Content warning: Christian Pöschl from usd AG has found another XSS vulnerability in Friendica which is close with this hotfix release of Friendica. In addition some other bugfixes for the distribution of forum postings and improvements to the update process of node infor
Christian Pöschl from usd AG has found another XSS vulnerability in Friendica which is close with this hotfix release of Friendica.
In addition some other bugfixes for the distribution of forum postings and improvements to the update process of node information are included in this release.
For details, please the CHANGELOG file in the repository.
What is Friendica
Friendica is a decentralized communications platform, you can use to host your own social media server that integrates with independent social networking platforms (like the Fediverse or Diaspora*) but also some commercial ones like Twitter.
Ensure that the last backup of your Friendica installation was done recently.
Using Git
Updating from the git repositories should only involve a pull from the Friendica core repository and addons repository, regardless of the branch (stable or develop) you are using. Remember to update the dependencies with composer as well. So, assuming that you are on the stable branch, the commands to update your installation to the 2022.12 release would be cd friendica git pull bin/composer.phar install --no-dev cd addon git pull If you want to use a different branch than the stable one, you need to fetch and checkout the branch before your perform the git pull.
Pulling in the dependencies with composer will show some deprecation warning, we will be working on that in the upcoming release.
As many files got deleted or moved around, please upload the unpacked files to a new directory on your server (say friendica_new) and copy over your existing configuration (config/local.config.php and config/addon.config.php) and .htaccess files. Afterwards rename your current Friendica directory (e.g. friendica) to friendica_old and friendica_new to friendica.
The files of the dependencies are included in the archive (make sure you are using the friendica-full-2023.01 archive), so you don’t have to worry about them.
Post Update Tasks
The database update should be applied automatically, but sometimes it gets stuck. If you encounter this, please initiate the DB update manually from the command line by running the script bin/console dbstructure update from the base of your Friendica installation. If the output contains any error message, please let us know using the channels mentioned below.
Please note, that some of the changes to the database structure will take some time to be applied, depending on the size of your Friendica database.
Known Issues
Regarding the update process none as of writing.
How to Contribute
If you want to contribute to the project, you don’t need to have coding experience. There are a number of tasks listed in the issue tracker with the label “Junior Jobs” we think are good for new contributors. But you are by no means limited to these – if you find a solution to a problem (even a new one) please make a pull request at github or let us know in the development forum.
Contribution to Friendica is also not limited to coding. Any contribution to the documentation, the translation or advertisement materials is welcome or reporting a problem. You don’t need to deal with Git(Hub) or Transifex if you don’t like to. Just get in touch with us and we will get the materials to the appropriate places.
We are very happy to announce the avail-ability of the new stable version of Friendica. With this release the “Siberian Iris” cycle is closed and we start a new one, the “Giant Rhubarb“. 20 people have contributed directly to the code of Friendica “Giant Rhubarb” over the last year, committing over 2500 pull requests fixing nearly 200 numbered issues and adding new features.
Kudos to everyone who made this release possible by their contributions! Gunnera manicata, photographed near the church at St Just in Roseland in Cornwall. Photo by Tom Oates, License CC-BY 3.0 In addition to fixing bugs and improving the performance of Friendica, the highlights of the changes of the last year since the first release of the “Siberian Iris” are
The UI translations for Arabic and Dansk was added and Friendica supports now left-to-right languages generally better then before.
We have two new addons (S3 and WebDAV) to use additional storage back-ends for storing the media files.
The Mastodon compatible API was improved, you now should be able to use most Mastodon clients with your Friendica account.
The federation with Diaspora*, Mastodon, PeerTube, Pleroma and Lemmy was enhanced.
The themes (Frio and vier) got some touch ups, and the screen-reader support of Frio was improved.
For details, please the CHANGELOG file in the repository.
The lowest required PHP version Friendica needs on the server was raised to PHP 7.3 and PHP 8.0 is supported.
