paravielfalt/mastodon
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions
14571 commits 79 branches 301 tags 756 MiB
Commit graph

7961 commits

Author SHA1 Message Date
Sirius
ec1f61e4b4
Merge tag 'v4.2.10' of https://github.com/mastodon/mastodon into paravielfalt-4.2
All checks were successful
Build Image for Deployment / build (push) Successful in 6m12s
Details
2024-07-04 19:03:13 +02:00
Claire
d4bf22b632
Merge pull request from GHSA-xjvf-fm67-4qc3 2024-07-04 16:45:52 +02:00
Claire
4fb4721072
Merge pull request from GHSA-58x8-3qxw-6hm7 
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
 2024-07-04 16:26:49 +02:00
Claire
df974a912b
Merge pull request from GHSA-vp5r-5pgw-jwqx 
* Fix streaming sessions not being closed when revoking access to an app

* Add tests for GHSA-7w3c-p9j8-mq3x
 2024-07-04 16:11:28 +02:00
Claire
6cd9bd6ae1 fix: Return HTTP 422 when scheduled status time is less than 5 minutes (#30584) 2024-07-03 10:57:46 +02:00
David Roetzel
9b6219c48f Improve encoding detection for link cards (#30780) 2024-07-03 10:57:46 +02:00
Eugen Rochko
88b2d6eca5 Change search modifiers to be case-insensitive (#30865) 2024-07-03 10:57:46 +02:00
David Roetzel
846f59c6e9 Add size limit for link preview URLs (#30854) 2024-07-03 10:57:46 +02:00
Claire
fcae9435ec Fix /admin/accounts/:account_id/statuses/:id for edited posts with media attachments (#30819) 2024-07-02 15:08:24 +02:00
Claire
19ed22dc58 Fix duplicate @context attribute in user export (#30653) 2024-06-18 15:37:41 +02:00
Claire
520b2086af Change PWA start URL from /home to / (#27377) 2024-06-18 15:37:41 +02:00
Sirius
b76bb18664
Merge tag 'v4.2.9' of ssh://git.rabbithole.cyou:2222/paravielfalt/mastodon into paravielfalt-4.2
Some checks failed
Build Image for Deployment / build (push) Failing after 1m14s
Details
2024-06-16 15:17:14 +02:00
Claire
943792c187
Merge pull request from GHSA-5fq7-3p3j-9vrf 2024-05-30 14:03:13 +02:00
Emelia Smith
186f916192 Fix: remove broken OAuth Application vacuuming & throttle OAuth Application registrations (#30316) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-05-29 16:39:26 +02:00
Claire
f9c41ae43b Normalize language code of incoming posts (#30403) 2024-05-29 15:31:26 +02:00
Emelia Smith
67b2e62331 Fix missing destory audit logs for Domain Allows (#30125) 2024-05-17 12:30:00 +02:00
Claire
56b7d1a7b6 Fix not being able to block a subdomain of an already-blocked domain through the API (#30119) 2024-05-17 12:30:00 +02:00
Claire
51ef619140 Fix Idempotency-Key ignored when scheduling a post (#30084) 2024-05-17 12:30:00 +02:00
Tim Rogers
e69780ec59 Fixed crash when supplying FFMPEG_BINARY environment variable (#30022) 2024-05-17 12:30:00 +02:00
Claire
c3be5a3d2e Remove caching in cache_collection (#29862) 2024-05-17 12:30:00 +02:00
Claire
86807e4799 Improve email address validation (#29838) 2024-05-17 12:30:00 +02:00
Matt Jankowski
0143c9d3e1 Fix results/query in api/v1/featured_tags/suggestions (#29597) 2024-05-17 12:30:00 +02:00
Jeong Arm
ab3f9852f2 Normalize idna domain before account unblock domain (#29530) 2024-05-17 12:30:00 +02:00
Emelia Smith
f784213c64 Return domain block digests from admin domain blocks API (#29092) 2024-05-17 12:30:00 +02:00
Claire
6536d96d1b Add fallback redirection when getting a webfinger query WEB_DOMAIN@WEB_DOMAIN (#28592) 2024-05-17 12:30:00 +02:00
Sirius
aa63b75146
Merge tag 'v4.2.8' of https://github.com/mastodon/mastodon into paravielfalt-4.2
Some checks failed
Build Image for Deployment / build (push) Failing after 40s
Details
2024-02-26 10:44:54 +01:00
Claire
f3ad918950
Fix processing of Link objects in Image objects (#29363) 2024-02-23 09:53:04 +01:00
Claire
9a7802655f
Fix link verifications when page size exceeds 1MB (#29361) 2024-02-22 19:12:53 +01:00
Claire
328a9b8157
Change registrations to be disabled by default for new servers (#29353) 2024-02-22 18:15:59 +01:00
Claire
4fd22acb4a
Fix auto-close email being sent to users with devops permissions instead of settings permissions (#29356) 2024-02-22 18:15:38 +01:00
Claire
28b666b0d5
Automatically switch from open to approved registrations in absence of moderators (#29337) 2024-02-22 14:39:42 +01:00
Sirius
451b8565c3
Merge tag 'v4.2.7' of https://github.com/mastodon/mastodon into paravielfalt-4.2
All checks were successful
Build Image for Deployment / build (push) Successful in 7m34s
Details
2024-02-18 23:06:59 +01:00
Claire
15de520201
Merge pull request from GHSA-jhrq-qvrm-qr36 
* Fix insufficient Content-Type checking of fetched ActivityStreams objects

