Commit graph

6922 commits

Author SHA1 Message Date
Emelia Smith
d3e97e8c23 Allow reports with long comments from remote instances, but truncate (#25028) 2023-09-05 18:51:01 +02:00
Daniel M Brasil
db8db60244 Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (#26237) 2023-09-05 18:51:01 +02:00
Claire
d30fbc0900 Fix blocking subdomains of an already-blocked domain (#26392) 2023-09-05 18:51:01 +02:00
Claire
a62d9a9a78 Change text extraction in PlainTextFormatter to be faster (#26727) 2023-09-05 18:51:01 +02:00
Claire
fea5640374 Fix incorrect connect timeout in outgoing requests (#26116) 2023-07-31 14:33:14 +02:00
Claire
aca0db4bd6 Change request timeout handling to use a longer deadline (#26055) 2023-07-21 16:07:35 +02:00
Claire
bd2429b716 Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886) 2023-07-21 16:07:35 +02:00
Michael Stanclift
8695409035 Fix trending publishers table not rendering correctly on narrow screens (#25945) 2023-07-21 16:07:35 +02:00
Claire
93a87b96c7 Fix processing of media files with unusual names (#25788) 2023-07-07 19:36:12 +02:00
Claire
614aaeff41 Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 19:36:12 +02:00
Claire
2d42175ef0
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:50 +02:00
Claire
3af396e561
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire
2119aadf0a
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
102ed6e8ca
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Vyr Cossont
798d26dd04 Fix Redis client and type errors introduced in #24285 (#24342) 2023-07-06 13:45:58 +02:00
Vyr Cossont
9ad33eb160 IndexingScheduler: fetch and import in batches (#24285)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-06 13:45:58 +02:00
Claire
5e55ca25d6 Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-07-06 13:45:58 +02:00
Claire
0bcb4f73f1 Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2023-07-06 13:45:58 +02:00
Claire
04f76675d1 Add finer permission requirements for managing webhooks (#25463) 2023-07-06 13:45:58 +02:00
Claire
53acab6d2b Fix wrong view being displayed when a webhook fails validation (#25464) 2023-07-06 13:45:58 +02:00
Emelia Smith
78358b84b9 Prevent UserCleanupScheduler from overwhelming streaming (#25519) 2023-07-06 13:45:58 +02:00
Daniel M Brasil
c285f9d1a1 Fix incorrect pagination headers in /api/v2/admin/accounts (#25477) 2023-07-06 13:45:58 +02:00
Claire
660845f781 Change profile updates to be sent to recently-mentioned servers (#24852) 2023-07-06 13:45:58 +02:00
Claire
0b627dcf9e Fix being able to vote on your own polls (#25015) 2023-07-06 13:45:58 +02:00
Claire
a3f58ceea4 Fix race condition when reblogging a status (#25016) 2023-07-06 13:45:58 +02:00
Claire
bb87736bf0 Change OpenGraph-based embeds to allow fullscreen (#25058) 2023-07-06 13:45:58 +02:00
Claire
37972fe3c7 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2023-07-06 13:45:58 +02:00
Claire
64416e4000 Remove invalid X-Frame-Options: ALLOWALL (#25070) 2023-07-06 13:45:58 +02:00
Claire
eceb960744 Change Identity to not destroy associated User on destroy (#25098) 2023-07-06 13:45:58 +02:00
Claire
ebe009ff09 Fix /api/v1/conversations sometimes returning empty accounts (#25499) 2023-07-06 13:45:58 +02:00
Claire
2617c33fc3 Fix ArgumentError when loading newer Private Mentions (#25399) 2023-07-06 13:45:58 +02:00
Claire
d81b891fa8 Fix multiple N+1s in ConversationsController (#25134) 2023-07-06 13:45:58 +02:00
Claire
a705bb84e6 Fix user archive takeouts when using OpenStack Swift (#24431) 2023-07-06 13:45:58 +02:00
Claire
05c45e9eeb Fix unescaped user input in LDAP query (#24379)
Fix CVE-2023-28853
2023-04-04 12:39:56 +02:00
Claire
274bb193b2 Fix invalid/expired invites being processed on sign-up (#24337) 2023-04-04 12:39:56 +02:00
Claire
aa37eeadf3 Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2023-04-04 12:39:56 +02:00
Claire
9715a211c7 Add warning for object storage misconfiguration (#24137) 2023-03-16 22:49:35 +01:00
Eugen Rochko
a6217bd035 Change user backups to use expiring URLs for download when possible (#24136) 2023-03-16 22:49:35 +01:00
Claire
2c3cb903ad Fix misleading error code when receiving invalid WebAuthn credentials (#23568) 2023-03-16 11:58:46 +01:00
Claire
86924c344d Fix incorrect post links in strikes when the account is remote (#23611) 2023-03-16 11:58:34 +01:00
Claire
f834fdaf6a Fix dashboard crash on ElasticSearch server error (#23751) 2023-03-16 11:57:23 +01:00
Claire
97e19e8802 Add mail headers to avoid auto-replies (#23597) 2023-03-14 10:00:38 +01:00
Claire
bd43f7d4cc Add lang tag to native language names in language picker (#23749) 2023-03-14 10:00:28 +01:00
Christian Schmidt
4ea4c3f49c Unescape HTML entities (#24019) 2023-03-14 10:00:13 +01:00
Christian Schmidt
419bd9281d Do not strip tags from Setting.site_short_description (#23975) 2023-03-14 10:00:07 +01:00
Rodion Borisov
c2d38ef0f1 Center the text itself in upload area (#24029) 2023-03-14 09:59:46 +01:00
Claire
290d02e936 Fix original account being unfollowed on migration before the follow request could be sent (#21957) 2023-03-14 09:59:00 +01:00
Claire
11f04e3b97 Fix unconfirmed accounts being registered as active users (#23803) 2023-03-14 09:58:47 +01:00
Claire
76c96cdd72 Fix error when displaying post history of a trendable post in the admin interface (#23574) 2023-03-14 09:58:34 +01:00
Claire
c22c4247d9 Fix server error when failing to follow back followers from /relationships (#23787) 2023-03-14 09:58:26 +01:00