Breaking Change If you are running a custom addon, please note that the 2022.06 release does a breaking change removing the hooks settings_form and settings_post. Your addon should use the addon_settings hook instead. What is Friendica Friendica is a decentralised communications platform, you can use to host your own social media server that integrates with independent social networking platforms (like the Fediverse or Diaspora*) but also some commercial ones like Twitter. How to UpdateUpdating from old Friendica versions If you are updating from an older version than the 2021.09 release, please first update your Friendica instance to that version. Pre-Update Procedures Ensure that the last backup of your Friendica installation was done recently. Using Git Updating from the git repositories should only involve a pull from the Friendica core repository and addons repository, regardless of the branch (stable or develop) you are using. Remember to update the dependencies with composer as well. So, assuming that you are on the stable branch, the commands to update your installation to the 2022.06 release would be cd friendica git pull bin/composer.phar install --no-dev cd addon git pull If you want to use a different branch then the stable one, you need to fetch and checkout the branch before your perform the git pull.
Pulling in the dependencies with composer will show some deprecation warning, we will be working on that in the upcoming release. Using the Archive Files If you had downloaded the source files in an archive file (tar.gz) please download the current version of the archive from friendica-full-2022.06.tar.gz (sha256) and friendica-addons 2022.06.tar.gz (sha256) and unpack it on your local computer.
As many files got deleted or moved around, please upload the unpacked files to a new directory on your server (say friendica_new) and copy over your existing configuration (config/local.config.php and config/addon.config.php) and .htaccess files. Afterwards rename your current Friendica directory (e.g. friendica) to friendica_old and friendica_new to friendica.
The files of the dependencies are included in the archive (make sure you are using the friendica-full-2022.06 archive), so you don’t have to worry about them. Post Update Tasks The database update should be applied automatically, but sometimes it gets stuck. If you encounter this, please initiate the DB update manually from the command line by running the script bin/console dbstructure update from the base of your Friendica installation. If the output contains any error message, please let us know using the channels mentioned below.
Please note, that some of the changes to the database structure will take some time to be applied, depending on the size of your Friendica database. Known Issues Regarding the update process none as of writing. How to Contribute If you want to contribute to the project, you don’t need to have coding experience. There are a number of tasks listed in the issue tracker with the label “Junior Jobs” we think are good for new contributors. But you are by no means limited to these – if you find a solution to a problem (even a new one) please make a pull request at github or let us know in the development forum.
Contribution to Friendica is also not limited to coding. Any contribution to the documentation, the translation or advertisement materials is welcome or reporting a problem. You don’t need to deal with Git(Hub) or Transifex if you don’t like to. Just get in touch with us and we will get the materials to the appropriate places.
Thanks everyone who helped making this release possible and have fun!
Content warning: We are very happy to announce the avail-ability of the new stable version of Friendica. Wrapping up the sprint from the 2022.10 release of Friendica we closed 73 filed issues and had almost 300 pull requests by 19 contributors. A special thanks goes out t
We are very happy to announce the avail-ability of the new stable version of Friendica. Wrapping up the sprint from the 2022.10 release of Friendica we closed 73 filed issues and had almost 300 pull requests by 19 contributors.
A special thanks goes out to Christian Pöschl from usd AG and Matthias Moritz who have found a CSRF- and XSS-attack, that is fixed with this release.
In addition to fixing this bug, the highlights of the changes since the 2022.10 release are
The default theme of Friendica (frio) got many improvements and some old themes got deprecated.
The calendar saw some improvements and can now be made visible to anonymous visitors.
The homepage mentioned on the user profile is now automatically verified via the rel-me backlink.
Images attached to a posting are now shown in a grid at the bottom of the posting.
A moderation corner was established from the admin panel where a future release will add more moderation tool and bundle them with the current once.
For details, please the CHANGELOG file in the repository.
Since version 2022.06 the lowest required PHP version Friendica needed on the server was raised to PHP 7.3 and PHP 8.0 is supported.
What is Friendica
Friendica is a decentralized communications platform, you can use to host your own social media server that integrates with independent social networking platforms (like the Fediverse or Diaspora*) but also some commercial ones like Twitter.
Ensure that the last backup of your Friendica installation was done recently.
Using Git
Updating from the git repositories should only involve a pull from the Friendica core repository and addons repository, regardless of the branch (stable or develop) you are using. Remember to update the dependencies with composer as well. So, assuming that you are on the stable branch, the commands to update your installation to the 2022.12 release would be cd friendica git pull bin/composer.phar install --no-dev cd addon git pull If you want to use a different branch than the stable one, you need to fetch and checkout the branch before your perform the git pull.
