diff --git a/.SRCINFO b/.SRCINFO
index e2bbf9f..cebe7a7 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -68,11 +68,11 @@ pkgbase = gotosocial
 	sha512sums = 2ff5499a31e12733cb20a9261942ed135fbac327d5a836b8955f3e86c009a603cf965440d9dbe6db64b80d0f652ba56faddb0ef398393b72474d8cf6c438ab80
 	sha512sums = b89fad3073e140f17167515b38942e5b5e2bc2aee03c484e1bb7cf6444f86cb1e2a13a60b101e04d22633d348be073ca26cd309da4746e5062c12b4f3ce4b38a
 	sha512sums = 913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77
-	sha512sums = 6c9a529ad0472d25500bb77bc9b6f268c01cef61559f5d9b26b192e84bd987d9eb22c6c5dee1dc7f60a5bb99513aff93f241e1e30478f81531fa53f55be442c6
+	sha512sums = 362181afc9823315045896eaeaa9367bc3af8671637ecd42d8d62a12274241753cd24c004e41fb86877cfec9a5e1ae4fd6730d31a8cb055d9b0a498a99422e8c
 	b2sums = 61a5b085b49cb196be4e6d77ba61cc06d578b89970953a09626f553441a522ba7e4b1f58ab60e6169cbb33bc9757d3a811c0fc2de7a48faf4bc005b82cf720f8
 	b2sums = ccf672731b88fc6700b0b81737790365e1eea0066bad1bbf6b13dac1e5b42af69063838efca47a6d9c16ee3f6308e2e23b92cf79d4226cd88f8551fb7361649b
 	b2sums = 4f65af952441c0f54bb32049a149675e207f8993678423d369c4095c57476464614ac720eccc64d7a93a81268ad7ca41cae75ca7211bd7b78f9035f6e5341f04
 	b2sums = 9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c
-	b2sums = b92f9b3b10109c2f63099c12c38c8615dc9b22f846ba15ec4c004069a7291f166cd4cb6ebf820f62dbf934a3388a767feaa3fdf8b47cf0a04532b182caaec149
+	b2sums = 71b2441e96c372f48bd6b1a1fabc2222c704b6a3c3d589c37e92ebcd892656e57e872ea9fbbf240a189f325e67527f4e542363b80ad4628a9cd94d28070ec6ad
 
 pkgname = gotosocial
diff --git a/PKGBUILD b/PKGBUILD
index d3f881f..52f71b2 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -72,12 +72,12 @@ sha512sums=('101c379356645b0a636ecb5917f225786e46d774337f3df474d23bbb0d7b2a914cb
             '2ff5499a31e12733cb20a9261942ed135fbac327d5a836b8955f3e86c009a603cf965440d9dbe6db64b80d0f652ba56faddb0ef398393b72474d8cf6c438ab80'
             'b89fad3073e140f17167515b38942e5b5e2bc2aee03c484e1bb7cf6444f86cb1e2a13a60b101e04d22633d348be073ca26cd309da4746e5062c12b4f3ce4b38a'
             '913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77'
-            '6c9a529ad0472d25500bb77bc9b6f268c01cef61559f5d9b26b192e84bd987d9eb22c6c5dee1dc7f60a5bb99513aff93f241e1e30478f81531fa53f55be442c6')
+            '362181afc9823315045896eaeaa9367bc3af8671637ecd42d8d62a12274241753cd24c004e41fb86877cfec9a5e1ae4fd6730d31a8cb055d9b0a498a99422e8c')
 b2sums=('61a5b085b49cb196be4e6d77ba61cc06d578b89970953a09626f553441a522ba7e4b1f58ab60e6169cbb33bc9757d3a811c0fc2de7a48faf4bc005b82cf720f8'
         'ccf672731b88fc6700b0b81737790365e1eea0066bad1bbf6b13dac1e5b42af69063838efca47a6d9c16ee3f6308e2e23b92cf79d4226cd88f8551fb7361649b'
         '4f65af952441c0f54bb32049a149675e207f8993678423d369c4095c57476464614ac720eccc64d7a93a81268ad7ca41cae75ca7211bd7b78f9035f6e5341f04'
         '9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c'
-        'b92f9b3b10109c2f63099c12c38c8615dc9b22f846ba15ec4c004069a7291f166cd4cb6ebf820f62dbf934a3388a767feaa3fdf8b47cf0a04532b182caaec149')
+        '71b2441e96c372f48bd6b1a1fabc2222c704b6a3c3d589c37e92ebcd892656e57e872ea9fbbf240a189f325e67527f4e542363b80ad4628a9cd94d28070ec6ad')
 
