diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1595423975..54e488c9d6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,957 @@
+#### v4.0.0 (2025-01-20)
+
+##### Breaking Changes
+
+*  add new `escape` option to getPostSummaryByPids [breaking] (16c8a652)
+*  core html stripping on plaintext, remove 'filter:teasers.configureStripTags' hook, remove html stripping from teaser generation (c01f1549)
+
+##### Chores
+
+* **i18n:**
+  *  fallback strings for new resources: nodebb.error (e53b3737)
+  *  fallback strings for new resources: nodebb.aria (d04bdd9d)
+*  update changelog for v3.12.4 (e7e682ed)
+*  bump persona (3e08eb39)
+*  bump markdown, harmony, and persona to new major versions (499df8ab)
+*  remove now-unneeded v4 upgrade scripts (487e7be5)
+*  add type to webpack config file (#12072) (d79dfd03)
+*  rc4 (aa1f65e9)
+*  bump harmony for #12938 (8ec388af)
+*  rc3 (754ef9b2)
+*  upgrade script to fix outdated slugs for users with periods in their usernames (d1c27b4d)
+*  bump to rc.2 (e2b653b0)
+*  bump version to rc.1 (5aab151e)
+*  up persona (b25aa336)
+*  beta.4 (c1079356)
+*  up harmony (098836c1)
+*  beta.3 (27fb01f7)
+*  up harmony (34353bdb)
+*  beta.2 (cc267714)
+*  beta tag (86f624f8)
+*  up themes (471fbd3a)
+*  up themes (d4cf5e7e)
+*  restore activity history check in AP inbox middleware now that NodeBB sends unique IDs with applicable activities (7e23e192)
+*  up harmony (16fe85e2)
+*  up themes (789520e4)
+*  up harmony (7a5588da)
+*  bump version to 4.0.0-alpha (b691d2a9)
+*  up harmony (aae0b5b0)
+*  up harmony (b540ecd3)
+*  up harmony (18f9baff)
+*  info -> verbose logging in ap inbox.js (931a0f0a)
+*  make getParentChain logging verbose (6069bee0)
+*  lint (f6d4d563)
+*  up mentions (68c91650)
+*  up mentions (2b6e31a6)
+*  commenting out logic that drops requests if the id has already been seen, due to a regression in interoperability between NodeBB instances (bb0360bf)
+*  up mentions (2c87c6e8)
+*  up mentions (bad094e8)
+*  up markdown (58668b46)
+*  up markdown (dbd901d3)
+*  update ap cron job config (c680fa67)
+*  up mentions (c4c3c207)
+*  bump harmony (4cec6783)
+*  bump mentions (5ec24977)
+*  bump markdown (4fd0d27e)
+*  up mentions (78e11d6e)
+*  bump harmony (228c9173)
+*  some linting (fdba6840)
+*  debug log (3636dec7)
+*  up widgets (1ce986f7)
+*  lint (5e776088)
+*  minor cleanup (1253ded7)
+*  add verbose logging to middleware.validate (719bb0a0)
+*  up harmony (550e522f)
+*  move assertTopic to top of file, rename to assert (4ee8519d)
+*  up harmony (a84dba27)
+*  lint (c5c0c473)
+*  remove now-unused notes.assert (c6624b63)
+*  up harmony (66b4dc2c)
+*  up harmony (d31978b3)
+*  lint (0c2cfbe7)
+*  removed unused requires (911177ce)
+*  remove debug log (92c990f2)
+*  remove debug log (403bf3e1)
+*  update log verbiage (9c15b02a)
+*  additional logging (641a94d6)
+*  move assertNote to separate file in preparation for additional note-based methods (2b3b6e56)
+*  small var rename (8a5fb86d)
+*  minor re-shuffling of code (5e693702)
+*  reorganize controllers for clarity (2e899008)
+*  update AP helpers export, 404 logic reversal, no slugify in userslug in mock profile from remote instance (0cbbce8c)
+* **deps:**
+  *  update dependency lint-staged to v15.4.0 (#13059) (1c4c4f57)
+  *  update dependency sass-embedded to v1.83.4 (#13045) (be2098d8)
+  *  update dependency @commitlint/config-angular to v19.7.0 (#13030) (03432960)
+  *  update dependency jsdom to v26 (#13040) (d12d9efb)
+  *  update redis docker tag to v7.4.2 (#13033) (fd6f3ee6)
+  *  update dependency lint-staged to v15.3.0 (#13031) (3340d984)
+  *  update dependency sass-embedded to v1.83.1 (#13025) (b9364de2)
+
+##### Documentation Changes
+
+*  add `resizeImageWidth` to openapi definition for /api/config route (7c1b9000)
+*  fix comment (e5331b84)
+*  schema update for activitypub acp route (3a05171f)
+*  update comment to reflect new behaviour (2cbd63dc)
+
+##### New Features
+
+*  fix activitypub toggler to be more complete; tests. #13054 (af4d07fb)
+*  add activitypub file to translations (74831034)
+*  save audience into post hash (for remote posts) (b537437c)
+*  add `filter:topics.hasThumbs` filter hook (f4835695)
+*  append uploaded images into thumbnail set (cc65214d)
+*  #12976, shares collection (e83036a9)
+*  pending follows and logic for remote users, #12938 (2851e56b)
+*  #12935, show 'shared this to x' in topic event when moving topics out of cid -1 (fcf0f799)
+*  support for FEP fb2a (new-style account metadata) (549a6b7d)
+*  #12924, parse incoming custom fields from remote users (0f351ba7)
+*  #12924, custom user fields for local users now federating out (62fe70f2)
+*  add title property to custom emoji markup (3968c822)
+*  #12683, parse incoming emoji tags and replace in content prior to storage in database (09b1e119)
+*  fire new hook `filter:activitypub.mocks.note` on note mocking (4ba41a68)
+*  handle receipt of `Add` activity #12707 (3023b251)
+*  associate new topics created from asserted notes with their originating context, if that context is resolvable (6f237c57)
+*  #12822, send all outgoing links to `/ap` first to see if it's activitypub enabled, parse if able, otherwise redirect as normal (069c8228)
+*  normalization middleware to ensure incoming objects' data types are as expected (simplifies later logic) (13c048a5)
+*  send Update(Note) on chat message deletion and restoration, serving Tombstone if deleted (61445d3d)
+*  handle Update(Note) when object has limited visibility, #12834 (e5948464)
+*  check room counts on actor prune, #12834 (e0e2051d)
+*  federate  on chat message edit, #12834 (1659015c)
+*  notify users on new message from remote users, fix use of parseInt in generating chat notification (2464d13c)
+*  handle incoming non-public activities as chat message, #12834 (b82e20df)
+*  federating out chat messages (2ab5ea39)
+*  update mdidleware.assert.message so roomId is optional (2b71434e)
+*  #12647, federate out `Add` activity on inbox.create and local post creation (bd44783e)
+*  send 308 when activitypub request for remote post comes in, #12831 (7f1f4859)
+*  dynamic category icon generation (edff3394)
+*  enable web-push plugin on first install (34c4cefe)
+*  service worker icon and badge support (4ae86145)
+*  update `buildRecipients` to include all topic participants and their followers, #12735 (6752a541)
+*  notification rescind support (d6bab253)
+*  update service worker to handle push and notificationclick (5109b539)
+*  add onmessage handler for service worker (40fe4d88)
+*  extend activitypubApi.create.note to accept a post object to reduce unnecessary calls to retrieve post summary (b63440cb)
+*  moving a topic out of cid -1 federates an Announce activity, #12734 (daa665eb)
+*  additional copy re: editing remote posts, #12732 (c3e14912)
+*  allow use of vanity domains pointing to an account hosted elsewhere (709a02d9)
+*  show local users who follow (or are followed) by a remote user, on a remote user's profile (a884681a)
+*  additional logic to handle special case where a queried object id reports a context, but it is not actually contained in the resolved context's collection (f9937a84)
+*  #12695 Topic Synchronization via resolvable `context` (ff0c289e)
