Bierochs

Update docker.io/tootsuite/mastodon Docker tag to v4.2.17

Michi Kofler-Häusler -

Patch update of container without any issue by means of Docker compose YAML infrastructure and automated Portainer GitOps workflow with dependency update facilitated by Mend's Renovate Bot.

This MR contains the following updates:

Package Update Change
docker.io/tootsuite/mastodon patch v4.2.15 -> v4.2.17

Release Notes

mastodon/mastodon (docker.io/tootsuite/mastodon)

v4.2.17

Compare Source

[!WARNING]
This release includes important security fixes.

Corresponding releases are available for the 4.3.x branch and the 4.1.x branch.

[!NOTE]
This version fixes a vulnerability issue when using SAML but drops support for Ruby 3.0 in the process.
If you configured SAML authentication on your Mastodon instance and use Ruby 3.0, we recommend that you update your Ruby version to 3.2, then update to Mastodon v4.2.17 or later.
If you can't use Ruby 3.1 or later but don't use SAML, updating past v4.2.16 is not as critical.

Changelog (v4.2.17)

Security
  • Update dependencies
Removed
  • Remove support for Ruby 3.0

Changelog (v4.2.16)

Security
Fixed

Upgrade notes

To get the code for v4.2.17, use git fetch && git checkout v4.2.17.

[!NOTE]
As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

[!IMPORTANT]
Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

The minimum supported Ruby version has been bumped from 3.0 to 3.1. Otherwise, external dependencies have not changed since v4.2.4, the compatible PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.1 to 3.2
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer
Update steps

[!TIP]
The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.15.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes

v4.2.16

Compare Source

[!WARNING]
This release includes important security fixes.

Corresponding releases are available for the 4.3.x branch and the 4.1.x branch.

[!CAUTION]
One of our dependencies has a known security vulnerability which Mastodon may be exposed to when using SAML for external authentication.
We have released v4.2.17 which fixes this issue and we encourage you to update to it (or 4.3), but it unfortunately drops support for Ruby 3.0.

Changelog

Security
Fixed

Upgrade notes

To get the code for v4.2.16, use git fetch && git checkout v4.2.16.

[!NOTE]
As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

[!IMPORTANT]
Since v4.2.10, Mastodon is now performing stricter checks to prevent client IP address spoofing. This means that if one of your reverse proxy is not on Mastodon's local network, you will need to set TRUSTED_PROXY_IP accordingly, listing the IP address of every trusted reverse-proxy (including local network ones). See the documentation for more information.

Dependencies

With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

  • Ruby: 3.0 to 3.2
  • PostgreSQL: 10 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 4 or newer
  • Node: 16 or newer
  • ImageMagick: 6.9.7-7 or newer
Update steps

[!TIP]
The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into such an issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

The following instructions are for updating from 4.2.15.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

  1. Install dependencies: bundle install
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes

Using Docker:

  1. Restart all Mastodon processes