Claire
987f909994
Merge pull request from GHSA-9928-3cp5-93fm
...
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
c02fa93c57
Merge pull request from GHSA-ccm4-vgcc-73hp
...
* Tighten allowed HTML in oEmbed-based preview cards
* Sanitize preview cards at render time
* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire
c309011346
Add hardened headers to user-uploaded files
2023-07-06 14:34:59 +02:00
Claire
6b538225af
Update rack, rails, nokogiri, omniauth, sanitize and doorkeeper gems
2023-07-06 13:46:21 +02:00
Renaud Chaput
3c72c7b34e
Allow carets in URL search params ( #25216 )
2023-07-06 13:46:21 +02:00
Vyr Cossont
07f60ffcbb
Fix Redis client and type errors introduced in #24285 ( #24342 )
2023-07-06 13:46:21 +02:00
Vyr Cossont
c1467453f6
IndexingScheduler: fetch and import in batches ( #24285 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-06 13:46:21 +02:00
Emelia Smith
00e65a77df
Prevent UserCleanupScheduler from overwhelming streaming ( #25519 )
2023-07-06 13:46:21 +02:00
Daniel M Brasil
f9521bc2b5
Fix incorrect pagination headers in /api/v2/admin/accounts
( #25477 )
2023-07-06 13:46:21 +02:00
Emelia Smith
e4bff6cd76
Fix logging of messages that are binary before closing their connection ( #25361 )
2023-07-06 13:46:21 +02:00
Emelia Smith
6f819c7071
Fix performance of streaming by parsing message JSON once ( #25278 )
2023-07-06 13:46:21 +02:00
Claire
4aa1c4e2ad
Fix CSP headers when S3_ALIAS_HOST includes a path component ( #25273 )
2023-07-06 13:46:21 +02:00
Daniel M Brasil
176ae71fd4
Fix tootctl accounts approve --number N
not aproving N earliest registrations ( #24605 )
2023-07-06 13:46:21 +02:00
Claire
feac95333f
Change profile updates to be sent to recently-mentioned servers ( #24852 )
2023-07-06 13:46:21 +02:00
Claire
bb1e7e112e
Fix being able to vote on your own polls ( #25015 )
2023-07-06 13:46:21 +02:00
Claire
e233060ea5
Fix race condition when reblogging a status ( #25016 )
2023-07-06 13:46:21 +02:00
Claire
3faebae2d1
Change OpenGraph-based embeds to allow fullscreen ( #25058 )
2023-07-06 13:46:21 +02:00
Claire
95f59da157
Fix “Authorized applications” inefficiently and incorrectly getting last use date ( #25060 )
2023-07-06 13:46:21 +02:00
Claire
6f94b4ae19
Remove invalid X-Frame-Options: ALLOWALL ( #25070 )
2023-07-06 13:46:21 +02:00
Claire
283184b390
Change Identity to not destroy associated User on destroy ( #25098 )
2023-07-06 13:46:21 +02:00
Claire
d54980ef2d
Fix /api/v1/conversations sometimes returning empty accounts ( #25499 )
2023-07-06 13:46:21 +02:00
Claire
08579976e0
Fix ArgumentError when loading newer Private Mentions ( #25399 )
2023-07-06 13:46:21 +02:00
Claire
ff3f40a675
Fix multiple N+1s in ConversationsController ( #25134 )
2023-07-06 13:46:21 +02:00
Claire
0dce749192
Fix user archive takeouts when using OpenStack Swift ( #24431 )
2023-07-06 13:46:21 +02:00
Claire
1bd831b9a9
Bump version to v3.5.8
2023-04-04 12:38:58 +02:00
Claire
55144262d0
Fix unescaped user input in LDAP query ( #24379 )
...
Fix CVE-2023-28853
2023-04-04 12:38:58 +02:00
Claire
40438675f8
Change root Chewy strategy to emit a warning instead of erroring out in production mode ( #24327 )
2023-04-04 12:38:58 +02:00
Claire
0f4c908b64
Fix invalid/expired invites being processed on sign-up ( #24337 )
2023-04-04 12:38:58 +02:00
Sai
3eb5b47768
Upgrade Ruby to 3.0.6 ( #24332 )
2023-04-04 12:38:58 +02:00
Robert R George
520e9cc765
Wrap db:setup with Chewy.strategy(:mastodon) ( #24302 )
2023-04-04 12:38:58 +02:00
Claire
d25493e262
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ( #24200 )
2023-04-04 12:38:58 +02:00
Claire
3d67a9329e
Fix crash in tootctl
commands making use of parallelization when Elasticsearch is enabled ( #24182 )
2023-04-04 12:38:58 +02:00
Claire
547634dfa6
Bump version to v3.5.7
2023-03-16 22:50:15 +01:00
Claire
f90daf58db
Add warning for object storage misconfiguration ( #24137 )
2023-03-16 22:50:15 +01:00
Eugen Rochko
a42b48ea4e
Change user backups to use expiring URLs for download when possible ( #24136 )
2023-03-16 22:50:15 +01:00
Claire
251dd0b72b
Update changelog
2023-03-16 22:05:39 +01:00
Nick Schonning
18840cbc6e
Skip pushing containers on forks ( #24106 )
2023-03-16 13:40:56 +01:00
Renaud Chaput
727126255a
Use Github Container Registry as the official container image source ( #24113 )
2023-03-16 13:40:55 +01:00
Nick Schonning
98d654b8bb
Skip Docker CI Login/Push on forks ( #23564 )
2023-03-16 13:39:59 +01:00
Renaud Chaput
25c517144c
Push Docker images to Github Container Registry as well ( #24101 )
2023-03-16 13:39:58 +01:00
Claire
f036546c22
Fix misleading error code when receiving invalid WebAuthn credentials ( #23568 )
2023-03-16 12:34:43 +01:00
Claire
9256d653a5
Fix incorrect post links in strikes when the account is remote ( #23611 )
2023-03-16 12:34:37 +01:00
Jeremy Kescher
d0c0808ad4
Add null check on application in dispute viewer ( #19851 )
2023-03-16 12:33:09 +01:00
Claire
cb622b23b1
Fix dashboard crash on ElasticSearch server error ( #23751 )
2023-03-16 12:31:20 +01:00
Claire
fe866f8afb
Update changelog
2023-03-14 11:46:12 +01:00
Claire
a1e765991e
Add mail headers to avoid auto-replies ( #23597 )
2023-03-14 11:46:12 +01:00
Claire
76b9f42712
Add lang
tag to native language names in language picker ( #23749 )
2023-03-14 11:46:12 +01:00
Claire
708e590117
Fix sidekiq jobs not triggering Elasticsearch index updates ( #24046 )
2023-03-14 11:46:12 +01:00
Rodion Borisov
a717aa929c
Center the text itself in upload area ( #24029 )
2023-03-14 11:46:12 +01:00
Claire
bbb7c54367
Fix /api/v1/streaming
sub-paths not being redirected ( #23988 )
2023-03-14 11:46:12 +01:00