+*  activitypub.get; allow the passing-in of custom headers via existing `options` parameter (da25fd21)
+*  add post attachments to topic thumbnails (2aeabce5)
+*  icon replacing user status for remote users, denoting that they are from outside the local instance, #12688 (a81ef609)
+*  allow activitypub request cache to be ignored (485b7758)
+*  send join date in local actor mock (3c9337b7)
+*  AP note replies collection, closes #12675 (26a7c51a)
+*  topic backfill logic via resolvable context #12647 (e75ec39b)
+*  send out `Update(Actor)` when a category is edited (09d8fbf9)
+*  instance-level allow andd deny list for federatioN (6e2178b0)
+*  store encountered instances by last seen date (d0a1ebcf)
+*  sending out 1b12-style Announce activities on incoming Create/Update/Like/Delete/Undo(Like) activities, when they pertain to notes (6569066e)
+*  assert actors when mocking post (f5b856f4)
+*  check to/cc/audience for local category and put topic there instead (overrides passed-in cid) (b6ffc47c)
+*  plumb audience into _activitypub when mocking posts (d9f1fa3a)
+*  send cause to ap.get error handler, delete local account representation if assertion fails with a 410 (3567f55a)
+*  #12589, add nodeinfo endpoint (578a53dd)
+*  add timestamp to most activity ids (42f514b7)
+*  show category followers in category federation ACP page (7313d5c6)
+*  logic for remote user deletion, cronjob, and ACP options for pruning options (4bb2c1a8)
+*  remote user deletion logic, #12611 (539300ff)
+*  allow user.exists to respond to requests for remote uids too (3dca79dd)
+*  pruning of stale notes older than 30 days with no engagement (709c9132)
+*  save remote user urls backreference (ff53f3c0)
+*  add another sanitization round before federating to remove classes from all tags in output html, closes #12573 (7c79e231)
+*  passing in types to parsePost for more specific handling by plugins (8cf96176)
+*  track incoming requests by id, analytics increment for some metrics, ignore repeated requests by id (4e9cd8ef)
+*  added analytics.peek (b106a6a0)
+*  Note deletion logic and refactoring, #12551 (ccd187e0)
+*  handle receipt of Update(Tombstone) (f4043959)
+*  on post delete, federate out an Update(Tombstone) (96db519b)
+*  serve Tombstone objects for soft deleted posts (5e9d47a1)
+*  ability to query remote users by webfinger handle (97615267)
+*  support the ability to search for posts and users by url (4cbb1f2a)
+*  basic retry queue (50bc9a37)
+*  on post edit, also target anyone who announced the post and their followers (807c3eac)
+*  add id to reject activity (32d1adf6)
+*  openapi spec for acp category federation page (fc3f3a78)
+*  support rescinding user flags (61a595de)
+*  slightly better title generation (b9d6aa46)
+*  help modal for world page (cf291a51)
+*  remove `/world/all` route, add intro header to `/world` (af324dae)
+*  add id to Like (ab055a77)
+*  handle 1b14 announce for remote content too (2ce3a116)
+*  resolve Crate and Announce activities (f802564e)
+*  utility functions to get local followers/counts given a remote actor uri, plumb cid into notes.assert via inbox.announce if a local cid is following the sending actor (452cb0a9)
+*  send id back during accepts (b7629c6e)
+*  handle Undo(Flag) (a1a7fb77)
+*  send undo when rescinding/deleting a report (c1dfa8d2)
+*  federate flag creation (2a2b855f)
+*  bulk purge flags (7bacbf76)
+*  rescind post flags (9ab1a2d1)
+*  integrate post uploads into attachments for outgoing note mocks (fdbd30dc)
+*  add id to profile updates (4d07ca4c)
+*  noremalize actor property in middleware (18ba2e38)
+*  save remote post url into hash for use (525b7c2c)
+*  note attachments via link preview plugin (6fc6cc33)
+*  add ids for undoing follows (3cc09d20)
+*  send back follow id in Accept (66b0d81c)
+*  add id to follows and verify accepts (72dbcfe3)
+*  resolve objects from ids in middleware (102c174e)
+*  filter out topics in cid -1 from tagged topics page, closes #12489 (d437d969)
+*  sign public key requests (fcd5447c)
+*  populate and send link tag/header respectively for activitypub-enabled content (4e0d7dd3)
+*  basic AP Flag support (d9eba6d2)
+*  send unique identifiers for note activities (9fc194e3)
+*  upgrade script to re-assert all known actors to save URL into hash, and bump mentions (943cef6d)
+*  sorting an filtering in /world (d1fa6a59)
+*  make the /api/world data more category-like (e266b447)
+*  add more properties from /category to /world (3c6966fb)
+*  follow redirects in API (e0138cbe)
+*  add checks to only continue with topic assertion if there is a relation to existing content, #12442 (55e947a0)
+*  add assertion lock on activitypub.notes.assert (2688b6bb)
+*  have category actor send Announce(Note) on remote replies to topics in a cid (04c743eb)
+*  have category actor send Announce(Note) activity on posts from that cid (7df5cabb)
+*  ability to update category handles (9dc20d0c)
+*  category handles, #12434 (3cc99a17)
+*  rename 'world' category to 'uncategorized' (9a5d4ffb)
+*  plumb pid into return data from posts.loadPostTools, add link to view original post, for remote content (17f62f24)
+*  add TTL cache for Actors.assert (d75894eb)
+*  log all post edits to the event log, return eid when logging events, plumb eid into Update(Note) to federate out as a unique id (83392f3c)
+*  if Update(Note) is received for a post that does not already exist, assert it (0bfdbb6a)
+*  return count of new notes in assertTopic (519e025e)
+*  add /world and /world/all to available nav items (f31d8c2e)
+*  mentions support (e4c1ca1e)
+*  allow user.search to handle remote handles, beginning of mentions support (1b64fdb5)
+*  integrate notifications for remote likes, follows, and announces. (c707a32a)
+*  federate tags out on new post (if new topic) (e1c43112)
+*  restrict loopback calls (77a3efb4)
+*  fine-grained privileges integration for fediverse users and world pseudo-category (1bd8f9a1)
+*  temporarily deny handling non-public notes (eaba2aa3)
+*  shared inbox (49c69a0f)
+*  security, cross-check key ownership against received actor (a94341f4)
+*  attachments support (e5b6ee97)
+*  save tids to individual user inboxes based on recipient list, new /world/all route (89128634)
+*  save actor follower URL backreference and sorted set backreference (da085b0e)
+*  infinite scrolling for /world (874b24cb)
+*  record remote Announce(Note) (6508287d)
+*  handle Announce(Note) when Note is a piece of remote content (94dcd29e)
+*  Announce(Note) and Undo(Announce) (415b4fe1)
+*  exposed method to find topic events based on a subset of saved info, returns topic event ids (b9821c52)
+*  topic and category S2S get responses (a461e5dd)
+*  send proper content-type on AP S2S responses (d18e65c4)
+*  category actors, stub outbox (88733a51)
+*  returning following and follower collections upon request (ae042ce3)
+*  Like(Note) and Undo(Like); federating likes (607c4623)
+*  origin checking on received Update activities (6930973d)
+*  Update(Note) (0e59f312)
+*  Update(Person) (6e87cf57)
+*  activitypub response to note retrieval via pid (6b517252)
+*  added mocks.actor and Update(Person) activity on profile update (8453b83e)
+*  Create(Note) on new topic or reply (0e016c6e)
