Commit Graph

12398 Commits (869540903516097e4003155293c46a7509b6eb5c)

Author SHA1 Message Date
Michael Stanclift 8695409035 Fix trending publishers table not rendering correctly on narrow screens (#25945) 2023-07-21 16:07:35 +02:00
Claire 60b70755be Bump version to v4.0.6 2023-07-07 19:36:12 +02:00
Claire 0716346194 Update sanitize 2023-07-07 19:36:12 +02:00
Claire 93a87b96c7 Fix processing of media files with unusual names (#25788) 2023-07-07 19:36:12 +02:00
Claire 614aaeff41 Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 19:36:12 +02:00
Claire 237f2adfa6 Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) 2023-07-07 19:36:12 +02:00
Claire 8d7f6550f9 Bump version to v4.0.5 2023-07-06 15:07:46 +02:00
Claire 2d42175ef0
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:50 +02:00
Claire 3af396e561
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire 2119aadf0a
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire 102ed6e8ca
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire f626e0d228 Add hardened headers to user-uploaded files (#25756) 2023-07-06 14:33:32 +02:00
Claire 35830cd8cc Update dependencies 2023-07-06 13:45:58 +02:00
Renaud Chaput 94c67e8bfd Allow carets in URL search params (#25216) 2023-07-06 13:45:58 +02:00
Vyr Cossont 798d26dd04 Fix Redis client and type errors introduced in #24285 (#24342) 2023-07-06 13:45:58 +02:00
Vyr Cossont 9ad33eb160 IndexingScheduler: fetch and import in batches (#24285)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-06 13:45:58 +02:00
Claire 5e55ca25d6 Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-07-06 13:45:58 +02:00
Claire 0bcb4f73f1 Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2023-07-06 13:45:58 +02:00
Claire 04f76675d1 Add finer permission requirements for managing webhooks (#25463) 2023-07-06 13:45:58 +02:00
Claire 53acab6d2b Fix wrong view being displayed when a webhook fails validation (#25464) 2023-07-06 13:45:58 +02:00
Emelia Smith 78358b84b9 Prevent UserCleanupScheduler from overwhelming streaming (#25519) 2023-07-06 13:45:58 +02:00
Daniel M Brasil c285f9d1a1 Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477) 2023-07-06 13:45:58 +02:00
Emelia Smith 42bffbc337 Fix logging of messages that are binary before closing their connection (#25361) 2023-07-06 13:45:58 +02:00
Emelia Smith f94aee0ed5 Fix performance of streaming by parsing message JSON once (#25278) 2023-07-06 13:45:58 +02:00
Claire 41a0a3c87f Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) 2023-07-06 13:45:58 +02:00
Daniel M Brasil 995ad9602b Fix `tootctl accounts approve --number N` not aproving N earliest registrations (#24605) 2023-07-06 13:45:58 +02:00
Claire 660845f781 Change profile updates to be sent to recently-mentioned servers (#24852) 2023-07-06 13:45:58 +02:00
Claire 0b627dcf9e Fix being able to vote on your own polls (#25015) 2023-07-06 13:45:58 +02:00
Claire a3f58ceea4 Fix race condition when reblogging a status (#25016) 2023-07-06 13:45:58 +02:00
Claire bb87736bf0 Change OpenGraph-based embeds to allow fullscreen (#25058) 2023-07-06 13:45:58 +02:00
Claire 37972fe3c7 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2023-07-06 13:45:58 +02:00
Claire 64416e4000 Remove invalid X-Frame-Options: ALLOWALL (#25070) 2023-07-06 13:45:58 +02:00
Claire eceb960744 Change Identity to not destroy associated User on destroy (#25098) 2023-07-06 13:45:58 +02:00
Claire ebe009ff09 Fix /api/v1/conversations sometimes returning empty accounts (#25499) 2023-07-06 13:45:58 +02:00
Claire 2617c33fc3 Fix ArgumentError when loading newer Private Mentions (#25399) 2023-07-06 13:45:58 +02:00
Claire d81b891fa8 Fix multiple N+1s in ConversationsController (#25134) 2023-07-06 13:45:58 +02:00
Claire a705bb84e6 Fix user archive takeouts when using OpenStack Swift (#24431) 2023-07-06 13:45:58 +02:00
Claire 214c367095 Bump version to v4.0.4 2023-04-04 12:39:56 +02:00
Claire 05c45e9eeb Fix unescaped user input in LDAP query (#24379)
Fix CVE-2023-28853
2023-04-04 12:39:56 +02:00
Claire 448986438e Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327) 2023-04-04 12:39:56 +02:00
Claire 274bb193b2 Fix invalid/expired invites being processed on sign-up (#24337) 2023-04-04 12:39:56 +02:00
Sai 46b91cd817 Update Ruby to 3.0.6 (#24333) 2023-04-04 12:39:56 +02:00
mhkhung acc277a152 3.0.5 version of cimg/ruby:3.0-node upgraded to node 18 (#21873)
Node 18 caused build to fail
2023-04-04 12:39:56 +02:00
Robert R George 971e8b8f5f Wrap db:setup with Chewy.strategy(:mastodon) (#24302) 2023-04-04 12:39:56 +02:00
Claire aa37eeadf3 Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2023-04-04 12:39:56 +02:00
Claire f75fba0531 Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled (#24182) 2023-04-04 12:39:56 +02:00
Claire 2125dbf610 Bump version to v4.0.3 2023-03-16 22:49:35 +01:00
Claire 9715a211c7 Add warning for object storage misconfiguration (#24137) 2023-03-16 22:49:35 +01:00
Eugen Rochko a6217bd035 Change user backups to use expiring URLs for download when possible (#24136) 2023-03-16 22:49:35 +01:00
Claire 3e9978071b Update changelog 2023-03-16 22:05:00 +01:00