Mbin 1.9.0 stable is finally out! Upgrade your server now, if you didn't do it already.
We have 3 different summaries below. One for end-users, one for server admins, and finally a summary for Mbin developers.
Thank you everybody who made this release possible!
Summary for Users
This release contains numerous improvements and changes that we can't list everything here, so we'll stick to the highlights (in random order).
We enhanced security so that after a user changes their password or 2FA, all the current sessions of that user will be invalid and the user will need to log in again.
A new combined front page. You could make the combined front page the default in your profile settings. Which means you see both threads and microblogs combined on the homepage.
We also introduced a new feature under general settings, where you can select "Who can send you a direct message" (defaults to everybody).
We added support for magazine banners in Mbin (which is also compatible with Lemmy Communities).
Mbin combines the thread form into just one form (instead of having article, link, and photo having a separate form). Mbin now also federates bans correctly (both incoming and outgoing bans).
Global mods can now manage (view, approve and/or deny) account signups. Global mods can now also receive signup notifications, which will also come with a new menu item in the drop-down menu.
Plus various other bug fixes and CSS layout improvements, ban notification fixes, and too many other fixes to mention here.
Summary for Server Admins
Multiple Docker setup enhancements, we upgraded to Debian Trixie images. We also upgraded to use Node v24 (current LTS release) within our Mbin Docker images. Plus we added a new amqproxy service to the docker compose file. See upgrade instructions for Docker below for more info.
We now added two different server settings:
- Restrict "Random Threads/Posts" sidebar sections to local only
- Restrict "Active people" sidebar section to local only
The first option has been known to cause SQL performance issues (we recommended NOT enabling this first option), hence we gave you the two options. The second option shows local only active users, which does NOT impact performance (so feel free to enable that option if you wish).
Mbin now comes with new moderation log filter capabilities.
We also documented Anubis setup for Mbin, setup is optional. However, Anubis could protect your server from DDoS attacks or other unwanted traffic towards your server.
Mbin now also has a command to rotate the private keys for one user or all the local users.
We renamed an existing environment variable: MAX_IMAGE_BYTES to: MBIN_MAX_IMAGE_BYTES, please rename the variable if you have set it. On top of that we also added a new environment variable: MBIN_USE_FEDERATION_ALLOW_LIST (default value: false) for in the .env file. We also added MBIN_NEW_USERS_NEED_APPROVAL (also default value: false) several months ago, in case you didn't added that variable yet. Although both variables are optional to add. See the latest .env.example file.
Finally, we upgraded several Composer dependency packages plus Symfony recipe updates as well as NPM package updates. So like always be sure to run: ./bin/post-upgrade to install all the updated Composer packages (on bare metal). Which should fix security vulnerabilities in our composer & npm depedency packages. And clear all caches.
Summary for developers
We extended and improved the getting started guide, documenting how to leverage dev containers to get started. Please follow the full "Docker as a dev server" guide if you wish to help with development.
We also created a new Fediverse developer page that lists all our ActivityPub messages.
See the full release notes / how-to upgrade here: https://github.com/MbinOrg/mbin/releases/tag/v1.9.0
A screenshot would be helpful.