Pulling in the dependencies with composer will show some deprecation warning, we will be working on that in the upcoming release.
As many files got deleted or moved around, please upload the unpacked files to a new directory on your server (say friendica_new) and copy over your existing configuration (config/local.config.php and config/addon.config.php) and .htaccess files. Afterwards rename your current Friendica directory (e.g. friendica) to friendica_old and friendica_new to friendica.
The files of the dependencies are included in the archive (make sure you are using the friendica-full-2022.12 archive), so you don’t have to worry about them.
Post Update Tasks
The database update should be applied automatically, but sometimes it gets stuck. If you encounter this, please initiate the DB update manually from the command line by running the script bin/console dbstructure update from the base of your Friendica installation. If the output contains any error message, please let us know using the channels mentioned below.
Please note, that some of the changes to the database structure will take some time to be applied, depending on the size of your Friendica database.
Known Issues
Regarding the update process none as of writing.
How to Contribute
If you want to contribute to the project, you don’t need to have coding experience. There are a number of tasks listed in the issue tracker with the label “Junior Jobs” we think are good for new contributors. But you are by no means limited to these – if you find a solution to a problem (even a new one) please make a pull request at github or let us know in the development forum.
Contribution to Friendica is also not limited to coding. Any contribution to the documentation, the translation or advertisement materials is welcome or reporting a problem. You don’t need to deal with Git(Hub) or Transifex if you don’t like to. Just get in touch with us and we will get the materials to the appropriate places.
We are very happy to announce the avail-ability of the new stable version of Friendica. With this release the “Siberian Iris” cycle is closed and we start a new one, the “Giant Rhubarb“. 20 people have contributed directly to the code of Friendica “Giant Rhubarb” over the last year, committing over 2500 pull requests fixing nearly 200 numbered issues and adding new features.
Kudos to everyone who made this release possible by their contributions! Gunnera manicata, photographed near the church at St Just in Roseland in Cornwall. Photo by Tom Oates, License CC-BY 3.0 In addition to fixing bugs and improving the performance of Friendica, the highlights of the changes of the last year since the first release of the “Siberian Iris” are
The UI translations for Arabic and Dansk was added and Friendica supports now left-to-right languages generally better then before.
We have two new addons (S3 and WebDAV) to use additional storage back-ends for storing the media files.
The Mastodon compatible API was improved, you now should be able to use most Mastodon clients with your Friendica account.
The federation with Diaspora*, Mastodon, PeerTube, Pleroma and Lemmy was enhanced.
The themes (Frio and vier) got some touch ups, and the screen-reader support of Frio was improved.
For details, please the CHANGELOG file in the repository.
The lowest required PHP version Friendica needs on the server was raised to PHP 7.3 and PHP 8.0 is supported.
Breaking Change If you are running a custom addon, please note that the 2022.06 release does a breaking change removing the hooks settings_form and settings_post. Your addon should use the addon_settings hook instead. What is Friendica Friendica is a decentralised communications platform, you can use to host your own social media server that integrates with independent social networking platforms (like the Fediverse or Diaspora*) but also some commercial ones like Twitter. How to UpdateUpdating from old Friendica versions If you are updating from an older version than the 2021.09 release, please first update your Friendica instance to that version. Pre-Update Procedures Ensure that the last backup of your Friendica installation was done recently. Using Git Updating from the git repositories should only involve a pull from the Friendica core repository and addons repository, regardless of the branch (stable or develop) you are using. Remember to update the dependencies with composer as well. So, assuming that you are on the stable branch, the commands to update your installation to the 2022.06 release would be cd friendica git pull bin/composer.phar install --no-dev cd addon git pull If you want to use a different branch then the stable one, you need to fetch and checkout the branch before your perform the git pull.
Pulling in the dependencies with composer will show some deprecation warning, we will be working on that in the upcoming release. Using the Archive Files If you had downloaded the source files in an archive file (tar.gz) please download the current version of the archive from friendica-full-2022.06.tar.gz (sha256) and friendica-addons 2022.06.tar.gz (sha256) and unpack it on your local computer.
