Emelia Smith
8018d478ab
Fix: Streaming server memory leak in HTTP EventSource cleanup ( #26228 )
2023-07-31 14:33:14 +02:00
Claire
fea5640374
Fix incorrect connect timeout in outgoing requests ( #26116 )
2023-07-31 14:33:14 +02:00
Emelia Smith
663f801337
Refactor streaming's filtering logic & improve documentation ( #26213 )
2023-07-31 14:33:14 +02:00
Claire
f52763d926
Fix wrong filters sometimes applying in streaming ( #26159 )
2023-07-31 14:33:14 +02:00
Claire
10fcccedf2
Bump version to v4.0.7
2023-07-21 16:07:35 +02:00
Claire
c46aa2348e
Add check preventing Sidekiq workers from running with Makara configured ( #25850 )
...
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-21 16:07:35 +02:00
Claire
fc4a93b937
Fix CSP headers being unintendedly wide ( #26105 )
2023-07-21 16:07:35 +02:00
Claire
aca0db4bd6
Change request timeout handling to use a longer deadline ( #26055 )
2023-07-21 16:07:35 +02:00
Claire
73b16b674d
Fix moderation interface for remote instances with a .zip TLD ( #25885 )
2023-07-21 16:07:35 +02:00
Claire
bd2429b716
Fix remote accounts being possibly persisted to database with incomplete protocol values ( #25886 )
2023-07-21 16:07:35 +02:00
Michael Stanclift
8695409035
Fix trending publishers table not rendering correctly on narrow screens ( #25945 )
2023-07-21 16:07:35 +02:00
Claire
60b70755be
Bump version to v4.0.6
2023-07-07 19:36:12 +02:00
Claire
0716346194
Update sanitize
2023-07-07 19:36:12 +02:00
Claire
93a87b96c7
Fix processing of media files with unusual names ( #25788 )
2023-07-07 19:36:12 +02:00
Claire
614aaeff41
Fix crash in admin interface when viewing a remote user with verified links ( #25796 )
2023-07-07 19:36:12 +02:00
Claire
237f2adfa6
Fix branding:generate_app_icons failing because of disallowed ICO coder ( #25794 )
2023-07-07 19:36:12 +02:00
Claire
8d7f6550f9
Bump version to v4.0.5
2023-07-06 15:07:46 +02:00
Claire
2d42175ef0
Merge pull request from GHSA-55j9-c3mp-6fcq
2023-07-06 15:06:50 +02:00
Claire
3af396e561
Merge pull request from GHSA-9pxv-6qvf-pjwc
...
* Fix timeout handling of outbound HTTP requests
* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire
2119aadf0a
Merge pull request from GHSA-9928-3cp5-93fm
...
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
102ed6e8ca
Merge pull request from GHSA-ccm4-vgcc-73hp
...
* Tighten allowed HTML in oEmbed-based preview cards
* Sanitize preview cards at render time
* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire
f626e0d228
Add hardened headers to user-uploaded files ( #25756 )
2023-07-06 14:33:32 +02:00
Claire
35830cd8cc
Update dependencies
2023-07-06 13:45:58 +02:00
Renaud Chaput
94c67e8bfd
Allow carets in URL search params ( #25216 )
2023-07-06 13:45:58 +02:00
Vyr Cossont
798d26dd04
Fix Redis client and type errors introduced in #24285 ( #24342 )
2023-07-06 13:45:58 +02:00
Vyr Cossont
9ad33eb160
IndexingScheduler: fetch and import in batches ( #24285 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-06 13:45:58 +02:00
Claire
5e55ca25d6
Fix ResolveURLService not resolving local URLs for remote content ( #25637 )
2023-07-06 13:45:58 +02:00
Claire
0bcb4f73f1
Change /api/v1/statuses/:id/history to always return at least one item ( #25510 )
2023-07-06 13:45:58 +02:00
Claire
04f76675d1
Add finer permission requirements for managing webhooks ( #25463 )
2023-07-06 13:45:58 +02:00
Claire
53acab6d2b
Fix wrong view being displayed when a webhook fails validation ( #25464 )
2023-07-06 13:45:58 +02:00
Emelia Smith
78358b84b9
Prevent UserCleanupScheduler from overwhelming streaming ( #25519 )
2023-07-06 13:45:58 +02:00
Daniel M Brasil
c285f9d1a1
Fix incorrect pagination headers in /api/v2/admin/accounts
( #25477 )
2023-07-06 13:45:58 +02:00
Emelia Smith
42bffbc337
Fix logging of messages that are binary before closing their connection ( #25361 )
2023-07-06 13:45:58 +02:00
Emelia Smith
f94aee0ed5
Fix performance of streaming by parsing message JSON once ( #25278 )
2023-07-06 13:45:58 +02:00
Claire
41a0a3c87f
Fix CSP headers when S3_ALIAS_HOST includes a path component ( #25273 )
2023-07-06 13:45:58 +02:00
Daniel M Brasil
995ad9602b
Fix tootctl accounts approve --number N
not aproving N earliest registrations ( #24605 )
2023-07-06 13:45:58 +02:00
Claire
660845f781
Change profile updates to be sent to recently-mentioned servers ( #24852 )
2023-07-06 13:45:58 +02:00
Claire
0b627dcf9e
Fix being able to vote on your own polls ( #25015 )
2023-07-06 13:45:58 +02:00
Claire
a3f58ceea4
Fix race condition when reblogging a status ( #25016 )
2023-07-06 13:45:58 +02:00
Claire
bb87736bf0
Change OpenGraph-based embeds to allow fullscreen ( #25058 )
2023-07-06 13:45:58 +02:00
Claire
37972fe3c7
Fix “Authorized applications” inefficiently and incorrectly getting last use date ( #25060 )
2023-07-06 13:45:58 +02:00
Claire
64416e4000
Remove invalid X-Frame-Options: ALLOWALL ( #25070 )
2023-07-06 13:45:58 +02:00
Claire
eceb960744
Change Identity to not destroy associated User on destroy ( #25098 )
2023-07-06 13:45:58 +02:00
Claire
ebe009ff09
Fix /api/v1/conversations sometimes returning empty accounts ( #25499 )
2023-07-06 13:45:58 +02:00
Claire
2617c33fc3
Fix ArgumentError when loading newer Private Mentions ( #25399 )
2023-07-06 13:45:58 +02:00
Claire
d81b891fa8
Fix multiple N+1s in ConversationsController ( #25134 )
2023-07-06 13:45:58 +02:00
Claire
a705bb84e6
Fix user archive takeouts when using OpenStack Swift ( #24431 )
2023-07-06 13:45:58 +02:00
Claire
214c367095
Bump version to v4.0.4
2023-04-04 12:39:56 +02:00
Claire
05c45e9eeb
Fix unescaped user input in LDAP query ( #24379 )
...
Fix CVE-2023-28853
2023-04-04 12:39:56 +02:00
Claire
448986438e
Change root Chewy strategy to emit a warning instead of erroring out in production mode ( #24327 )
2023-04-04 12:39:56 +02:00