Claire
a5641a9244
Fix incorrect rate limit on PUT requests ( #31356 )
2024-08-16 12:30:59 +02:00
Tim Rogers
17f69c0002
Added check for STATSD_ADDR setting to emit a warning and proceed rather than crashing if the address is unreachable ( #30691 )
2024-07-02 15:08:24 +02:00
Claire
9740c7eaea
Fix rate-limiting incorrectly triggering a session cookie on most endpoints ( #30483 )
2024-05-30 15:14:03 +02:00
Claire
8ab0ca7d64
Merge pull request from GHSA-c2r5-cfqr-c553
...
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations
* Remove rack-attack safelist
2024-05-30 14:24:29 +02:00
Claire
7920aa59e8
Merge pull request from GHSA-q3rg-xx5v-4mxh
2024-05-30 14:14:04 +02:00
Emelia Smith
186f916192
Fix: remove broken OAuth Application vacuuming & throttle OAuth Application registrations ( #30316 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-05-29 16:39:26 +02:00
Tim Rogers
e69780ec59
Fixed crash when supplying FFMPEG_BINARY environment variable ( #30022 )
2024-05-17 12:30:00 +02:00
Emelia Smith
6d43b63275
Disable administrative doorkeeper routes ( #29187 )
2024-02-14 11:03:21 +01:00
Claire
ef149674f0
Change Content-Security-Policy to be tighter on media paths ( #26889 )
2023-12-04 15:28:15 +01:00
Claire
8acc75435b
Change S3 checksum mode to be disabled by default ( #27007 )
2023-09-21 14:00:51 +02:00
Claire
a04ae16201
Fix CSP when using ONE_CLICK_SSO_LOGIN
( #26901 )
2023-09-13 19:54:04 +02:00
CSDUMMI
9a70cac9de
Fix #26849 by adding the domain of the current SSO provider to the form-action CSP ( #26857 )
2023-09-12 13:04:51 +02:00
Christian Schmidt
ea31929776
Fix invalid Content-Type header for WebP images ( #26773 )
2023-09-04 09:46:33 +02:00
Claire
9e26cd5503
Add authorized_fetch
server setting in addition to env var ( #25798 )
2023-09-01 15:41:10 +02:00
Christian Schmidt
286a21afdc
Support webpacker live-reloading on Docker ( #26419 )
2023-08-29 10:17:57 +02:00
Renaud Chaput
b95867ad1f
Allow setting a custom HTTP method in CacheBuster ( #26528 )
...
Co-authored-by: Jorijn Schrijvershof <jorijn@jorijn.com>
2023-08-18 08:18:40 +02:00
Claire
dd049fc37a
Fix ES_PRESET not being applied to Chewy's internal index ( #26489 )
2023-08-14 19:00:56 +02:00
Claire
f5778caa3a
Add ES_PRESET
option to customize numbers of shards and replicas ( #26483 )
...
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-08-14 17:46:16 +02:00
Claire
4bc0dd751c
Add S3_DISABLE_CHECKSUM_MODE
environment variable for compatibility with some S3-compatible providers ( #26435 )
2023-08-10 14:15:18 +02:00
Claire
12c43e4ab5
Re-add StatsD support through the nsa
gem ( #26310 )
2023-08-03 20:28:14 +02:00
Emelia Smith
e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode ( #26252 )
2023-08-02 19:32:48 +02:00
Matt Jankowski
ad81be6c8e
Update rubocop rules for linelength ( #26190 )
2023-07-28 23:11:45 +02:00
Matt Jankowski
bada7a65aa
Ignore long line in regex initializer ( #26182 )
2023-07-26 09:45:27 +02:00
Claire
e5f1000ad1
Fix CSP headers being unintendedly wide ( #26105 )
2023-07-21 13:34:15 +02:00
Claire
934c7b33d1
Change default KeyGenerator digest to SHA1 to fix cookies in rolling upgrades ( #26023 )
2023-07-21 13:17:43 +02:00
Misty De Méo
b848ba3867
Paperclip: add support for Azure blob storage ( #23607 )
2023-07-19 09:02:49 +02:00
Matt Jankowski
ce43ed144c
Rails 7.0 update ( #25668 )
2023-07-13 09:36:07 +02:00
Matt Jankowski
2e1391fdd2
Fix Naming/MemoizedInstanceVariableName
cop ( #25928 )
2023-07-12 10:08:51 +02:00
Nick Schonning
1d557305d2
Enable Rubocop Style/FrozenStringLiteralComment ( #23793 )
2023-07-12 09:47:08 +02:00
Kurtis Rainbolt-Greene
e4cfe4b3db
First pass at multi-database for read replica using Rails native adapter ( #25693 )
...
Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com>
2023-07-08 19:45:36 +02:00
Claire
dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
...
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Eugen Rochko
ba06a2f104
Revert "Rails 7 update" ( #25667 )
2023-07-02 11:14:22 +02:00
Matt Jankowski
50c2a03695
Rails 7 update ( #24241 )
2023-07-02 10:38:53 +02:00
Claire
f378f10404
Fix compatibility of recent migration with PostgreSQL 10 ( #25324 )
2023-06-07 01:53:50 +02:00
Nick Schonning
c66250abf1
Autofix Rubocop Regex Style rules ( #23690 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 14:50:51 +02:00
Claire
e428670e61
Fix CSP headers when S3_ALIAS_HOST includes a path component ( #25273 )
2023-06-05 17:35:05 +02:00
Matt Jankowski
e49819142f
Remove unmaintained nsa
gem ( #25265 )
2023-06-05 01:57:05 +02:00
Claire
94329f28e1
Change wording of “Content cache retention period” setting to highlight destructive implications ( #23261 )
2023-06-02 18:09:08 +02:00
Renaud Chaput
942d850b0a
Allow carets in URL search params ( #25216 )
2023-06-01 12:14:49 +02:00
Nick Schonning
c0b9664a31
Autofix Rubocop spacing in config ( #25022 )
2023-05-22 13:17:56 +02:00
Nick Schonning
cee4369cf5
Autofix Rubocop Lint/AmbiguousOperatorPrecedence ( #25002 )
2023-05-16 10:51:59 +02:00
Matt Jankowski
d9a958fcf7
Fix Performance/RedundantMerge cop ( #24817 )
2023-05-04 05:25:43 +02:00
Matt Jankowski
d902a707a3
Fix Rails/CompactBlank cop ( #24690 )
2023-04-30 14:07:21 +02:00
Matt Jankowski
5a2aa06a51
Fix Rails/Present cop ( #24688 )
2023-04-30 06:47:50 +02:00
Nick Schonning
49fad26eca
Drop EOL Ruby 2.7 ( #24237 )
2023-04-27 01:46:18 +02:00
Nick Schonning
4687967176
Autofix Rubocop Style/NumericLiterals ( #24468 )
2023-04-23 22:30:07 +02:00
Claire
5c499f54e3
Change root Chewy strategy to emit a warning instead of erroring out in production mode ( #24327 )
2023-04-03 15:05:39 +02:00
Nick Schonning
500d6f93be
Autofix Rubocop Style/IdenticalConditionalBranches ( #24322 )
2023-03-31 09:33:52 +02:00
Eugen Rochko
a9b5598c97
Change user settings to be stored in a more optimal way ( #23630 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-30 14:44:00 +02:00
Claire
e084b5b82d
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ( #24200 )
2023-03-27 17:07:37 +02:00