aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGELOG
blob: b263bcfe5abe02c42309992eeb2026f0b0faab95 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
Hubzilla 2.4.1 (2017-07-06)
	- Fix the wiki bug preventing page list display to observers other than the channel owner

Hubzilla 2.4 (2017-05-31)
	- Silence php warning during install
	- Implemented switch statement logic in Comanche layout parser
	- Don't allow html in plugin comment blocks
	- Handle Mastodon urls in markdown/bbcode conversion
	- Get rid of edit activities
	- Collapse sysapps if viewing a remote channel
	- Various Doxygen fixes
	- Update SimplePie library to version 1.5
	- Add check for PHP zip extension during install
	- Add unit tests for AccessList class
	- Authenticate onepoll so we can receive private posts/comments in zotfeed
	- Various postgres fixes
	- Some work on preparing clientside e2ee
	- Allow to set a default channel for the rare case where a default channel is not selected but channels actually exist
	- Support reverse magic-auth in oembed requests
	- Improved handling of Mastodon feeds
	- When template "none" is used in a webpage layout, then the contents of the page should be the sole output, with no other code before or after the page element content
	- If there is no site record, site_dead won't be 0, in a left join it will in fact be null. As long as it isn't 1, we should attempt delivery
	- Order wiki pages by creation date
	- Backend infrastructure for channel protection password; which will be used to optionally encrypt export files and resolve channel/identity ownership/hijacking disputes
	- Don't allow any null fields in notify creation
	- Webfinger cleanup
	- Envelope privacy
	- We do not parse the body in discover_by_url(), so no need to preserve iframes in SimplePie
	- Correct the mastodon "boost" (aka 'share') author attribution by checking for share activities and pulling the original author info from the activity:object
	- Only log zot_refresh content if json decode was successful
	- Revisit the import_author_zot algorithm yet again. There was one bug that we weren't returning necessary information in the first SQL query - and performance/loading problem if one tries to refresh a dead site
	- Import_author_xchan - since we rarely refresh zot-info for non-connections, force a cache reload once a week to catch things like profile photo updates and location changes
	- Create site_store_lowlevel() to initialise data structures for the site table
	- Change hook for perm_is_allowed while retaining backwards compatibility
	- import_author_zot() - check for both hubloc and xchan entries. This should catch and repair entries which were subject to transient storage failures
	- Import authors from any unrecognised network as network 'unknown'
	- Crypto update - default is now aes-256-ctr
	- Get rid of get_app()
	- Add 'author_is_pmable()' function with plugin hooks to control whether or not to display a 'send mail' link in the thread author menu
	- Provide platform specific install script
	- Allow for project specific DB updates
	- Get rid of davguest
	- Move db_upgrade to zlib
	- Add CSRF protection for import and import_items
	- Add some documentation for import functions
	- Do not allow creating two wikis with the same name
	- Update textcomplete library to version 1.8.0
	- Create channel_store_lowlevel()
	- Allow setting the system email name/address/reply
	- Use the same host macro for sender address as for reply_to address
	- Use the relevant attach directory/path for photo albums instead of an album basename which may not be unique. Created an 'ellipsify()' function to shorten long names and keep the beginning and end intact
	- Simplify the message signing spaghetti
	- Class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor
	- Remove the unimplemented upload limit site settings from UI
	- Cleanup code_allowed
	- Move widgets to standalone classes
	- Upgrade redbasic to bootstrap 4
	- Updated HTML Purifier from 4.6.0 to 4.9.2 with better PHP7 compatibility
	- Remove redundant and non-functional/broken check for successfully cloned channel record which was left over from an earlier method of creating the table; which was deprecated a few months back
	- Update bshaffer/oauth2-server-php library
	- Add unit test for purify_html()

	Bugfixes
	- Fix website export tool creating invalid zip file - issue #790
	- Fix files not synced correctly - issue #769
	- Fix empty ACL should not result in no ACL when uploading a file
	- Fix cover photo was unintentionally disabled when block_public in effect
	- Fix markdown autolinks - issue 752
	- Fix connectDefaultShare generated js function, though it isn't obvious if we still use it
	- Fix a couple more instances where we were still calling mail() directly for site critical messages
	- Fix when clicking a notification to view a private mail message, actually view that message instead of the most recent
	- Fix group by item query

	Plugins/Addon
	- smileybutton: do not load emojis
	- pubsubhubbub: fixes associated with recent compatibility feed mods
	- gnusoc: mastodon follow_activity compatibility issues
	- gnusoc: add profile photo to feed meta
	- gnusoc: add salmon link information to the public feed when GNU-Social is enabled
	- chess: fix bugs when deleting games

