Hubzilla 1.14 (not released) - Upgrade fullcalendar library to version 3 - Whitelist button tag in htmlpurifier - Upgrade justifiedGallery library to version 3.6.3 - Pubsites improvements - Upgrade foundation library to version 6.2.3 - Ability to move photos to another album - Submodules for settings page - Submodules for admin page - Remove chatroom suggestions - Revamped and improved theme select backend - Theme preview ⁻ Techlevels for pro server role - BBcode checklist - Improve save to folder modal dialog - Case insensitive sort apps - Add authors to post distribution - Redirect to plugin page after enabling to show configuration settings if applicable - Move allowed email domains to admin->security page - Display text around the searched query in documentation search - Comanche observer conditionals - Remove ratings - Context help for /connedit - Comanche conditionals - Cover photo enhancements (does not disappear after initial scrolldown) - Website import/export - Server roles (basic, standard and pro) Bugfixes - do not show hidden channels in /randprof - Various postgres fixes - Illegal offset errors in include/conversation:status_editor() when no permissions array is passed - Patch foundation-6.2.3 to work with jquery-3.1 - Custom/expert permissions bug - Mail: return array instead of object - Don't send purge_all notification to self - Saved search: tags and connection searches weren't being saved - Do not allow PERMS_PUBLIC as a choice for writable permission limits - Force cover photos as well as profile photos to be public. As a side effect 'thing' photos will also be considered public - Make lock switching actually work with multiple acl forms - Create smarty dir before any templates can be initialised - Fix aconfig - Broken doc search - Puclic forum check with custom/exoert permissions Plugins - Diaspora: third party on other network comment issue - Diaspora: comment fix (hubzilla originated comment with plugin activated by comment author not making it to Diaspora) - Cdav: provide calendar list view - Diaspora: allow comments on public diaspora posts which were imported by subscribing to public tags. - Wppost: add blog_id parameter for WordPress MU sites such as WordPress.com - Wppost: don't log the password in normal mode - Hubwall: provide choice of sender addresses, the real admin email, postmaster, or noreply. - Chord: General cleanup of chord app - Chord: Update chord binary for modern linux systems - Start grouping addons by server_role Hubzilla 1.12 - extensible permissions so you can create a new permission rule such as "can write to my wiki" or "can see me naked". - guest access tokens can do anything you let them, including create posts and administer your channel - ACLs can be set on files and directories prior to creation. - ACL tool can now be used in multiple forms within a page - a myriad of new drag/drop features (drop files or photos into /cloud or a post, or drop link into a post or comment, etc.) - multiple file uploads - improvements to website import - UNO replaced with extensible server roles - select bbcode elements (such as baseurl) supported in wiki pages - addons: Diaspora Protocol - additional updates to maintain compatibility with 0.6.0.0 and stop showing likes as wall-to-wall comments (except when the liker does not have any Diaspora protocol ability) Cdav - continued improvements to the web UI Pong - the classic pong game Dfedfix - removed, no longer needed Openid - moved from core to addon - bugfixes unable to delete privacy groups weird display interaction with code blocks and escaped base64 content containing 8 - O workaround WordPress oembeds which are almost completely javascript and therefore filtered restrict oembed cache url to 254 chars to avoid spurious failures caching google map urls "Page not found" appeared twice birthdays weren't being automatically added to event calendar some iCal entries had malformed descriptions Hubzilla 1.10 Wiki: Lots of enhanced functionality, usability improvements, and bugfixes from v1.8 Turned into an optional feature (default on) but disabled in UNO Sync: Items are now relocated (links patched) when syncing to clones Access Tokens: New feature - allows members to create access controlled guest logins and create/share 'dropbox' style links to protected resources. UI: Use icons instead of iconic text constructs Only request geolocation permission when creating a post, not on page load provide 'redeliver' option on Delivery Report page for when things really stuff up CalDAV/CardDAV management pages with heaps of functionality Lib: z_fetch_url() updated to accept different request methods and request bodies item_store(), item_store_update() now return the stored items vcard microformat changes to remain