paravielfalt/mastodon
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions
11761 commits 79 branches 301 tags 756 MiB
Commit graph

11761 commits

This branch
This branch
All branches
Author SHA1 Message Date
Claire
e9123ad691 Bump version to v3.5.19
Some checks failed
Build container release images / build-image (push) Failing after 4m0s
Details
2024-02-16 11:57:45 +01:00
Claire
c397c1a9e3
Merge pull request from GHSA-jhrq-qvrm-qr36 
* Fix insufficient Content-Type checking of fetched ActivityStreams objects

* Allow JSON-LD documents with multiple profiles
 2024-02-16 11:56:12 +01:00
Claire
d509b6b342 Fix user creation failure handling in OmniAuth paths (#29207) 
Co-authored-by: Matt Jankowski <matt@jankowski.online>
 2024-02-14 23:26:29 +01:00
Claire
44c265e4c7 Bump version to v3.5.18
Some checks failed
Build container release images / build-image (push) Failing after 3m40s
Details
2024-02-14 15:17:48 +01:00
Claire
4a57e44809
Merge pull request from GHSA-vm39-j3vx-pch3 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
 2024-02-14 15:16:07 +01:00
Claire
47c6079d8d
Merge pull request from GHSA-7w3c-p9j8-mq3x 
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
 2024-02-14 15:15:34 +01:00
Claire
69205dff9a Add sidekiq_unique_jobs:delete_all_locks task and disable sidekiq-unique-jobs UI by default (#29199) 2024-02-14 13:18:08 +01:00
Emelia Smith
d187195f2c Disable administrative doorkeeper routes (#29187) 2024-02-14 12:13:33 +01:00
blah
3387868dd9 Update dependency sidekiq-unique-jobs to 7.1.33 2024-02-14 12:13:33 +01:00
blah
3ba6ed76ea Update dependency nokogiri to 1.16.2 2024-02-14 12:13:33 +01:00
Claire
b1ed009c65
Merge pull request from GHSA-3fjr-858r-92rw
Some checks failed
Build container release images / build-image (push) Failing after 4m13s
Details 
* Fix insufficient origin validation

* Bump version to v3.5.17
 2024-02-01 15:56:46 +01:00
Claire
35f21191ee Bump version to v3.5.16
Some checks failed
Build container release images / build-image (push) Failing after 4m2s
Details
2023-12-04 15:27:44 +01:00
Claire
2ffce0d5f7 Fix processing LDSigned activities from actors with unknown public keys (#27474) 2023-12-04 15:27:44 +01:00
Claire
688defd60d Change GIF max matrix size error to explicitly mention GIF files (#27927) 2023-12-04 15:27:44 +01:00
Jonathan de Jong
d9b05f6860 Have Follow activities bypass availability (#27586) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-12-04 15:27:44 +01:00
Claire
f3fd8d8695 Clamp dates when serializing to Elasticsearch API (#28081) 2023-12-04 15:27:44 +01:00
Claire
49693fe42f Fix incoming status creation date not being restricted to standard ISO8601 (#27655) 2023-12-04 15:27:44 +01:00
Claire
16262f815d Fix posts from force-sensitized accounts being able to trend (#27620) 2023-12-04 15:27:44 +01:00
Claire
d4e0a12b27 Change Content-Security-Policy to be tighter on media paths (#26889) 2023-12-04 15:27:44 +01:00
Claire
db59d8486b Bump version to v3.5.15
Some checks reported warnings
Build container release images / build-image (push) Has been cancelled
Details
2023-10-10 13:50:10 +02:00
Matt Jankowski
7fb3ee0bc6 Dont match mention in url query string (#25656) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-10-10 13:50:10 +02:00
David Aaron
9bd027823d Change min age of backup policy from 1 week to 6 days (#27200) 2023-10-10 13:50:10 +02:00
Jakob Gillich
57d4d46050 Fix importer returning negative row estimates (#27258) 2023-10-10 13:50:10 +02:00
Claire
c91116f780 Fix filtering audit log for entries about disabling 2FA (#27186) 2023-10-10 13:50:10 +02:00
Essem
f45b5f5006 Properly remove tIME chunk from PNG uploads (#27111) 2023-10-10 13:50:10 +02:00
Claire
47441e51f3 Fix crash when filtering for “dormant” relationships (#27306) 2023-10-10 13:50:10 +02:00
Claire
af02650322 Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116) 2023-10-10 13:50:10 +02:00
Claire
75346a71f7 Bump version to v3.5.14 2023-09-19 17:01:17 +02:00
Claire
49af3e26dc Fix moderator rights inconsistencies (#26729) 2023-09-19 17:01:17 +02:00
Claire
412c3e13ec Fix crash when encountering invalid URL (#26814) 2023-09-19 17:01:17 +02:00
Claire
31c5e63a58 Fix cached posts including stale stats (#26409) 2023-09-19 17:01:17 +02:00
Nicolai Søborg
e8eeb746ac Fix frame_rate for videos where ffprobe reports 0/0 (#26500) 2023-09-19 17:01:17 +02:00
yufushiro
0158c31c02 Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-09-19 17:01:17 +02:00
Claire
9deb178126
Merge pull request from GHSA-v3xf-c9qf-j667 2023-09-19 16:53:58 +02:00
Claire
8e6fe19225
Change Dockerfile to upgrade packages when building (#26931) 
Co-authored-by: Renaud Chaput <renchap@gmail.com>
 2023-09-18 08:31:53 +02:00
Claire
4eb709ea7e
Update actions for stable-3.5 (#26804) 
Co-authored-by: Renaud Chaput <renchap@gmail.com>
 2023-09-06 09:18:28 +02:00
Claire
86a31fc019
Fix Dockerfile installing incompatible npm version (#26803) 2023-09-05 17:46:39 +02:00
Claire
16e47e1aae Bump version to v3.5.13 2023-09-05 17:22:43 +02:00
Emelia Smith
dcffd6b3d7 Allow reports with long comments from remote instances, but truncate (#25028) 2023-09-05 17:22:43 +02:00
Daniel M Brasil
8de0f7e198 Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (#26237) 2023-09-05 17:22:43 +02:00
Claire
e37551421e Fix blocking subdomains of an already-blocked domain (#26392) 2023-09-05 17:22:43 +02:00
Claire
2e0eab9d18 Change text extraction in PlainTextFormatter to be faster (#26727) 2023-09-05 17:22:43 +02:00
Claire
ce75c175cd
Backport container build changes to the stable-3.5 branch (#26742) 
Co-authored-by: Renaud Chaput <renchap@gmail.com>
 2023-08-31 19:54:17 +02:00
Claire
a3d31ffc1e Bump version to v3.5.12 2023-07-31 14:33:27 +02:00
Emelia Smith
50f4af28b0 Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228) 2023-07-31 14:33:27 +02:00
Claire
e655b35d7e Fix incorrect connect timeout in outgoing requests (#26116) 2023-07-31 14:33:27 +02:00
Claire
80c00f4aa5 Bump version to v3.5.11 2023-07-21 16:07:24 +02:00
Claire
1a0192537d Add check preventing Sidekiq workers from running with Makara configured (#25850) 
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
 2023-07-21 16:07:24 +02:00
Claire
668cd00e13 Fix testsuite failure introduced in last release 2023-07-21 16:07:24 +02:00
Claire
0bd52de492 Fix CSP headers being unintendedly wide (#26105) 2023-07-21 16:07:24 +02:00