+*  proper webfinger response for instance actor (da0211b1)
+*  application actor + public key for uid 0 signs, moved homepage route to after core routes are generated (9885f94a)
+*  native parsing of title for topics (981b4f14)
+*  beginnings of the /world route (04423232)
+*  handle Update(note) (ac672f08)
+*  handle Create(note) (f7477536)
+*  flesh out more topic info, fix navigator (7e89eadb)
+*  some additional work to properly save and retrieve remote topic data (4bd7a574)
+*  ability to browse to any ActivityPub note and have the entire topic chain render (485cf200)
+*  add activitypub request cache (326bb995)
+*  assertNotes method (ab40ba61)
+*  ability to load remote post data in a topic (3ce84b39)
+*  plumb uid into .addParentPosts() so .assertNotes() can be properly called (0d478b2c)
+*  stub lib for retrieving and mocking posts (f1e5e5a0)
+*  send name property in getActor response (5e1e8099)
+*  ability to browse follower/following lists of remote accounts (2a77ae55)
+*  expose following/follower counts in actor response (7fd15d66)
+*  show remote followers/following in user profile pages (739b0548)
+*  update mockProfile to accept actor uris as well as actor objects (672c7014)
+*  accept and undo support (4c1b2b3f)
+*  update activitypub helper resolveLocalUid to accept both webfinger name and full URL as input (1f79f542)
+*  follow/unfollow logic and receipt (c02271c7)
+*  actor cache, method to resolve inboxes, stub code for sending requests. Now base64 encoding digest as expected by Mastodon (cdc4275f)
+*  http signatures support, .sign() and .verify() AP helper methods (e7184eb8)
+*  add webfinger ttl cache (4f5f025d)
+*  add .has() call to cache/ttl (57895b72)
+*  ability to view federated profiles via url manipulation (a05b674e)
+*  followers and following endpoints (7e1dac39)
+*  inbox and outbox routes, stub controllers (81b6260f)
+*  global switch for disabling federation, + test (099124c4)
+*  activitypub actor endpoint for user accounts (2dec357a)
+* **activitypub:**  show world category in selectors (953231fc)
+
+##### Bug Fixes
+
+*  ap webfinger test (3e33e1a3)
+*  if user is logged in after registration don't go back to /login (23b37f62)
+*  closes #13056, guard against undefined keyid,compare (6073a25b)
+*  bug where newly create cids were not responding via webfinger, 404 on webfinger errors, not 400 (c17809e4)
+*  #12990, local references via remote posts are not linkified properly, + tests for helper (98280d30)
+*  #12984, fix pids numeric sorting, handle non-integers (4dc740a2)
+*  add deprecation note re: as:audience (3cf3f93a)
+*  #13021, save details of follow request before sending the follow, avoid race condition (16616814)
+*  handle ap send errors with object body (450322d1)
+*  thumbs.get to handle null case from mime.getType (50b510e3)
+*  post upload sync duplication bug (cfeb49dd)
+*  language fallbacks for activitypub-related strings (37a4fd7c)
+*  add sourceContent prop to posts API; fix other tests (e1db9642)
+*  add sourceContent prop to posts API (8ebe6de1)
+*  add missing file for openapi tests (e6b20ed3)
+*  activitypub tests (12fb205b)
+*  broken tests (9c78255e)
+*  #13014, possible fix for peertube incompatibility: strip hash value from key IDs during check (0ad8ed9d)
+*  #12996, invalid title generation when remote post content has markdown source (1d36ab6d)
+*  #13017, probe redirection if url is identical to id (39705a17)
+*  #13016, remote account deletion frontend UI bug (2005a02a)
+*  add missing catch, closes #13012 (45021b5b)
+*  check if url is undefined (fa81078a)
+*  #12941, inherit audience from earlier posts in the chain so as to send a coherent value to Lemmy instances, re: lemmynet/lemmy#5278 (97384b2c)
+*  add 10s timeout for AP message send (25d6ef43)
+*  ignore subsequent shares of the same topic by that user (d734ce49)
+*  #12972, allow bridgyfed accounts to pass isWebfinger regex validation (a7e6cfe8)
+*  bump harmony (ee8ec61e)
+*  fix double thumb due to post attachments (755b9855)
+*  lemmy integration, handle `image` property as topic thumb (b15a684a)
+*  wrap try..catch around topics.reply in note assertion to output errors (b551abce)
+*  have options.update also trigger handle and search updates on actor assertion (050acb4f)
+*  separate out removals vs. additions in actor assertion in order to hopefully resolve #12959 (546ffed2)
+*  openapi schema for ap routes (c86b6f24)
+*  get version directly from package.json (3340720e)
+*  set linkValue for remote user fields (3d653cbb)
+*  crash due to missing param when calling getCustomUserFields (e5fdf9f1)
+*  set a user-agent when sending requests (64339e61)
+*  persist `sourceContent` into post hash when ingesting remote posts, update markdown so that field is parsed instead of ignoring content (1839388b)
+*  use fediverse pseudo-user for webfinger privilege checks (f32184b2)
+*  regression on remote deletes, received object is not always a simple id (d7fe3558)
+*  thrown exception from failed note assertion (830aab66)
+*  one more (304fa554)
+*  another fix re: 3780fdc6ff9fb23048266b43ceae86646fb795cc (69d5544a)
+*  thrown exception from failed note assertion (f7a294a7)
+*  additional fixes re: 3780fdc6ff9fb23048266b43ceae86646fb795cc (97861dd1)
+*  regression on remote deletes, received object is not always a simple id (3780fdc6)
+*  #12939 convert custom emoji in actor summary into images (78a9e86c)
+*  translate custom field names and values when federating out (e6edcefd)
+*  bump emoji-android version (552298f8)
+*  bump harmony and re-tag (593a1933)
+*  bump emoji to 6.0.1 (efa0cac3)
+*  bump harmony (00b2dd49)
+*  strip html from remote custom fields, linkify if url detected in now-plaintext field value (065f84b6)
+*  handling of empty custom user fields from remote users (1bebb82b)
+*  don't send custom fields in remote user actor object if no value is entered (09f00f8e)
+*  hotfix for empty user fields (ce1efd39)
+*  bump mentions (e5f804ff)
+*  #12928, topic showing wrong queued posts in-topic when topic is remote (7b747c8f)
+*  replace parseInt that was excluding remote pids from calculation (93bb73c1)
+*  #12923, inability to start chat with remote users via profile (b6a2520f)
+*  inability to directly post to a nodebb category from the fediverse (55ab85ac)
+*  #12919, handle when buildTopicsSortedSet returns a non-array (e4e6b1d2)
+*  #12912, strip custom emoji from remote content titles (7adc3140)
+*  don't chop off colons when generating titles as they could interfere with emoji (f449fafc)
+*  #12893, topic with pages returning OrderedCollectionPage instead of OrderedCollection. (d685b20e)
+*  missing return (cf3555fa)
+*  #12887, strip target attribute from remote posts' html (3eb0a0ed)
+*  #12866 again, more tests (a59dae3f)
+*  raise probe timeout to 2s (94e34907)
+*  topic count not showing up on category page (dd363446)
+*  #12882, view original post circles back to same topic (93844321)
+*  #12883, activitypub probe timeout (f8729571)
+*  errant mention detection via actors.note (22dbf15e)
+*  #12880, refactored ap controller.list to use `buildTopicsSortedSet`, moved out poor man's intersect to internal method (05c8ee9f)
+*  don't trust timestamps on received items (b1d779ca)