Hubzilla 2.2 (2017-03-08)
	- Provide version compatibility check for themes (minversion, maxversion)
	- Use chanlink_hash() instead of chanlink_url() where appropriate
	- Use head_add_link() for feed discovery
	- Provide HTTP header parser which honours continuation lines
	- Numerous doco improvements
	- Implement virtual privacy groups from restricted profile access list
	- Implement permission roles
	- Implement app-tray
	- Default to manual conversation updates
	- Implement channel move for all server roles
	- Implement nav login modal
	- Rename bb2diaspora.php to markdown.php
	- Remove obsolete module 'match'
	- Move firefox social api configuration to plugin
	- Move rsd service to twitter_api plugin
	- Add build_pagehead hook
	- Move opensearch to plugins
	- Move dreamhost hack to plugin
	- Add wiki permissions
	- Introduce hubloc_store_lowlevel() and xchan_store_lowlevel()
	- Move diaspora account import to the diaspora plugin
	- Allow export of single data sets instead of always exporting everything we know about in channel export
	- Queue optimisations for sites that have lingered in the queue for more than a couple of days
	- Add affinity slider tool settings for min and max defaults in settings/featured
	- Provide lowlevel xchan storage function to ensure that all non-null rows are initialised
	- Implement native wiki
	- Block well-known from oembed
	- Implement observer.language bbcode and observer.language comanche conditional
	- Implement daemon_addon hook to let plugins create custom background processes
	- Implement profile vcards
	- Implement connection vcards
	- Implement 'click to call' in address book
	- Default cover photo
	- Remove fullscreen functionality in photo album view
	- Update fontawesome lib to version 4.7.0
	- Implement a menu to select a section to be open by default in connedit
	- Improve comanche conditionals
	- Add enclosures and categories to atom feed parsing
	- Allow the atom_entry hook to change the results
	- Set 'adjust for viewer timezone' as the default for new events
	- Allow event creation in other timezones than your own
	- Update fullcalendar lib to version 3.1
	- Move api version call back to core
	- Create first webpage as 'home' if none exist
	- Show webpages link to visitors if a 'home' page exists

	Bugfixes
	- Fix schema not saved if session theme != selected theme and schema select display issue
	- Fix no acl not detected in post_activity_item()
	- Fix find_folder_hash_by_path() was not safe against multiple attach structures with the same filename but in different directories
	- Fix don't search on empty filename - we shouldn't find it. The reason why this change is being made is because we actually did find it due to a development glitch
	- Fix several places where head_add_(css|js) functions have been used incorrectly.
	- Fix webpage import tool
	- Fix numerous bugs with the addon repo management GUI
	- Fix attach_delete() to remove photo resources even if the attach table row wasn't found
	- Fix choking if photo_factory() returns null
	- Fix embedimage if an albumname contains quotes
	- Fix chat member list when one or more members are connected via access tokens
	- Fix issue #636 - some localised (e.g. Italian) strings have single quotes which throw JS errors when used in single quoted template constructs
	- Fix issues #629 and #635 - edited post arriving from downstream source was not being rejected
	- Fix peoplefind widget not honouring directory option settings
	- Fix issue with HTML in code blocks in markdown in wiki
	- Fix issue with post signatures if posted from api and logged in locally with a different identity

	Plugins/Addon
	- Add experimental webmention plugin
	- NSFW: Use button instead of text link
	- Diaspora: gracefully handle multiple photos per post
	- Diaspora: change profile photo permission call
	- Logrotate: don't throw an error if another server process renamed the logfile before we got to it
	- Chess: the channel owner must be one of the players, so only require selecting one connection for an opponent
	- Move firefox social api configuration to plugin from core
	- Move rsd service to twitter_api plugin from core
	- Move opensearch to plugins from core
	- Move dreamhost hack to plugin from
	- Move diaspora account import to addon from core
	- Reflect hubloc store changes in plugins
	- Reflect xchan store changes in plugins
	- Rendezvous: Fixed marker creation bug
	- Rendezvous: Center on marker if specified in URL, and update browser address bar with shareable link when selecting markers on the map
	- Rendezvous: Set default value of 0 for priximity alert when making new markers
	- Move gitwiki to plugins from core which has been replaced by native wiki
	- Openclipatar: reflect changes to files and photos which were unified in core some time ago
	- Reintroduce gnusocial plugin after security/functionality review
	- Twitter_api: hubzilla core issue 638 - unsupported message-id field not available in all twitter api functions
	- Superblock: update to reflect core changes
	- Rendezvous: implement static marker proximity alert
	- Phpmailer: security update

