Mastodon 4.4 RC for developers adds quote post support, feature flags & security updates

Mastodon 4.4 is approaching its final release, with a release candidate now available for developers to preview and adapt their integrations. The update’s main highlight is built-in support for quote posts compliant with the FEP-044f specification. While Mastodon users can now see incoming quotes in the web user interface, the ability to create new quotes will arrive in version 4.5. Developers working with the REST API can access the new quote attribute in the Status and StatusEdit objects, complemented by a quote-inline CSS class for compatibility.

Security improvements include the removal of the OAuth password grant type, fixes for single sign-on authentication, protection against token misuse, and a new OpenID Connect userinfo endpoint. Server configuration should now rely on the standardized /.well-known/oauth-authorization-server path. New API endpoints allow managing endorsed accounts and featured hashtags in profiles, updating attribution domains, applying a media blur filter, and deleting unused or status-linked media attachments.

Developers can now enable experimental features through the EXPERIMENTAL_FEATURES environment variable. This supports testing options like inbound HTTP Message Signatures (RFC9421) and early integration with Fediverse Auxiliary Service Providers (FASPs). The feature flag system also gives contributors a way to propose gated rollouts for new functionality.