As many files got deleted or moved around, please upload the unpacked files to a new directory on your server (say friendica_new) and copy over your existing configuration (config/local.config.php and config/addon.config.php) and .htaccess files. Afterwards rename your current Friendica directory (e.g. friendica) to friendica_old and friendica_new to friendica.
The files of the dependencies are included in the archive (make sure you are using the friendica-full-2022.06 archive), so you don’t have to worry about them. Post Update Tasks The database update should be applied automatically, but sometimes it gets stuck. If you encounter this, please initiate the DB update manually from the command line by running the script bin/console dbstructure update from the base of your Friendica installation. If the output contains any error message, please let us know using the channels mentioned below.
Please note, that some of the changes to the database structure will take some time to be applied, depending on the size of your Friendica database. Known Issues Regarding the update process none as of writing. How to Contribute If you want to contribute to the project, you don’t need to have coding experience. There are a number of tasks listed in the issue tracker with the label “Junior Jobs” we think are good for new contributors. But you are by no means limited to these – if you find a solution to a problem (even a new one) please make a pull request at github or let us know in the development forum.
Contribution to Friendica is also not limited to coding. Any contribution to the documentation, the translation or advertisement materials is welcome or reporting a problem. You don’t need to deal with Git(Hub) or Transifex if you don’t like to. Just get in touch with us and we will get the materials to the appropriate places.
Thanks everyone who helped making this release possible and have fun!
using WP + elementor for my personal home page. Added rel=me to a link in the page pointing at my #Friendica profile per the elementor instructions. Not working? Most likely I am doing it wrong.
Or else - where do I send my $8 to get my blue check!?
@Falgn0n The Wizard The rel=“me” presence is checked once on profile form submission, and then once a day. Please resubmit the profile edit form first.
I think your speed experience of old was more based around that specific instance and its configuration (and it is no longer running). My Friendica installation is as quick and responsive as my Akkoma instance.
On the topic of Friendica I was also somewhat surprised to notice the new (beta) app Mammoth is showing my Friendica instance quite well. Surprised especially since Mammoth does not show my Akkoma (i.e. Pleroma) instance (which the app MetaText does though).
That makes sense. I noticed, during the last Twitter Migration influx, that my Mastodon instance slowed down a couple of times, just like I experienced when I was using Friendica.
What was it about Akkoma that you liked over Pleroma? What made you switch?
Depends how you define speed. I run my instance for several years now and I think Friendica became much faster and easier on server resources in last three or so versions.
However obviously it depends on the instance and how loaded it is.
Also certain operations in Friendica are slower by design compared to some other platforms. E.g. when you post a comment it isn't fired to other servers almost immediately like in Mastodon but is sent on next worker run which typically is every several minutes. In that regard Friendica feels less like chat and more like email :)
Ach Quatsch, heute Abend. Ich habe doch so eine schöne VM-Infrastruktur ! SnapShot machen und schon konnte das Update durchrutschen. Danach noch 5 Minuten das DB-Update abwarten und schon ist die "Zwenkauer Flaschenpost" wieder aktuell.
So, when you create a post, you won't be able to insert images between text like you do now? If so, that's a very bad idea... A good idea would be to insert images where the cursor is. With a table of pics at the end of the post it'll would look like fucking FB. :(
@Wandering Thinker @Friendica News It checks if the image was placed in the text and leaves it there. Images placed at the end are transferred to the grid view.
NOTE: The Apache2 rewrite rule in the .htaccess-dist has been changed. The change has to be applied manually to the existing .htaccess.
Unfortunately I cannot find any hint about the change? Is this true or has this hint been carried over from the previous update where such changes were described in detail?
First I already have done this. I can even remembver doing it, but not when. This must have been during the previous update. It is only in .htaccess-dist and not .htaccess - right?
And second, where can I find how to do it? Again as stated above, I already did this but can no longer find the howto ... must be me getting older @Hypolite Petovan
@AndiS 🌞🍷🇪🇺 The change we added to .htaccess-dist must be applied manually by node admins to their respective .htaccess file because we don't have access to them from the official Friendica repository.
If you paste the contents of your .htaccess file, I'll be able to give you the updated version.
