Fix being able to vote on your own polls #25015
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renchap
approved these changes
May 16, 2023
noellabo
pushed a commit
to fedibird/mastodon
that referenced
this pull request
May 23, 2023
ClearlyClaire
added a commit
to ClearlyClaire/mastodon
that referenced
this pull request
Jun 21, 2023
ClearlyClaire
added a commit
to ClearlyClaire/mastodon
that referenced
this pull request
Jun 21, 2023
ClearlyClaire
added a commit
to ClearlyClaire/mastodon
that referenced
this pull request
Jun 21, 2023
This was referenced Jun 21, 2023
ClearlyClaire
added a commit
that referenced
this pull request
Jul 6, 2023
ClearlyClaire
added a commit
that referenced
this pull request
Jul 6, 2023
ClearlyClaire
added a commit
that referenced
this pull request
Jul 6, 2023
IsabelaY
pushed a commit
to IsabelaY/mastodon
that referenced
this pull request
Jul 6, 2023
F-Finene
pushed a commit
to F-Finene/mastodon
that referenced
this pull request
Jul 7, 2023
(cherry picked from commit cca464b)
skerit
pushed a commit
to 11ways/mastodon
that referenced
this pull request
Jul 7, 2023
Closed
nrdufour
added a commit
to nrdufour/home-ops
that referenced
this pull request
Aug 1, 2023
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/mastodon/mastodon](https://github.com/mastodon/mastodon) | patch | `v4.1.2` -> `v4.1.6` | --- ### Release Notes <details> <summary>mastodon/mastodon (ghcr.io/mastodon/mastodon)</summary> ### [`v4.1.6`](https://github.com/mastodon/mastodon/releases/tag/v4.1.6) [Compare Source](mastodon/mastodon@v4.1.5...v4.1.6) <h1><picture> <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true"> <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true"> <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34"> </picture></h1> >⚠️ We recently released critical security updates, so if you are still using 4.1.2 or below, 4.0.4 or below, or 3.5.8 or below, please update as soon as possible (see the release notes for [v4.1.4](https://github.com/mastodon/mastodon/releases/tag/v4.1.4)). #### Upgrade overview ℹ️ Requires streaming API restart For more information, scroll down to the upgrade instructions section. #### Changelog ##### Fixed - Fix memory leak in streaming server ([ThisIsMissEm](mastodon/mastodon#26228)) - Fix wrong filters sometimes applying in streaming ([ClearlyClaire](mastodon/mastodon#26159), [ThisIsMissEm](mastodon/mastodon#26213), [renchap](mastodon/mastodon#26233)) - Fix incorrect connect timeout in outgoing requests ([ClearlyClaire](mastodon/mastodon#26116)) #### Upgrade notes To get the code for v4.1.6, use `git fetch && git checkout v4.1.6`. > As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: `docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump` ##### Dependencies External dependencies have not changed compared to v4.1.5, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is: - Ruby: 2.7 to 3.0 - PostgreSQL: 9.5 or newer - Elasticsearch (optional, for full-text search): 7.x - Redis: 4 or newer - Node: >= 14, < 18 - ImageMagick: 6.9.7-7 or newer > If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it [on this page](mastodon/mastodon#25776). ##### Update steps The following instructions are for updating from 4.1.5. If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. **Non-Docker only:** 1. Install dependencies: `bundle install` and `yarn install` **Both Docker and non-Docker:** 1. Restart all Mastodon processes ### [`v4.1.5`](https://github.com/mastodon/mastodon/releases/tag/v4.1.5) [Compare Source](mastodon/mastodon@v4.1.4...v4.1.5) <h1><picture> <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true"> <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true"> <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34"> </picture></h1> >⚠️ We recently released critical security updates, so if you are still using 4.1.2 or below, 4.0.4 or below, or 3.5.8 or below, please update as soon as possible (see the release notes for [v4.1.4](https://github.com/mastodon/mastodon/releases/tag/v4.1.4)). #### Changelog ##### Added - Add check preventing Sidekiq workers from running with Makara configured ([ClearlyClaire](mastodon/mastodon#25850)) ##### Changed - Change request timeout handling to use a longer deadline ([ClearlyClaire](mastodon/mastodon#26055)) ##### Fixed - Fix moderation interface for remote instances with a .zip TLD ([ClearlyClaire](mastodon/mastodon#25885)) - Fix remote accounts being possibly persisted to database with incomplete protocol values ([ClearlyClaire](mastodon/mastodon#25886)) - Fix trending publishers table not rendering correctly on narrow screens ([vmstan](mastodon/mastodon#25945)) ##### Security - Fix CSP headers being unintentionally wide ([ClearlyClaire](mastodon/mastodon#26105)) #### Upgrade notes To get the code for v4.1.5, use `git fetch && git checkout v4.1.5`. > As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: `docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump` ##### Dependencies External dependencies have not changed compared to v4.1.4, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is: - Ruby: 2.7 to 3.0 - PostgreSQL: 9.5 or newer - Elasticsearch (optional, for full-text search): 7.x - Redis: 4 or newer - Node: >= 14, < 18 - ImageMagick: 6.9.7-7 or newer > If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it [on this page](mastodon/mastodon#25776). ##### Update steps The following instructions are for updating from 4.1.4. If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. **Non-Docker only:** 1. Install dependencies: `bundle install` and `yarn install` **Both Docker and non-Docker:** 1. Restart all Mastodon processes ### [`v4.1.4`](https://github.com/mastodon/mastodon/releases/tag/v4.1.4) [Compare Source](mastodon/mastodon@v4.1.3...v4.1.4) <h1><picture> <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true"> <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true"> <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34"> </picture></h1> > This release addresses a few issues that were missed