+*  use `categories.getTopicIds` instead of duplicating existing logic to get world tids (7bf41138)
+*  #12866, improve title generator, refactor tests (beb85604)
+*  one more fix (eccad588)
+*  debug return not restored back (0e982fcf)
+*  #12865, crash on liking a chat message (fc3243d6)
+*  possible fix to escaped emoji in titles (f5324501)
+*  #12707 ensure actor matches context attributedTo (998273cd)
+*  federate out an Add on post creation even if there are no category followers (15516862)
+*  accidental sending of Set to ActivityPub.send (3030a720)
+*  #12857 byebye cheerio (8492b5f4)
+*  inputIndex check (cac4f8e7)
+*  convert some more verbose logging to use ap logging helper (6208ab8d)
+*  regression introduced by 903d03891941902ddac80b380552530e1853c306 (d451adaf)
+*  lint (c34407d8)
+*  errant parseInt in canEditDelete (0f1b1164)
+*  guard against missing to/cc (1d5f490d)
+*  object not array (873d033b)
+*  backend logic fixes for #12853 (b472c589)
+*  groups not showing up on new reply (1bf09907)
+*  re-enable logging only for dev mode (a226ee9e)
+*  defer postdata retrieval (9062691a)
+*  `inReplyTo` incorrectly including system messages, #12834 (7ad7bc47)
+*  remote debug log (e9a27db2)
+*  error on replying to remote mids #12834 (adf33cfa)
+*  proper urls in `to`, #12834 (94ac57ea)
+*  simplify uid logic, explicitly mention all participants, even local users, #12834 (70fe8689)
+*  adjust timestamp after message creation instead of passing timestamp in, #12834 (0346e92b)
+*  limited visibility remote posts with greater scope than asserted roomId should add those users to the chat room, #12834 (22931be1)
+*  empty mid on frontend for remote posts (8abfd951)
+*  recent chats string generation to handle remote users #12834 (0a17a0b9)
+*  inReplyTo bug, #12834 (fc1d064d)
+*  remove sender from recipients, #12834 (8f7d0499)
+*  private note `inReplyTo` url, #12834 (f3045309)
+*  `inReplyTo` for private notes so that refer to the immediately previous message if not explicitly defined (f4a02d9c)
+*  duplicate logic and double-parsing issue, #12834 (8a1abe68)
+*  federate out a Create(Note) instead of just the note... doi... (74d5ced2)
+*  chat room kicking of remote users, (un)read logic for remote users (there is none), sendNotification to only apply to local uids (52080ba2)
+*  restrict the ability to make a remote user a chat room owner (b610b520)
+*  display of remote users in chat room search (f5129017)
+*  also ignore non-public notes on Update activity (2713d13c)
+*  bump web-push (f57758b9)
+*  logic tweak (15f60b24)
+*  fall back to inReplyTo traversal on context resolution failure (903d0389)
+*  tests (45a0b818)
+*  null defense (3d25a079)
+*  #12821, improvements to search bar and search logic (0b83e5b8)
+*  lint (c265666c)
+*  parse aboutme when mocking a user (c5e10c1a)
+*  remove superfluous service-worker code (90cc7e61)
+*  explicitly set `updated` property when federating notes out (6fe4d446)
+*  buttons for general settings (5bc907a0)
+*  bump mentions (e0c410cd)
+*  actors.assert attempting to process things that aren't actors, #12809 (6b4b4b1a)
+*  carry out mime-type guessing on incoming attachments (71ce3089)
+*  re-use already parsed html in api.posts.edit's call to getPostSummaryByPids, delay federating out edit activity for 5s to give link preview a chance to resolve (b04a1105)
+*  id on 1b12 announces (047d5992)
+*  better handling for remote posts that do not contain content (3c55d102)
+*  #12799 add externally linked images to `attachment` (1a0a2cd1)
+*  remove includeUncontrolled as we are posting messages, and that only works with windows you control lol (028b6d74)
+*  add logic to automatically take over clients from old service workers (1fbf9114)
+*  closes #12787, filter null topics (c2600b12)
+*  remove use of jquery $(this) in ajaxify (176f4d0d)
+*  crash when AP S2S call made to retrieve a remote user account (not allowed); now returning 404 (d42d3b1c)
+*  prevent crash if items is undefined (a80e3141)
+*  regression that caused replies to not get federated (652d6c6e)
+*  #12760, add proper security context for application actor (045e16d3)
+*  on topic move out of cid -1, also federate to the public address (909437c3)
+*  bump harmony (6ed32f67)
+*  type casting in user block logic (0f63f67b)
+*  restrict announce activity to topic moving OUT of cid -1 (f3eb6d50)
+*  #12751, topics:recent zset not updated when tid moved in/out of cid -1 (76551c71)
+*  bump mentions (e6d8e059)
+*  bump composer (22952c54)
+*  bump composer (e2879563)
+*  #12732 editing of remote post content (25bf97ae)
+*  #12733, html present in generated title for remote topics (34747122)
+*  #12729, replies to existing topics from Pixelfed not asserting properly due to incorrect `toPid` (f481cde1)
+*  move topic reply call in notes.assert to its own line (95e6d2b4)
+*  #12510, blocking of a single remote user causes content from all remote users to be blocked (53aee401)
+*  serve category actor image instead of nothing, serve brand logo in icon (cbe0a0ad)
+*  lint (d33fb92d)
+*  have note federation call .parsePost instead of firing plugin hook (93536386)
+*  always send replies uri instead of null if no replies exist, @trwnh (ff08fbb7)
+*  send `null` instead of empty array in `replies` property if mocked note has no replies (9bd6896d)
+*  bug that caused remote replies to other remote content to not always assert (2ced3502)
+*  bugs in user searching causing remote lookups to fail (1f896fb6)
+*  `audience` property in topic actor response (9a54f6bc)
+*  updating of post counts for remote users (3e494dc7)
+*  add privilege check to user follows (399d4103)
+*  accidental passing of string instead of constant (7bf349b6)
+*  lint (fc5a829c)
+*  update upgrade script date (b9f37c5c)
+*  include follower sets for reassertion (be393d57)
+*  missing await (5c9ac5d3)
+*  null check for note attachments for thumbs view (2aa04837)
+*  incorrect parsing of context items during note assertion, logic error with slicing (60408f23)
+*  logging in topic actor logic (bc00835c)
+*  issue with topic actors not returning proper json (609035b5)
+*  off by one error @barisusakli (cfbaf145)
+*  map to actual mainPid value (7bdf3769)
+*  skip topic retrieval when cid is -1, as it is done again later (92191995)
+*  flawed logic in generating topic context collection (31c7226e)
+*  rename announcers to shares (3c0d7616)
+*  catch thrown errors in src/api/activitypub (fdc0d670)
+*  federating category mentions (00a26679)
+*  send html in category description (f605e188)
+*  Update activity handling for non-Person actors (5e343a83)
+*  remove await from category update federation call (bacbfba9)
+*  issue where incrementing user hash fields didn't use the right key name for remote announce @barisusakli (e84cfd8c)
+*  lint (b0eec67d)
+*  send back empty array if no direct replies, bug with reply generation (af6ae6ee)
+*  accidental passing-in of an array into getUserField, breaks in pgsql? (8e1fccf0)
+*  hardcoded tid in topic thumbs test (78a6c60c)
+*  tighten up logic in checkToPid internal method (f629b20f)
+*  partial revert to fix url_parsed not being available at top of file @barisusakli (8ecbb5cc)
+*  removal of topics from applicable user inboxes when synced (46341673)