Ah, yes! Understood. No worries, I just copied the .htaccess-dist file over .htaccess since I never changed that one myself. Thank you for clearing that up! @Hypolite Petovan
Content warning: We are very happy to announce the avail-ability of the new stable version of Friendica. Wrapping up the sprint from the 2022.10 release of Friendica we closed 73 filed issues and had almost 300 pull requests by 19 contributors. A special thanks goes out t
was raised to PHP 7.3 and PHP 8.0 is supported.
I'd say 8.1 is supported, not sure why you kept 8.0.
@Friendica News What format should the rel-me backlink have? I tried using the same format as on Mastodon, and it does not seem to work (probably because I am using a specific service)
@Cătălin Petrescu @Friendica News It is the same expected format as on Mastodon. However, the verification isn’t immediate and its result when successful is rather discreet (a checkbox next to the homepage URL in the profile information in the left column).
@Hypolite Petovan @Friendica News I see. I got no personal webpage to try, so I checked all the options I had in order not to create an additional account somewhere just for this. So I found that Gravatar also provides Mastodon verification and decided to try it out here as well.
It's been more than one day already and it's still not showing up the checkmark on my profile here. I wasn't sure if I mistook something or if Gravatar is simply not the right tool for this.
@Cătălin Petrescu It looks good on both your profile and the Gravatar page. Please try to update your profile settings even if you do not change any field. This will queue a verification task for the worker to pick up.
I did some testing on my server and seems some links indeed don't pass verification. Perhaps the parser is too strict. I noticed that one of non-working links has link HTML tag instead of a and the other has several values in rel attribute - maybe this is what breaks the check?
Some links don't seem to pass verification procedure and checkmark doesn't appear. Test profile: https://friends.deko.cloud/profile/bot Link examples: https://social.deko.cloud/test.html - ...
@Александр @Hypolite Petovan @Cătălin Petrescu It worked here as well, I'm on develop branch with a few modifications. You can see the little check next to my homepage URL.
@Cătălin Petrescu @Александр No worries, once the related GitHub issue is resolved, the node you're on will be soon be updated and you'll be able to re-run the check again, hopefully with success this time.
@Hypolite Petovan @Александр Thanks. For now I tried to change the link and modify it a couple of times, however gravatar seems to have some limits in the number of verifications, so I failed verification on Gravatar as well now, haha.
Thanks for using my profile as a guinea pig, hope this will help others tho.
Edit: here's the message I receive now, haha, oups
Edit2: Just managed to add the link back on Gravatar side. Not gonna edit any longer for now unless there is a sure fix for it. Looking forward for this :D
news@forum.friendi.ca I remember the 2022.12-rc version saying that the .htaccess file needed to be updated on Apache. If I'm upgrading from 2022.10, do I need to do this still?
@Jonathan "Mastodon" Lamothe just pull/update and then quickly look in the shipped .htaccess-dist or so and there is a rewrite rule line with an additional B compared to your current version, so only one capital letter B needs to be added.
Content warning: We are happy to announce the availability of the release candidate for the upcoming Friendica 2022.12 release, to focus on fixing existing bugs and smoothing out of rough edges.. Since October we have fixed around 40 filed tickets from the issue tracker,
We are happy to announce the availability of the release candidate for the upcoming Friendica 2022.12 release, to focus on fixing existing bugs and smoothing out of rough edges..
Since October we have fixed around 40 filed tickets from the issue tracker, around 100 pull requests have been labeled as enhancements and 11 added new features. Among these the highlights are
Enhancements to the Mastodon compatible API,
The calendar can now be made accessible to anonymous visitors of the profile,
The homepage listed in the profile can now be verified, and
The moderation tools for the nodes admin was separated from the rest of the admin panel.
Please note:
If you are using the Apache2 web server, you have to update your .htaccess file with the changes to the .htaccess-dist file. Basically you have to add a B at the line 54.
The functions from the boot.php file have been moved into better fitting classes this may break your custom addons. See the pull requests #1293 and #1294 in the addon repository about the needed changes to your addons.
What is Friendica
Friendica is a decentralised communications platform, you can use to host your own social media server that integrates with independent social networking platforms (like the Fediverse or Diaspora*) but also some commercial ones like Twitter.
How to use the 2022.12 RC Version of Friendica
If you want to help in the release process, you can checkout the 2022.12-rc branch from the git repositories (core and addons). git fetch git checkout 2022.12-rc git pull bin/composer.phar install --no-dev Note that you only need to pull the composer dependencies in the core repository.