in the last security update and includes changelogs for both updates. > >⚠️ It is a follow-up to the important 4.1.3 security release fixing multiple **critical security issues** (CVE-2023-36460, CVE-2023-36459). > > Corresponding security releases are available for the [4.0.x branch](https://github.com/mastodon/mastodon/releases/tag/v4.0.6) and the [3.5.x branch](https://github.com/mastodon/mastodon/releases/tag/v3.5.10). > If you are using nightly builds, **do not use this release** but update to `nightly-2023-07-07-v4.1.4` or newer instead. If you are on the `main` branch, update to the latest commit. #### Upgrade overview This release contains upgrade notes that deviate from the norm: ℹ️ Requires streaming API restart ℹ️ There are suggested reverse proxy configuration changes :warning: The minimal supported ImageMagick version has been bumped to 6.9.7-7 For more information, scroll down to the upgrade instructions section. #### Changelog (v4.1.4) ##### Fixed - Fix branding:generate_app_icons failing because of disallowed ICO coder ([ClearlyClaire](mastodon/mastodon#25794)) - Fix crash in admin interface when viewing a remote user with verified links ([ClearlyClaire](mastodon/mastodon#25796)) - Fix processing of media files with unusual names ([ClearlyClaire](mastodon/mastodon#25788)) #### Changelog (v4.1.3) ##### Added - Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` ([ClearlyClaire](mastodon/mastodon#23600)) ##### Changed - Change OpenGraph-based embeds to allow fullscreen ([ClearlyClaire](mastodon/mastodon#25058)) - Change AccessTokensVacuum to also delete expired tokens ([ClearlyClaire](mastodon/mastodon#24868)) - Change profile updates to be sent to recently-mentioned servers ([ClearlyClaire](mastodon/mastodon#24852)) - Change automatic post deletion thresholds and load detection ([ClearlyClaire](mastodon/mastodon#24614)) - Change `/api/v1/statuses/:id/history` to always return at least one item ([ClearlyClaire](mastodon/mastodon#25510)) - Change auto-linking to allow carets in URL query params ([renchap](mastodon/mastodon#25216)) ##### Removed - Remove invalid `X-Frame-Options: ALLOWALL` ([ClearlyClaire](mastodon/mastodon#25070)) ##### Fixed - Fix wrong view being displayed when a webhook fails validation ([ClearlyClaire](mastodon/mastodon#25464)) - Fix soft-deleted post cleanup scheduler overwhelming the streaming server ([ThisIsMissEm](mastodon/mastodon#25519)) - Fix incorrect pagination headers in `/api/v2/admin/accounts` ([danielmbrasil](mastodon/mastodon#25477)) - Fix multiple inefficiencies in automatic post cleanup worker ([ClearlyClaire](mastodon/mastodon#24607), [ClearlyClaire](mastodon/mastodon#24785), [ClearlyClaire](mastodon/mastodon#24840)) - Fix performance of streaming by parsing message JSON once ([ThisIsMissEm](mastodon/mastodon#25278), [ThisIsMissEm](mastodon/mastodon#25361)) - Fix CSP headers when `S3_ALIAS_HOST` includes a path component ([ClearlyClaire](mastodon/mastodon#25273)) - Fix `tootctl accounts approve --number N` not aproving N earliest registrations ([danielmbrasil](mastodon/mastodon#24605)) - Fix reports not being closed when performing batch suspensions ([ClearlyClaire](mastodon/mastodon#24988)) - Fix being able to vote on your own polls ([ClearlyClaire](mastodon/mastodon#25015)) - Fix race condition when reblogging a status ([ClearlyClaire](mastodon/mastodon#25016)) - Fix “Authorized applications” inefficiently and incorrectly getting last use date ([ClearlyClaire](mastodon/mastodon#25060)) - Fix “Authorized applications” crashing when listing apps with certain admin API scopes ([ClearlyClaire](mastodon/mastodon#25713)) - Fix multiple N+1s in ConversationsController ([ClearlyClaire](mastodon/mastodon#25134), [ClearlyClaire](mastodon/mastodon#25399), [ClearlyClaire](mastodon/mastodon#25499)) - Fix user archive takeouts when using OpenStack Swift ([ClearlyClaire](mastodon/mastodon#24431)) - Fix searching for remote content by URL not working under certain conditions ([ClearlyClaire](mastodon/mastodon#25637)) - Fix inefficiencies in indexing content for search ([VyrCossont](mastodon/mastodon#24285), [VyrCossont](mastodon/mastodon#24342)) ##### Security - Add finer permission requirements for managing webhooks ([ClearlyClaire](mastodon/mastodon#25463)) - Update dependencies - Add hardening headers for user-uploaded files ([ClearlyClaire](mastodon/mastodon#25756)) - Fix verified links possibly hiding important parts of the URL (CVE-2023-36462) - Fix timeout handling of outbound HTTP requests (CVE-2023-36461) - Fix arbitrary file creation through media processing (CVE-2023-36460) - Fix possible XSS in preview cards (CVE-2023-36459) #### Upgrade notes To get the code for v4.1.4, use `git fetch && git checkout v4.1.4`. > As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db\_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump ##### Dependencies Apart from ImageMagick, external dependencies have not changed compared to v4.1.2, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is: - Ruby: 2.7 to 3.0 - PostgreSQL: 9.5 or newer - Elasticsearch (optional, for full-text search): 7.x - Redis: 4 or newer - Node: >= 14, < 18 - ImageMagick: 6.9.7-7 or newer If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more informations and ways to fix it [on this page](mastodon/mastodon#25776). ##### Update steps The following instructions are for updating from 4.1.2. If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. **Non-Docker only:** 1. Install dependencies: `bundle install` and `yarn install` **Both Docker and non-Docker:** ℹ️ The recommended configuration for reverse proxies has been updated. Unlike updating Mastodon itself, this is not urgent, but hardening. The change is about setting `Content-Security-Policy: default-src 'none'; form-action 'none'` and `X-Content-Type-Options: nosniff` on assets. Check `dist/nginx.conf` for more information, and [the documentation](https://docs.joinmastodon.org/admin/optional/object-storage-proxy/) if you are proxying external object storage. 