Hubzilla 2.0 (2016-12-23)
	- Deprecate bb_iframe
	- Note widget: resize the textarea to reveal full content
	- Implement fixed left aside
	- Implement lockview for wikilist
	- Simplify wikilist widget
	- Router error reporting
	- Setup changes to check for shell_exec and exec functions
	- Extensible permissions upgrade handling for channels with custom permission roles
	- Allow plugins to cancel item_store() and item_store_update()
	- ZOT version 1.2 provides negotiation of cryptographic algorithms
	- Provide a fresh new look and cleaner layout and more relevant information to siteinfo
	- Introduce highlight bbcode [hl]
	- Implement wiki mimetypes markdown or bbcode
	- Doc pages refactoring
	- Update webpages and wiki context help
	- Make a git commit when a new wiki page is created
	- Prev-next navigation for mod_connedit to ease bulk connection edits
	- Move the remote user homebutton to the user menu
	- Do not render maps/locations for Diaspora destinations
	- Provide 'per-page' caching for is_matrix_url() results to reduce duplicate queries
	- Don't send notification for posts/comments on old conversations that were refetched after having expired
	- Numerous wiki UI improvements
	- Move twitter api to addon
	- Cleanup and re-organise the voting and attendance buttons
	- Reorganise emoticons
	- Collapse navbar-collapse-1 if avatar menu is clicked.
	- New display setting: static page update as opposed to live update
	- Command line administrative channel connect utility
	- Modernise chanview
	- Implement edit activities to share post/comment edits with protocols which do not support them (e.g. Diaspora)
	- Wiki export
	- Numerous postgres compatibility fixes
	- Remove requirement that imported profile photos be in the profile photos album
	- Change event behaviour - share by default.
	- Use PDO database driver exclusively (deprecate drivers that are separately maintained)
	- Zot API re-write and extended

	Bugfixes
	- Fix z_fetch_url() incorrect variable
	- Fix SQL error with app categories
	- Fix do not show revert buttons if we do not have write perms
	- Fix dropdown positions
	- Fix do not increase opacity to more than 1
	- Fix clone sync missing for some item delete operations
	- Fix embed-image for fullscreen mode
	- Fix attach_list_files()
	- Fix full screen for embedded videos
	- Fix the forum widget for forums with custom perms
	- Fix issue #607 parens not recognised inside urls
	- Fix pubsites: don't list dead sites
	- Fix issue #596 silence headers already sent warning
	- Fix missing plugins in zot-info
	- Fix notification issue
	- Fix issue #594 like of thing appears as profile owner like
	- Fix export issue
	- Fix checklist bbcode - only turn [] and [x] into checkboxes if it is found inside a checklist
	- Fix wiki permissions issues
	- Fix public calendar leaks connection information (birthdays) when view_contacts is not allowed
	- Fix attach_rename: flaw in duplicate filename detection resulted in filename(1)(1)(1).ext
	- Fix a fatal error with incorrect DB object access
	- Provide /locs link on settings page if there is more than one hubloc for this channnel *that isn't deleted*.
	- Fix issue #577 if connecting to a channel that is already pending, undo the pending and set connect permissions accordingly
	- Fix issue #575, when 'nofinish' is set on an event, invalid date was generated/stored
	- Fix bbcode event formatting issue
	- Fix zot_finger from navbar people search looping
	- Fix fromStandalonePermission()

	Plugins
	- GNU Social: removed from addons for security reasons - it might be re-implemented once it is properly reviewed
	- Diaspora: missing item author when diaspora public comment received from relay
	- Superblock: refactoring
	- New addon: tripleaes for pro
	- Cdav:  "if not exists" only supported starting with postgresql v. 9.5 debian stable has 9.4
	- Rendezvous: added markers and members export tool at /rendezvous/[group_id]/export/{markers,members}
	- Twitter: move twitter api to addon
	- New addon: b2tbtn (back to top button)
	- Diaspora: import public diaspora messages to sys if applicable
	- Diaspora: try and handle singletons better and simplify the associated notifier decisions
	- Rendezvous: add proximity alert feature to members to issue notification when member is within a specified distance.
	- New addon: diaspora_reconnect to refriend diaspora/friendica connections from a clone or channel move
	- Diaspora: change the logic for deciding between upstream and downstream message flow for notifier plugins
	- Rendezvous: prompt member to share their location by activating the GPS control using a tooltip and pulsing visibility
	- statistics_json: fix nodeinfo
	- Rendezvous: restored the lost gps-icon.png and corrected the OpenStreetMap tile server URL to avoid insecure content warnings
	- Rendezvous: use observer name if available
	- std_embeds: missing backslash
	- Diaspora: postgres fixes issue #31
	- Rendezvous: added marker list with centering buttons and popup open.
	- Rendezvous: added control to see list of members sharing their location, with buttons to pan the map to center them
	- Diaspora: system level diaspora toggle
	- Rendezvous: added control that displays members.
	- Diaspora: rename diaspora2bb() to markdown_to_bb() in core
	- Hubwall: remove illegal unescaped angle chars
	- Rendezvous: Add control to delete member if not updated in over 14 minutes

