mastodon

Update docker.io/tootsuite/mastodon Docker tag to v4.6.2

Michi Kofler-Häusler

Michi Kofler-Häusler

5 min read
Share
Update docker.io/tootsuite/mastodon Docker tag to v4.6.2
Photo by Rolf van Root / Unsplash

Patch update of container without any issue by means of Docker compose YAML infrastructure and automated Portainer GitOps workflow with dependency update facilitated by Mend's Renovate Bot.

This MR contains the following updates:

Package Update Change
docker.io/tootsuite/mastodon patch v4.6.0v4.6.2

Release Notes

mastodon/mastodon (docker.io/tootsuite/mastodon)

v4.6.2

Compare Source

Mastodon

This release is made solely to update FFmpeg in our docker container images to fix CVE-2026-8461 (critical severity). It is critical to update if you use our docker container images.

If you are not using our docker container images, please make sure your system FFmpeg is updated to a fixed version, that is, 8.1.2, 7.1.5, 6.1.6, or 5.1.10.

For the recently released v4.6.1, see 4.6.1 release notes for information.

Changelog

Security
  • Update FFMpeg version used in the container image to fix CVE-2026-8461 (critical severity)

Upgrade notes

To get the code for v4.6.2, use git fetch && git checkout v4.6.2.

[!NOTE]
As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.6.0.

  • Ruby: 3.3 or newer
  • PostgreSQL: 14 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 7.0 or newer
  • Node: 22 or newer
  • libvips: 8.13 or newer
  • FFMpeg: 5.1 or newer
Update steps

The following instructions are for updating from 4.6.1.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, it is very important to read the 4.6.0 release notes.

  1. Restart all Mastodon processes.

v4.6.1

Compare Source

Mastodon

This is a patch release for 4.6.

Check out the 4.6.0 release notes for information.

Upgrade overview

This release contains upgrade notes that deviate from the norm:

ℹ️ Requires assets recompilation

For more information, view the complete release notes and scroll down to the upgrade instructions section.

Changelog

Security
  • Update dependencies
Added
  • Add avatar_description and header_description to /api/v1/accounts/update_credentials (#​39547 and #​39574 by @​ClearlyClaire and @​mkljczk)
    • This is available starting from Mastodon API version 11 and intended to provide an easier implementation path for clients implementing a similar feature in forks.
    • The new /api/v1/profile API remains the recommended API for setting avatar and header description as well as other profile values.
Fixed

Upgrade notes

To get the code for v4.6.1, use git fetch && git checkout v4.6.1.

[!NOTE]
As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed since v4.6.0.

  • Ruby: 3.3 or newer
  • PostgreSQL: 14 or newer
  • Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work)
  • LibreTranslate (optional, for translations): 1.3.3 or newer
  • Redis: 7.0 or newer
  • Node: 22 or newer
  • libvips: 8.13 or newer
  • FFMpeg: 5.1 or newer
ImageMagick removal and libvips replacement

ImageMagick has been deprecated since Mastodon 4.4.0 and is now unsupported. If you used MASTODON_USE_LIBVIPS=false, this will be ignored and you will need to install libvips.

Theming system changes

The theming system has changed substantially, changing how light and dark themes work, as well as high-contrast. We also overhauled the whole theme to use design tokens and CSS variables.

Custom themes will most likely require significant changes to work with Mastodon 4.6.0.

If you are a theme author, please see our documentation at https://docs.joinmastodon.org/dev/frontend/theming/ and https://docs.joinmastodon.org/dev/frontend/design-tokens/

Email subscription feature and additional costs

Mastodon 4.6 introduces a new feature that lets users turn their public posts into mailing lists. This can result in an increased amount of sent emails and thus increased costs.

This feature needs to be enabled by a Mastodon user with administrator privileges, then opted-in by individual users.

In situations where the Mastodon administrators and the people hosting the server are not the same people, such as providers that offer Mastodon as a service, the system administrators may want to disable this feature. This can be done by setting the DISABLE_EMAIL_SUBSCRIPTIONS environment variable to true.

Update steps

The following instructions are for updating from 4.6.0.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. In particular, it is very important to read the 4.6.0 release notes.

Non-Docker

[!TIP]
The charlock_holmes gem may fail to build on some systems with recent versions of gcc.
If you run into this issue, try BUNDLE_BUILD__CHARLOCK_HOLMES="--with-cxxflags=-std=c++17" bundle install.

  1. Install dependencies with bundle install and yarn install --immutable
  2. Precompile the assets: RAILS_ENV=production bundle exec rails assets:precompile
  3. Restart all Mastodon processes.
When using Docker
  1. Restart all Mastodon processes.

Read more

Me on Mastodon - This link is here for verification purposes.