[ blog ]
Mastodon Updated to 4.6.3
published
We have updated C.IM to Mastodon v4.6.3.
C.IM was previously on Mastodon v4.6.1. This upgrade brings in the v4.6.2 security release and Mastodon’s v4.6.3 patch set from July 3, 2026.
Security and dependency work
Mastodon lists dependency updates under the v4.6.3 security section.
v4.6.2 matters here too. Upstream shipped that tag solely to rebuild the official Mastodon Docker container images with a fixed FFmpeg for CVE-2026-8461, which the release notes classify as critical severity.
For instances that do not use the official Mastodon container images, the application tag is only part of the check. FFmpeg still has to come from a fixed package or local image. Upstream lists the fixed versions as 8.1.2, 7.1.5, 6.1.6, or 5.1.10.
User-facing changes
Mastodon v4.6.3 adds an “Update available” item to the navigation when a newer Mastodon version exists. Small thing, useful thing. Update visibility should not depend on someone remembering to check GitHub.
Post images now render in emails as well. Since Mastodon 4.6 introduced public-post email subscriptions, emails with attached media should now look closer to the posts they came from.
Fixes
Most of v4.6.3 is cleanup around the 4.6 web interface and background jobs:
- Fixed an incorrect filter cache key that could sometimes apply the wrong filters
- Fixed the “view collection” menu item appearing while already on a collection page
- Fixed missing JSON serialization in the announcement reaction publishing worker
- Fixed duplicate clear buttons in Chrome’s main search input
- Fixed visual issues around spoiler buttons, highlighted posts, profile follow buttons, and Windows forced-contrast mode
- Fixed an encryption warning link and a
tootctl media lookupfailure on some setups - Fixed a web UI crash caused by some browser extensions injecting custom elements into the page
None of these are large features. They are the sort of fixes that make the 4.6 series less noisy on a public instance.
Upgrade notes
External dependency requirements have not changed since Mastodon 4.6.0:
- Ruby 3.3 or newer
- PostgreSQL 14 or newer
- Elasticsearch 7.x, recommended for full-text search; OpenSearch should also work
- LibreTranslate 1.3.3 or newer, optional for translations
- Redis 7.0 or newer
- Node.js 22 or newer
- libvips 8.13 or newer
- FFmpeg 5.1 or newer
The v4.6.3 upstream notes mark this release as requiring asset recompilation for non-Docker installs. The published update steps are to install dependencies, precompile frontend assets, and restart all Mastodon processes. Docker-based deployments need to restart all Mastodon processes after pulling the new image.
C.IM was on v4.6.1 before this update, so the v4.6.2 notes were part of the upgrade window. The extra check is FFmpeg, especially for anyone using upstream container images or managing FFmpeg as a system package.
Official release links
Summary
C.IM is now running Mastodon v4.6.3. Users should mostly notice fewer rough edges in the 4.6 web UI and better email rendering when posts include images.
On the admin side, the boring part is the important part: keep FFmpeg patched, rebuild frontend assets where required, and restart all Mastodon processes after the update.
Source code for our instance is available at:
[ share ]