Commit graph

12414 commits

Author SHA1 Message Date
Daniel M Brasil
db8db60244 Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (#26237) 2023-09-05 18:51:01 +02:00
Claire
d30fbc0900 Fix blocking subdomains of an already-blocked domain (#26392) 2023-09-05 18:51:01 +02:00
Claire
a62d9a9a78 Change text extraction in PlainTextFormatter to be faster (#26727) 2023-09-05 18:51:01 +02:00
Claire
2b0cabe0d7
Backport container build changes to the stable-4.0 branch (#26741)
Co-authored-by: Renaud Chaput <renchap@gmail.com>
2023-08-31 19:54:13 +02:00
Claire
e3c57f1add Bump version to v4.0.8 2023-07-31 14:33:14 +02:00
Renaud Chaput
879b8b69d3 Fix missing return values in streaming (#26233) 2023-07-31 14:33:14 +02:00
Emelia Smith
8018d478ab Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228) 2023-07-31 14:33:14 +02:00
Claire
fea5640374 Fix incorrect connect timeout in outgoing requests (#26116) 2023-07-31 14:33:14 +02:00
Emelia Smith
663f801337 Refactor streaming's filtering logic & improve documentation (#26213) 2023-07-31 14:33:14 +02:00
Claire
f52763d926 Fix wrong filters sometimes applying in streaming (#26159) 2023-07-31 14:33:14 +02:00
Claire
10fcccedf2 Bump version to v4.0.7 2023-07-21 16:07:35 +02:00
Claire
c46aa2348e Add check preventing Sidekiq workers from running with Makara configured (#25850)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-21 16:07:35 +02:00
Claire
fc4a93b937 Fix CSP headers being unintendedly wide (#26105) 2023-07-21 16:07:35 +02:00
Claire
aca0db4bd6 Change request timeout handling to use a longer deadline (#26055) 2023-07-21 16:07:35 +02:00
Claire
73b16b674d Fix moderation interface for remote instances with a .zip TLD (#25885) 2023-07-21 16:07:35 +02:00
Claire
bd2429b716 Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886) 2023-07-21 16:07:35 +02:00
Michael Stanclift
8695409035 Fix trending publishers table not rendering correctly on narrow screens (#25945) 2023-07-21 16:07:35 +02:00
Claire
60b70755be Bump version to v4.0.6 2023-07-07 19:36:12 +02:00
Claire
0716346194 Update sanitize 2023-07-07 19:36:12 +02:00
Claire
93a87b96c7 Fix processing of media files with unusual names (#25788) 2023-07-07 19:36:12 +02:00
Claire
614aaeff41 Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 19:36:12 +02:00
Claire
237f2adfa6 Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) 2023-07-07 19:36:12 +02:00
Claire
8d7f6550f9 Bump version to v4.0.5 2023-07-06 15:07:46 +02:00
Claire
2d42175ef0
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:50 +02:00
Claire
3af396e561
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire
2119aadf0a
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
102ed6e8ca
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire
f626e0d228 Add hardened headers to user-uploaded files (#25756) 2023-07-06 14:33:32 +02:00
Claire
35830cd8cc Update dependencies 2023-07-06 13:45:58 +02:00
Renaud Chaput
94c67e8bfd Allow carets in URL search params (#25216) 2023-07-06 13:45:58 +02:00
Vyr Cossont
798d26dd04 Fix Redis client and type errors introduced in #24285 (#24342) 2023-07-06 13:45:58 +02:00
Vyr Cossont
9ad33eb160 IndexingScheduler: fetch and import in batches (#24285)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-06 13:45:58 +02:00
Claire
5e55ca25d6 Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-07-06 13:45:58 +02:00
Claire
0bcb4f73f1 Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2023-07-06 13:45:58 +02:00
Claire
04f76675d1 Add finer permission requirements for managing webhooks (#25463) 2023-07-06 13:45:58 +02:00
Claire
53acab6d2b Fix wrong view being displayed when a webhook fails validation (#25464) 2023-07-06 13:45:58 +02:00
Emelia Smith
78358b84b9 Prevent UserCleanupScheduler from overwhelming streaming (#25519) 2023-07-06 13:45:58 +02:00
Daniel M Brasil
c285f9d1a1 Fix incorrect pagination headers in /api/v2/admin/accounts (#25477) 2023-07-06 13:45:58 +02:00
Emelia Smith
42bffbc337 Fix logging of messages that are binary before closing their connection (#25361) 2023-07-06 13:45:58 +02:00
Emelia Smith
f94aee0ed5 Fix performance of streaming by parsing message JSON once (#25278) 2023-07-06 13:45:58 +02:00
Claire
41a0a3c87f Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) 2023-07-06 13:45:58 +02:00
Daniel M Brasil
995ad9602b Fix tootctl accounts approve --number N not aproving N earliest registrations (#24605) 2023-07-06 13:45:58 +02:00
Claire
660845f781 Change profile updates to be sent to recently-mentioned servers (#24852) 2023-07-06 13:45:58 +02:00
Claire
0b627dcf9e Fix being able to vote on your own polls (#25015) 2023-07-06 13:45:58 +02:00
Claire
a3f58ceea4 Fix race condition when reblogging a status (#25016) 2023-07-06 13:45:58 +02:00
Claire
bb87736bf0 Change OpenGraph-based embeds to allow fullscreen (#25058) 2023-07-06 13:45:58 +02:00
Claire
37972fe3c7 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2023-07-06 13:45:58 +02:00
Claire
64416e4000 Remove invalid X-Frame-Options: ALLOWALL (#25070) 2023-07-06 13:45:58 +02:00
Claire
eceb960744 Change Identity to not destroy associated User on destroy (#25098) 2023-07-06 13:45:58 +02:00
Claire
ebe009ff09 Fix /api/v1/conversations sometimes returning empty accounts (#25499) 2023-07-06 13:45:58 +02:00