Akkoma stable 2023.08 - Secure ARMs are bookworms

oooooh it’s time

iiiiit’s time

i mean i usually release second saturday of the month but i’m busy next week so now it is - it’s release day!

New stuff

Arm64 builds!!!

oh yeah arm builds. amd64 move over, OTP releases now support the aarch64 architecture! many vps providers are starting to offer ARM servers at a reduced cost, so this may well be a nice cheap way for people to run instances.

The new flavours can be found in the installation docs

OTP Release base distributions updated

our old amd64 OTP release was built on debian bullseye, which since the last release has become oldstable. Hence, OTP releases are now built on bookworm (currently debian stable)

The alpine build is also now built on 3.18 as a base

!!IMPORTANT if you run ALPINE (<3.18), DEBIAN BULLSEYE (11), or UBUNTU FOCAL (20) - you must upgrade your system to run the newest OTP builds.

ALL OTP builds now require OpenSSLv3 to run.

On the upside, Debian bookworm and Ubuntu Jammy are now compatible! you won’t have to do anything though, i’m releasing identical builds under the old amd64-ubuntu-jammy flavour for ease of transition.

Full support for elixir 1.15

New elixir version, new fun and games. The latest release brings full support for the latest release, which should keep us nice and up to date with language-side security fixes and other such stuff. So if you build from source, feel free to update your environment. 1.14 is still entirely supported so don’t feel like you have to immediately though.

Please note that erlang OTP26 is not officially supported as yet - whilst I believe it should work, due to how it changes map ordering, it fails tests and I cannot guarantee 100% that it’s fine, so if you can, try to stick to OTP25.

A whole bunch of security-releated fixes

There’s been a few recently, huh?

The details of these fixes aren’t particularly interesting, but the cliff notes are:

  • Added OnlyMedia upload filter, which will deny the upload of anything that isn’t explicitly a media file
  • Added AnonymizeFilename upload filter to apply to everything. No more path traversal…
  • Disabled any form of XML external entity loading

Some accessiblity functionality on the frontend

The prefers-reduced-motion browser setting will be honoured in a load of places now, which should make life easier if you’re not a fan of animations all over the place.

And more

As usual, a full list of changes can be found on the changelog


Same as ever! Updating your instance - Akkoma Documentation

Please note the above comments on OTP! Debian 11, Ubuntu 20 and alpine <3.18 users bewaaaaare!

OTP users beware! If your instance “crashes” with a runtime error, do make sure to read it, it’s telling you your config permissions are bad and tells you how to rectify that.


I have quite a lot to give out this month

  • yukijoou, mergan and SukinoVERSΞ for fixes on the frontend! thanks!
  • Mae@is.badat.dev for being the whitehat we all need
  • Norm, Oneric for documentation fixes!
  • ilja for the above and also letting me bounce silly things off you in IRC
  • the forklift driver for being certified as ever
  • people that helped co-ordinate vulnerability fixes, it’s very helpful!

the command you need to run to fix the perms is:

chmod o= /etc/akkoma/config.exs

btw, since it’s kinda hard to find in the crash message

it’s like the first line or something?
Easy fix and nice work putting that in the crash message. All done and good to go agaaaaain!

I think I updated correctly, but is there a way to correlate the “backend” version number that is being displayed in the akkoma-fe settings to the actual release number? It says 3.10.3 here now and has a broken link to: https://akkoma.dev/AkkomaGang/akkoma/commit/v3.10.3

1 Like

Welp, I merrily updated my instance without reading the instructions and, since my web app framework still doesn’t support Bookworm, now I’m stuck with a non-working Akkoma… how do I revert to the last working version for Bullseye in the meanwhile?

i gave yunohost a special build yesterday

your maintainer should be working on it iirc

REF: Akkoma

1 Like

Well… about that, seems like there was one library that did build against 2.34 in that particular branch:

akkoma[3153281]: /var/www/akkoma/live/lib/majic-1.0.0/priv/libmagic_port: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /var/www/akkoma/live/lib/majic-1.0.0/priv/libmagic_port)

I ran it on a Debian vm without issue

please ensure you selected the correct flavour when updating

Released patch 3.10.4 to prevent my own silly mistake in develop from bringing people down