1. Restart all Mastodon processes ### [`v4.1.3`](https://github.com/mastodon/mastodon/releases/tag/v4.1.3) [Compare Source](mastodon/mastodon@v4.1.2...v4.1.3) <h1><picture> <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true"> <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true"> <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34"> </picture></h1> >⚠️ This release is an important security release fixing multiple **critical security issues** (CVE-2023-36460, CVE-2023-36459). > > Corresponding security releases are available for the [4.0.x branch](https://github.com/mastodon/mastodon/releases/tag/v4.0.5) and the [3.5.x branch](https://github.com/mastodon/mastodon/releases/tag/v3.5.9). > If you are using nightly builds, **do not use this release** but update to `nightly-2023-07-06-security` or newer instead. If you are on the `main` branch, update to the latest commit. #### Upgrade overview This release contains upgrade notes that deviate from the norm: ℹ️ Requires streaming API restart ℹ️ There are suggested reverse proxy configuration changes :warning: The minimal supported ImageMagick version has been bumped to 6.9.7-7 For more information, scroll down to the upgrade instructions section. #### Changelog ##### Added - Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` ([ClearlyClaire](mastodon/mastodon#23600)) ##### Changed - Change OpenGraph-based embeds to allow fullscreen ([ClearlyClaire](mastodon/mastodon#25058)) - Change AccessTokensVacuum to also delete expired tokens ([ClearlyClaire](mastodon/mastodon#24868)) - Change profile updates to be sent to recently-mentioned servers ([ClearlyClaire](mastodon/mastodon#24852)) - Change automatic post deletion thresholds and load detection ([ClearlyClaire](mastodon/mastodon#24614)) - Change `/api/v1/statuses/:id/history` to always return at least one item ([ClearlyClaire](mastodon/mastodon#25510)) - Change auto-linking to allow carets in URL query params ([renchap](mastodon/mastodon#25216)) ##### Removed - Remove invalid `X-Frame-Options: ALLOWALL` ([ClearlyClaire](mastodon/mastodon#25070)) ##### Fixed - Fix wrong view being displayed when a webhook fails validation ([ClearlyClaire](mastodon/mastodon#25464)) - Fix soft-deleted post cleanup scheduler overwhelming the streaming server ([ThisIsMissEm](mastodon/mastodon#25519)) - Fix incorrect pagination headers in `/api/v2/admin/accounts` ([danielmbrasil](mastodon/mastodon#25477)) - Fix multiple inefficiencies in automatic post cleanup worker ([ClearlyClaire](mastodon/mastodon#24607), [ClearlyClaire](mastodon/mastodon#24785), [ClearlyClaire](mastodon/mastodon#24840)) - Fix performance of streaming by parsing message JSON once ([ThisIsMissEm](mastodon/mastodon#25278), [ThisIsMissEm](mastodon/mastodon#25361)) - Fix CSP headers when `S3_ALIAS_HOST` includes a path component ([ClearlyClaire](mastodon/mastodon#25273)) - Fix `tootctl accounts approve --number N` not aproving N earliest registrations ([danielmbrasil](mastodon/mastodon#24605)) - Fix reports not being closed when performing batch suspensions ([ClearlyClaire](mastodon/mastodon#24988)) - Fix being able to vote on your own polls ([ClearlyClaire](mastodon/mastodon#25015)) - Fix race condition when reblogging a status ([ClearlyClaire](mastodon/mastodon#25016)) - Fix “Authorized applications” inefficiently and incorrectly getting last use date ([ClearlyClaire](mastodon/mastodon#25060)) - Fix “Authorized applications” crashing when listing apps with certain admin API scopes ([ClearlyClaire](mastodon/mastodon#25713)) - Fix multiple N+1s in ConversationsController ([ClearlyClaire](mastodon/mastodon#25134), [ClearlyClaire](mastodon/mastodon#25399), [ClearlyClaire](mastodon/mastodon#25499)) - Fix user archive takeouts when using OpenStack Swift ([ClearlyClaire](mastodon/mastodon#24431)) - Fix searching for remote content by URL not working under certain conditions ([ClearlyClaire](mastodon/mastodon#25637)) - Fix inefficiencies in indexing content for search ([VyrCossont](mastodon/mastodon#24285), [VyrCossont](mastodon/mastodon#24342)) ##### Security - Add finer permission requirements for managing webhooks ([ClearlyClaire](mastodon/mastodon#25463)) - Update dependencies - Add hardening headers for user-uploaded files ([ClearlyClaire](mastodon/mastodon#25756)) - Fix verified links possibly hiding important parts of the URL (CVE-2023-36462) - Fix timeout handling of outbound HTTP requests (CVE-2023-36461) - Fix arbitrary file creation through media processing (CVE-2023-36460) - Fix possible XSS in preview cards (CVE-2023-36459) #### Upgrade notes To get the code for v4.1.3, use `git fetch && git checkout v4.1.3`. > As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db\_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump ##### Dependencies Apart from ImageMagick, external dependencies have not changed compared to v4.1.2, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is: - Ruby: 2.7 to 3.0 - PostgreSQL: 9.5 or newer - Elasticsearch (optional, for full-text search): 7.x - Redis: 4 or newer - Node: >= 14, < 18 - ImageMagick: 6.9.7-7 or newer If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more informations and ways to fix it [on this page](mastodon/mastodon#25776). ##### Update steps The following instructions are for updating from 4.1.2. If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. **Non-Docker only:** 1. Install dependencies: `bundle install` and `yarn install` **Both Docker and non-Docker:** ℹ️ The recommended configuration for reverse proxies has been updated. Unlike updating Mastodon itself, this is not urgent, but hardening. The change is about setting `Content-Security-Policy: default-src 'none'; form-action 'none'` and `X-Content-Type-Options: nosniff` on assets. Check `dist/nginx.conf` for more information, and [the documentation](https://docs.joinmastodon.org/admin/optional/object-storage-proxy/) if you are proxying external object storage. 1. Restart all Mastodon processes </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yMy4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Reviewed-on: https://git.home/nrdufour/home-ops/pulls/17 Co-authored-by: Renovate <[email protected]> Co-committed-by: Renovate <[email protected]>