Hubzilla 1.14 (2016-10-13)
	- New hook bbcode_filter
	- Unify the various mail sending instance to enotify::send() and z_mail()
	- Provide ability for admin to change account password
	- Replace deprecated Sabre functions
	- Add plugin hook for 'get_profile_photo'
	- Convert NULL_DATE to a legal date for compatibility with MySQL strict mode
	- Allow a site to over-ride the help table-of-contents files
	- Autoscroll to target post/comment when in single-thread mode
	- Indicator for own response verb activity
	- Add server role documentation
	- Pro: remove 'Additional Features' link for techlevel 0
	- Upgrade fullcalendar library to version 3
	- Whitelist button tag in htmlpurifier
	- Upgrade justifiedGallery library to version 3.6.3
	- Pubsites improvements
	- Upgrade foundation library to version 6.2.3
	- Ability to move photos to another album
	- Submodules for settings page
	- Submodules for admin page
	- Remove chatroom suggestions
	- Revamped and improved theme select backend
	- Theme preview
	- Implement techlevels for pro server role
	- BBcode checklist
	- Improve save to folder modal dialog
	- Case insensitive sort apps
	- Add authors to post distribution
	- Redirect to plugin page after enabling to show configuration settings if applicable
	- Move allowed email domains to admin->security page
	- Display text around the searched query in documentation search
	- Comanche observer conditionals
	- Remove ratings
	- Context help for /connedit
	- Provide configurable sidebar table-of-contents indexes for different levels of the help hierarchy
	- Comanche conditionals
	- Cover photo enhancements (does not disappear after initial scrolldown)
	- Website import/export
	- Server roles (basic, standard and pro)

	Bugfixes
	- Fix connected time not shown on ajax loaded connections
	- API issues
	- Fix readmore.js collapsing on scrolldirection change in some mobile browsers
	- Personalize Server Emails
	- Audio player doesn't automatically show for m4a files
	- Fix ajax page update with /channel?f=&mid=hash
	- Angle bracket characters in DB password not recognised
	- Regression: files/photos were not synchronising to channel clones properly
	- Missing categories in preview mode
	- attach_store() sql issue
	- Rename id share_container to distr_container - share_container seem to be blacklisted in various security browser plugins
	- Add 'map' extension to files served natively by nginx without using the project controller
	- Zot discovery wasn't returning in all cases (after discovering zot)
	- Do not show hidden channels in /randprof
	- Numerous postgres fixes
	- Illegal offset errors in include/conversation:status_editor() when no permissions array is passed
	- Patch foundation-6.2.3 to work with jquery-3.1
	- Custom/expert permissions bug
	- Mail: return array instead of object
	- Don't send purge_all notification to self
	- Saved search: tags and connection searches weren't being saved
	- Do not allow PERMS_PUBLIC as a choice for writable permission limits
	- Force cover photos as well as profile photos to be public. As a side effect 'thing' photos will also be considered public
	- Make lock switching actually work with multiple acl forms
	- Create smarty dir before any templates can be initialised
	- Fix aconfig
	- Broken doc search
	- Public forum check with custom/expert permissions

	Plugins
	- Standard Embed: update to convert old corporate bbcodes
	- Cdav security: fix rw permission check
	- Cdav: add partial support for recurring events in the browser client (editing/creating is not implemented)
	- New plugin phpmailer: use phpmailer class instead of php's built-in mail() function
	- Diaspora: third party on other network comment issue
	- Diaspora: comment fix (hubzilla originated comment with plugin activated by comment author not making it to Diaspora)
	- Cdav: provide calendar list view
	- Diaspora: allow comments on public diaspora posts which were imported by subscribing to public tags.
	- Wppost: add blog_id parameter for WordPress MU sites such as WordPress.com
	- Wppost: don't log the password in normal mode
	- Hubwall: provide choice of sender addresses, the real admin email, postmaster, or noreply.
	- Chord: General cleanup of chord app
	- Chord: Update chord binary for modern linux systems
	- Start grouping addons by server_role