+*  tweak logic for topic counters sorted sets, #12642 (0d549f1d)
+*  #12667; handle cases where received id is not a URL (d92efb8a)
+*  #12673 fullname not defined in some remote actors (f662a606)
+*  only send Update(Actor) to followers, #12674 (26946c7f)
+*  missing sorted set member removal on category unfollow (a748068c)
+*  add timestamp to follow activity to make it unique (eab231ee)
+*  additional logging for activities with no context property (cb5e5b4b)
+*  update handling of Announce(Create(Note)) to also handle non-note types (600b1a86)
+*  push instead of unshift, now that order is reversed (cc0bbcb7)
+*  wrong property name for OrderedCollection items (a2fb939b)
+*  improper sourceContent in mocks (615aaa01)
+*  #12662, add original activity actor to Announced activity's cc (d6f44d8e)
+*  remove duplicate 1b12 announce in notes.assert (already handled in inbox) (4dbb73a4)
+*  #12652, incorrect user, post, topic counters with AP enabled (fe70a2b8)
+*  incorrect activity id sent out on 1b12 announce (ef97a784)
+*  #12654, incorrect location of `sharedInbox` property (b66d998d)
+*  regression that caused new notes to have undefined cid and fail privilege check (a371c9fc)
+*  move call to retrieve cid followers out of loop (89dd2fb0)
+*  do not retrieve remote outbox count when asserting actor (16f8f536)
+*  double sanitization (d9ac7f49)
+*  dont load  cid=-1 in tag filter dropdown (7d679db2)
+*  change setImmediate to a 5s timeout to give plugins (or anything waiting for the return value of the API call) a chance to finish execution (7fada44b)
+*  openapi spec for v3 posts get (4b86b378)
+*  wrap ap note creation in setImmediate to let internal hooks have a chance to wrap up first (a3c6c872)
+*  improper sanitization and parsing in mocks.note (59818031)
+*  remove parseInt on users controller (5a2fa52c)
+*  send additional @context entry for `publicKey` support, fixes #12604 (4eb998d5)
+*  null case handling (e6e6c2a2)
+*  category follow schema test (4b8a9e58)
+*  getCidByPid call returning improper values because a remote url to a local post was passed in (4030c09e)
+*  1b12 conformance for inbox.create as well (c8bc6e55)
+*  re-add sending of Announce(Note) for microblog support, #12434 (89d2363d)
+*  FEP 1b12 conformance, federate Announce(Create(Note)) instead of Announce(Note), #12434 (be95b5b1)
+*  missing openapi schema change (e9a0d495)
+*  eliminate infinite loop in actors.assert via user.getUsersFields (18e58318)
+*  minor adjustment in logic to work around relation logic (1219d7d3)
+*  introduce artificial 5s delay for 1b12 announces (101062cb)
+*  move logic to move topic on note assertion earlier in the flow so it actually runs (acd1630b)
+*  post count (badb7e2c)
+*  skip follower count check if cid follower is found (f29214e0)
+*  don't crash process on error in cronjobs (89465ec6)
+*  handle missing fullname in actor removal logic (ae3fa85f)
+*  guard against infinite loop during topic purge batch call (6272d059)
+*  unintentional parseInt during post purge (bcfac00b)
+*  pid in api call (70625133)
+*  missing await on topic purge (6ecc791d)
+*  don't attempt user reset token cleaning if uid is not a number (8d790964)
+*  set (f83a3672)
+*  incorrect use of .map on a Set (c6f2155f)
+*  another crash (f8d9f644)
+*  closes #12618, handle missing selector (35eb2d0d)
+*  crash in mocks.profile (6f37825b)
+*  bug that stopped remote users with dashes in their handle from being properly asserted (76290e37)
+*  parse incoming HTML to remove useless classes too (47406d13)
+*  update post cache clearing logic to call helper function (547fc17d)
+*  have replies provide `name` when mocked (b6653d15)
+*  lint (f93b237e)
+*  remove .only (a0054400)
+*  minor cleanup (129017f7)
+*  Notes.delete to delete announcer zsets too (b5b89038)
+*  rename api.activitypub.create.post to .note() (2d7ca48d)
+*  canPurge logic fault (d40d0b06)
+*  allow remote content to skip isReady check on topic creation/reply (5bfde4c4)
+*  Topic.isOwner check to handle remote users (0a1ad87d)
+*  special handling for privsTopics.canPurge for remote posts (b67a7c3c)
+*  Posts.isMain cast pid to String instead (9fbd48b1)
+*  special logic for purge privilege checks (9f44e99f)
+*  unnecessary parseInt in post purge api method (eda97da1)
+*  type error in attachment emptying method (336ea1ee)
+*  tag notification if pid is not int (baada2fc)
+*  encode most uses of pid to avoid more bugs like #12545 (c973a9ca)
+*  allow quoting AP posts, fixes #12545 (43dfb60f)
+*  Update(Note) federation should only apply to local content (6f9fa660)
+*  attach announcers and their followers to cc, not to targets, only attach announcers to targets (51089a34)
+*  bump harmony (2cd9088c)
+*  inability to query local content via remote url (ac74d9c5)
+*  ensure consistent return type from notes.assert (a7aeabc8)
+*  remove unnecessary check and guard against unsupported URIs before fetching (af986758)
+*  handle retry queue invalidation across a cluster (22b42f11)
+*  use batch.processArray properly (729f0fca)
+*  if an unknown post is navigated to by a logged-in user, automatically assert the post and add it to their inbox (4e7b12b9)
+*  bump harmony (e341a5d8)
+*  bump composer-default (4e006adb)
+*  save followersUrl to remote user hashes (738d47c7)
+*  notifications for tag followers not being sent if author is a remote user (8de2352e)
+*  send topic title in context object (05cdb7d9)
+*  partOf and type (109f4232)
+*  if post count is less than posts per page, don't paginate in ordered collection (1a21c8ad)
+*  send id for category announces (0336e8f0)
+*  post deletion of remote posts (5e203197)
+*  update title generator to include the punctuation, and also take into account question marks and exclamation marks (6ac5a779)
+*  remove unneeded `flagged` property in favour of flagId, use existing language key for rescind-report (449ffd66)
+*  have category sync routes return full api response, openapi schema for that pair of routes (b7ad4317)
+*  update signature parsing logic to handle values with equal signs in them, closes #12538 (596a5e4b)
+*  unintentional object pollution by buildForSelectCategories (40b9dabd)
+*  better logic for choosing webfinger lookups (ed84eed8)
+*  don't look up webfinger when it's not necessary (dd71340a)
+*  update hasRelation condition to be true if cid is passed in in options (6964b1fd)
+*  handle requests to URI IDs correctly (1ecbf02a)
+*  handle URI actor IDs (70001664)
+*  percent-encode outgoing webfinger requests (3d1e2cde)
+*  bump harmony (59021d8a)
+*  icon:text and icon:bgColor for remote users (3721f819)
+*  handle Announce(Create(Note)) (a9a7fd1e)
+*  use system pseudo-user for topic move call (dce33446)
+*  if the topic already existed in -1, move it to another category if one was passed in options (49a64dc7)
+*  add back reverse lookup for notes assertion checking via cids (407dda78)
+*  actors.assert should return false if webfinger cannot resolve to an id (b7ff7be2)
+*  support reporting remote content in Flag (026449dc)
+*  #12505, convert relative urls in links and images into absolute urls, uses same logic as for emails (7c4ae8eb)
+*  #12502, improper decrement (6befff5e)
