Commit Graph

567 Commits (3387868dd9841cfffdae875d3296cf0aae36dc2b)

Author SHA1 Message Date
Claire b1ed009c65
Merge pull request from GHSA-3fjr-858r-92rw
* Fix insufficient origin validation

* Bump version to v3.5.17
2024-02-01 15:56:46 +01:00
Claire 35f21191ee Bump version to v3.5.16 2023-12-04 15:27:44 +01:00
Claire db59d8486b Bump version to v3.5.15 2023-10-10 13:50:10 +02:00
Claire 75346a71f7 Bump version to v3.5.14 2023-09-19 17:01:17 +02:00
yufushiro 0158c31c02 Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-09-19 17:01:17 +02:00
Claire 16e47e1aae Bump version to v3.5.13 2023-09-05 17:22:43 +02:00
Claire a3d31ffc1e Bump version to v3.5.12 2023-07-31 14:33:27 +02:00
Claire 80c00f4aa5 Bump version to v3.5.11 2023-07-21 16:07:24 +02:00
Claire 687421ebbe Bump version to v3.5.10 2023-07-07 19:35:24 +02:00
Claire b10c974ba1 Bump version to v3.5.9 2023-07-06 15:08:10 +02:00
Claire 987f909994
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire c02fa93c57
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Daniel M Brasil 176ae71fd4 Fix `tootctl accounts approve --number N` not aproving N earliest registrations (#24605) 2023-07-06 13:46:21 +02:00
Claire 1bd831b9a9 Bump version to v3.5.8 2023-04-04 12:38:58 +02:00
Claire 40438675f8 Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327) 2023-04-04 12:38:58 +02:00
Claire 3d67a9329e Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled (#24182) 2023-04-04 12:38:58 +02:00
Claire 547634dfa6 Bump version to v3.5.7 2023-03-16 22:50:15 +01:00
Claire 708e590117 Fix sidekiq jobs not triggering Elasticsearch index updates (#24046) 2023-03-14 11:46:12 +01:00
Claire 8c8d578e38
Bump version to 3.5.6 (#23493) 2023-02-10 22:18:15 +01:00
Claire 84a40824ad
Fix sanitizer parsing link text as HTML when stripping unsupported links (#22558) (#23491) 2023-02-09 21:02:01 +01:00
Claire 696f7b3608 Bump version to 3.5.5 2022-11-14 22:26:24 +01:00
Claire 105ab82425 Bump version to 3.5.4 2022-11-14 20:09:16 +01:00
Pierre Bourdon 1659788de4 blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388)
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.

Fixes #19235.
2022-11-14 11:20:41 +01:00
Eugen Rochko fbcbf7898f
Bump version to 3.5.3 (#18530) 2022-05-26 23:26:15 +02:00
Eugen Rochko a9b64b24d6
Change algorithm of `tootctl search deploy` to improve performance (#18463) 2022-05-22 22:16:43 +02:00
Eugen Rochko 679b7158e3
Change search indexing to use batches to minimize resource usage (#18451) 2022-05-18 23:29:14 +02:00
Claire f714e24ff1
Fix redis configuration not being changed by mastodon:setup (#18383)
Fixes #18342
2022-05-09 23:19:11 +02:00
Claire 014065913c
Bump version to 3.5.2 (#18295)
* Bump version to 3.5.2

* Change some entries to be more clear

* Add some extra notes

* Fix line wrap

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-05-04 00:57:42 +02:00
Claire bc19c083ce
Add ability to set approval-based registration through tootctl (#18248)
Fixes #18235

Add `tootctl settings registrations approved` with
optional `--require-reason` switch.
2022-05-02 17:41:34 +02:00
Eugen Rochko 7b0fe4aef9
Fix opening and closing Redis connections instead of using a pool (#18171)
* Fix opening and closing Redis connections instead of using a pool

* Fix Redis connections not being returned to the pool in CLI commands
2022-04-29 22:43:07 +02:00
Gaelan Steele 74e20f22cd
Fix light-mode emoji borders. (#18131) 2022-04-29 19:23:03 +02:00
Eugen Rochko 3917353645
Fix single Redis connection being used across all threads (#18135)
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
2022-04-28 17:47:34 +02:00
Claire 33cd80d69c
Fix instance actor being incorrectly created when running migrations (#18109)
* Add migration test about instance actor key

* Fix old migration

* Work around incorrect database state
2022-04-26 21:22:09 +02:00
Eugen Rochko ed5491e5de
Bump version to 3.5.1 (#18000) 2022-04-08 21:57:24 +02:00
0x2019 012537452a
Fix error resposes for `from` search prefix (#17963)
* Fix error responses in `from` search prefix (addresses mastodon/mastodon#17941)

Using unsupported prefixes now reports a 422; searching for posts from an
account the instance is not aware of reports a 404. TODO: The UI for this
on the front end is abysmal.

