Claire
|
102ed6e8ca
|
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards
* Sanitize preview cards at render time
* Add `sandbox` attribute to preview card iframes
|
2023-07-06 15:03:33 +02:00 |
|
Claire
|
f626e0d228
|
Add hardened headers to user-uploaded files (#25756)
|
2023-07-06 14:33:32 +02:00 |
|
Claire
|
35830cd8cc
|
Update dependencies
|
2023-07-06 13:45:58 +02:00 |
|
Renaud Chaput
|
94c67e8bfd
|
Allow carets in URL search params (#25216)
|
2023-07-06 13:45:58 +02:00 |
|
Vyr Cossont
|
798d26dd04
|
Fix Redis client and type errors introduced in #24285 (#24342)
|
2023-07-06 13:45:58 +02:00 |
|
Vyr Cossont
|
9ad33eb160
|
IndexingScheduler: fetch and import in batches (#24285)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
5e55ca25d6
|
Fix ResolveURLService not resolving local URLs for remote content (#25637)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
0bcb4f73f1
|
Change /api/v1/statuses/:id/history to always return at least one item (#25510)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
04f76675d1
|
Add finer permission requirements for managing webhooks (#25463)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
53acab6d2b
|
Fix wrong view being displayed when a webhook fails validation (#25464)
|
2023-07-06 13:45:58 +02:00 |
|
Emelia Smith
|
78358b84b9
|
Prevent UserCleanupScheduler from overwhelming streaming (#25519)
|
2023-07-06 13:45:58 +02:00 |
|
Daniel M Brasil
|
c285f9d1a1
|
Fix incorrect pagination headers in /api/v2/admin/accounts (#25477)
|
2023-07-06 13:45:58 +02:00 |
|
Emelia Smith
|
42bffbc337
|
Fix logging of messages that are binary before closing their connection (#25361)
|
2023-07-06 13:45:58 +02:00 |
|
Emelia Smith
|
f94aee0ed5
|
Fix performance of streaming by parsing message JSON once (#25278)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
41a0a3c87f
|
Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273)
|
2023-07-06 13:45:58 +02:00 |
|
Daniel M Brasil
|
995ad9602b
|
Fix tootctl accounts approve --number N not aproving N earliest registrations (#24605)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
660845f781
|
Change profile updates to be sent to recently-mentioned servers (#24852)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
0b627dcf9e
|
Fix being able to vote on your own polls (#25015)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
a3f58ceea4
|
Fix race condition when reblogging a status (#25016)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
bb87736bf0
|
Change OpenGraph-based embeds to allow fullscreen (#25058)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
37972fe3c7
|
Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
64416e4000
|
Remove invalid X-Frame-Options: ALLOWALL (#25070)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
eceb960744
|
Change Identity to not destroy associated User on destroy (#25098)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
ebe009ff09
|
Fix /api/v1/conversations sometimes returning empty accounts (#25499)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
2617c33fc3
|
Fix ArgumentError when loading newer Private Mentions (#25399)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
d81b891fa8
|
Fix multiple N+1s in ConversationsController (#25134)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
a705bb84e6
|
Fix user archive takeouts when using OpenStack Swift (#24431)
|
2023-07-06 13:45:58 +02:00 |
|
Claire
|
214c367095
|
Bump version to v4.0.4
|
2023-04-04 12:39:56 +02:00 |
|
Claire
|
05c45e9eeb
|
Fix unescaped user input in LDAP query (#24379)
Fix CVE-2023-28853
|
2023-04-04 12:39:56 +02:00 |
|
Claire
|
448986438e
|
Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327)
|
2023-04-04 12:39:56 +02:00 |
|
Claire
|
274bb193b2
|
Fix invalid/expired invites being processed on sign-up (#24337)
|
2023-04-04 12:39:56 +02:00 |
|
Sai
|
46b91cd817
|
Update Ruby to 3.0.6 (#24333)
|
2023-04-04 12:39:56 +02:00 |
|
mhkhung
|
acc277a152
|
3.0.5 version of cimg/ruby:3.0-node upgraded to node 18 (#21873)
Node 18 caused build to fail
|
2023-04-04 12:39:56 +02:00 |
|
Robert R George
|
971e8b8f5f
|
Wrap db:setup with Chewy.strategy(:mastodon) (#24302)
|
2023-04-04 12:39:56 +02:00 |
|
Claire
|
aa37eeadf3
|
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200)
|
2023-04-04 12:39:56 +02:00 |
|
Claire
|
f75fba0531
|
Fix crash in tootctl commands making use of parallelization when Elasticsearch is enabled (#24182)
|
2023-04-04 12:39:56 +02:00 |
|
Claire
|
2125dbf610
|
Bump version to v4.0.3
|
2023-03-16 22:49:35 +01:00 |
|
Claire
|
9715a211c7
|
Add warning for object storage misconfiguration (#24137)
|
2023-03-16 22:49:35 +01:00 |
|
Eugen Rochko
|
a6217bd035
|
Change user backups to use expiring URLs for download when possible (#24136)
|
2023-03-16 22:49:35 +01:00 |
|
Claire
|
3e9978071b
|
Update changelog
|
2023-03-16 22:05:00 +01:00 |
|
Claire
|
8236c3affc
|
Update changelog
|
2023-03-16 12:04:15 +01:00 |
|
Nick Schonning
|
43a16e43ba
|
Skip pushing containers on forks (#24106)
|
2023-03-16 12:02:31 +01:00 |
|
Renaud Chaput
|
520377a609
|
Use Github Container Registry as the official container image source (#24113)
|
2023-03-16 12:01:41 +01:00 |
|
Nick Schonning
|
0941230e22
|
Skip Docker CI Login/Push on forks (#23564)
|
2023-03-16 12:01:41 +01:00 |
|
Renaud Chaput
|
98c59c1d58
|
Push Docker images to Github Container Registry as well (#24101)
|
2023-03-16 12:01:39 +01:00 |
|
Claire
|
2c3cb903ad
|
Fix misleading error code when receiving invalid WebAuthn credentials (#23568)
|
2023-03-16 11:58:46 +01:00 |
|
Claire
|
86924c344d
|
Fix incorrect post links in strikes when the account is remote (#23611)
|
2023-03-16 11:58:34 +01:00 |
|
Claire
|
f834fdaf6a
|
Fix dashboard crash on ElasticSearch server error (#23751)
|
2023-03-16 11:57:23 +01:00 |
|
Claire
|
1da72b41c7
|
Update changelog
|
2023-03-14 10:05:48 +01:00 |
|
Claire
|
97e19e8802
|
Add mail headers to avoid auto-replies (#23597)
|
2023-03-14 10:00:38 +01:00 |
|