chinwagsocial

Author	SHA1	Message	Date
Claire	3f5af768c8	Bump version to v4.1.4	2023-07-07 19:37:21 +02:00
Claire	cb8ab46302	Update dependencies	2023-07-07 19:37:21 +02:00
Claire	53b979d5c7	Fix processing of media files with unusual names (#25788 )	2023-07-07 19:37:21 +02:00
Claire	f2bbac3f9f	Fix crash in admin interface when viewing a remote user with verified links (#25796 )	2023-07-07 19:37:21 +02:00
Claire	015ed99612	Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794 )	2023-07-07 19:37:21 +02:00
nemobis	cf58535193	Fix typo in CHANGELOG.md (#25764 )	2023-07-07 19:37:21 +02:00
Claire	0d5781ca76	Bump version to v4.1.3	2023-07-06 15:07:20 +02:00
Claire	32ebeed59b	Merge pull request from GHSA-55j9-c3mp-6fcq	2023-07-06 15:06:50 +02:00
Claire	e75ad1de0f	Merge pull request from GHSA-9pxv-6qvf-pjwc * Fix timeout handling of outbound HTTP requests * Use CLOCK_MONOTONIC instead of Time.now	2023-07-06 15:06:24 +02:00
Claire	0aa0b71f2c	Merge pull request from GHSA-9928-3cp5-93fm * Fix attachments getting processed despite failing content-type validation * Add a restrictive ImageMagick security policy tailored for Mastodon * Fix misdetection of MP3 files with large cover art * Reject unprocessable audio/video files instead of keeping them unchanged	2023-07-06 15:05:05 +02:00
Claire	c4f2609f7a	Merge pull request from GHSA-ccm4-vgcc-73hp * Tighten allowed HTML in oEmbed-based preview cards * Sanitize preview cards at render time * Add `sandbox` attribute to preview card iframes	2023-07-06 15:03:33 +02:00
Claire	9b6c0cac7d	Add hardened headers to user-uploaded files (#25756 )	2023-07-06 14:32:26 +02:00
Claire	fac2c9eb7d	Update rack, rails, nokogiri and doorkeeper gems	2023-07-06 13:45:40 +02:00
Claire	a3d69a2c5d	Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713 )	2023-07-06 13:45:40 +02:00
Renaud Chaput	8eb1bb8ba6	Allow carets in URL search params (#25216 )	2023-07-06 13:45:40 +02:00
Vyr Cossont	652ff76462	Fix Redis client and type errors introduced in #24285 (#24342 )	2023-07-06 13:45:40 +02:00
Vyr Cossont	6f484fbbd2	IndexingScheduler: fetch and import in batches (#24285 ) Co-authored-by: Claire <claire.github-309c@sitedethib.com>	2023-07-06 13:45:40 +02:00
Claire	79f5b8f156	Fix ResolveURLService not resolving local URLs for remote content (#25637 )	2023-07-06 13:45:40 +02:00
Claire	f8930a67a0	Change /api/v1/statuses/:id/history to always return at least one item (#25510 )	2023-07-06 13:45:40 +02:00
Claire	e65e3a6d14	Add finer permission requirements for managing webhooks (#25463 )	2023-07-06 13:45:40 +02:00
Claire	8acbfc6ab1	Fix wrong view being displayed when a webhook fails validation (#25464 )	2023-07-06 13:45:40 +02:00
Emelia Smith	3ef53958b2	Prevent UserCleanupScheduler from overwhelming streaming (#25519 )	2023-07-06 13:45:40 +02:00
Daniel M Brasil	fd1ffd72eb	Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477 )	2023-07-06 13:45:40 +02:00
Claire	7bd34f8b23	Fix infinite loop in AccountsStatusesCleanupScheduler (#24840 )	2023-07-06 13:45:40 +02:00
Claire	7012bf6ed3	Improve automatic post cleanup worker performances (#24785 )	2023-07-06 13:45:40 +02:00
Claire	d9e45f2fa9	Fix AccountsStatusesCleanupScheduler not spreading deletes across accounts correctly (#24607 )	2023-07-06 13:45:40 +02:00
Claire	0e139e3c4d	Change automatic post deletion thresholds and load detection (#24614 )	2023-07-06 13:45:40 +02:00
Emelia Smith	23e7b4d28d	Fix logging of messages that are binary before closing their connection (#25361 )	2023-07-06 13:45:40 +02:00
Emelia Smith	e78ee582f7	Fix performance of streaming by parsing message JSON once (#25278 )	2023-07-06 13:45:40 +02:00
Claire	a197fc094f	Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273 )	2023-07-06 13:45:40 +02:00
Daniel M Brasil	bd7cbeeadf	Fix `tootctl accounts approve --number N` not aproving N earliest registrations (#24605 )	2023-07-06 13:45:40 +02:00
Claire	2779bce9a2	Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` (#23600 ) Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>	2023-07-06 13:45:40 +02:00
Claire	210ff36860	Change AccessTokensVacuum to also delete expired tokens (#24868 )	2023-07-06 13:45:40 +02:00
Claire	99c2bbbec9	Change profile updates to be sent to recently-mentioned servers (#24852 )	2023-07-06 13:45:40 +02:00
Claire	7e58779300	Fix reports not being closed when performing batch suspensions (#24988 )	2023-07-06 13:45:40 +02:00
Claire	cca464bce3	Fix being able to vote on your own polls (#25015 )	2023-07-06 13:45:40 +02:00
Claire	1301af60e0	Fix race condition when reblogging a status (#25016 )	2023-07-06 13:45:40 +02:00
Claire	f962e83856	Change OpenGraph-based embeds to allow fullscreen (#25058 )	2023-07-06 13:45:40 +02:00
Claire	b3cbcd7447	Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060 )	2023-07-06 13:45:40 +02:00
Claire	72d96bf17a	Remove invalid X-Frame-Options: ALLOWALL (#25070 )	2023-07-06 13:45:40 +02:00
Claire	b1ac3562df	Change Identity to not destroy associated User on destroy (#25098 )	2023-07-06 13:45:40 +02:00
Claire	4c6c790f80	Fix /api/v1/conversations sometimes returning empty accounts (#25499 )	2023-07-06 13:45:40 +02:00
Claire	036ac5b5c9	Fix ArgumentError when loading newer Private Mentions (#25399 )	2023-07-06 13:45:40 +02:00
Claire	3e1724e972	Fix multiple N+1s in ConversationsController (#25134 )	2023-07-06 13:45:40 +02:00
Claire	bc8592627b	Fix user archive takeouts when using OpenStack Swift (#24431 )	2023-07-06 13:45:40 +02:00
Claire	4b9e4f6398	Bump version to v4.1.2	2023-04-04 12:41:27 +02:00
Claire	b9f271364e	Fix unescaped user input in LDAP query (#24379 ) Fix CVE-2023-28853	2023-04-04 12:41:27 +02:00
Claire	4eaa6d58b2	Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327 )	2023-04-04 12:41:27 +02:00
Claire	51572ac615	Fix invalid/expired invites being processed on sign-up (#24337 )	2023-04-04 12:41:27 +02:00
Sai	01617534fa	Update Ruby to 3.0.6 (#24334 )	2023-04-04 12:41:27 +02:00

1 2 3 4 5 ...

12984 commits