 prepare() {
   cd "$pkgname"
diff --git a/modded.patch b/modded.patch
index 2e1abcb..2009617 100644
--- a/modded.patch
+++ b/modded.patch
@@ -42,35 +42,35 @@ index 2b3a873fb..52615a345 100644
  db-address: ""
  
 diff --git a/go.mod b/go.mod
-index 7d15b19dd..beb7b0235 100644
+index 09796fba7..ff7e08475 100644
 --- a/go.mod
 +++ b/go.mod
-@@ -72,6 +72,7 @@ require (
+@@ -74,6 +74,7 @@ require (
  	github.com/uptrace/bun/extra/bunotel v1.2.11
  	github.com/wagslane/go-password-validator v0.3.0
- 	github.com/yuin/goldmark v1.7.8
+ 	github.com/yuin/goldmark v1.7.10
 +	go.balki.me/anyhttp v0.5.0
- 	go.opentelemetry.io/otel v1.34.0
- 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0
+ 	go.opentelemetry.io/otel v1.35.0
+ 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0
  	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0
 diff --git a/go.sum b/go.sum
-index 24176856b..a9680692a 100644
+index 17885f27e..8a123642f 100644
 --- a/go.sum
 +++ b/go.sum
-@@ -620,6 +620,8 @@ github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic=
- github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
- gitlab.com/NyaaaWhatsUpDoc/sqlite v1.35.0-concurrency-workaround h1:rSPHdoNXzXyWQUUeMEy8pdOFn8lH7XqdBRTS9G+jdTg=
- gitlab.com/NyaaaWhatsUpDoc/sqlite v1.35.0-concurrency-workaround/go.mod h1:9cr2sicr7jIaWTBKQmAxQLfBv9LL0su4ZTEV+utt3ic=
+@@ -491,6 +491,8 @@ github.com/yuin/goldmark v1.7.10 h1:S+LrtBjRmqMac2UdtB6yyCEJm+UILZ2fefI4p7o0QpI=
+ github.com/yuin/goldmark v1.7.10/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
+ gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround h1:QbfrBqNKgAFSSK89fYf547vxDQuz8p6iJUzzAMrusNk=
+ gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround/go.mod h1:5YiWv+YviqGMuGw4V+PNplcyaJ5v+vQd7TQOgkACoJM=
 +go.balki.me/anyhttp v0.5.0 h1:uys0oRciBpZfwtxXAevScKy6amIQBXyDrcV0EtGF5zo=
 +go.balki.me/anyhttp v0.5.0/go.mod h1:JhfekOIjgVODoVqUCficjpIgmB3wwlB7jhN0eN2EZ/s=
- go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
- go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
- go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+ go.mongodb.org/mongo-driver v1.17.3 h1:TQyXhnsWfWtgAhMtOgtYHMTkZIfBTpMTsMnd9ZBeHxQ=
+ go.mongodb.org/mongo-driver v1.17.3/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
+ go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 diff --git a/internal/config/config.go b/internal/config/config.go
-index 8ce2105b4..93ad8d7b0 100644
+index d4b3901e7..c63157f0c 100644
 --- a/internal/config/config.go
 +++ b/internal/config/config.go
-@@ -59,6 +59,7 @@ type Configuration struct {
+@@ -58,6 +58,7 @@ type Configuration struct {
  	BindAddress        string   `name:"bind-address" usage:"Bind address to use for the GoToSocial server (eg., 0.0.0.0, 172.138.0.9, [::], localhost). For ipv6, enclose the address in square brackets, eg [2001:db8::fed1]. Default binds to all interfaces."`
  	Port               int      `name:"port" usage:"Port to use for GoToSocial. Change this to 443 if you're running the binary directly on the host machine."`
  	TrustedProxies     []string `name:"trusted-proxies" usage:"Proxies to trust when parsing x-forwarded headers into real IPs."`
@@ -78,7 +78,7 @@ index 8ce2105b4..93ad8d7b0 100644
  	SoftwareVersion    string   `name:"software-version" usage:""`
  
  	DbType                     string        `name:"db-type" usage:"Database type: eg., postgres"`
-@@ -194,6 +195,8 @@ type Configuration struct {
+@@ -192,6 +193,8 @@ type Configuration struct {
  	AdminMediaListRemoteOnly bool   `name:"remote-only" usage:"list only remote attachments/emojis; if specified then local-only cannot also be true"`
  