atsu1125
pushed a commit
to atsu1125/mastodon
that referenced
this pull request
Aug 18, 2023
chasedream1129
added a commit
to monado-ren/mastodon
that referenced
this pull request
Aug 12, 2024
commit e9123ad691727ffec3672ff3912ef56e67c930ef Author: Claire <[email protected]> Date: Thu Feb 15 12:02:24 2024 +0100 Bump version to v3.5.19 commit c397c1a9e3090a0e879c15cafd48d5f1414b6836 Author: Claire <[email protected]> Date: Fri Feb 16 11:56:12 2024 +0100 Merge pull request from GHSA-jhrq-qvrm-qr36 * Fix insufficient Content-Type checking of fetched ActivityStreams objects * Allow JSON-LD documents with multiple profiles commit d509b6b3420d303728b13832d79b05d602dba4e2 Author: Claire <[email protected]> Date: Wed Feb 14 22:49:45 2024 +0100 Fix user creation failure handling in OmniAuth paths (#29207) Co-authored-by: Matt Jankowski <[email protected]> commit 44c265e4c7983e17bf7713db91938d95efd33046 Author: Claire <[email protected]> Date: Wed Feb 14 13:35:56 2024 +0100 Bump version to v3.5.18 commit 4a57e44809e33a8050c0062a244c351ab0871c71 Author: Claire <[email protected]> Date: Wed Feb 14 15:16:07 2024 +0100 Merge pull request from GHSA-vm39-j3vx-pch3 * Prevent different identities from a same SSO provider from accessing a same account * Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true` * Rename methods to avoid confusion between OAuth and OmniAuth commit 47c6079d8da3810889f70166950a29af2c2f1333 Author: Claire <[email protected]> Date: Wed Feb 14 15:15:34 2024 +0100 Merge pull request from GHSA-7w3c-p9j8-mq3x * Ensure destruction of OAuth Applications notifies streaming Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens. * Ensure password resets revoke access to Streaming API * Improve performance of deleting OAuth tokens --------- Co-authored-by: Emelia Smith <[email protected]> commit 69205dff9a252f42f9a75bf5a247b1376f312895 Author: Claire <[email protected]> Date: Wed Feb 14 13:12:13 2024 +0100 Add `sidekiq_unique_jobs:delete_all_locks` task and disable `sidekiq-unique-jobs` UI by default (#29199) commit d187195f2ccaeab8786e62cf2ef3a499c1b54b7f Author: Emelia Smith <[email protected]> Date: Tue Feb 13 19:11:47 2024 +0100 Disable administrative doorkeeper routes (#29187) commit 3387868dd9841cfffdae875d3296cf0aae36dc2b Author: blah <blah@blah> Date: Wed Feb 14 10:58:36 2024 +0000 Update dependency sidekiq-unique-jobs to 7.1.33 commit 3ba6ed76ea07d2856f988689e62a76882e5c9d4d Author: blah <blah@blah> Date: Wed Feb 14 10:51:59 2024 +0000 Update dependency nokogiri to 1.16.2 commit b1ed009c65802b70c9b780f3c7c3a866cba72478 Author: Claire <[email protected]> Date: Thu Feb 1 15:56:46 2024 +0100 Merge pull request from GHSA-3fjr-858r-92rw * Fix insufficient origin validation * Bump version to v3.5.17 commit 35f21191ee9fa3a99af6c207d2fb42484d58f196 Author: Claire <[email protected]> Date: Mon Nov 27 15:00:52 2023 +0100 Bump version to v3.5.16 commit 2ffce0d5f7e43138fd19a1c1b7a31b0177ae00a3 Author: Claire <[email protected]> Date: Fri Oct 20 10:45:46 2023 +0200 Fix processing LDSigned activities from actors with unknown public keys (#27474) commit 688defd60d9a31d7a4f9052985119a88d810e436 Author: Claire <[email protected]> Date: Fri Nov 24 10:31:28 2023 +0100 Change GIF max matrix size error to explicitly mention GIF files (#27927) commit d9b05f6860a574d81d1fd9fc47ca3adabf0d70cc Author: Jonathan de Jong <[email protected]> Date: Fri Oct 27 16:55:00 2023 +0200 Have `Follow` activities bypass availability (#27586) Co-authored-by: Claire <[email protected]> commit f3fd8d869596da809448d5d0105e122e8ba3db22 Author: Claire <[email protected]> Date: Mon Nov 27 14:25:54 2023 +0100 Clamp dates when serializing to Elasticsearch API (#28081) commit 49693fe42f4528db4b41a2c346391016e9fe954a Author: Claire <[email protected]> Date: Mon Nov 6 10:28:14 2023 +0100 Fix incoming status creation date not being restricted to standard ISO8601 (#27655) commit 16262f815d7d120bd73ffb71740ffaea3771683b Author: Claire <[email protected]> Date: Mon Oct 30 23:32:25 2023 +0100 Fix posts from force-sensitized accounts being able to trend (#27620) commit d4e0a12b27aa01012c50ac7f0d4ba26085258990 Author: Claire <[email protected]> Date: Mon Oct 23 14:27:07 2023 +0200 Change Content-Security-Policy to be tighter on media paths (#26889) commit db59d8486bd12f7d32dd9785cbf2daf9115d0e16 Author: Claire <[email protected]> Date: Mon Oct 9 14:03:10 2023 +0200 Bump version to v3.5.15 commit 7fb3ee0bc67cd7078fa7558483121dbe08202d8a Author: Matt Jankowski <[email protected]> Date: Tue Oct 3 11:01:45 2023 -0400 Dont match mention in url query string (#25656) Co-authored-by: Claire <[email protected]> commit 9bd027823d91fe8cc9d3c63b19c649296e626e0d Author: David Aaron <[email protected]> Date: Tue Oct 3 02:48:57 2023 -0700 Change min age of backup policy from 1 week to 6 days (#27200) commit 57d4d460503fa9ad01670533296a84c7c3f49ff3 Author: Jakob Gillich <[email protected]> Date: Tue Oct 3 10:47:50 2023 +0200 Fix importer returning negative row estimates (#27258) commit c91116f7800fe622750c93ea7d51d5d72e143ed3 Author: Claire <[email protected]> Date: Thu Sep 28 13:41:24 2023 +0200 Fix filtering audit log for entries about disabling 2FA (#27186) commit f45b5f5006f59d895da158e65cecead37d9a5b38 Author: Essem <[email protected]> Date: Mon Sep 25 12:21:07 2023 -0500 Properly remove tIME chunk from PNG uploads (#27111) commit 47441e51f3749894ac5699abffdd1cc190c0256e Author: Claire <[email protected]> Date: Fri Oct 6 12:58:16 2023 +0200 Fix crash when filtering for “dormant” relationships (#27306) commit af02650322aad7468bfa7363f8232b0ae7151e6f Author: Claire <[email protected]> Date: Mon Sep 25 15:06:43 2023 +0200 Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116) commit 75346a71f7f4f0a3deb2841c19e6105a06f98f1e Author: Claire <[email protected]> Date: Tue Sep 19 12:49:15 2023 +0200 Bump version to v3.5.14 