Claire
44c265e4c7
Bump version to v3.5.18
2024-02-14 15:17:48 +01:00
Claire
4a57e44809
Merge pull request from GHSA-vm39-j3vx-pch3
...
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
Claire
47c6079d8d
Merge pull request from GHSA-7w3c-p9j8-mq3x
...
* Ensure destruction of OAuth Applications notifies streaming
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
* Ensure password resets revoke access to Streaming API
* Improve performance of deleting OAuth tokens
---------
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
2024-02-14 15:15:34 +01:00
Claire
69205dff9a
Add `sidekiq_unique_jobs:delete_all_locks` task and disable `sidekiq-unique-jobs` UI by default ( #29199 )
2024-02-14 13:18:08 +01:00
Emelia Smith
d187195f2c
Disable administrative doorkeeper routes ( #29187 )
2024-02-14 12:13:33 +01:00
blah
3387868dd9
Update dependency sidekiq-unique-jobs to 7.1.33
2024-02-14 12:13:33 +01:00
blah
3ba6ed76ea
Update dependency nokogiri to 1.16.2
2024-02-14 12:13:33 +01:00
Claire
b1ed009c65
Merge pull request from GHSA-3fjr-858r-92rw
...
* Fix insufficient origin validation
* Bump version to v3.5.17
2024-02-01 15:56:46 +01:00
Claire
35f21191ee
Bump version to v3.5.16
2023-12-04 15:27:44 +01:00
Claire
2ffce0d5f7
Fix processing LDSigned activities from actors with unknown public keys ( #27474 )
2023-12-04 15:27:44 +01:00
Claire
688defd60d
Change GIF max matrix size error to explicitly mention GIF files ( #27927 )
2023-12-04 15:27:44 +01:00
Jonathan de Jong
d9b05f6860
Have `Follow` activities bypass availability ( #27586 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-12-04 15:27:44 +01:00
Claire
f3fd8d8695
Clamp dates when serializing to Elasticsearch API ( #28081 )
2023-12-04 15:27:44 +01:00
Claire
49693fe42f
Fix incoming status creation date not being restricted to standard ISO8601 ( #27655 )
2023-12-04 15:27:44 +01:00
Claire
16262f815d
Fix posts from force-sensitized accounts being able to trend ( #27620 )
2023-12-04 15:27:44 +01:00
Claire
d4e0a12b27
Change Content-Security-Policy to be tighter on media paths ( #26889 )
2023-12-04 15:27:44 +01:00
Claire
db59d8486b
Bump version to v3.5.15
2023-10-10 13:50:10 +02:00
Matt Jankowski
7fb3ee0bc6
Dont match mention in url query string ( #25656 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-10-10 13:50:10 +02:00
David Aaron
9bd027823d
Change min age of backup policy from 1 week to 6 days ( #27200 )
2023-10-10 13:50:10 +02:00
Jakob Gillich
57d4d46050
Fix importer returning negative row estimates ( #27258 )
2023-10-10 13:50:10 +02:00
Claire
c91116f780
Fix filtering audit log for entries about disabling 2FA ( #27186 )
2023-10-10 13:50:10 +02:00
Essem
f45b5f5006
Properly remove tIME chunk from PNG uploads ( #27111 )
2023-10-10 13:50:10 +02:00
Claire
47441e51f3
Fix crash when filtering for “dormant” relationships ( #27306 )
2023-10-10 13:50:10 +02:00
Claire
af02650322
Fix inefficient queries in “Follows and followers” as well as several admin pages ( #27116 )
2023-10-10 13:50:10 +02:00
Claire
75346a71f7
Bump version to v3.5.14
2023-09-19 17:01:17 +02:00
Claire
49af3e26dc
Fix moderator rights inconsistencies ( #26729 )
2023-09-19 17:01:17 +02:00
Claire
412c3e13ec
Fix crash when encountering invalid URL ( #26814 )
2023-09-19 17:01:17 +02:00
Claire
31c5e63a58
Fix cached posts including stale stats ( #26409 )
2023-09-19 17:01:17 +02:00
Nicolai Søborg
e8eeb746ac
Fix `frame_rate` for videos where `ffprobe` reports 0/0 ( #26500 )
2023-09-19 17:01:17 +02:00
yufushiro
0158c31c02
Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough ( #26608 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-09-19 17:01:17 +02:00
Claire
9deb178126
Merge pull request from GHSA-v3xf-c9qf-j667
2023-09-19 16:53:58 +02:00
Claire
8e6fe19225
Change Dockerfile to upgrade packages when building ( #26931 )
...
Co-authored-by: Renaud Chaput <renchap@gmail.com>
2023-09-18 08:31:53 +02:00
Claire
4eb709ea7e
Update actions for stable-3.5 ( #26804 )
...
Co-authored-by: Renaud Chaput <renchap@gmail.com>
2023-09-06 09:18:28 +02:00
Claire
86a31fc019
Fix Dockerfile installing incompatible npm version ( #26803 )
2023-09-05 17:46:39 +02:00
Claire
16e47e1aae
Bump version to v3.5.13
2023-09-05 17:22:43 +02:00
Emelia Smith
dcffd6b3d7
Allow reports with long comments from remote instances, but truncate ( #25028 )
2023-09-05 17:22:43 +02:00
Daniel M Brasil
8de0f7e198
Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled ( #26237 )
2023-09-05 17:22:43 +02:00
Claire
e37551421e
Fix blocking subdomains of an already-blocked domain ( #26392 )
2023-09-05 17:22:43 +02:00
Claire
2e0eab9d18
Change text extraction in `PlainTextFormatter` to be faster ( #26727 )
2023-09-05 17:22:43 +02:00
Claire
ce75c175cd
Backport container build changes to the stable-3.5 branch ( #26742 )
...
Co-authored-by: Renaud Chaput <renchap@gmail.com>
2023-08-31 19:54:17 +02:00
Claire
a3d31ffc1e
Bump version to v3.5.12
2023-07-31 14:33:27 +02:00
Emelia Smith
50f4af28b0
Fix: Streaming server memory leak in HTTP EventSource cleanup ( #26228 )
2023-07-31 14:33:27 +02:00
Claire
e655b35d7e
Fix incorrect connect timeout in outgoing requests ( #26116 )
2023-07-31 14:33:27 +02:00
Claire
80c00f4aa5
Bump version to v3.5.11
2023-07-21 16:07:24 +02:00
Claire
1a0192537d
Add check preventing Sidekiq workers from running with Makara configured ( #25850 )
...
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-21 16:07:24 +02:00
Claire
668cd00e13
Fix testsuite failure introduced in last release
2023-07-21 16:07:24 +02:00
Claire
0bd52de492
Fix CSP headers being unintendedly wide ( #26105 )
2023-07-21 16:07:24 +02:00
Claire
ced65ffbb4
Change request timeout handling to use a longer deadline ( #26055 )
2023-07-21 16:07:24 +02:00
Claire
6398fc0b66
Fix moderation interface for remote instances with a .zip TLD ( #25885 )
2023-07-21 16:07:24 +02:00
Claire
7709bbba65
Fix remote accounts being possibly persisted to database with incomplete protocol values ( #25886 )
2023-07-21 16:07:24 +02:00