paravielfalt/mastodon

Author	SHA1	Message	Date
Claire	bd2429b716	Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886 )	2023-07-21 16:07:35 +02:00
Michael Stanclift	8695409035	Fix trending publishers table not rendering correctly on narrow screens (#25945 )	2023-07-21 16:07:35 +02:00
Claire	60b70755be	Bump version to v4.0.6	2023-07-07 19:36:12 +02:00
Claire	0716346194	Update sanitize	2023-07-07 19:36:12 +02:00
Claire	93a87b96c7	Fix processing of media files with unusual names (#25788 )	2023-07-07 19:36:12 +02:00
Claire	614aaeff41	Fix crash in admin interface when viewing a remote user with verified links (#25796 )	2023-07-07 19:36:12 +02:00
Claire	237f2adfa6	Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794 )	2023-07-07 19:36:12 +02:00
Claire	8d7f6550f9	Bump version to v4.0.5	2023-07-06 15:07:46 +02:00
Claire	2d42175ef0	Merge pull request from GHSA-55j9-c3mp-6fcq	2023-07-06 15:06:50 +02:00
Claire	3af396e561	Merge pull request from GHSA-9pxv-6qvf-pjwc * Fix timeout handling of outbound HTTP requests * Use CLOCK_MONOTONIC instead of Time.now	2023-07-06 15:06:24 +02:00
Claire	2119aadf0a	Merge pull request from GHSA-9928-3cp5-93fm * Fix attachments getting processed despite failing content-type validation * Add a restrictive ImageMagick security policy tailored for Mastodon * Fix misdetection of MP3 files with large cover art * Reject unprocessable audio/video files instead of keeping them unchanged	2023-07-06 15:05:05 +02:00
Claire	102ed6e8ca	Merge pull request from GHSA-ccm4-vgcc-73hp * Tighten allowed HTML in oEmbed-based preview cards * Sanitize preview cards at render time * Add `sandbox` attribute to preview card iframes	2023-07-06 15:03:33 +02:00
Claire	f626e0d228	Add hardened headers to user-uploaded files (#25756 )	2023-07-06 14:33:32 +02:00
Claire	35830cd8cc	Update dependencies	2023-07-06 13:45:58 +02:00
Renaud Chaput	94c67e8bfd	Allow carets in URL search params (#25216 )	2023-07-06 13:45:58 +02:00
Vyr Cossont	798d26dd04	Fix Redis client and type errors introduced in #24285 (#24342 )	2023-07-06 13:45:58 +02:00
Vyr Cossont	9ad33eb160	IndexingScheduler: fetch and import in batches (#24285 ) Co-authored-by: Claire <claire.github-309c@sitedethib.com>	2023-07-06 13:45:58 +02:00
Claire	5e55ca25d6	Fix ResolveURLService not resolving local URLs for remote content (#25637 )	2023-07-06 13:45:58 +02:00
Claire	0bcb4f73f1	Change /api/v1/statuses/:id/history to always return at least one item (#25510 )	2023-07-06 13:45:58 +02:00
Claire	04f76675d1	Add finer permission requirements for managing webhooks (#25463 )	2023-07-06 13:45:58 +02:00
Claire	53acab6d2b	Fix wrong view being displayed when a webhook fails validation (#25464 )	2023-07-06 13:45:58 +02:00
Emelia Smith	78358b84b9	Prevent UserCleanupScheduler from overwhelming streaming (#25519 )	2023-07-06 13:45:58 +02:00
Daniel M Brasil	c285f9d1a1	Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477 )	2023-07-06 13:45:58 +02:00
Emelia Smith	42bffbc337	Fix logging of messages that are binary before closing their connection (#25361 )	2023-07-06 13:45:58 +02:00
Emelia Smith	f94aee0ed5	Fix performance of streaming by parsing message JSON once (#25278 )	2023-07-06 13:45:58 +02:00
Claire	41a0a3c87f	Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273 )	2023-07-06 13:45:58 +02:00
Daniel M Brasil	995ad9602b	Fix `tootctl accounts approve --number N` not aproving N earliest registrations (#24605 )	2023-07-06 13:45:58 +02:00
Claire	660845f781	Change profile updates to be sent to recently-mentioned servers (#24852 )	2023-07-06 13:45:58 +02:00
Claire	0b627dcf9e	Fix being able to vote on your own polls (#25015 )	2023-07-06 13:45:58 +02:00
Claire	a3f58ceea4	Fix race condition when reblogging a status (#25016 )	2023-07-06 13:45:58 +02:00
Claire	bb87736bf0	Change OpenGraph-based embeds to allow fullscreen (#25058 )	2023-07-06 13:45:58 +02:00
Claire	37972fe3c7	Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060 )	2023-07-06 13:45:58 +02:00
Claire	64416e4000	Remove invalid X-Frame-Options: ALLOWALL (#25070 )	2023-07-06 13:45:58 +02:00
Claire	eceb960744	Change Identity to not destroy associated User on destroy (#25098 )	2023-07-06 13:45:58 +02:00
Claire	ebe009ff09	Fix /api/v1/conversations sometimes returning empty accounts (#25499 )	2023-07-06 13:45:58 +02:00
Claire	2617c33fc3	Fix ArgumentError when loading newer Private Mentions (#25399 )	2023-07-06 13:45:58 +02:00
Claire	d81b891fa8	Fix multiple N+1s in ConversationsController (#25134 )	2023-07-06 13:45:58 +02:00
Claire	a705bb84e6	Fix user archive takeouts when using OpenStack Swift (#24431 )	2023-07-06 13:45:58 +02:00
Claire	214c367095	Bump version to v4.0.4	2023-04-04 12:39:56 +02:00
Claire	05c45e9eeb	Fix unescaped user input in LDAP query (#24379 ) Fix CVE-2023-28853	2023-04-04 12:39:56 +02:00
Claire	448986438e	Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327 )	2023-04-04 12:39:56 +02:00
Claire	274bb193b2	Fix invalid/expired invites being processed on sign-up (#24337 )	2023-04-04 12:39:56 +02:00
Sai	46b91cd817	Update Ruby to 3.0.6 (#24333 )	2023-04-04 12:39:56 +02:00
mhkhung	acc277a152	3.0.5 version of cimg/ruby:3.0-node upgraded to node 18 (#21873 ) Node 18 caused build to fail	2023-04-04 12:39:56 +02:00
Robert R George	971e8b8f5f	Wrap db:setup with Chewy.strategy(:mastodon) (#24302 )	2023-04-04 12:39:56 +02:00
Claire	aa37eeadf3	Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200 )	2023-04-04 12:39:56 +02:00
Claire	f75fba0531	Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled (#24182 )	2023-04-04 12:39:56 +02:00
Claire	2125dbf610	Bump version to v4.0.3	2023-03-16 22:49:35 +01:00
Claire	9715a211c7	Add warning for object storage misconfiguration (#24137 )	2023-03-16 22:49:35 +01:00
Eugen Rochko	a6217bd035	Change user backups to use expiring URLs for download when possible (#24136 )	2023-03-16 22:49:35 +01:00

1 2 3 4 5 ...

12399 commits