Hubzilla 1.12
	- extensible permissions so you can create a new permission rule such as "can write to my wiki" or "can see me naked". 
	- guest access tokens can do anything you let them, including create posts and administer your channel 
	- ACLs can be set on files and directories prior to creation.
	- ACL tool can now be used in multiple forms within a page 
	- a myriad of new drag/drop features (drop files or photos into /cloud or a post, or drop link into a post or comment, etc.)
	- multiple file uploads
	- improvements to website import
	- UNO replaced with extensible server roles
	- select bbcode elements (such as baseurl) supported in wiki pages
	- addons:
    	Diaspora Protocol - additional updates to maintain compatibility with 0.6.0.0 and stop showing likes as wall-to-wall comments (except when the liker does not have any Diaspora protocol ability)
    	Cdav - continued improvements to the web UI
    	Pong - the classic pong game
    	Dfedfix - removed, no longer needed
    	Openid - moved from core to addon
	- bugfixes
    	unable to delete privacy groups
    	weird display interaction with code blocks and escaped base64 content containing 8 - O
    	workaround WordPress oembeds which are almost completely javascript and therefore filtered
    	restrict oembed cache url to 254 chars to avoid spurious failures caching google map urls
    	"Page not found" appeared twice
    	birthdays weren't being automatically added to event calendar
    	some iCal entries had malformed descriptions

Hubzilla 1.10
	Wiki:
		Lots of enhanced functionality, usability improvements, and bugfixes from v1.8
		Turned into an optional feature (default on) but disabled in UNO
	Sync: 
		Items are now relocated (links patched) when syncing to clones
	Access Tokens:
		New feature - allows members to create access controlled guest logins and create/share 'dropbox' style links to protected resources.
	UI:
		Use icons instead of iconic text constructs
		Only request geolocation permission when creating a post, not on page load
		provide 'redeliver' option on Delivery Report page for when things really stuff up
		CalDAV/CardDAV management pages with heaps of functionality 
	Lib:
		z_fetch_url() updated to accept different request methods and request bodies
		item_store(), item_store_update() now return the stored items
		vcard microformat changes to remain spec compliant
		microformat meta tags added to post/comments
		AbConfig API changed to use channel_id rather than channel_hash, which was overly complicated to use
		SuperCurl class added to provide a framework for re-use of obscure CURL options
		Allow absolute links to CSS/JS files on CDN
		Add Let'sEncrypt intermediate cert to lib in case you forget to install it on the server
		Update fullcalendar and jquery (3.1) libs
		Update sabre/dav to 3.2.0
		Change content export from a month/year system to begin/end
		Use streaming I/O for delivering large photos
		Allow multiple App description files in a single plugin directory
		optimise a couple of troublesome/inefficient SQL queries
		avoid sending clone sync packets to dead sites
	Resolved Issues:
		channel home page not providing content to clients with javascript disabled
		Replace '@' obfuscation with html entity rather than the unicode look-alike
		xchan_query() failing to detect duplicates, resulting in inefficient queries
		issues with 'use existing photo' for profile photo
		layout editor "list all layouts" returned empty
		oembed - better detect video file URLs so they aren't loaded into memory.
		handcrafted bbcode tables could end up with way too much whitespace due to CRLF translation 
		refresh permissions whitescreen in 1.8
		force immediate profile photo update on local site
		regression: 'save bookmarks' post action missing