spec compliant microformat meta tags added to post/comments AbConfig API changed to use channel_id rather than channel_hash, which was overly complicated to use SuperCurl class added to provide a framework for re-use of obscure CURL options Allow absolute links to CSS/JS files on CDN Add Let'sEncrypt intermediate cert to lib in case you forget to install it on the server Update fullcalendar and jquery (3.1) libs Update sabre/dav to 3.2.0 Change content export from a month/year system to begin/end Use streaming I/O for delivering large photos Allow multiple App description files in a single plugin directory optimise a couple of troublesome/inefficient SQL queries avoid sending clone sync packets to dead sites Resolved Issues: channel home page not providing content to clients with javascript disabled Replace '@' obfuscation with html entity rather than the unicode look-alike xchan_query() failing to detect duplicates, resulting in inefficient queries issues with 'use existing photo' for profile photo layout editor "list all layouts" returned empty oembed - better detect video file URLs so they aren't loaded into memory. handcrafted bbcode tables could end up with way too much whitespace due to CRLF translation refresh permissions whitescreen in 1.8 force immediate profile photo update on local site regression: 'save bookmarks' post action missing Hubzilla 1.8 Administration: Cleanup and resolve some edge cases with addon repository manager Provide sort field and direction on all fields of account and channel administration tables Rename 'user' administration to account administration to reflect its true purpose 'safemode' tool to quickly disable and re-enable addons during a hypothetical upgrade crisis Security: Edited comments to private posts could lose their privacy settings under some circumstances Provide zot-finger signatures to prevent a possible but rare exploit involving DNS spoofing and phishing ACL selections: Various improvements to the ACL editor to further simplify the concepts and make it more intuitive Chat: Notifications of chatroom activity using standard browser notification interfaces. Themes: Allow a theme:schema string to represent a valid theme name. This fixes issues with setting schemas on site themes. Pubsites: Show server role (identify UNO or basic sites as opposed to hubzilla pro) and link to statistics Documentation: Clarify privacy rights of commenters w/r/t conversation owners, as this policy is network dependent. Wiki (Git backed): Brand new feature. We'll call it experimental until it has undergone a bit more testing. Account Cloning: Regression on clone channel creation created a new channel name each time. New issue (fixed) with directory creation on cloned file content Content Rendering: Add inline code (in addition to the existing code blocks) to BBcode Add emoji reactions Add emojis as extended smilies with auto-complete support Emoji added as feature so it can be enabled/disabled and locked Ability to configure the standard reactions available on a site basis Disable 'convenience' ajax autoload on pgdn key, as it could lead to premature memory exhaustion Photos: Change album sort ordering, allow widgets and plugins to define other orderings Apps: Synchronise app list with changes to system apps Preserve existing app categories on app updates/edits Regression: fixed translated system app names Architecture: Provide autoloaded class files and libraries for plugins. Further refactoring of session driver to sort out some cookie anomolies Experimental PDO database driver Creation of Daemon Master class and port all daemon (background task) interfaces to use it Create separate class for each of 'Cron', 'Cron daily', and 'Cron weekly'. Always run a Cron maintenance task if not run in the last four hours Refactor the template classes Refactor the ConversationItem mess into ThreadItem and ThreadStream Refactor Apps, Enotify, and Chat library code Refactor the various Config libraries (Config, PConfig, XConfig, AConfig, AbConfig, and IConfig) Created WebServer class for top level Remove mcrypt dependencies (deprecated in PHP 7.1) Remove all reserved (including merely 'not recommended') words as DB table column names Provide mutex lock on DB logging to prevent recursion under rare failure modes. Bugfixes: Remove db_close function on page end - not needed and will not work with persistent DB connections. Undefined ref_session_write Some session functions needed to be static to work with CalDAV/CardDAV CLI interface: argc and argv were reversed HTML entities double encoded in edited titles Prevent delivering to empty recipients Sabre library setting some security headers for SAML after we've emitted HTML content Always initialise miniApp (caused obscure warning