32ebeed59b
Merge pull request from GHSA-55j9-c3mp-6fcq
2023-07-06 15:06:50 +02:00
e75ad1de0f
Merge pull request from GHSA-9pxv-6qvf-pjwc
...
* Fix timeout handling of outbound HTTP requests
* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
0aa0b71f2c
Merge pull request from GHSA-9928-3cp5-93fm
...
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
c4f2609f7a
Merge pull request from GHSA-ccm4-vgcc-73hp
...
* Tighten allowed HTML in oEmbed-based preview cards
* Sanitize preview cards at render time
* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
a3d69a2c5d
Fix OAuth apps page crashing when listing apps with certain admin API scopes ( #25713 )
2023-07-06 13:45:40 +02:00
652ff76462
Fix Redis client and type errors introduced in #24285 ( #24342 )
2023-07-06 13:45:40 +02:00
6f484fbbd2
IndexingScheduler: fetch and import in batches ( #24285 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-06 13:45:40 +02:00
79f5b8f156
Fix ResolveURLService not resolving local URLs for remote content ( #25637 )
2023-07-06 13:45:40 +02:00
f8930a67a0
Change /api/v1/statuses/:id/history to always return at least one item ( #25510 )
2023-07-06 13:45:40 +02:00
e65e3a6d14
Add finer permission requirements for managing webhooks ( #25463 )
2023-07-06 13:45:40 +02:00
8acbfc6ab1
Fix wrong view being displayed when a webhook fails validation ( #25464 )
2023-07-06 13:45:40 +02:00
3ef53958b2
Prevent UserCleanupScheduler from overwhelming streaming ( #25519 )
2023-07-06 13:45:40 +02:00
fd1ffd72eb
Fix incorrect pagination headers in `/api/v2/admin/accounts` ( #25477 )
2023-07-06 13:45:40 +02:00
7bd34f8b23
Fix infinite loop in AccountsStatusesCleanupScheduler ( #24840 )
2023-07-06 13:45:40 +02:00
7012bf6ed3
Improve automatic post cleanup worker performances ( #24785 )
2023-07-06 13:45:40 +02:00
d9e45f2fa9
Fix AccountsStatusesCleanupScheduler not spreading deletes across accounts correctly ( #24607 )
2023-07-06 13:45:40 +02:00
0e139e3c4d
Change automatic post deletion thresholds and load detection ( #24614 )
2023-07-06 13:45:40 +02:00
2779bce9a2
Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` ( #23600 )
...
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-06 13:45:40 +02:00
210ff36860
Change AccessTokensVacuum to also delete expired tokens ( #24868 )
2023-07-06 13:45:40 +02:00
99c2bbbec9
Change profile updates to be sent to recently-mentioned servers ( #24852 )
2023-07-06 13:45:40 +02:00
7e58779300
Fix reports not being closed when performing batch suspensions ( #24988 )
2023-07-06 13:45:40 +02:00
cca464bce3
Fix being able to vote on your own polls ( #25015 )
2023-07-06 13:45:40 +02:00
1301af60e0
Fix race condition when reblogging a status ( #25016 )
2023-07-06 13:45:40 +02:00
f962e83856
Change OpenGraph-based embeds to allow fullscreen ( #25058 )
2023-07-06 13:45:40 +02:00
b3cbcd7447
Fix “Authorized applications” inefficiently and incorrectly getting last use date ( #25060 )
2023-07-06 13:45:40 +02:00
72d96bf17a
Remove invalid X-Frame-Options: ALLOWALL ( #25070 )
2023-07-06 13:45:40 +02:00
b1ac3562df
Change Identity to not destroy associated User on destroy ( #25098 )
2023-07-06 13:45:40 +02:00
4c6c790f80
Fix /api/v1/conversations sometimes returning empty accounts ( #25499 )
2023-07-06 13:45:40 +02:00
036ac5b5c9
Fix ArgumentError when loading newer Private Mentions ( #25399 )
2023-07-06 13:45:40 +02:00
3e1724e972
Fix multiple N+1s in ConversationsController ( #25134 )
2023-07-06 13:45:40 +02:00
bc8592627b
Fix user archive takeouts when using OpenStack Swift ( #24431 )
2023-07-06 13:45:40 +02:00
b9f271364e
Fix unescaped user input in LDAP query ( #24379 )
...
Fix CVE-2023-28853
2023-04-04 12:41:27 +02:00
51572ac615
Fix invalid/expired invites being processed on sign-up ( #24337 )
2023-04-04 12:41:27 +02:00
ae64c5b7ec
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ( #24200 )
2023-04-04 12:41:27 +02:00
6a7b91a038
Add warning for object storage misconfiguration ( #24137 )
2023-03-16 22:48:42 +01:00
6db76875fd
Change user backups to use expiring URLs for download when possible ( #24136 )
2023-03-16 22:48:42 +01:00
8c4ea7d715
Fix misleading error code when receiving invalid WebAuthn credentials ( #23568 )
2023-03-16 11:45:53 +01:00
cc65f32714
Fix incorrect post links in strikes when the account is remote ( #23611 )
2023-03-16 11:45:33 +01:00
0363064501
Fix dashboard crash on ElasticSearch server error ( #23751 )
2023-03-16 11:45:01 +01:00
6962d117b7
Change `ActivityPub::DeliveryWorker` retries to be spread out more ( #21956 )
2023-03-13 18:49:50 +01:00
a54bd84690
Switched bookmark and favourites around ( #23701 )
2023-03-13 18:49:27 +01:00
68af19c328
Change auto-deletion throttling constants to better scale with server size ( #23320 )
2023-03-13 18:49:01 +01:00
a133570b26
Increase contrast of upload progress background ( #23836 )
2023-03-13 18:48:21 +01:00
9972eb41ae
add modal message when editing toot ( #23936 )
...
Co-authored-by: PauloVilarinho <paulotarsobranco@hotmail.com>
2023-03-13 18:48:06 +01:00
cec59417d7
Add mail headers to avoid auto-replies ( #23597 )
2023-03-13 18:47:28 +01:00
9377c4a87c
Add `lang` tag to native language names in language picker ( #23749 )
2023-03-13 18:47:14 +01:00
3f2e31800e
Unescape HTML entities ( #24019 )
2023-03-13 18:45:42 +01:00
92a26638eb
Do not strip tags from `Setting.site_short_description` ( #23975 )
2023-03-13 18:44:38 +01:00
14bcd14289
Center the text itself in upload area ( #24029 )
2023-03-13 18:43:54 +01:00
37a28ba203
Do not leave Mastodon when clicking “Back” ( #23953 )
2023-03-13 18:42:29 +01:00
Claire
Vyr Cossont
Emelia Smith
Daniel M Brasil
Eugen Rochko
Terry Garcia
Tim Lucas
PauloVilarinho
Christian Schmidt
Rodion Borisov