Hey there, in case you had not noticed it, we released Friendica 2024.02-rc on Wednesday. Among the unlisted things in the release note are bug fixes for two security/privacy related bugs that have been found in 2023.12.
If you have not yet updated to the 2024.03-RC, personally I would encourage you to do so (or to the latest development branch, there the fixes are included as well). The RC branch is pretty stable and we aim for a release as early in March as possible.
In case you have not installed Friendica using git, but with the archive files, please have a look at the 2023.12 release notes and pick the latest archives from files.friendi.ca (there is already a friendica-full-2024.03-rc archive, but for the addons you need to take the friendica-addons-2024.03-dev archive as the RC branch had not seen any commits for the addons so far).
Today we have branched off the release candidate branch for the next stable release of Friendica which is scheduled for March. If you want to help finding rough edges and bogus behavior and hopefully fix them before the upcoming release, please checkout the new 2024.03-rc branch and report problems that you encounter.The most notable changes in this release are:
- We could optimize the performance in some areas.
- The channel feature got some extensions.
- An OCR addon was added to generate missing captions from images.
What is Friendica
Friendica is a decentralised communications platform, you can use to host your own social media server that integrates with independent social networking platforms (like the Fediverse or Diaspora*) but also some commercial ones like Tumbler and BlueSky.How to use the 2024.03 RC Version of Friendica
If you want to help in the release process, you can checkout the 2024.03-rc branch from the git repositories.
git fetchgit checkout 2024.03-rcgit pullbin/composer.phar install --no-dev
Note that you only need to pull the composer dependencies in the core repository.Should the upgrade process of the database get stuck
If you encounter this, please initiate the DB update manually from the command line by running the script
./bin/console dbstructure update
from the base of your Friendica installation. If the output contains any error message, please let us know using the channels mentioned above.
What to do with QuirksThe 2024.03-rc phase is meant to identify and preferable resolve quirks and bugs that should not be in the 2024.03 release, but have slipped through so far. So if you switch your node to the 2024.03-rc version of Friendica, please let us know about rough edges you find, either at the issue tracker (github account required), in the support group or in the developmers group.
Thanks a lot for helping with the release 🙂
https://friendi.ca/2024/02/14/friendica-2024-03-release-candidate-available/Issues · friendica/friendica
Friendica Communications Platform. Contribute to friendica/friendica development by creating an account on GitHub.GitHub
Andy H3
in reply to Tobias • • •Thanks for the heads-up, Tobias!
@Tobias
Sarah Brown
in reply to Tobias • • •Kana Kana
in reply to Sarah Brown • •If you are using Docker, the 2024.03-dev tag seems to contain the fix already (still not sure that the other fix though), so probably you can try that. (However, 2024.03-dev may be less stable than 2024.03-rc.)
Friendica Admins reshared this.
Sarah Brown
in reply to Kana Kana • • •Tobias
in reply to Sarah Brown • • •Sarah Brown
in reply to Tobias • • •utopiArte
in reply to Tobias • • •> in the release note are bug fixes for two security/privacy related bugs that have been found in 2023.12
Are these security issues specific to 2023.12 or do they date back to older versions?
If so:
Some way to know when this security issue came up?
Some easy fix inside existing older installations to fix those security/privacy bugs?
Friendica Admins reshared this.
utopiArte
in reply to utopiArte • • •I found this issue description on github:
Fix several vulnerabilities (#13927)
https://github.com/friendica/friendica/commit/5c5d7eb04fbacbe5987bd83022b158e095d13f13
Are these the mentioned problems?
Are they only relevant/exploitable by users that have a profile on the server?
Friendica Admins reshared this.