message if not set) Block 'sys' channels from being 'random profile' candidates DB update failed email could be sent in the wrong language under rare circumstances Openid remote authentication used incorrect namespace URL attached to profile "things" was not linked, always showing the "thing" manage page New connection wasn't added to default privacy group when "auto-accept" was enabled Regression: iconfig sharing wasn't working properly Plugins: CalDAV/CardDAV plugin provided Issue sending Diaspora 'like' activities from sources that did not propagate the DCV Allow 'superblock' to work across API calls from third party clients statistics.json: use 'zot' as protocol Issues fixed during testing of ability to follow Diaspora tags Parse issue with Diaspora reshare content Chess: moved to main repo, ported to 1.8 Hubzilla 1.6 Cleanup and standardise the interfaces to the "jot" editor Router re-written to support calling class object methods as controllers All existing modules (160+) re-written as object classes Plugin hook interface adapted to call static class methods Context help improved dramatically with content for the most accessed pages. Reverted a compatibility change to support GNU-social events. We copied their feed format and their feed format is wrong (XML namespace collisions). Provide a querystring attribute to CSS/JS resources to avoid caching issues when our code changes (which is often). Fix javascript detection and allow either positive or negative detection. Refactor the plugin hook registration procedure, provide 'unregister all' ability. Fix RSD (Real Simple Discovery) which has been broken for some time. Update smarty library to 3.1.29 Update jquery.textcomplete to 1.3.4 Update font-awesome to 4.6.1 Update SabreDAV to 3.0 (PHP version requirements prevent us from pushing it further at this time) Help text added to cmdline utilities config and pconfig Reworking of the database logging facility to avoid the rare but troublesome recursion when the log facility needed to query the DB internally to obtain config parameters. Implement singleton delivery (emulate nomadic identity to singleton networks and services) Fix empty album name in photo activities when photo is stored in top level folder. Allow engineering units to be used in service class data size restrictions (400M, 1G, etc.) Lots of work on bbcode auto-completion Admin interface provided to manage external resource repositories Oembed security reworked. Now all sources are filtered by default unless blocked. Remove the date-string version and use only STD_VERSION Add categories and categorisation filtering and the ability to edit all apps (including system apps) for a given channel Ensure the ability to translate names of all system apps (except those provided in addons) Provide ability to add categories to content from channel sources Lots of work on the presentation of the ACL widget to enhance usability and intuitiveness Allow somebody to follow a channel from a pasted redress containing a Unicode lookalike of the @ sign. Add conditional syntax to Comanche (if/then/else) Convert Comanche to an object class Removed IE6 compatibility code Explicitly close DB on shutdown/exit instead of allowing it to close naturally Allowed delayed publish of webpages Show current repository versions of master and dev on admin page and warn if your installation has fallen behind master Provide some extra security checks to import data and files to prevent mischief Block CalDAV/CardDAV namespace reserved words from being used as a channel nickname/redress since Sabre is somewhat inflexible in this regard Plugins: Diaspora markdown translator work needed to eradicate the Diaspora Comment Virus. upgrade all inbound paths with the most recent protocol changes (several of these) convert 'diaspora_meta' (Diaspora Comment Virus) to iconfig and eradicate from sites with Diaspora disabled implement social relay and allow following tags upgrade statistics.json to NodeInfo. Currently hubzilla sites are tagged as 'redmatrix' because the NodeInfo schema lacks extensibility and project names are used to designate protocol compatibility rather than protocol names. Std-embeds New addon to allow a handful of corporate providers to run unfiltered embed code (youtube, vimeo, soundcloud) Various: upgrade font-awesome icons and adapt a few addons to Objects and the new hook interface and new controller interface Hubzilla 1.4 [This list may appear brief, but encompasses a huge amount of re-writing and re-factoring of the internal code structure to gain long-term performance and stability and provide a standard interface to alternate protocol federation plugins which were made possible by the UNO configuration. UNO is a configuration of hubzilla introduced