  	RequestIDHeader string `name:"request-id-header" usage:"Header to extract the Request ID from. Eg.,'X-Request-Id'."`
@@ -88,7 +88,7 @@ index 8ce2105b4..93ad8d7b0 100644
  
  type HTTPClientConfiguration struct {
 diff --git a/internal/config/defaults.go b/internal/config/defaults.go
-index 78a8230d5..b8b2ff5f2 100644
+index 9a507b421..4f63c2569 100644
 --- a/internal/config/defaults.go
 +++ b/internal/config/defaults.go
 @@ -233,4 +233,6 @@
@@ -99,19 +99,10 @@ index 78a8230d5..b8b2ff5f2 100644
 +	KalaclistaAllowedUnauthorizedGet: false,
  }
 diff --git a/internal/config/helpers.gen.go b/internal/config/helpers.gen.go
-index 156c19fd5..ab12c44be 100644
+index ac41a73e9..39266add6 100644
 --- a/internal/config/helpers.gen.go
 +++ b/internal/config/helpers.gen.go
-@@ -2,7 +2,7 @@
- // GoToSocial
- // Copyright (C) GoToSocial Authors admin@gotosocial.org
- // SPDX-License-Identifier: AGPL-3.0-or-later
--//
-+// 
- // This program is free software: you can redistribute it and/or modify
- // it under the terms of the GNU Affero General Public License as published by
- // the Free Software Foundation, either version 3 of the License, or
-@@ -351,6 +351,31 @@ func GetTrustedProxies() []string { return global.GetTrustedProxies() }
+@@ -350,6 +350,31 @@ func GetTrustedProxies() []string { return global.GetTrustedProxies() }
  // SetTrustedProxies safely sets the value for global configuration 'TrustedProxies' field
  func SetTrustedProxies(v []string) { global.SetTrustedProxies(v) }
  
@@ -143,30 +134,7 @@ index 156c19fd5..ab12c44be 100644
  // GetSoftwareVersion safely fetches the Configuration value for state's 'SoftwareVersion' field
  func (st *ConfigState) GetSoftwareVersion() (v string) {
  	st.mutex.RLock()
-@@ -3328,19 +3353,13 @@ func (st *ConfigState) SetCacheConversationLastStatusIDsMemRatio(v float64) {
- }
- 
- // CacheConversationLastStatusIDsMemRatioFlag returns the flag name for the 'Cache.ConversationLastStatusIDsMemRatio' field
--func CacheConversationLastStatusIDsMemRatioFlag() string {
--	return "cache-conversation-last-status-ids-mem-ratio"
--}
-+func CacheConversationLastStatusIDsMemRatioFlag() string { return "cache-conversation-last-status-ids-mem-ratio" }
- 
- // GetCacheConversationLastStatusIDsMemRatio safely fetches the value for global configuration 'Cache.ConversationLastStatusIDsMemRatio' field
--func GetCacheConversationLastStatusIDsMemRatio() float64 {
--	return global.GetCacheConversationLastStatusIDsMemRatio()
--}
-+func GetCacheConversationLastStatusIDsMemRatio() float64 { return global.GetCacheConversationLastStatusIDsMemRatio() }
- 
- // SetCacheConversationLastStatusIDsMemRatio safely sets the value for global configuration 'Cache.ConversationLastStatusIDsMemRatio' field
--func SetCacheConversationLastStatusIDsMemRatio(v float64) {
--	global.SetCacheConversationLastStatusIDsMemRatio(v)
--}
-+func SetCacheConversationLastStatusIDsMemRatio(v float64) { global.SetCacheConversationLastStatusIDsMemRatio(v) }
- 
- // GetCacheDomainPermissionDraftMemRation safely fetches the Configuration value for state's 'Cache.DomainPermissionDraftMemRation' field
- func (st *ConfigState) GetCacheDomainPermissionDraftMemRation() (v float64) {
-@@ -4686,3 +4705,29 @@ func GetRequestIDHeader() string { return global.GetRequestIDHeader() }
+@@ -4656,3 +4681,28 @@ func GetRequestIDHeader() string { return global.GetRequestIDHeader() }
  
