Commit Graph

12922 Commits (f1d3eda159fcc9341a19d1d8060a556f8801d7d4)

Author SHA1 Message Date
Claire f1d3eda159 Fix filtering audit log for entries about disabling 2FA (#27186) 2023-10-10 13:51:56 +02:00
Essem c97fbabb61 Properly remove tIME chunk from PNG uploads (#27111) 2023-10-10 13:51:56 +02:00
Claire f2fff6be66 Fix crash when filtering for “dormant” relationships (#27306) 2023-10-10 13:51:56 +02:00
Claire b40c42fd1e Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116) 2023-10-10 13:51:56 +02:00
Claire 9950e59578
Disable setting the `latest` tag for 4.1 docker builds (#27023) 2023-09-21 18:14:24 +02:00
Claire e4c0aaf626
Bump version to v4.1.9 (#26997) 2023-09-20 17:25:05 +02:00
Claire 5d93c5f019
Fix post translation erroring out (v4.1.x) (#26990) 2023-09-20 15:59:57 +02:00
Claire af0ee12908
Disable ruby linting for 4.1.x branch (#26993) 2023-09-20 12:54:08 +02:00
Claire 46bd58f74d Bump version to v4.1.8 2023-09-19 17:01:44 +02:00
Claire d6c0ae995c Fix post edits not being forwarded as expected (#26936) 2023-09-19 17:01:44 +02:00
Claire 5fd89e53d2 Fix moderator rights inconsistencies (#26729) 2023-09-19 17:01:44 +02:00
Claire 5caade9fb0 Fix crash when encountering invalid URL (#26814) 2023-09-19 17:01:44 +02:00
Claire 34959eccd2 Fix cached posts including stale stats (#26409) 2023-09-19 17:01:44 +02:00
Nicolai Søborg 21bf42bca1 Fix `frame_rate` for videos where `ffprobe` reports 0/0 (#26500) 2023-09-19 17:01:44 +02:00
yufushiro 7802837885 Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-09-19 17:01:44 +02:00
Claire 48ee3ae13d
Merge pull request from GHSA-v3xf-c9qf-j667 2023-09-19 16:53:58 +02:00
Claire 5f9511c389
Merge pull request from GHSA-2693-xr3m-jhqr 2023-09-19 16:53:21 +02:00
Claire 38a5d92f38
Change Dockerfile to upgrade packages when building (#26929)
Co-authored-by: Renaud Chaput <renchap@gmail.com>
2023-09-18 08:32:04 +02:00
Claire 7f7e068975
Update actions for stable-4.1 (#26815)
Co-authored-by: Renaud Chaput <renchap@gmail.com>
2023-09-06 12:19:02 +02:00
Claire 5f88a2d70b Bump version to v4.1.7 2023-09-05 19:16:09 +02:00
Emelia Smith cf80d54cba Allow reports with long comments from remote instances, but truncate (#25028) 2023-09-05 19:16:09 +02:00
Daniel M Brasil ea7fa048f3 Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled (#26237) 2023-09-05 19:16:09 +02:00
Claire 6339806f05 Fix blocking subdomains of an already-blocked domain (#26392) 2023-09-05 19:16:09 +02:00
Claire 86afbf25d0 Change text extraction in `PlainTextFormatter` to be faster (#26727) 2023-09-05 19:16:09 +02:00
Claire 1ad64b5557
Backport container build changes to the stable-4.1 branch (#26738)
Co-authored-by: Renaud Chaput <renchap@gmail.com>
2023-08-31 19:54:10 +02:00
Claire ac7d40b561 Bump version to v4.1.6 2023-07-31 14:33:06 +02:00
Renaud Chaput 2fc6117d1b Fix missing return values in streaming (#26233) 2023-07-31 14:33:06 +02:00
Emelia Smith 2eb1a5b7b6 Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228) 2023-07-31 14:33:06 +02:00
Claire 6c321bb5e1 Fix incorrect connect timeout in outgoing requests (#26116) 2023-07-31 14:33:06 +02:00
Emelia Smith da230600ac Refactor streaming's filtering logic & improve documentation (#26213) 2023-07-31 14:33:06 +02:00
Claire 1792be342a Fix wrong filters sometimes applying in streaming (#26159) 2023-07-31 14:33:06 +02:00
Claire ebf4f034c2 Bump version to v4.1.5 2023-07-21 16:07:43 +02:00
Claire 889102013f Fix CSP headers being unintendedly wide (#26105) 2023-07-21 16:07:43 +02:00
Claire d94a2c8aca Change request timeout handling to use a longer deadline (#26055) 2023-07-21 16:07:43 +02:00
Claire efd066670d Fix moderation interface for remote instances with a .zip TLD (#25885) 2023-07-21 16:07:43 +02:00
Claire 13ec425b72 Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886) 2023-07-21 16:07:43 +02:00
Michael Stanclift 7a99f0744d Fix trending publishers table not rendering correctly on narrow screens (#25945) 2023-07-21 16:07:43 +02:00
Claire 69c8f26946
Add check preventing Sidekiq workers from running with Makara configured (#25850)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-21 14:18:04 +02:00
Claire 3f5af768c8 Bump version to v4.1.4 2023-07-07 19:37:21 +02:00
Claire cb8ab46302 Update dependencies 2023-07-07 19:37:21 +02:00
Claire 53b979d5c7 Fix processing of media files with unusual names (#25788) 2023-07-07 19:37:21 +02:00
Claire f2bbac3f9f Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 19:37:21 +02:00
Claire 015ed99612 Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) 2023-07-07 19:37:21 +02:00
nemobis cf58535193 Fix typo in CHANGELOG.md (#25764) 2023-07-07 19:37:21 +02:00
Claire 0d5781ca76 Bump version to v4.1.3 2023-07-06 15:07:20 +02:00
Claire 32ebeed59b
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:50 +02:00
Claire e75ad1de0f
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire 0aa0b71f2c
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire c4f2609f7a
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire 9b6c0cac7d Add hardened headers to user-uploaded files (#25756) 2023-07-06 14:32:26 +02:00