+*  send userslug in preferredUsername (64258dac)
+*  wrong variable name (50f31b23)
+*  change default attachment type to Link, or Image if mediaType matches (bb4e418d)
+*  save modified actor back to req.body (c3365908)
+*  you scurvy cur! (52271cae)
+*  handle (created) and (expires) in http signatures (4d23a837)
+*  #12496, url in schema (f7833386)
+*   handle remote userslugs with non-lowercase letters (f5ea470d)
+*  send hs2019 as algo (to match cavage-12, handle incoming algorithm value (8d0876b8)
+*  bump harmony (b8daa02f)
+*  throw errors when local objects don't exist (959e1820)
+*  #12493, send unescaped fullname through via AP if displayname is set/used (e0f542c9)
+*  send only the id into actors.assert (465a46f2)
+*  use a slightly better error code to indicate object resolution failure (c92b5e07)
+*  assume object is full object and not just id everywhere (e0166ccc)
+*  use resolved object in likes (962c6351)
+*  reject accepts of invalid follows and return when already following (b6168202)
+*  handle resolved objects in flag (41f77f8f)
+*  additional verbose logging for signature verification (464dd806)
+*  bump mentions (6b169e04)
+*  default to showing alternate as link to the post object (86107535)
+*  pid via index calculation (de83d6b0)
+*  support ldjson with ActivityStreams profile in actor queries (c30c1288)
+*  early return on invalid actor (2d1524ee)
+*  use actor id in flags (e25f0621)
+*  make sort work with world filters (cd8a91fe)
+*  uppercase digest algorithm name for compatibility reasons (5c1c1d21)
+*  better handle null return from notes.assert (cbfc8d25)
+*  bump mentions (86caf237)
+*  actor assertion logic to ignore loopback urls (f40df387)
+*  lol (983153fb)
+*  maybe last tweak (42bdffdc)
+*  tweak upgrade script again (ae146024)
+*  tweak upgrade script again (166e3e2f)
+*  add timeout on activitypub.get, tweak upgrade script (442e98e4)
+*  tests, save actor URL into userRemote hash (59709a3c)
+*  show locally captured remote posts when browsing remote profiles (1084f21d)
+*  have getCidsByPrivilege include cid -1 when set is categories:cid (e828e87e)
+*  updateLastOnlineTime for remote uids (893788a2)
+*  bump harmony (2cbc3913)
+*  adjust world schema (a3dce463)
+*  redirect to /api/world for API requests (495d5435)
+*  lint (f078e1e2)
+*  skip notes.assert checks for Announce(Note) if it's a remote object, do our own checks; #12442 (4fcd2bb2)
+*  getSortedTopics; filter out topics in cid -1 unless explicitly asked for (dff5d1c6)
+*  #12444 add uncategorized topics counted stats to separate sorted set (8dcdf8ef)
+*  undefined object in notes.assert (1fb3c4fd)
+*  typo (bab41d12)
+*  restore userOrGroupExists, as alias to slugTaken (e0f6b707)
+*  send handle as category actor's preferredUsername, #12434 (803975fd)
+*  use CategoryObject in admins-mods schema def (aafdefa7)
+*  only send activitypub+json links via webfinger if activitypub is global enabled (65bb8666)
+*  bump harmony (9c03e6e9)
+*  resolve interoperability issues with Misskey, et al. (003c6469)
+*  bump harmony (da2a1e20)
+*  issue where cid -1 appeared in all category searches (8f131b71)
+*  bump harmony (2756aae7)
+*  post urls to use  prefix instead of linking out directly to origin server, exposed encodeURIComponent as a template helper for themes (2408ecd8)
+*  regression that caused S2S calls to topics to return with a 404 (5a2d17df)
+*  restore accidentally removed calls to updateLocalRecipients and saveAttachments (5f60f75f)
+*  properly handle empty fields param (c76d4018)
+*  circular object ref. (7af07151)
+*  tweak maxTags handling (ccd9c7ed)
+*  bump mentions (ff6cc90c)
+*  send topic notif on reply (1a92239c)
+*  typo (44a183dd)
+*  double-OP issue when remote reply comes in to local mainPid (0a2482cf)
+*  filter out system tags and prune extra tags beyond number allowed, when creating topic from remote data (7aa56c72)
+*  resolve toPid to local pid if able (ebd750b4)
+*  tweak user.search to better handle local usernames with colons in them (c346177b)
+*  accidental saving of ephemeral _activitypub object into db, should plumb into hooks only (81b319f4)
+*  handle actor assertion failure if mocked profile does not have a fullname (338c568c)
+*  template helper (52c143aa)
+*  tests (4b2495b5)
+*  remove unused param in addParentPosts (01f7af92)
+*  only dereference id if it doesn't exist locally — fewer calls (eb8ff75b)
+*  specify param for api test for /world (b1491ca3)
+*  AP S2S handling for /user/:userslug route (9cd6b496)
+*  handle fetch failures on helpers.query (5768a437)
+*  more duplicate detection in to/cc (ceab77e4)
+*  markAsRead to handle remote topics (17c55922)
+*  parse questions like a post (90e7d3a1)
+*  properly build recipients... old logic was just plain wrong :shipit: (1e663239)
+*  reallow topic:read privilege for fediverse group (97e5b0fd)
+*  only serve local posts via S2S when queried (00101d9e)
+*   note not federated out to mentioned users' inboxes (6423d514)
+*  update styling of available nav items in ACP (6aece689)
+*  remove unresolvable actors from parsing prior to mocking profile (39da3ab6)
+*  send explicitly empty array for attachment prop in mocks.note (4a8b06e8)
+*  remove some privs from fediverse in world category (6999bd68)
+*  inability to retrieve previously-unknown remote users via url manipulation (28f38b26)
+*  tags received via AP should only be of type Hashtag (as mentions are also in tag prop (81b81e54)
+*  data schema of reject activities (beaedc86)
+*  fallbacks for if preferredUsername is not set (9f8c706f)
+*  pass proper uid to privilege check in AP note federation (95427c4a)
+*  remove console logging (4c2cbb5b)
+*  move fallback 0 return in parseIntFields to other side of ternary conditional (5b74f6da)
+*  remove intFields hack and update db.parseIntFields to only parseInt if field value is a number (f368a1a8)
+*  truthy check in notes.assert (6671b511)
+*  remote user avatars in notifications (aef1215f)
+*  bump mentions (ae09aa20)
+*  properly handle if mainPid is not a number (1ca9994f)
+*  mainPid detection in unprocessed ids in assertTopic (b529610b)
+*  redir on bad world filter (0cf6af9b)
+*  serve fallback images on category actor (8cb984d4)
+*  bump markdown (44452a3b)
+*  missing invocation of generatePostUrl in generateRepliedTo helper (a08b2efb)
+*  unable to process Update(Person) (96a3a746)
+*  crash in resolveLocalId if Number is passed in (d51f5e59)
+*  missing await, and handle local posts with no toPid (i.e. reply to OP) (0b6b86d1)
+*  don't overwrite title if present, on assertTopic (a3368a69)
+*  bump markdown (b1894276)
+*  copy fixes, rename upgrade script, disable federation on upgrades (281e9d6e)
+*  update ap-related deps to prerelease versions (10abb82e)
+*  defer federation of new topics when topic is scheduled, tie activitypub api module to global enable toggle (5f85e700)
+*  lint (563db78f)
+*  put postcount retrieval behind try..catch so errors are handled appropriately (28370b10)
+*  side-effects from adding toPid to post intFields (now removed) (b0115951)
+*  revert introduction of toPid into post intFields, manually cast toPid as int in getPostSummaryByPids if present and numeric (3a870360)
