StatusNet 0.9.6 release

Mirrored from my entry on StatusNet company blog

StatusNet 0.9.6 is ready to download:

This version is now live on hosted sites and, and is a recommended upgrade with bug fixes and improved client authentication.

OAuth authentication for the Twitter-compatible API has been updated significantly, which may require some client apps to change their behavior for new users to sign in:

  • Updated to OAuth 1.0a — we require you to use the verifier, and 1.0 wont work
  • A new “oob” pin-based workflow for apps with limited web capability
  • Tokens exchange and authorization happen over SSL by default
  • A New mode=desktop parameter for apps displaying a stripped down, “lite” version of the authorization page in a webview
  • An anonymous consumer for apps that don’t want to register for a custom consumer key and secret (good for apps that need to work with multiple StatusNet instances)
  • When a user declines to authorize a request token, we notify the client by calling the verified callback with the oauth_problem=user_refused parameter

Please test your client apps to confirm they still function; even if existing access tokens work, be sure to try signing up a new user too! If you have troubles, ping Zach Copley who’s become our resident OAuth wizard, either directly via StatusNet or in our IRC channel on FreeNode.

Changes from 0.9.6 release candidate 1:

  • fix for broken group pages when logged out
  • fix for stuck ping queue entries when bad profile
  • fix for bogus single-user nickname config entry error
  • i18n updates
  • nofollow updates
  • SSL-only mode secure cookie fix
  • experimental ApiLogger plugin for usage data gathering
  • experimental follow-everyone plugin

Other notable changes this version:

  • Site moderators can now delete groups.
  • New themes: clean, shiny, mnml, victorian
  • New YammerImport plugin allows site admins to import non-private profiles and message from an authenticated Yammer site.
  • New experimental plugins: AnonFavorites, SlicedFavorites, GroupFavorited, ForceGroup, ShareNotice
  • OAuth upgraded to 1.0a
  • Localization updates now include plugins, thanks to!
  • SSL link generation should be more consistent; alternate SSL URLs can be set in the admin UI for more parts of the system.
  • Experimental backupuser.php, restoreuser.php command-line scripts to dump/restore a user’s complete activity stream. Can be used to transfer accounts manually between sites, or to save a backup before deleting.
  • Unicode fixes for OStatus notices
  • Header metadata on notice pages to aid in manual reposting on Facebook
  • Lots of little fixes…

A complete list of changes since 0.9.5 is included in the ‘Changelog’ file in the RC download and on the wiki:

— brion