pump.io

Social server with an ActivityStreams API

This project is maintained by e14n

Posts categorized as "releases"

Pump.io 2.0.4 is available

Greetings!

After a beta period of just over a week, pump.io 2.0.4 is now available on npm and GitHub. Whoohoo!

(This was originally going to be 2.0.0, but we had to do a couple patch releases due to some outdated documentation and several critical bugs. 2.0.4 is mostly the same thing as 2.0.0.)

Changes

Note that this release includes security improvements - namely, a newer Express version and a better TLS configuration - and therefore admins are encouraged to upgrade ASAP.

For the full list of changes, see the change log.

Breaking changes

(As I said in the beta announcement:)

Pump.io 2.0.4 is a drop-in replacement for 1.0.0 unless you have any plugins configured or you modify the templates.

Plugins are likely to be affected by the upgrade to Express 3.x. The easiest way to migrate is probably to just run pump.io, test out the relevant parts of the app, and see where your plugin crashes. You might also want to look at the Express 3 change log.

If you modified the templates, you'll be affected by the templates' rewrite from utml into Jade. Migration should be relatively painless but has to be done manually. Your best bet will be to save a copy of the diff you created, undo your changes, upgrade, then use the diff you saved to reintroduce your changes. You'll have to run npm run build after making changes to Jade files.

Non-breaking changes

This release is actually relatively minor in terms of non-breaking changes; however, we do have some nice new improvements:

  • A pump(1) manpage is now included
  • Any internal web UI link with a data-bypass attribute is now ignored by the routing logic (useful for e.g. custom pages added by the admin)
  • YouTube links in posts are now shown as embeds by the web UI (#1158)
  • TLS connections now use Mozilla's "intermediate" cipher suite and forces server cipher suite preferences (#1061)
  • Various minor fixes and improvements

Upgrading

Upgrading is dead-simple. If you used our recommended install method, and installed from npm, you can upgrade with:

sudo npm install -g pump.io@2

If you installed from source, you can upgrade with:

git fetch
# If you modified templates, save the diff at this step
git checkout .
git checkout v2.0.4
npm install
# Restore your template changes
npm run lint:jade # Optional but recommended if you changed templates
npm run build

Both of these methods will work whether you're running 0.3.0, 1.0.0, or 2.0.0 beta. Make sure to restart pump.io after performing the upgrade.

Getting help

If you have any issues with the upgrade, get in touch with the community. You can also email me at alex@strugee.net.


Pump.io 2.0.0 beta is here

Greetings!

As pump.io is gearing up for our 2.0.0 release, I just published a beta to npm. We'd love it if any interested admins could upgrade their nodes and report any bugs you may run in to. (All bug reports are helpful, but just so we're clear, we're likely to only fix regressions from 1.0.0.)

Changes

Pump.io 2.0.0 beta is a drop-in replacement for 1.0.0 unless you have any plugins configured or you modify the templates.

Plugins are likely to be affected by the upgrade to Express 3.x. The easiest way to migrate is probably to just run pump.io, test out the relevant parts of the app, and see where your plugin crashes. You might also want to look at the Express 3 change log.

If you modified the templates, you'll be affected by the templates' rewrite from utml into Jade. Migration should be relatively painless but has to be done manually. Your best bet will be to save a copy of the diff you created, undo your changes, upgrade, then use the diff you saved to reintroduce your changes. You'll have to run npm run build after making changes to Jade files.

For the list of non-breaking changes, see the change log.

Upgrading

Upgrading is very easy. If you used our recommended install method, and installed from npm, you can upgrade to the beta with:

sudo npm install -g pump.io@beta

If you installed from source, you can upgrade with:

git fetch
# If you modified templates, save the diff at this step
git checkout .
git checkout v2.0.0-beta.1
npm install
# Restore your template changes
npm run lint:jade # Optional but recommended if you changed templates
npm run build

Make sure to restart pump.io after performing the upgrade.

Getting help

If you have any issues upgrading to or running the beta, please don't hesitate to get in touch with the community. You can also email me at alex@strugee.net.


Pump.io 1.0.0 is now available!

Pump.io 1.0.0 is officially available! Whoooo!

I just wanted to write up an announcement real quick to celebrate. Here's a sample what's gone into this release:

  • Node 4.x support
  • Lots of security improvements including a better cross-site scripting scrubber and security-related headers that help protect the web UI (most notably, the web UI now declares a Content Security Policy)
  • Minor improvements to the API to make it (slightly) smarter
  • LibreJS support
  • Numerous dependency upgrades, most notably Connect
  • And of course, tons of minor bugfixes and improvements

For more details, see the brand-new change log.

And of course since we're now past 0.x.x releases, we're now officially making a commitment to the community to make only API-compatible changes going forward (or at least, until 2.0.0!).

As this release does improve security and fixes a lot of bugs, node administrators are encouraged to upgrade as soon as possible. If you have a global, npm-based install, you can upgrade with:

sudo npm install -g pump.io

And with a source-based install:

git pull
git checkout v1.0.0
npm install --production

If you're upgrading from 0.3.0, everything should Just Work(tm). Don't forget to restart your daemon!

One final note - the rumors are true. While we're not doing so yet, we are, in fact, planning to deprecate running under Node.js 0.10 and 0.12 very soon. Also, if you upgrade to Node.js 4.x early, the new, better XSS scrubber will be enabled - however, be aware that pump.io is far less tested under Node.js 4.x and you are likely to run into more bugs than you would under 0.10 or 0.12. This is an unfortunate situation, but sadly there's really nothing to be done about it. :(

Special thanks to Menno Vossen, Laura Arjona, Evan Prodromou, Jan Kusanagi and all the other volunteers who did so many different things to make this release happen. It truly wouldn't have happened without you.

Enjoy the release!

With <3,

AJ