+*  check origin only if object is a string (92a8951b)
+*  send string to validator (893dd523)
+*  regression re: attachment handling (53d1c10e)
+*  parseIntFields for tids (31fd135f)
+*  handle undo(Announce) of remote notes (cfbbf4ca)
+*  assert actors on note assertion, resolve crash if announcing something that's already been announced (6a7f8f14)
+*  don't crash when no attachment, oops (0edaf17c)
+*  sanitize post remote post content regardless (8b0ccc80)
+*  wrong id parsed in announce (068c4fa9)
+*  accidental overwrite of hoisted internal variable (56cfae07)
+*  include mainPid in topic counts calculation (5c04e805)
+*  guests visiting /world should see all remote topics (19d017b9)
+*  timestamp calculation (6a11c89b)
+*  better handling of missing of invalid to, cc, timestamp values (76d5feb7)
+*  remote announces not showing up in local inboxes (814c4794)
+*  handle inaccessible boosts (9439987e)
+*  remove invalid/inaccessible object from parent traversal chain on get error (672a907d)
+*  handle invalid score (609a9a37)
+*  mainPid accidental int (22da3a6a)
+*  getParentChain error handling (69f1ace3)
+*  take mainPid into account in syncUserInboxes (d13980c8)
+*  typo (de71b733)
+*  stringify error body in ap.send (401b4c5f)
+*  activitypub.get failure handling (12968b62)
+*  only log warning on ap.send failure (ce4b5679)
+*  rejig some tertiary conditionals, fix broken inReplyTo when toPid is not defined and mainPid is a remote post (5fee4e33)
+*  resolveLocalId to return null values instead of throwing for no resolution (11dba85d)
+*  don't crash on activitypub.send non-2xx, better logging for successful sends (ac56289f)
+*  replies to remote content overriding mainPid in topic (2b1a3477)
+*  assertTopic incorrectly creating new id if passed-in id did not match the actual object's id (f1b8f3fe)
+*  urls in posts and announces (4fb6574c)
+*  remove now unused world/:tid route and assoc. controller (a61e7fe7)
+*  cast cids passed in to getCategoriesFields as ints (aafdebd2)
+*  logic error (80377599)
+*  logic derp (9795abbf)
+*  new language source file for activitypub text (21a2876e)
+*  getUserInfo internal method in topic events to not filter out uids because getUsersFields already does it (f7259ccb)
+*  category following and acceptance logic (25f0d484)
+*  properly assert resources in AP router (d2f14c36)
+*  update preferredUsername in category actor to match webfinger representation (d213ce79)
+*  follower calls to return empty item list unless a page is explicitly passed in (94361721)
+*  move all actor object urls to immutable variants (86a607ce)
+*  send proper @context value for posts (was missing) (457bfe16)
+*  remote follows, yet again (fef18824)
+*  a bunch of broken things, added test for Create(Note) (a3a0edb7)
+*  error handling for actor.assert (fa1c5490)
+*  missing break statement (2c834263)
+*  reject spiders on remote profile GETs (a355c05d)
+*  send back correct actor id on webfinger calls (25434d2a)
+*  parseInt on timestamp from post (ddf17ee5)
+*  /uid/:uid route to return actor (0b3ca8e3)
+*  the id of an actor should be its immutable uri (/uid/:uid) and not userslug (e07c3131)
+*  unused require, tests (3c24cfb4)
+*  send full as:Image object for icon and image in mocked actor object (0af97dd4)
+*  clear post cache on Update(Note) (f51bbe91)
+*  webfinger loopback (1ee03f2b)
+*  revert home page routing change and moved instance actor endpoint to (e00a03bb)
+*  restore avatars in topic list (3bdaa8a8)
+*  send preferredUsername in application actor response (f8cfe64c)
+*  note assertion on Create(Note) and Update(Note) to use instance key instead of uid 1's user key (4cc7ee65)
+*  add workaround for nodejs/undici#1305 required to remove sec-fetch-mode header (2cb37088)
+*  response, not res (9e58b04c)
+*  automatically reject unsigned POSTs to inbox (a3e1a666)
+*  handle case where pubKey cannot be found (33f3da8a)
+*  user data in /world (518169fe)
+*  bookmark in topic data is nullable now (970a5a6e)
+*  saving teaserPid, timestamp, lastposttime in topic, fixed post index issue in loading topics (60bc27ec)
+*  preserve cid if set (e038eb05)
+*  incorrect author uid saved in topic (75654852)
+*  infinite scroll for posts (8cd3ff1a)
+*  reply expansion (5ac02765)
+*  issues related to adding new reply chains to an existing topic, resolveId method in notes module (2981f663)
+*  simplify increasePostCount logic by combining methods (81d81098)
+*  have mocks.posts return same number of items as received (d992239d)
+*  show full names for remote users (d1cdb8f8)
+*  improper params sent to get and getActor (9221506b)
+*  restore hostname prop in getActor method (ec3c6b67)
+*  ActivityPub.get now throws on failure, handle in getActor (7ec75f58)
+*  send in mocked profile data in follow routes as well (942a9b7e)
+*  tests (c66b1867)
+*  isUri helper so that it passes ci tests (27e256d2)
+*  frontend follow logic, as uid is no longer webfinger slug (fcca9259)
+*  use simpler getSortedSetRevRange instead of unnecessary zunion call (283e460a)
+*  accept and undo logic saving improper id into database, updated follow logic so remote follow is not added to collection until an accept is received (759d69e0)
+*  relax activity-failed condition (3339baac)
+*  additional refactors and updates to follow/unfollow logic (6a54e009)
+*  bug where body wasn't properly sent on ap-style content-types (ac344011)
+*  send actor uris in follow instead of webfinger ids (543daee8)
+*  some wip code regarding handling a follow activity, remove unfollow activity as that does not exist (f3b0794d)
+*  accidental double-hash in sign/verify (0eadad84)
+*  incorrect logic (71e3d26b)
+*  update proceedOnActivityPub middleware to handle how Mastodon doesn't send the 'Accepts' header (dd480aa4)
+*  another bad call to request lib (88527884)
+*  broken call to request lib, tests (8d796170)
+*  update isJSON test in request lib (510763af)
+*  handle null actor uri in helpers.query (a21110fd)
+*  unused require (7f46f07c)
+*  store remote followed users count separately from local (e794f1d2)
+*  icon text and bgColor in remote profiles (4324f09c)
+*  add basic sanity-checking to middleware.validateActivity (99cc60c8)
+*  incorrect host/hostname usage in well-known test (bcee1c8d)
+*  save remote follower count separately from local follower count (4218ecc4)
+*  missing req.body when parsing ActivityPub requests (e6753ce5)
+*  bugs, more prep to start making calls to self (5d95765e)
+*  moved .well-known assets to separate router file, added basic webfinger implementation (51d8f3b1)
+* **deps:**
+  *  update dependency ace-builds to v1.37.5 (#13058) (76a14de3)
+  *  update dependency fs-extra to v11.3.0 (#13055) (9a401b5b)
+  *  update dependency postcss to v8.5.1 (#13050) (3ba1d264)
+  *  update dependency nodebb-plugin-web-push to v0.7.2 (#13049) (e9a4c42b)
+  *  update dependency nodebb-plugin-2factor to v7.5.8 (#13048) (3827f438)
+  *  update dependency sass to v1.83.4 (#13046) (8e62800b)
+  *  update dependency postcss to v8.5.0 (#13044) (c4c89116)
+  *  update dependency cron to v3.5.0 (#13042) (5e5d920b)
+  *  pin dependencies (#12987) (430d1479)
+  *  update dependency satori to ^0.12.0 (#12995) (05f7b58c)
+  *  update dependency tough-cookie to v5.1.0 (#13039) (34b0cf6b)