in 1.3 with reduced complexity and which provides improved protocol federation potential to other networks by virtue of removing nomadic identity (which is not possible to model or work around using other network protocols).] Implement channel move operation for UNO configuration Remove bookmark references in UNO (which has no bookmarks by default) UI cleanup profiles/chat/manage Refactor webfinger probes and salmon backend for GNU-social federation SECURITY: DAV authentication exploit Context help added More help pages Provide 'posts only' feed Refactor App to remove globals Refactor Session to remove globals provide a fullscreen mode for selected modules and functions Regression: some addon routes broken fix "remember me" Autocomplete tool extended to bbcode/comanche Clone sync of file/photo updates system rename (e.g. http to https or DNS name change) missing some connection photos calendar module not blocked to public whhen block_public enabled Use timeago.js in reshare content so that timestamps will be correct on federated reshares Rework detection of JavaScript to avoid reload penalty under normal operation Changed primary directory server to a hubzilla server Plugins: Diaspora - switch to alternate XML parser to avoid storing compound objects GNU-Social - Huge amounts of work, federation somewhat working now, several issues remain Friendica - Initial federation work (not yet published) Hubzilla 1.3 Admin Security configuration page created which consolidates several previously hidden settings: Communication white/black lists Channel white/black lists OEmbed white/black lists Admin Profile Fields page created which manages the availability and order of standard profile fields and allows new fields to be created/managed "Poke" module reworked - page UI updated and "poke basic" setting introduced which limits the available poke "verbs". "Mood" module UI reworked "profile_photo" module UI reworked "cover_photo" module UI reworked "new_channel" module UI reworked "register" module UI reworked "pubsites" module UI reworked item-meta ("iconfig") created which implements arbitrary storage for item metadata for plugins abook-meta ("abconfig") created which implements arbitrary storage for connection metadata for plugins "Strict transport security header" made optional as it conflicts with some existing Apache/nginx configurations "Hubzilla UNO" (Hubzilla with radically simplified and locked site settings) implemented as an install configuration. .well-known directory conflict worked out to support LetsEncrypt cert ownership checks without disrupting webfinger and other internal uses of .well-known Lots of work on 'zcards' which are self-contained HTML representations of a channel including cover photos, profile photos, and some text information Long standing bug uncovered which failed to properly restrict the lower time limit for public feed requests A number of fixes to "readmore" to fix page jumping Bugfix: persons other than the channel owner who have permission to upload photos to a channel could not do so if the js_upload plugin/addon was enabled Siteinfo incorrectly identifying secondary directory servers Allow admin to set and lock features when UNO is configured Atom feeds: alter how events are formatted to be compatible with GNU-social Allow guest/visitor access to view personal calendar Moved several more classes to "composer format" and provided an autoloader. Bugfix: require existing password to change password Bugfix: allow relative_date() to be translated to Polish which has more than two plural forms. Plugin API: add "requires" keyword to module header to indicate dependent addons ActivityStreams improvements and cleanup: photo and file activities UI cleanup for editing profile when multiple profiles enabled Removed the "markdown" feature as there are numerous issues and no maintainer. Provide "footer" bbcode to ease theming of post footer content Bugfix: install issues caused by composer code refactor and typo in postgres load file Plugins: keepout - "block public on steroids" pubsubhubbub - provides PuSH support to Atom feeds, required for GNU-social federation GNUsocial protocol - under development Diaspora protocol - some work to ease migration to the new signing format Diaspost - disabled; numerous issues and no maintainer smileybutton - theme work and fixed compatibility with other jot-tools plugins Hubzilla 1.2 Provide extra HTTP security headers (several of them). Allow a site to disable delivery reports if disk space is limited Regression: Wrong theme when viewing single post as non-member Some Diaspora profile photos use relative URLs - force absolute Add locked features to siteinfo report to aid remote debugging Provide version compatibility checking to plugins (minversion, maxversion, and minphpversion) Account config storage Provide optional integrated registration and channel create form cli utility for managing addons issue with sharing photo "items" cover photo manager: upload, crop, and store cover photo widget created rework the connections list page and provide a few management features there fixed issue with Comanche layout definitions loaded by plugins provide ability to separate delivery functions from item_store() and item_store_update() - some forum messages were being redelivered when cloned. call build_sync_packet() on pdledit changes Abstract the project name and version so these can be customised or removed Allow hiding the ratings links on a per-site basis db_type not present in international setup templates - was unable to choose postgres. item_photo_menu logically divided into a) actions on the post, b) actions related to the author bug: default channel not reset to 0 when last channel removed create widget containing only the contact block regression: public forums granted send stream permissions to connections workaround Firefox's refusal to honour disabling autocomplete of passwords regression: photo's uploaded to a channel by a guest (with file write permissions) not saved correctly. provide mechanisms for custom .well-known handlers (needed for LetsEncrypt ownership verification) proc_run modified to use exec() instead of proc_open() - causing issues on some PHP installations remote delegation failure under a specific set of circumstances which we were finally able to duplicate Delegation section of Channel Manager was missing names and contained useless notification icons. Change "expire" channel setting to show system limit if there is one. Regression: provide a one-click ignore of pending connection Config to control directory keyword generation on client and server. "Collections" renamed to "Privacy Groups", documentation improved widget_item - allow use of page title instead of message id Add site black/white list checking to all .well-known services reduce incidents of screen jumping when "showmore" is activated add oembed provider for photos Addons: CSS theming of pageheader plugin xmpp addon ported from Friendica Diaspora private mail issues after the third reply Occasional issue with Diaspora connection requests Add notification email to Diaspora PMs Allow anonymising platform and version for statistics msgfooter addon created removed embedly plugin sync clones after superblock addition "keepout" plugin created Hubzilla 1.1 Rewrote and simplified the Queue manager and delivery system Rewrote and simplified the outer layers of the Zot protocol Use a standard version numbering scheme in addition to the snapshot tags Provide a channel blacklist for blocking channels with abusive or illegal content at the hub level Make the black/white lists pluggable Update template library Support for letsencrypt certs in various places Cleanup of login and register pages Better error responses for permission denied on channel file repositories Disabled the public stream by default for new installs (can be enabled if desired) Cleanup of API authentication and rework the old OAuth1 stuff Add API "status with media" support compatible with Twitter and conflicting method for GNU-social Rework photo ActivityStreams objects to align better with ActivityStreams producers/consumers Several minor API fixes to work better with AndStatus client Invitation only site - experimental support added, needs more work Fix delivery loop condition due to corrupted data which resulted in recursive upstream delivery Provide more support for external (git) widget collections. Extend the Queue API to 3rd-party network addons which have experienced downtime recently. Regression: Inherited permissions were not explicitly set Regression: "Xyz posted on your wall" notification sent when creating webpages at another channel Regression: Custom permissions not pre-populated on channel creation with named role. Provide "Public" string when a post can be made public, instead of "visible to default audience" Allow hub admin to specify a default role type for the first channel created, reducing complexity Ability for a hub admin to set feature defaults and lock them, reducing complexity Change default expiration of delivery reports to 10 days to accomodate sites with reduced resources Addons/Plugins: Pageheader addon ported from Friendica Hubwall (allow admin to send email to all accounts on this hub) created GNU-social - queueing added Diaspora - fixes for various failures to update profile photos, updates to queue API Cross Domain Authenticated Chess (Andrew Manning's repository) And... the normal "lots of bugs fixed, translations updated, and documentation improved"