Hubzilla 1.8
	Administration:
		Cleanup and resolve some edge cases with addon repository manager
		Provide sort field and direction on all fields of account and channel administration tables
		Rename 'user' administration to account administration to reflect its true purpose
		'safemode' tool to quickly disable and re-enable addons during a hypothetical upgrade crisis
	Security:
		Edited comments to private posts could lose their privacy settings under some circumstances
		Provide zot-finger signatures to prevent a possible but rare exploit involving DNS spoofing and phishing
	ACL selections:
		Various improvements to the ACL editor to further simplify the concepts and make it more intuitive
	Chat:
		Notifications of chatroom activity using standard browser notification interfaces.
	Themes:
		Allow a theme:schema string to represent a valid theme name. This fixes issues with setting schemas on site themes.
	Pubsites:
		Show server role (identify UNO or basic sites as opposed to hubzilla pro) and link to statistics
	Documentation:
		Clarify privacy rights of commenters w/r/t conversation owners, as this policy is network dependent.
	Wiki (Git backed):
		Brand new feature. We'll call it experimental until it has undergone a bit more testing. 
	Account Cloning:
		Regression on clone channel creation created a new channel name each time.
		New issue (fixed) with directory creation on cloned file content
	Content Rendering:
		Add inline code (in addition to the existing code blocks) to BBcode
		Add emoji reactions
		Add emojis as extended smilies with auto-complete support
		Emoji added as feature so it can be enabled/disabled and locked
		Ability to configure the standard reactions available on a site basis
		Disable 'convenience' ajax autoload on pgdn key, as it could lead to premature memory exhaustion
	Photos:
		Change album sort ordering, allow widgets and plugins to define other orderings
	Apps:
		Synchronise app list with changes to system apps
		Preserve existing app categories on app updates/edits
		Regression: fixed translated system app names
	Architecture:
		Provide autoloaded class files and libraries for plugins.
		Further refactoring of session driver to sort out some cookie anomolies
		Experimental PDO database driver
		Creation of Daemon Master class and port all daemon (background task) interfaces to use it
		Create separate class for each of 'Cron', 'Cron daily', and 'Cron weekly'.
		Always run a Cron maintenance task if not run in the last four hours 
		Refactor the template classes
		Refactor the ConversationItem mess into ThreadItem and ThreadStream
		Refactor Apps, Enotify, and Chat library code
		Refactor the various Config libraries (Config, PConfig, XConfig, AConfig, AbConfig, and IConfig)
		Created WebServer class for top level
		Remove mcrypt dependencies (deprecated in PHP 7.1)
		Remove all reserved (including merely 'not recommended') words as DB table column names
		Provide mutex lock on DB logging to prevent recursion under rare failure modes. 
	Bugfixes:
		Remove db_close function on page end - not needed and will not work with persistent DB connections.
		Undefined ref_session_write
		Some session functions needed to be static to work with CalDAV/CardDAV
		CLI interface: argc and argv were reversed
		HTML entities double encoded in edited titles
		Prevent delivering to empty recipients
		Sabre library setting some security headers for SAML after we've emitted HTML content
		Always initialise miniApp (caused obscure warning message if not set)
		Block 'sys' channels from being 'random profile' candidates
		DB update failed email could be sent in the wrong language under rare circumstances
		Openid remote authentication used incorrect namespace
		URL attached to profile "things" was not linked, always showing the "thing" manage page
		New connection wasn't added to default privacy group when "auto-accept" was enabled
		Regression: iconfig sharing wasn't working properly
	Plugins:
		CalDAV/CardDAV plugin provided
		Issue sending Diaspora 'like' activities from sources that did not propagate the DCV
		Allow 'superblock' to work across API calls from third party clients
		statistics.json: use 'zot' as protocol 
		Issues fixed during testing of ability to follow Diaspora tags
		Parse issue with Diaspora reshare content
		Chess: moved to main repo, ported to 1.8

Hubzilla 1.6
	Cleanup and standardise the interfaces to the "jot" editor
	Router re-written to support calling class object methods as controllers
	All existing modules (160+) re-written as object classes
	Plugin hook interface adapted to call static class methods
	Context help improved dramatically with content for the most accessed pages.
	Reverted a compatibility change to support GNU-social events. We copied their feed format and their feed format is wrong (XML namespace collisions).
	Provide a querystring attribute to CSS/JS resources to avoid caching issues when our code changes (which is often). 
	Fix javascript detection and allow either positive or negative detection.
	Refactor the plugin hook registration procedure, provide 'unregister all' ability.
	Fix RSD (Real Simple Discovery) which has been broken for some time.
	Update smarty library to 3.1.29
	Update jquery.textcomplete to 1.3.4
	Update font-awesome to 4.6.1
	Update SabreDAV to 3.0 (PHP version requirements prevent us from pushing it further at this time)
	Help text added to cmdline utilities config and pconfig
	Reworking of the database logging facility to avoid the rare but troublesome recursion when the log facility needed to query the DB internally to obtain config parameters. 
	Implement singleton delivery (emulate nomadic identity to singleton networks and services)
	Fix empty album name in photo activities when photo is stored in top level folder.
	Allow engineering units to be used in service class data size restrictions (400M, 1G, etc.)
	Lots of work on bbcode auto-completion
	Admin interface provided to manage external resource repositories
 	Oembed security reworked. Now all sources are filtered by default unless blocked.
	Remove the date-string version and use only STD_VERSION
	Add categories and categorisation filtering and the ability to edit all apps (including system apps) for a given channel 
	Ensure the ability to translate names of all system apps (except those provided in addons)
	Provide ability to add categories to content from channel sources
	Lots of work on the presentation of the ACL widget to enhance usability and intuitiveness
	Allow somebody to follow a channel from a pasted redress containing a Unicode lookalike of the @ sign.
	Add conditional syntax to Comanche (if/then/else)
	Convert Comanche to an object class
	Removed IE6 compatibility code
	Explicitly close DB on shutdown/exit instead of allowing it to close naturally
	Allowed delayed publish of webpages
	Show current repository versions of master and dev on admin page and warn if your installation has fallen behind master
	Provide some extra security checks to import data and files to prevent mischief
	Block CalDAV/CardDAV namespace reserved words from being used as a channel nickname/redress since Sabre is somewhat inflexible in this regard
	Plugins:
		Diaspora 
			markdown translator work needed to eradicate the Diaspora Comment Virus.    
			upgrade all inbound paths with the most recent protocol changes (several of these)
			convert 'diaspora_meta' (Diaspora Comment Virus) to iconfig and eradicate from sites with Diaspora disabled
			implement social relay and allow following tags
			upgrade statistics.json to NodeInfo. Currently hubzilla sites are tagged as 'redmatrix' because the NodeInfo schema lacks extensibility and project names are used to designate protocol compatibility rather than protocol names.
		Std-embeds
			New addon to allow a handful of corporate providers to run unfiltered embed code (youtube, vimeo, soundcloud) 
		Various:
			upgrade font-awesome icons and adapt a few addons to Objects and the new hook interface and new controller interface
			