* Allow JSON-LD documents with multiple profiles
 2024-02-16 11:56:12 +01:00
Claire
870ee80fd3 Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 22:55:31 +01:00
Sirius
0b25960aa9
Merge tag 'v4.2.6' of https://github.com/mastodon/mastodon into paravielfalt-4.2
Some checks failed
Build Image for Deployment / build (push) Has been cancelled
Details
2024-02-14 17:41:03 +01:00
Claire
f1700523f1
Merge pull request from GHSA-vm39-j3vx-pch3 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
 2024-02-14 15:16:07 +01:00
Claire
0b0c7af2c1
Merge pull request from GHSA-7w3c-p9j8-mq3x 
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
 2024-02-14 15:15:34 +01:00
Sirius
8f87084a12
Merge tag 'v4.2.5' of https://github.com/mastodon/mastodon into paravielfalt-4.2
All checks were successful
Build Image for Deployment / build (push) Successful in 8m15s
Details
2024-02-01 19:20:48 +01:00
Claire
a6641f828b
Merge pull request from GHSA-3fjr-858r-92rw
Some checks failed
Build container release images / build-image (push) Failing after 3m22s
Details 
* Fix insufficient origin validation

* Bump version to v4.2.5
 2024-02-01 15:56:46 +01:00
Claire
b377f82b1d Fix processing of compacted single-item JSON-LD collections (#28816) 2024-01-24 15:31:13 +01:00
Claire
6fe2a47357 Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-24 15:31:13 +01:00
Jonathan de Jong
2dbf176d23 Retry 401 errors on replies fetching (#28788) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-01-24 15:31:13 +01:00
Jeong Arm
499bc716a5 Ignore RecordNotUnique errors in LinkCrawlWorker (#28748) 2024-01-24 15:31:13 +01:00
Claire
3837ec2227 Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2024-01-24 15:31:13 +01:00
Claire
c0a9db3611 Fix potential redirection loop of streaming endpoint (#28665) 2024-01-24 15:31:13 +01:00
Claire
01caa18e5b Fix streaming API redirection ignoring the port of streaming_api_base_url (#28558) 2024-01-24 15:31:13 +01:00
Claire
c609b726cb Fix error when processing link preview with an array as inLanguage (#28252) 2024-01-24 15:31:13 +01:00
Eugen Rochko
4d96d716c4 Fix unsupported time zone or locale preventing sign-up (#28035) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-01-24 15:31:13 +01:00
Brian Holley
3ecc991f63 Fix "Hide these posts from home" list setting not refreshing when switching lists (#27763) 2024-01-24 15:31:13 +01:00
Eugen Rochko
8f2dac0567 Fix missing background behind dismissable banner in web UI (#27479) 2024-01-24 15:31:13 +01:00