Should the upgrade process of the database get stuck
If you encounter this, please initiate the DB update manually from the command line by running the script ./bin/console dbstructure update from the base of your Friendica installation. If the output contains any error message, please let us know using the channels mentioned above.
What to do with Quirks
The 2022.12-rc phase is meant to identify and preferable resolve quirks and bugs that should not be in the 2022.12 release, but have slipped through so far. So if you switch your node to the 2022.12-rc version of Friendica, please let us know about rough edges you find, either at the issue tracker (github account required), in the support forum or in the development forum.
We are happy to announce the availability of the release candidate for the upcoming Friendica 2022.12 release, to focus on fixing existing bugs and smoothing out of rough edges..
Since October we have fixed around 40 filed tickets from the issue tracker, around 100 pull requests have been labeled as enhancements and 11 added new features. Among these the highlights are
Enhancements to the Mastodon compatible API,
The calendar can now be made accessible to anonymous visitors of the profile,
The homepage listed in the profile can now be verified, and
The moderation tools for the nodes admin was separated from the rest of the admin panel.
Please note:
If you are using the Apache2 web server, you have to update your .htaccess file with the changes to the .htaccess-dist file. Basically you have to add a B at the line 54.
The functions from the boot.php file have been moved into better fitting classes this may break your custom addons. See the pull requests #1293 and #1294 in the addon repository about the needed changes to your addons.
What is Friendica Friendica is a decentralised communications platform, you can use to host your own social media server that integrates with independent social networking platforms (like the Fediverse or Diaspora*) but also some commercial ones like Twitter. How to use the 2022.12 RC Version of Friendica If you want to help in the release process, you can checkout the 2022.12-rc branch from the git repositories (core and addons). git fetch git checkout 2022.12-rc git pull bin/composer.phar install --no-dev Note that you only need to pull the composer dependencies in the core repository. Should the upgrade process of the database get stuck If you encounter this, please initiate the DB update manually from the command line by running the script ./bin/console dbstructure update from the base of your Friendica installation. If the output contains any error message, please let us know using the channels mentioned above. What to do with Quirks The 2022.12-rc phase is meant to identify and preferable resolve quirks and bugs that should not be in the 2022.12 release, but have slipped through so far. So if you switch your node to the 2022.12-rc version of Friendica, please let us know about rough edges you find, either at the issue tracker (github account required), in the support forum or in the development forum.
@Grischa the version on Yunohost is probably some state of the dev branch from a few weeks back. The released the package with that instead of the stable branch. @Tio should know. @YunoHost @Friendica News
@utzer ~Friendica~ @Grischa Yes, you can checkout individual commit ids if you mean this? git checkout abc123 with do a checkout in detached mode. Not really recommended because updating it isn't easy. git checkout abc123 -b temp will checkout id abc123 and create a new branch temp from it.
You should NOT use the Yunohost Friendica package right now. I kept on contacting them to do something about it but it is just a simple merge request that's wrongly added there anyway. Unfortunately there are nor many who care about the YNH Friendica package and I am also super busy with other things now.
So. They messed up and labeled their current version as stable from september while they wrongly added the hashes for the developer december version. And it is a total mess. You have to basically wait for them to bump the version to this december stable that was just released.
I will try to make them aware of it if I have the time....
@Tio but is there any adaption of Friendica specific to Yunohost or can one just switch to the current RC branch? Laten when the package is updated to the new release it would then be possibel to update again. @Grischa
@Tio alright. @Grischa I guess you better wait, on the other hand the package maintainers should and could switch to the RC now, it is really stable now and as discussed in other threads surely better than that random development state that they shipped.
The only thing that could go wrong is a corrupted DB, right? I would assume that YNH did not change anything on the DB scheme.. So maybe I should go the "danger seeker way" again and simply try to switch to the RC branch?.. Maybe backup before.. ;)
.. or I wait.. ATM friendica works. When I check the dev console, it tries to load some YNH stuff, that is not there, so this seems to be strange anyways..
Gunnera manicata, photographed near the church at St Just in Roseland in Cornwall. Photo by Tom Oates, License 
hoergen :selected:
•utzer [Friendica] likes this.
utzer [Friendica]
•Philipp Holzer
•