Hubzilla 1.4
	[This list may appear brief, but encompasses a huge amount of re-writing and re-factoring
	of the internal code structure to gain long-term performance and stability and provide a standard
	interface to alternate protocol federation plugins which were made possible by the UNO configuration.
	UNO is a configuration of hubzilla introduced in 1.3 with reduced complexity and which provides 
	improved protocol federation potential to other networks by virtue of removing nomadic identity 
	(which is not possible to model or work around using other network protocols).]  

	Implement channel move operation for UNO configuration
	Remove bookmark references in UNO (which has no bookmarks by default)
	UI cleanup profiles/chat/manage
	Refactor webfinger probes and salmon backend for GNU-social federation
	SECURITY: DAV authentication exploit
	Context help added
	More help pages
	Provide 'posts only' feed
	Refactor App to remove globals
	Refactor Session to remove globals
	provide a fullscreen mode for selected modules and functions
	Regression: some addon routes broken
	fix "remember me"
	Autocomplete tool extended to bbcode/comanche
	Clone sync of file/photo updates
	system rename (e.g. http to https or DNS name change) missing some connection photos
	calendar module not blocked to public whhen block_public enabled
	Use timeago.js in reshare content so that timestamps will be correct on federated reshares
	Rework detection of JavaScript to avoid reload penalty under normal operation
	Changed primary directory server to a hubzilla server
	Plugins:
		Diaspora - switch to alternate XML parser to avoid storing compound objects	
		GNU-Social - Huge amounts of work, federation somewhat working now, several issues remain
		Friendica - Initial federation work (not yet published)
		
Hubzilla 1.3
	Admin Security configuration page created which consolidates several previously hidden settings:
		Communication white/black lists
		Channel white/black lists
		OEmbed white/black lists
	Admin Profile Fields page created which manages the availability and order of standard profile fields and allows new fields to be created/managed
	"Poke" module reworked - page UI updated and "poke basic" setting introduced which limits the available poke "verbs".
	"Mood" module UI reworked
	"profile_photo" module UI reworked
	"cover_photo" module UI reworked
	"new_channel" module UI reworked
	"register" module UI reworked
	"pubsites" module UI reworked
	item-meta ("iconfig") created which implements arbitrary storage for item metadata for plugins
	abook-meta ("abconfig") created which implements arbitrary storage for connection metadata for plugins
	"Strict transport security header" made optional as it conflicts with some existing Apache/nginx configurations 
	"Hubzilla UNO" (Hubzilla with radically simplified and locked site settings) implemented as an install configuration. 
	.well-known directory conflict worked out to support LetsEncrypt cert ownership checks without disrupting webfinger and other internal uses of .well-known
	Lots of work on 'zcards' which are self-contained HTML representations of a channel including cover photos, profile photos, and some text information
	Long standing bug uncovered which failed to properly restrict the lower time limit for public feed requests
	A number of fixes to "readmore" to fix page jumping
	Bugfix: persons other than the channel owner who have permission to upload photos to a channel could not do so if the js_upload plugin/addon was enabled
	Siteinfo incorrectly identifying secondary directory servers
	Allow admin to set and lock features when UNO is configured 
	Atom feeds: alter how events are formatted to be compatible with GNU-social
	Allow guest/visitor access to view personal calendar
	Moved several more classes to "composer format" and provided an autoloader.
	Bugfix: require existing password to change password
	Bugfix: allow relative_date() to be translated to Polish which has more than two plural forms. 
	Plugin API: add "requires" keyword to module header to indicate dependent addons
	ActivityStreams improvements and cleanup: photo and file activities
	UI cleanup for editing profile when multiple profiles enabled
	Removed the "markdown" feature as there are numerous issues and no maintainer.
	Provide "footer" bbcode to ease theming of post footer content
	Bugfix: install issues caused by composer code refactor and typo in postgres load file 
	Plugins:
		keepout - "block public on steroids"
		pubsubhubbub - provides PuSH support to Atom feeds, required for GNU-social federation
		GNUsocial protocol - under development
		Diaspora protocol - some work to ease migration to the new signing format
		Diaspost - disabled; numerous issues and no maintainer
		smileybutton - theme work and fixed compatibility with other jot-tools plugins
		