Searching `from:username@domain` now succeeds when `domain` is the local
domain; searching `from:@username(@domain)?` now works as expected.

* Remove unused methods on new Error classes as they are not being used

Currently when `raise`d there are error messages being supplied, but
this is not actually being used. The associated `raise`s have been
edited accordingly.

* Remove needless comments

* Satisfy rubocop

* Try fixing tests being unable to find AccountFindingConcern methods

* Satisfy rubocop

* Simplify `from` prefix logic

This incorporates @ClearlyClaire's suggestion (see
https://github.com/mastodon/mastodon/pull/17963#pullrequestreview-933986737).

Accepctable account strings in `from:` clauses are more lenient than
before this commit; for example, `from:@user@example.org@asnteo +cat`
will not error, and return posts by @user@example.org containing the
word "cat". This is more consistent with how Mastodon matches mentions
in statuses. In addition, `from` clauses will not be checked for
syntatically invalid usernames or domain names, simply 404ing when
`Account.find_remote!` raises ActiveRecord::NotFound.

New code for this PR that is no longer used has been removed.
2022-04-08 21:21:49 +02:00
Eugen Rochko 6e418bf346
Fix cookies secure flag being set when served over Tor (#17992) 2022-04-08 12:47:18 +02:00
Claire cb45c04d26
Fix migration error handling (#17991) 2022-04-07 20:46:30 +02:00
Claire 5f0fc639da
Fix error re-running some migrations if they get interrupted at the wrong moment (#17989) 2022-04-07 20:17:49 +02:00
Eugen Rochko 6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in (#17970) 2022-04-06 20:58:12 +02:00
Holger 39b489ba4c
fix: `s3_force_single_request` not parsed (#17922) 2022-04-01 23:56:23 +02:00
Eugen Rochko 8c7223f4ea
Bump version to 3.5.0 (#17911) 2022-03-30 14:52:37 +02:00
Eugen Rochko d7d049aab7
Bump version to 3.5.0rc3 (#17876) 2022-03-26 04:29:36 +01:00
Eugen Rochko 07f8b4d1b1
Bump version to 3.5.0rc2 (#17855) 2022-03-26 02:54:11 +01:00
Claire 3afd59df0f
Fix tootctl email_domain_blocks add (#17842)
Fixes #17831
2022-03-21 19:10:09 +01:00
Claire b07906bdb0
Fix wrong language code for Kurdish languages (#17812) 2022-03-17 01:37:03 +01:00
Eugen Rochko 4bdce2c513
Bump version to 3.5.0rc1 (#17618)
* Bump version to 3.5.0rc1

* Various fixes and improvements

* Update AUTHORS.md

* Various fixes and improvements

* Update README.md
2022-03-15 08:16:45 +01:00
Claire 642528f455
Update fix-duplicates maintenance task (#17731)
* Update fix-duplicates task to 2022_02_10_153119

Also add support for Appeal to AccountMerging#merge_with!

* Update fix-duplicates task to 2022_03_07_094650

* Update fix-duplicates task to 2022_03_09_213005

* Update fix-duplicates task to 2022_03_07_083603

* Update fix-duplicates task to 2022_03_10_060626

* Update fix-duplicates script to 2022_03_07_083603

* Update fix-duplicates task to 2022_03_10_060706

* Update fix-duplicates task to 2022_03_10_060959

* Silence CodeClimate
2022-03-12 08:33:11 +01:00
Eugen Rochko 75e33fd08f
Fix null values being included in some indexes (#17711)
* Fix null values being included in some indexes

* Update lib/mastodon/migration_helpers.rb

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Add documentation link to corruption error message

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-12 08:12:57 +01:00
Claire 61ae6b3535
Add more migration tests (#17710)
* Add migration tests for hide_network settings migration

* Add tests about suspended/suspended_at

* Add more tests regarding the results of migrations

* Fix migration test regarding stale conflicting remote account

* Add migration tests about AccountConversation
2022-03-07 23:40:55 +01:00
Rens Groothuijsen c439e13e12
Enable importing GIF emojis in CLI (#17706) 2022-03-06 23:41:44 +01:00