+  *  update fontsource monorepo to v5.1.1 (#13029) (b1e87aa9)
+  *  update dependency fetch-cookie to v3.1.0 (#13006) (df69b399)
+  *  update dependency ace-builds to v1.37.4 (#12988) (3a33cd5b)
+  *  update dependency esbuild to v0.24.2 (#12989) (701780fe)
+  *  update dependency sanitize-html to v2.14.0 (#12994) (bfc962b9)
+  *  update dependency ioredis to v5.4.2 (#12993) (7943fcde)
+  *  update dependency cron to v3.4.0 (#13026) (de571d24)
+  *  update dependency sass to v1.83.1 (#13028) (438f4e0a)
+  *  update dependency nodebb-widget-essentials to v7.0.32 (#13027) (de076a21)
+  *  #12683 bump emoji plugin to v6 (e8fda4c0)
+  *  swap ntfy for web-push plugin (aa060d31)
+  *  persona v4 support (83993cad)
+  *  bump markdown (daed7413)
+
+##### Other Changes
+
+*  fix paranthesis (8fd8079a)
+*  remove unused utils (7e450e1d)
+*  remove unused function (26765fe9)
+*  remove unused (530241e0)
+*  comment out actor assertion call in Users.getUsersFields (691f6917)
+*  fix some but not all tests (76453650)
+*  fix privileges in test runner (aadac705)
+*  unused requires, linting fixes (3e02efcd)
+*  additional logging (08f8babd)
+*  fix eslint errors (47b3ffb9)
+
+##### Performance Improvements
+
+*  ~18x speedup of /world route (f6f01ba3)
+*  get rid of exists call, load all attachments  in one call (9b8c834e)
+*  use batch in resolveInboxes (644bcec5)
+*  get rid of getPidByIndex, use postAtIndex (ad22b54e)
+*  '-inf' faster (c95075e1)
+*  move attachments to post hash (291bf7db)
+
+##### Refactors
+
+*  use helpers.log (40257663)
+*  add `thumbsOnly` option to thumbs retrieval method so that embeds/attachments don't show up in composer thumbnail modal (51fd65ab)
+*  split (and remove) activitypub.json file and move strings to more appropriate locations (e4e10636)
+*  topic thumb logic so that `isDraft` is based on topic existence, and not whether it is a UUID, as remote topics are also UUIDs. (3439fdb6)
+*  post object schema to its own reference object, added sourceContent as optional value in post data (3073abd9)
+*  prolly dont need exists check (a42c9a6b)
+*  buildTopicsSortedSet (c1093c92)
+*  expose buildRecipients as a main activitypub lib method, call buildReceipients in ap controller actors for notes (5e47b194)
+*  followers url filtering logic, #12834 (ca683c6d)
+*  check HTTP signatures on all activitypub requests (8ef0df57)
+*  simplified ajaxify.check and likely made it equally more confusing (cf6c4c52)
+*  split out logic to determine ajaxification into exported method (fc4f6a4c)
+*  standardization; onNewPost internal method to return a superset of post summary (9357e718)
+*  follow/accept/undo logic to pass the same timestamp throughout the follow's lifetime (e015339c)
+*  store local follow backreferences for remote users (both followers and following), update actor pruning to take local follow counts into consideration, fixes #12701 (39f92eac)
+*  collection logic out to an activitypub helper (352857cf)
+*  context item retrieval logic (20aee8e9)
+*  announces (c021e7e8)
+*  single db call (c231ab78)
+*  actor pruning logic (6227ab90)
+*  catch errors (f76a5863)
+*  add method from mentions into core (3eca9785)
+*  dont need exist check, if post doesnt exist getPostData returns null (b2d03da9)
+*  User.getUidsByUserslugs, so it works with multiple slugs (eb6fe339)
+*  suggest topics, use strings for tids (3488a4bf)
+*  unused winston (869df3c2)
+*  change to info (d1625d5f)
+*  remove verbose logs, (2ae58570)
+*  comment out verbose logs (ba2d1841)
+*  get rid of noop (eaf43541)
+*  single cache.del call (9868a728)
+*  #12553, buildRecipients so that it is separate from addressing in mocks.js (1fa93465)
+*  use batch.processArray for sending AP messages (ea6e15bf)
+*  context actor to serve an as:OrderedCollection instead of as:Page, and added context property (as per FEP-7888) to refer to it, changed audience to point to category (4b29a1b9)
+*  post announce logic to save to separate zset instead of to topic events, closes #12536 (119800d9)
+*  remove unnecessary flag routes added in 9ab1a2d (53b352d0)
+*  split activitypub tests to subfolder files (94eafe1d)
+*  use URLSearchParams instead of multiple encodeURIComponent (844d1402)
+*  stub routes for category synchronization, refactor remote follow logic to allow categories to conduct follows as well (59a9dd84)
+*  use a helper to resolve actor URI (b921f8d1)
+*  use getSortedSetUnion in syncUserInboxes instead (6c1a0fb1)
+*  use one internal rejection method (ac765f1e)
+*  use topics.post, topics.reply, and posts.edit in Create(Note), Create(Note), and Update(Note), respectively (f7c8967e)
+*  use topics.create internal method instead of directly setting topic hash, handle incoming tags for OP (f5a61079)
+*  assertTopic to only call setObject when it is a new topic (bdcd862c)
+*  resolveId method, add hostname verification (ed4ccbfc)
+*  use existing sets for topics (instead of topicRemote, etc.) (ec2b375a)
+*  activitypub sending to handle signed requests from categories (35819cc9)
+*  replace JIT actor retrieval with actor assertion and storage logic (ef8cd34b)
+*  added mocks.note in preparation for AP note retrieval logic, inReplyTo is always populated now, unless new topic (5de4f084)
+*  simplify remote (un)follow controller (c9feb925)
+*  guard dispatcher definition so non-Node runtimes won't have issues (2ce14f50)
+*  generate a topic id when asserting a new topic (2ff70fdd)
+*  move activitypub-related middlewares to their own file (538776f9)
+*  simplify mocks.post as it only needs minimal data for saving into db (2bd9e984)
+*  move mockProfile and mockPost to separate mocks.js (06e15834)
+*  update ActivityPub.get and all methods calling it to take a uid so that requests can be signed (a1c8c3a0)
+*  validator check to helper method (2e330d8b)
+*  move profile mocking logic to discrete method in main activitypub lib (8d4fd9c0)
+*  update ap libs to use core request lib (5c881d3f)
+*  update activitypub.getActor to accept either url or webfinger id (68d5e4a8)
+*  minor restructure to move logic out of main controller file to src/api (c803b212)
+*  acp tpl + config option (ab3ff320)
+
+##### Code Style Changes
+
+*  remove unused variable (9f94653b)
+
+##### Tests
+
+*  fix spec (b80f0dab)
+*  missing ; (866588f7)
+*  fix guest handles in onNewPost (81f7371a)
+*  have actor assertion always use cache for tests (ad05f06b)
+*  fix broken test in category follows (4949d6c4)
+*  add attachments (6042f4a7)
+*  refactor tests to support additional Note tests (0c0f01b5)
+*  use encoded parameters in webfinger tests (8fd4ae2d)
+*  fix well-known error code repsonse (175521ba)
+*  refactor AP tests (42a09241)
+*  fix tests (e138b915)
+*  fix tests to reflect new immutable IDs, and added new tests for resource retrieval (42bb3c33)
+*  fix error copy (91a509c4)
+*  allow http proto on ci (24c1dfac)
+*  fixed improper signed_string reconstruction in `.verify()` (cc0d1886)
+*  fix webfinger test (9dfa1b72)
+*  added passing test cases for .sign() and .verify() (a10df987)
+*  updated activitypub test suite (1c8e13bb)
+*  added test cases for activitypub integration, WIP (4bd8d28a)
+
 #### v3.12.4 (2025-01-20)
 
 ##### Chores