  // SetRequestIDHeader safely sets the value for global configuration 'RequestIDHeader' field
  func SetRequestIDHeader(v string) { global.SetRequestIDHeader(v) }
@@ -195,34 +163,6 @@ index 156c19fd5..ab12c44be 100644
 +
 +// SetKalaclistaAllowedUnauthorizedGet safely sets the value for global configuration 'KalaclistaAllowedUnauthorizedGet' field
 +func SetKalaclistaAllowedUnauthorizedGet(v bool) { global.SetKalaclistaAllowedUnauthorizedGet(v) }
-+
-diff --git a/internal/middleware/signaturecheck.go b/internal/middleware/signaturecheck.go
-index ea63ec4f0..cb8b9df9a 100644
---- a/internal/middleware/signaturecheck.go
-+++ b/internal/middleware/signaturecheck.go
-@@ -33,7 +33,8 @@
- 	sigHeader  = string(httpsig.Signature)
- 	authHeader = string(httpsig.Authorization)
- 	// untyped error returned by httpsig when no signature is present
--	noSigError = "neither \"" + sigHeader + "\" nor \"" + authHeader + "\" have signature parameters"
-+	noSigError   = "neither \"" + sigHeader + "\" nor \"" + authHeader + "\" have signature parameters"
-+	bothSigError = "both \"" + sigHeader + "\" and \"" + authHeader + "\" have signature parameters"
- )
- 
- // SignatureCheck returns a gin middleware for checking http signatures.
-@@ -54,6 +55,12 @@ func SignatureCheck(uriBlocked func(context.Context, *url.URL) (bool, error)) fu
- 		// Create the signature verifier from the request;
- 		// this will error if the request wasn't signed.
- 		verifier, err := httpsig.NewVerifier(c.Request)
-+		if err != nil && err.Error() == bothSigError {
-+			log.Debugf(ctx, "this request has both http signature headers, but fix it: %s", err)
-+			c.Request.Header.Del(authHeader)
-+			verifier, err = httpsig.NewVerifier(c.Request)
-+		}
-+
- 		if err != nil {
- 			// Only actually *abort* the request with 401
- 			// if a signature was present but malformed.
 diff --git a/internal/processing/fedi/common.go b/internal/processing/fedi/common.go
 index 1a4d38bc1..1d62aacdb 100644
 --- a/internal/processing/fedi/common.go
@@ -252,10 +192,10 @@ index 1a4d38bc1..1d62aacdb 100644
  	}
  
 diff --git a/internal/processing/fedi/emoji.go b/internal/processing/fedi/emoji.go
-index 9ac0ea244..446e496c0 100644
+index 9ac0ea244..1c8b0bda7 100644
 --- a/internal/processing/fedi/emoji.go
 +++ b/internal/processing/fedi/emoji.go
-@@ -20,15 +20,19 @@
+@@ -20,14 +20,20 @@
  import (
  	"context"
  	"fmt"
@@ -269,15 +209,15 @@ index 9ac0ea244..446e496c0 100644
  // EmojiGet handles the GET for a federated emoji originating from this instance.
  func (p *Processor) EmojiGet(ctx context.Context, requestedEmojiID string) (interface{}, gtserror.WithCode) {
  	if _, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, ""); errWithCode != nil {
--		return nil, errWithCode
 +		if !(config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized) {
 +			return nil, errWithCode
 +		}
++
+ 		return nil, errWithCode
  	}
  
- 	requestedEmoji, err := p.state.DB.GetEmojiByID(ctx, requestedEmojiID)
 diff --git a/internal/processing/fedi/user.go b/internal/processing/fedi/user.go
-index 79c1b4fdb..b980161c9 100644
+index 79c1b4fdb..376191036 100644
 --- a/internal/processing/fedi/user.go
 +++ b/internal/processing/fedi/user.go
 @@ -21,9 +21,11 @@
@@ -292,20 +232,19 @@ index 79c1b4fdb..b980161c9 100644
  	"github.com/superseriousbusiness/gotosocial/internal/db"
  	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
  	"github.com/superseriousbusiness/gotosocial/internal/uris"
-@@ -67,6 +69,16 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque
+@@ -67,6 +69,15 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque
  	// we can serve a more complete profile.
  	pubKeyAuth, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
  	if errWithCode != nil {
-+		// kalaclista modded: unauthorized-fetch
 +		if config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized {
 +			person, err := p.converter.AccountToAS(ctx, receiver)
 +			if err != nil {
 +				err := gtserror.Newf("error converting account: %w", err)
 +				return nil, gtserror.NewErrorInternalError(err)
 +			}
++
 +			return data(person)
 +		}
-+
  		return nil, errWithCode // likely 401
  	}
  
@@ -1241,10 +1180,10 @@ index 000000000..ee3d81ff1
 +	return i.c
 +}
 diff --git a/vendor/modules.txt b/vendor/modules.txt
-index e053e6ce0..338ab8877 100644
+index c0b7298f3..7a620f2fc 100644
 --- a/vendor/modules.txt
 +++ b/vendor/modules.txt
-@@ -959,6 +959,10 @@ github.com/yuin/goldmark/renderer
+@@ -957,6 +957,10 @@ github.com/yuin/goldmark/renderer
  github.com/yuin/goldmark/renderer/html
  github.com/yuin/goldmark/text
  github.com/yuin/goldmark/util
@@ -1252,6 +1191,6 @@ index e053e6ce0..338ab8877 100644
 +## explicit; go 1.20
 +go.balki.me/anyhttp
 +go.balki.me/anyhttp/idle
- # go.mongodb.org/mongo-driver v1.14.0
+ # go.mongodb.org/mongo-driver v1.17.3
  ## explicit; go 1.18
  go.mongodb.org/mongo-driver/bson