paravielfalt/mastodon
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Activity Actions
12962 commits 79 branches 306 tags 765 MiB
Commit graph

12962 commits

This branch
This branch
All branches
Author SHA1 Message Date
Claire
6499850ac4 Bump version to v4.1.14
Some checks failed
PR Needs Rebase / label-rebase-needed (push) Failing after 3s
Details
Build container release images / build-image (push) Failing after 3m51s
Details
2024-02-14 15:16:55 +01:00
Claire
6f36b633a7
Merge pull request from GHSA-vm39-j3vx-pch3 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
 2024-02-14 15:16:07 +01:00
Claire
d807b3960e
Merge pull request from GHSA-7w3c-p9j8-mq3x 
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
 2024-02-14 15:15:34 +01:00
Claire
2f6518cae2 Add sidekiq_unique_jobs:delete_all_locks task and disable sidekiq-unique-jobs UI by default (#29199) 2024-02-14 13:17:55 +01:00
Emelia Smith
cdbe2855f3 Disable administrative doorkeeper routes (#29187) 2024-02-14 11:34:46 +01:00
blah
fdde3cdb4e Update dependency sidekiq-unique-jobs to 7.1.33 2024-02-14 11:34:46 +01:00
blah
ce9c641d9a Update dependency nokogiri to 1.16.2 2024-02-14 11:26:27 +01:00
Claire
5799bc4af7
Merge pull request from GHSA-3fjr-858r-92rw
Some checks failed
Build container release images / build-image (push) Failing after 3m33s
Details
PR Needs Rebase / label-rebase-needed (push) Failing after 4s
Details 
* Fix insufficient origin validation

* Bump version to v4.1.13
 2024-02-01 15:56:46 +01:00
Claire
fc4e2eca9f Bump version to v4.1.12
Some checks failed
PR Needs Rebase / label-rebase-needed (push) Failing after 3s
Details
Build container release images / build-image (push) Failing after 3m36s
Details
2024-01-24 15:31:06 +01:00
Claire
2e8943aecd Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-24 15:31:06 +01:00
Claire
e6072a8d13 Fix error when processing remote files with unusually long names (#28823) 2024-01-24 15:31:06 +01:00
Claire
460e4fbdd6 Fix processing of compacted single-item JSON-LD collections (#28816) 2024-01-24 15:31:06 +01:00
Jonathan de Jong
de60322711 Retry 401 errors on replies fetching (#28788) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-01-24 15:31:06 +01:00
Jeong Arm
90bb870680 Ignore RecordNotUnique errors in LinkCrawlWorker (#28748) 2024-01-24 15:31:06 +01:00
Claire
9292d998fe Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2024-01-24 15:31:06 +01:00
Claire
92643f48de Convert signature verification specs to request specs (#28443) 2024-01-24 15:31:06 +01:00
Claire
458620bdd4 Fix potential redirection loop of streaming endpoint (#28665) 2024-01-24 15:31:06 +01:00
Claire
a1a71263e0 Fix streaming API redirection ignoring the port of streaming_api_base_url (#28558) 2024-01-24 15:31:06 +01:00
MitarashiDango
4c5575e8e0 Fix Undo Announce activity is not sent, when not followed by the reblogged post author (#18482) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-01-24 15:31:06 +01:00
Claire
a2ddd849e2 Fix LinkCrawlWorker error when encountering empty OEmbed response (#28268) 2024-01-24 15:31:06 +01:00
Claire
2e4d43933d
Fix SQL query in /api/v1/directory (#28412) 2023-12-18 11:03:20 +01:00
Claire
363bedd050 Bump version to v4.1.11
Some checks failed
PR Needs Rebase / label-rebase-needed (push) Failing after 3s
Details
Build container release images / build-image (push) Failing after 4m9s
Details
2023-12-04 15:28:02 +01:00
Claire
cc94c70970 Clamp dates when serializing to Elasticsearch API (#28081) 2023-12-04 15:28:02 +01:00
Claire
613d00706c Change GIF max matrix size error to explicitly mention GIF files (#27927) 2023-12-04 15:28:02 +01:00
Jonathan de Jong
8bbe2b970f Have Follow activities bypass availability (#27586) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-12-04 15:28:02 +01:00
Claire
803e15a3cf Fix incoming status creation date not being restricted to standard ISO8601 (#27655) 2023-12-04 15:28:02 +01:00
Claire
1d835c9423 Fix posts from force-sensitized accounts being able to trend (#27620) 2023-12-04 15:28:02 +01:00
Claire
ab68df9af0 Fix hashtag matching pattern matching some URLs (#27584) 2023-12-04 15:28:02 +01:00
Claire
a89a25714d Fix some link anchors being recognized as hashtags (#27271) 2023-12-04 15:28:02 +01:00
Claire
1210524a3d Fix processing LDSigned activities from actors with unknown public keys (#27474) 2023-12-04 15:28:02 +01:00
Claire
ff3a9dad0d Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (#27459) 2023-12-04 15:28:02 +01:00
Claire
3ef0a19bac Fix report processing notice not mentioning the report number when performing a custom action (#27442) 2023-12-04 15:28:02 +01:00
Claire
78e457614c Change Content-Security-Policy to be tighter on media paths (#26889) 2023-12-04 15:28:02 +01:00
Claire
1e896e99d2
Update dependencies (#27354)
Some checks reported warnings
PR Needs Rebase / label-rebase-needed (push) Has been cancelled
Details
Build container release images / build-image (push) Has been cancelled
Details
2023-10-10 15:32:42 +02:00
Claire
df60d04dc1 Bump version to v4.1.10 2023-10-10 13:51:56 +02:00
Matt Jankowski
335982325e Dont match mention in url query string (#25656) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-10-10 13:51:56 +02:00
Claire
15c5727f71 Add a short-lived lock to trend refresh scheduler (#27253) 2023-10-10 13:51:56 +02:00
David Aaron
f8154cf732 Change min age of backup policy from 1 week to 6 days (#27200) 2023-10-10 13:51:56 +02:00
Jakob Gillich
45669ac5e6 Fix importer returning negative row estimates (#27258) 2023-10-10 13:51:56 +02:00
Claire
8d73fbee87 Change some worker lock TTLs (#27246) 2023-10-10 13:51:56 +02:00
Claire
f1d3eda159 Fix filtering audit log for entries about disabling 2FA (#27186) 2023-10-10 13:51:56 +02:00
Essem
c97fbabb61 Properly remove tIME chunk from PNG uploads (#27111) 2023-10-10 13:51:56 +02:00
Claire
f2fff6be66 Fix crash when filtering for “dormant” relationships (#27306) 2023-10-10 13:51:56 +02:00
Claire
b40c42fd1e Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116) 2023-10-10 13:51:56 +02:00
Claire
9950e59578
Disable setting the latest tag for 4.1 docker builds (#27023) 2023-09-21 18:14:24 +02:00
Claire
e4c0aaf626
Bump version to v4.1.9 (#26997) 2023-09-20 17:25:05 +02:00
Claire
5d93c5f019
Fix post translation erroring out (v4.1.x) (#26990) 2023-09-20 15:59:57 +02:00
Claire
af0ee12908
Disable ruby linting for 4.1.x branch (#26993) 2023-09-20 12:54:08 +02:00
Claire
46bd58f74d Bump version to v4.1.8 2023-09-19 17:01:44 +02:00
Claire
d6c0ae995c Fix post edits not being forwarded as expected (#26936) 2023-09-19 17:01:44 +02:00