346
- Make nginx config safer by @Minnozz in #3338
- Define more indexes for slow queries by @Minnozz in #3348
- Track which Author/Work/Edition a duplicate has been merged into by @Minnozz in #3299
- Adds merge migration by @mouse-reeve in #3355
- Install same version of eslint in CI as in dev-tools by @Minnozz in #3356
- [FIX] make sure to get Pillow>=10 compatible pilkit by @hbrunn in #3342
- Fix user exports to deal with s3 storage by @hughrun in #3228
- Fix creation of quotations with no end position by @dato in #3353
- Support AWS_S3_URL_PROTOCOL by @Minnozz in #3336
- refactor Move for more redundancy by @hughrun in #3360
- Correctly handle serving BookWyrm on custom port by @Minnozz in #3350
- feat: add OAuth authentication by @SMillerDev in #3114
- Upgrade to Django 4.2 by @Minnozz in #3341
- Add
as:Hashtagto activitypub context by @Tak in #3370 - add GitHub templates for PRs and releases by @hughrun in #3362
New Contributors
- @prolibre made their first contribution in #3337
- @SMillerDev made their first contribution in #3114
Full Changelog: v0.7.3...v0.7.4
Contributors
dato, Tak, and 8 other contributors