commit 49af3e26dc3a433922d78ae01be50549f29d1949 Author: Claire <[email protected]> Date: Wed Sep 6 16:40:19 2023 +0200 Fix moderator rights inconsistencies (#26729) commit 412c3e13ecae1bc9a6fd204b6e4018c5c4c2e6ba Author: Claire <[email protected]> Date: Wed Sep 6 12:17:51 2023 +0200 Fix crash when encountering invalid URL (#26814) commit 31c5e63a58923b9d227d90b48994ed48491dd52e Author: Claire <[email protected]> Date: Thu Aug 17 16:11:48 2023 +0200 Fix cached posts including stale stats (#26409) commit e8eeb746ac2d2ec635d46c9c07b73a56b4f2c77c Author: Nicolai Søborg <[email protected]> Date: Fri Aug 18 08:32:47 2023 +0200 Fix `frame_rate` for videos where `ffprobe` reports 0/0 (#26500) commit 0158c31c02b62f39add6f41f1584bf23a8dda047 Author: yufushiro <[email protected]> Date: Wed Aug 23 15:44:56 2023 +0900 Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608) Co-authored-by: Claire <[email protected]> commit 9deb1781269fd817c930d38f916672bec3d566a8 Author: Claire <[email protected]> Date: Tue Sep 19 16:53:58 2023 +0200 Merge pull request from GHSA-v3xf-c9qf-j667 commit 8e6fe192258fab9df50cfa7c4c0f6c22a756868e Author: Claire <[email protected]> Date: Mon Sep 18 08:31:53 2023 +0200 Change Dockerfile to upgrade packages when building (#26931) Co-authored-by: Renaud Chaput <[email protected]> commit 4eb709ea7ea6b5bc1fcdbe1762dd3b7efcc07f6e Author: Claire <[email protected]> Date: Wed Sep 6 09:18:28 2023 +0200 Update actions for stable-3.5 (#26804) Co-authored-by: Renaud Chaput <[email protected]> commit 86a31fc0196f876f6671a883198fcc460bcd60c5 Author: Claire <[email protected]> Date: Tue Sep 5 17:46:39 2023 +0200 Fix Dockerfile installing incompatible npm version (#26803) commit 16e47e1aae55c0ead7207030ad8a554c18ff1250 Author: Claire <[email protected]> Date: Tue Sep 5 15:30:24 2023 +0200 Bump version to v3.5.13 commit dcffd6b3d76a5e9d420119d0730724d56f7fe968 Author: Emelia Smith <[email protected]> Date: Mon May 22 13:15:21 2023 +0200 Allow reports with long comments from remote instances, but truncate (#25028) commit 8de0f7e198b25741cd6cb849095520b88fab088d Author: Daniel M Brasil <[email protected]> Date: Thu Aug 31 08:53:24 2023 -0300 Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled (#26237) commit e37551421ee30ccd9e6a36e2ad4c88ddf5a1b3d8 Author: Claire <[email protected]> Date: Wed Aug 9 09:39:36 2023 +0200 Fix blocking subdomains of an already-blocked domain (#26392) commit 2e0eab9d18f1473654542f96ff9172cab0e8661e Author: Claire <[email protected]> Date: Wed Aug 30 17:36:16 2023 +0200 Change text extraction in `PlainTextFormatter` to be faster (#26727) commit ce75c175cdf12bdfdf8b84271b52989abe54cb50 Author: Claire <[email protected]> Date: Thu Aug 31 19:54:17 2023 +0200 Backport container build changes to the stable-3.5 branch (#26742) Co-authored-by: Renaud Chaput <[email protected]> commit a3d31ffc1ead2abe98a8b722b406a7574a14a915 Author: Claire <[email protected]> Date: Fri Jul 28 10:07:57 2023 +0200 Bump version to v3.5.12 commit 50f4af28b0f1fde03e1a57583bccc1387d6f08bf Author: Emelia Smith <[email protected]> Date: Fri Jul 28 12:06:29 2023 +0200 Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228) commit e655b35d7e4ebf9c5a2ab6cb4bf4e950785cfee0 Author: Claire <[email protected]> Date: Sat Jul 22 20:42:31 2023 +0200 Fix incorrect connect timeout in outgoing requests (#26116) commit 80c00f4aa57fd21679fade777310422e55274c65 Author: Claire <[email protected]> Date: Fri Jul 21 14:33:34 2023 +0200 Bump version to v3.5.11 commit 1a0192537d11fb8932735c33f904e8fc4263356b Author: Claire <[email protected]> Date: Fri Jul 21 14:18:04 2023 +0200 Add check preventing Sidekiq workers from running with Makara configured (#25850) Co-authored-by: Eugen Rochko <[email protected]> commit 668cd00e130c152ed05b19f7d7f663d33790d9ac Author: Claire <[email protected]> Date: Fri Jul 21 14:14:10 2023 +0200 Fix testsuite failure introduced in last release commit 0bd52de49263af22d2fed02e9cec84fbeb3d6f9b Author: Claire <[email protected]> Date: Fri Jul 21 13:34:15 2023 +0200 Fix CSP headers being unintendedly wide (#26105) commit ced65ffbb48a37ca46c278156bc0987378bf0a8a Author: Claire <[email protected]> Date: Tue Jul 18 20:51:20 2023 +0200 Change request timeout handling to use a longer deadline (#26055) commit 6398fc0b66fad30112de9b4ea026436c4ebc9b32 Author: Claire <[email protected]> Date: Mon Jul 10 18:42:10 2023 +0200 Fix moderation interface for remote instances with a .zip TLD (#25885) commit 7709bbba65cb07158a74292542a2a6bf0b8452bb Author: Claire <[email protected]> Date: Mon Jul 10 18:42:19 2023 +0200 Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886) commit 4f6d121b248dcc6b80a9d2597fb7b6ac73a50cf4 Author: Michael Stanclift <[email protected]> Date: Thu Jul 13 04:12:51 2023 -0500 Fix trending publishers table not rendering correctly on narrow screens (#25945) commit 687421ebbe3a8245c2fd2b7fe9bf8c325e9f3bb2 Author: Claire <[email protected]> Date: Fri Jul 7 18:56:11 2023 +0200 Bump version to v3.5.10 commit 517c4a8a7a96bd2f16e369fa794575c30be370c8 Author: Claire <[email protected]> Date: Fri Jul 7 13:35:22 2023 +0200 Fix processing of media files with unusual names (#25788) commit dca0d8427e42e9a498b2c88b85660fef19d8fd1a Author: Claire <[email protected]> Date: Fri Jul 7 18:10:17 2023 +0200 Fix crash in admin interface when viewing a remote user with verified links (#25796) commit b10c974ba1952c545acff505bfd36feb0c60b000 Author: Claire <[email protected]> Date: Wed Jun 21 10:38:16 2023 +0200 Bump version to v3.5.9 commit ca4b23bf0d936f09f0bf60ab1055f6c2f0373dd9 Author: Claire <[email protected]> Date: Thu Jul 6 15:06:49 2023 +0200 Merge pull request from GHSA-55j9-c3mp-6fcq commit 32e5a9f053d4d59cd7cd782a889055295554a697 Author: Claire <[email protected]> Date: Thu Jul 6 15:06:24 2023 +0200 Merge pull request from GHSA-9pxv-6qvf-pjwc * Fix timeout handling of outbound HTTP requests * Use CLOCK_MONOTONIC instead of Time.now commit 987f9099947fdcd71e79d4908cdc4373eca92a85 Author: Claire <[email protected]> Date: Thu Jul 6 15:05:05 