This release fixes issues for SREs watching stability and regressions.
✓ No known CVEs patched in this version
Topics
Affected surfaces
Summary
AI summaryFixed double‑encoded custom profile fields causing per‑character rendering in Mastodon API responses.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Bugfix | Medium |
Fixes double‑encoded custom profile fields in Mastodon API responses and pages. Fixes double‑encoded custom profile fields in Mastodon API responses and pages. Source: llm_adapter@2026-06-03 Confidence: low |
— |
| Bugfix | Low |
Repairs double‑encoded custom profile fields stored as JSON strings. Repairs double‑encoded custom profile fields stored as JSON strings. Source: granite4.1:30b@2026-06-03-audit Confidence: low |
— |
| Refactor | Medium |
Adds CHECK constraints to enforce JSON objects in field_htmls, emojis, and fields columns. Adds CHECK constraints to enforce JSON objects in field_htmls, emojis, and fields columns. Source: granite4.1:30b@2026-06-03-audit Confidence: low |
— |
Full changelog
Released on June 3, 2026.
- Fixed a bug where some remote accounts' custom profile fields were rendered as per-character entries (field names
0,1,2, … with one character of HTML in each value) in Mastodon API responses and on profile pages. The affected rows had theirfield_htmls(and potentiallyemojisorfields) stored as double-encoded JSON strings by an older Drizzle ORM version; a data migration repairs them, and newCHECKconstraints enforce that these columns always hold JSON objects. [#504]
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Beta — feedback welcome: [email protected]