Hubzilla 1.2
	Provide extra HTTP security headers (several of them).
	Allow a site to disable delivery reports if disk space is limited
	Regression: Wrong theme when viewing single post as non-member
	Some Diaspora profile photos use relative URLs - force absolute
	Add locked features to siteinfo report to aid remote debugging
	Provide version compatibility checking to plugins (minversion, maxversion, and minphpversion)
	Account config storage
	Provide optional integrated registration and channel create form 
	cli utility for managing addons
	issue with sharing photo "items"
	cover photo manager: upload, crop, and store
	cover photo widget created
	rework the connections list page and provide a few management features there
	fixed issue with Comanche layout definitions loaded by plugins
	provide ability to separate delivery functions from item_store() and item_store_update() - some forum messages were being redelivered when cloned.
	call build_sync_packet() on pdledit changes
	Abstract the project name and version so these can be customised or removed
	Allow hiding the ratings links on a per-site basis
	db_type not present in international setup templates - was unable to choose postgres.
	item_photo_menu logically divided into a) actions on the post, b) actions related to the author
	bug: default channel not reset to 0 when last channel removed
	create widget containing only the contact block
	regression: public forums granted send stream permissions to connections
	workaround Firefox's refusal to honour disabling autocomplete of passwords
	regression: photo's uploaded to a channel by a guest (with file write permissions) not saved correctly.
	provide mechanisms for custom .well-known handlers (needed for LetsEncrypt ownership verification)
	proc_run modified to use exec() instead of proc_open() - causing issues on some PHP installations
	remote delegation failure under a specific set of circumstances which we were finally able to duplicate
	Delegation section of Channel Manager was missing names and contained useless notification icons.
	Change "expire" channel setting to show system limit if there is one. 
	Regression: provide a one-click ignore of pending connection
	Config to control directory keyword generation on client and server.
	"Collections" renamed to "Privacy Groups", documentation improved
	widget_item - allow use of page title instead of message id
	Add site black/white list checking to all .well-known services
	reduce incidents of screen jumping when "showmore" is activated
	add oembed provider for photos

	Addons:

	CSS theming of pageheader plugin
	xmpp addon ported from Friendica
	Diaspora private mail issues after the third reply
	Occasional issue with Diaspora connection requests
	Add notification email to Diaspora PMs
	Allow anonymising platform and version for statistics
	msgfooter addon created
	removed embedly plugin
	sync clones after superblock addition
	"keepout" plugin created


Hubzilla 1.1

	Rewrote and simplified the Queue manager and delivery system
	Rewrote and simplified the outer layers of the Zot protocol
	Use a standard version numbering scheme in addition to the snapshot tags
	Provide a channel blacklist for blocking channels with abusive or illegal content at the hub level
	Make the black/white lists pluggable
	Update template library
	Support for letsencrypt certs in various places
	Cleanup of login and register pages
	Better error responses for permission denied on channel file repositories
	Disabled the public stream by default for new installs (can be enabled if desired)
	Cleanup of API authentication and rework the old OAuth1 stuff
	Add API "status with media" support compatible with Twitter and conflicting method for GNU-social
	Rework photo ActivityStreams objects to align better with ActivityStreams producers/consumers
	Several minor API fixes to work better with AndStatus client
	Invitation only site - experimental support added, needs more work
	Fix delivery loop condition due to corrupted data which resulted in recursive upstream delivery
	Provide more support for external (git) widget collections.
	Extend the Queue API to 3rd-party network addons which have experienced downtime recently.
	Regression: Inherited permissions were not explicitly set
	Regression: "Xyz posted on your wall" notification sent when creating webpages at another channel
	Regression: Custom permissions not pre-populated on channel creation with named role.
	Provide "Public" string when a post can be made public, instead of "visible to default audience"
	Allow hub admin to specify a default role type for the first channel created, reducing complexity
	Ability for a hub admin to set feature defaults and lock them, reducing complexity
	Change default expiration of delivery reports to 10 days to accomodate sites with reduced resources
	Addons/Plugins:
		Pageheader addon ported from Friendica
		Hubwall (allow admin to send email to all accounts on this hub) created
		GNU-social - queueing added 
		Diaspora - fixes for various failures to update profile photos, updates to queue API 
		Cross Domain Authenticated Chess (Andrew Manning's repository)
	
	And... the normal "lots of bugs fixed, translations updated, and documentation improved"