2023 +0200 Merge pull request from GHSA-9928-3cp5-93fm * Fix attachments getting processed despite failing content-type validation * Add a restrictive ImageMagick security policy tailored for Mastodon * Fix misdetection of MP3 files with large cover art * Reject unprocessable audio/video files instead of keeping them unchanged commit c02fa93c578d6578f39de689752c02dd92f3b079 Author: Claire <[email protected]> Date: Thu Jul 6 15:03:33 2023 +0200 Merge pull request from GHSA-ccm4-vgcc-73hp * Tighten allowed HTML in oEmbed-based preview cards * Sanitize preview cards at render time * Add `sandbox` attribute to preview card iframes commit c30901134654b759d06b8e5b16bf7f9608f199fc Author: Claire <[email protected]> Date: Wed Jun 21 14:18:04 2023 +0200 Add hardened headers to user-uploaded files commit 6b538225af099276a6113b40f3763b8cde6284fd Author: Claire <[email protected]> Date: Wed Jun 28 14:27:12 2023 +0200 Update rack, rails, nokogiri, omniauth, sanitize and doorkeeper gems commit 3c72c7b34e7cd5904bf0070d95201a2bd0fe7e54 Author: Renaud Chaput <[email protected]> Date: Thu Jun 1 12:14:49 2023 +0200 Allow carets in URL search params (#25216) commit 07f60ffcbbbaf661347cd3cd7098f20d3a3730f7 Author: Vyr Cossont <[email protected]> Date: Fri Mar 31 23:28:35 2023 -0700 Fix Redis client and type errors introduced in #24285 (#24342) commit c1467453f6e67e108308b4cba531eb013caed319 Author: Vyr Cossont <[email protected]> Date: Fri Mar 31 05:38:47 2023 -0700 IndexingScheduler: fetch and import in batches (#24285) Co-authored-by: Claire <[email protected]> commit 00e65a77df600330c4ae694616fb185e15b8835f Author: Emelia Smith <[email protected]> Date: Tue Jun 20 18:04:35 2023 +0200 Prevent UserCleanupScheduler from overwhelming streaming (#25519) commit f9521bc2b54dff1c616ef271024426776e9434e2 Author: Daniel M Brasil <[email protected]> Date: Mon Jun 19 03:53:05 2023 -0300 Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477) commit e4bff6cd76d8e615bd2d2ed0ba8250d5d2438c0f Author: Emelia Smith <[email protected]> Date: Sat Jun 10 18:24:37 2023 +0200 Fix logging of messages that are binary before closing their connection (#25361) commit 6f819c7071ed5fc810e4e5f0063f76185a41f4a0 Author: Emelia Smith <[email protected]> Date: Fri Jun 9 19:29:16 2023 +0200 Fix performance of streaming by parsing message JSON once (#25278) commit 4aa1c4e2ad1969376cb95336a7a86cacbe547c18 Author: Claire <[email protected]> Date: Mon Jun 5 17:35:05 2023 +0200 Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) commit 176ae71fd42fb4990c3a8660c3e710cd31b3686e Author: Daniel M Brasil <[email protected]> Date: Sun Apr 30 01:50:58 2023 -0300 Fix `tootctl accounts approve --number N` not aproving N earliest registrations (#24605) commit feac95333fbfc8ef54bd96a273f9454bc25a3ca8 Author: Claire <[email protected]> Date: Fri May 12 13:13:04 2023 +0200 Change profile updates to be sent to recently-mentioned servers (#24852) commit bb1e7e112e5e929388417e22828d3eb235151d20 Author: Claire <[email protected]> Date: Wed May 17 00:08:42 2023 +0200 Fix being able to vote on your own polls (#25015) commit e233060ea5d0cf7e5baf247e34a38119bc4bf903 Author: Claire <[email protected]> Date: Wed May 17 00:09:21 2023 +0200 Fix race condition when reblogging a status (#25016) commit 3faebae2d1a5f72bf93167b1fbb279406bb738de Author: Claire <[email protected]> Date: Mon May 22 12:25:56 2023 +0200 Change OpenGraph-based embeds to allow fullscreen (#25058) commit 95f59da1578272efee84f06375d6e77944a4d5b0 Author: Claire <[email protected]> Date: Mon May 22 14:03:38 2023 +0200 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) commit 6f94b4ae19144e6fbf625e47b821c1aacf391722 Author: Claire <[email protected]> Date: Tue May 23 14:27:17 2023 +0200 Remove invalid X-Frame-Options: ALLOWALL (#25070) commit 283184b390bdd9b8200fd2dac0c1abd2def25fca Author: Claire <[email protected]> Date: Tue May 23 15:00:36 2023 +0200 Change Identity to not destroy associated User on destroy (#25098) commit d54980ef2df2704c0a1698ce3de19eb4e3916be1 Author: Claire <[email protected]> Date: Tue Jun 20 18:32:26 2023 +0200 Fix /api/v1/conversations sometimes returning empty accounts (#25499) commit 08579976e02c582f4465e63b03e38e4b8886705f Author: Claire <[email protected]> Date: Wed Jun 14 08:54:52 2023 +0200 Fix ArgumentError when loading newer Private Mentions (#25399) commit ff3f40a675c1dcbf17e121b0d09ce65ea441d8a5 Author: Claire <[email protected]> Date: Thu Jun 1 02:41:51 2023 +0200 Fix multiple N+1s in ConversationsController (#25134) commit 0dce749192b1d7a1513bdf45b7eafa6181bac3b9 Author: Claire <[email protected]> Date: Wed Apr 5 19:31:49 2023 +0200 Fix user archive takeouts when using OpenStack Swift (#24431) commit 1bd831b9a9d288566ca38045f6410c771946634b Author: Claire <[email protected]> Date: Mon Mar 27 17:50:34 2023 +0200 Bump version to v3.5.8 commit 55144262d054a52b76baa9d077e235e5c61fac37 Author: Claire <[email protected]> Date: Mon Apr 3 15:47:04 2023 +0200 Fix unescaped user input in LDAP query (#24379) Fix CVE-2023-28853 commit 40438675f8ddf0a6e30af4edef63286f8026f2b5 Author: Claire <[email protected]> Date: Mon Apr 3 15:05:39 2023 +0200 Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327) commit 0f4c908b64c34d94936dad1cfa4b2e2d225285cc Author: Claire <[email protected]> Date: Fri Mar 31 21:42:28 2023 +0200 Fix invalid/expired invites being processed on sign-up (#24337) commit 3eb5b47768ec8387d3a0ec9ffd27ff777be18407 Author: Sai <[email protected]> Date: Fri Mar 31 15:42:59 2023 +0100 Upgrade Ruby to 3.0.6 (#24332) commit 520e9cc765b9b8263270f9e311b8beefd6b322f9 Author: Robert R George <[email protected]> Date: Wed Mar 29 00:58:27 2023 -0700 Wrap db:setup with Chewy.strategy(:mastodon) (#24302) commit d25493e26295d27af34441a5f120226f2c17eda9 Author: Claire <[email protected]> Date: Mon Mar 27 17:07:37 2023 +0200 Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) commit 3d67a9329ef9859559d8c9143227c493088a620a Author: Claire <[email protected]> Date: Mon Mar 20 20:02:58 2023 +0100 Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled (#24182) commit 547634dfa64a59012f37b60a6dd830bc4be76be4 Author: Claire <[email protected]> Date: Thu Mar 16 22:39:45 2023 +0100 Bump version to v3.5.7 commit f90daf58dbc09a492b65a281d2cf5b5c4f5055b6 Author: Claire <[email protected]> Date: Thu Mar 16 22:47:01 2023 +0100 Add warning for object storage misconfiguration (#24137) commit a42b48ea4e66f3081dc6c21c06ed98db94116c02 Author: Eugen Rochko <[email protected]> Date: Thu Mar 16 22:46:52 2023 +0100 Change user backups to use expiring URLs for download when possible (#24136) commit 251dd0b72b2ca6aafe6676c6dbcc81260b2c1355 Author: Claire <[email protected]> Date: Thu Mar 16 13:41:55 2023 +0100 Update changelog commit 18840cbc6ef4fd8e9c48b0053a9f9b68978f4ffc Author: Nick Schonning <[email protected]> Date: Wed Mar 15 11:43:44 2023 -0400 Skip pushing containers on forks (#24106) commit 727126255a043aec46d20cc07962771376b6d82b Author: Renaud Chaput <[email protected]> Date: Wed Mar 15 16:41:13 2023 +0100 Use Github Container Registry as the official container image source (#24113) commit 98d654b8bb59de4d412007b1864d1376394652c7 Author: Nick Schonning <[email protected]> Date: Tue Mar 14 22:43:49 2023 -0400 Skip Docker CI Login/Push on forks (#23564) commit 25c517144c294b4d3a3b85c6358aff15f8d4ed6e Author: Renaud Chaput <[email protected]> Date: Tue Mar 14 20:27:43 2023 +0100 Push Docker images to Github Container Registry as well (#24101) commit f036546c220fef1fccfdf816cfce1533262fb3af Author: Claire <[email protected]> Date: Wed Mar 15 04:15:20 2023 +0100 Fix misleading error code when receiving invalid WebAuthn credentials (#23568) commit 9256d653a5677fa726f0a93d0d5428d79c6020a7 Author: Claire <[email protected]> Date: Wed Mar 15 04:14:47 2023 +0100 Fix incorrect post links in strikes when the account is remote (#23611) commit d0c0808ad4ede98873e753df1543f33b0349f4be Author: Jeremy Kescher <[email protected]> Date: Mon Nov 7 02:40:17 2022 +0000 Add null check on application in dispute viewer (#19851) commit cb622b23b1465dfde7731a1f9bc82dd3fe51a561 Author: Claire <[email protected]> Date: Wed Mar 15 04:01:49 2023 +0100 Fix dashboard crash on ElasticSearch server error (#23751) commit fe866f8afb89e07e2fa72aaddccd6388f9ed4183 Author: Claire <[email protected]> Date: Tue Mar 14 10:34:16 2023 +0100 Update changelog commit a1e765991e416cdd5fb1ededa1ab0245c5062882 Author: Claire <[email protected]> Date: Fri Mar 3 20:44:46 2023 +0100 Add mail headers to avoid auto-replies (#23597) commit 76b9f4271291e0700680f182e94326f27f95390f Author: Claire <[email protected]> Date: Tue Feb 21 09:23:39 2023 +0100 Add `lang` tag to native language names in language picker (#23749) commit 708e590117c68c3c851c4eb7287cfa03c68a0ac0 Author: Claire <[email protected]> Date: Sun Mar 12 23:47:55 2023 +0100 Fix sidekiq jobs not triggering Elasticsearch index updates (#24046) commit a717aa929cf6c60239266f45671862802e9f29ed Author: Rodion Borisov <[email protected]> Date: Thu Mar 9 16:35:44 2023 +0300 Center the text itself in upload area (#24029) commit bbb7c54367b8a284f5fcef8e910b50005e8ad197 Author: Claire <[email protected]> Date: Mon Mar 6 17:44:55 2023 +0100 Fix `/api/v1/streaming` sub-paths not being redirected (#23988) commit 282596a66e68e2ca5d7bef90c39fc50fe770d63a Author: Eugen Rochko <[email protected]> Date: Sun Mar 5 01:52:42 2023 +0100 Fix pgBouncer resetting application name on every transaction (#23958) commit e6f6fe6106709b2efd342e7ce7339f08c5fa0682 Author: Claire <[email protected]> Date: Fri Mar 3 21:13:55 2023 +0100 Fix original account being unfollowed on migration before the follow request could be sent (#21957) commit 86b1adf7d74b07b0fd99e923de59b8d7b44485df Author: Claire <[email protected]> Date: Mon Mar 6 16:00:08 2023 +0100 Fix unconfirmed accounts being registered as active users (#23803) commit 4beeec4e50169ef8c370e0a9793a2d303c5eb403 Author: Claire <[email protected]> Date: Fri Mar 3 20:36:18 2023 +0100 Fix server error when failing to follow back followers from `/relationships` (#23787) commit 3c44ba04112a5136ad56385868f30347fce392b4 Author: Claire <[email protected]> Date: Wed Feb 22 11:53:13 2023 +0100 Fix inefficiency when searching accounts per username in admin interface (#23801) commit 339d4fa61cf6a8e04a4b40b17dfb036adb9e5f86 Author: Dean Bassett <[email protected]> Date: Mon Feb 13 05:54:08 2023 -0800 Fix case-sensitive check for previously used hashtags (#23526) commit 62f0eab635da5ae94c9add6eb62b8f251409e77f Author: Claire <[email protected]> Date: Fri Mar 3 20:25:15 2023 +0100 Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) commit 8c8d578e3884214dd4c8252f8f6fddb2e785aab8 Author: Claire <[email protected]> Date: Fri Feb 10 22:18:15 2023 +0100 Bump version to 3.5.6 (#23493) commit a8a3e86216a569cf8c0c48ff1b0c48069bc9a1e2 Author: Claire <[email protected]> Date: Fri Feb 10 22:16:47 2023 +0100 Fix unbounded recursion in post discovery (#23507) * Add a limit to how many posts can get fetched as a result of a single request * Add tests * Always pass `request_id` when processing `Announce` activities --------- Co-authored-by: nametoolong <[email protected]> commit be1caad9338157773ca91f7aee89d440347cf49b Author: Claire <[email protected]> Date: Thu Feb 9 21:02:09 2023 +0100 Fix REST API serializer for Account not including `moved` when the moved account has itself moved (#22483) (#23492) Instead of cutting immediately, cut after one recursion. commit 84a40824adb477f4956f49c64a0746f4f7048a3a Author: Claire <[email protected]> Date: Thu Feb 9 21:02:01 2023 +0100 Fix sanitizer parsing link text as HTML when stripping unsupported links (#22558) (#23491) commit 533bf92d21b9ca2dfe64dff597980bb4fb6578c4 Author: Claire <[email protected]> Date: Thu Feb 9 21:01:53 2023 +0100 Don't delivery a reply to domains which are blocked by author (#22117) (#23490) Co-authored-by: Jeong Arm <[email protected]> commit 6a2b48190c62ddf2d4f1278972f6897ed9da83e8 Author: Claire <[email protected]> Date: Thu Feb 9 21:01:45 2023 +0100 Log admin approve and reject account (#22088) (#23488) * Log admin approve and reject account * Add unit tests for approve and reject logging Co-authored-by: Francis Murillo <[email protected]> commit 6cbc5899905b47af82833f19882c4b57b0b4c34b Author: Claire <[email protected]> Date: Thu Feb 9 21:01:38 2023 +0100 Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note (#23318) (#23487) * Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note * Add tests commit a2bfb16cb82ad0549f4e7431cc0228dc5189108e Author: Claire <[email protected]> Date: Thu Feb 9 21:01:21 2023 +0100 Fix crash when marking statuses as sensitive while some statuses are deleted (#22134) (#23486) * Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments * Fix crash when marking statuses as sensitive while some statuses are deleted Fixes #21910 * Fix multiple strikes being created for a single report when selecting “Mark as sensitive” * Add tests commit cfc0507010108a2e862a07ab7e9707beb972b2db Author: Claire <[email protected]> Date: Thu Feb 9 20:57:31 2023 +0100 Fix attachments of edited statuses not being fetched (#21565) (#23485) * Fix attachments of edited statuses not being fetched * Fix tests commit eade64097c48eb24d78d42ddd47c6cabb6df7d5f Author: Claire <[email protected]> Date: Thu Feb 9 20:57:24 2023 +0100 Clear voter count when poll is reset (#21700) (#23484) When a poll is edited, we reset the poll and remove all previous votes. However, prior to this commit, the voter count on the poll was not reset. This leads to incorrect percentages being shown in poll results. Fixes #21696 Co-authored-by: afontenot <[email protected]> commit 1f0be21317295e1f3a47ace6454d5afcc502d077 Author: Claire <[email protected]> Date: Thu Feb 9 20:57:14 2023 +0100 Fix some performance issues with /admin/instances (#21907) (#23483) /admin/instances?availability=failing remains wholly unefficient commit 0ca877f08478c0acb6958a893fb7384c64b4c57c Author: Claire <[email protected]> Date: Thu Feb 9 20:57:06 2023 +0100 Fix possible race conditions when suspending/unsuspending accounts (#22363) (#23482) * Fix possible race conditions when suspending/unsuspending accounts * Fix tests Tests were assuming SuspensionWorker and UnsuspensionWorker would do the suspending/unsuspending themselves, but this has changed. commit cc233af129a8f183487dbd4a9562c0533b4e5513 Author: Claire <[email protected]> Date: Thu Feb 9 20:56:58 2023 +0100 Fix suspension worker crashing on S3-compatible setups without ACL support (#22487) (#23481) commit 83f1c6460aaa7ca6f8dc11fc03a6befa71c374c3 Author: Claire <[email protected]> Date: Thu Feb 9 20:56:49 2023 +0100 Fix changing domain block severity not undoing individual account effects (#22135) (#23480) * Fix changing domain block severity not undoing individual account effects Fixes #22133 * Add tests commit e26dd2ea8f2e911448578f5bc7a00ea877e3b668 Author: Claire <[email protected]> Date: Thu Feb 9 20:56:37 2023 +0100 Add `form-action` CSP directive (#23478) * Add form-action CSP directive (#20781) * Fix OAuth flow being broken by recent CSP change (#20958) * Fix form-action CSP directive for external login (#20962) commit da5d81c90dd6199d9f615ee48b579178284cf8f2 Author: Claire <[email protected]> Date: Thu Feb 9 18:34:19 2023 +0100 Fix CircleCI issues caused by Node and OpenSSL versions (#23489) Co-authored-by: mhkhung <[email protected]> commit ee66f5790f6bee17ba5d6876021ba8ffd1ef222b Author: Claire <[email protected]> Date: Thu Dec 15 19:21:17 2022 +0100 Fix unbounded recursion in account discovery (v3.5 backport) (#22026) * Fix trying to fetch posts from other users when fetching featured posts * Rate-limit discovery of new subdomains * Put a limit on recursively discovering new accounts commit 696f7b360882e71ff45b6ddafc8eea17184a0f31 Author: Claire <[email protected]> Date: Mon Nov 14 22:26:24 2022 +0100 Bump version to 3.5.5 commit b22e1476ca667e1ab83ab26a93203c3f253540af Author: Claire <[email protected]> Date: Mon Nov 14 22:14:55 2022 +0100 Fix nodes order being sometimes mangled when rewriting emoji (#20677) * Fix front-end emoji tests * Fix nodes order being sometimes mangled when rewriting emoji commit 105ab8242582c6df02e3693f4620793add5c84f6 Author: Claire <[email protected]> Date: Mon Nov 14 11:23:10 2022 +0100 Bump version to 3.5.4 commit 2dd8f977e84b67ed073a932accd2fbf4d2f38f3a Author: Claire <[email protected]> Date: Wed Nov 9 14:21:57 2022 +0100 Fix emoji substitution not applying only to text nodes in backend code Signed-off-by: Claire <[email protected]> commit 2db06e1d089404844b632b3a2164c4bd3af24424 Author: Claire <[email protected]> Date: Wed Nov 9 14:16:02 2022 +0100 Fix emoji substitution not applying only to text nodes in Web UI Signed-off-by: Claire <[email protected]> commit 063579373e401fdac72b856971ecc01b06065365 Author: Eugen Rochko <[email protected]> Date: Wed Oct 26 14:58:52 2022 +0200 Fix rate limiting for paths with formats commit 1659788de4aa12f78108defb7294a1a23fa363bf Author: Pierre Bourdon <[email protected]> Date: Fri Nov 11 07:45:16 2022 +0100 blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388) The Blurhash library used by Mastodon requires an input encoded as 24 bits raw RGB data. The conversion to raw RGB using Imagemagick did not previously specify the desired bit depth. In some situations, this leads Imagemagick to output in a pixel format using less bpp than expected. This then manifested as segfaults of the Sidekiq process due to out-of-bounds read, or potentially a (highly noisy) memory infoleak. Fixes #19235. commit 47eaf85f02e280db8c24cfc4f9bc5a34e99da49e Author: Claire <[email protected]> Date: Mon Jul 4 11:08:30 2022 +0200 Fix crash when a remote Flag activity mentions a private post (#18760) * Add tests * Fix crash when a remote Flag activity mentions a private post commit fbcbf7898f000d9d1a21d52e8a8d3ed4602aa7db Author: Eugen Rochko <[email protected]> Date: Thu May 26 23:26:15 2022 +0200 Bump version to 3.5.3 (#18530) commit 0a1992430db7a859b3b7faa3d9ce4f07734b5fd8 Author: Eugen Rochko <[email protected]> Date: Thu May 26 23:02:42 2022 +0200 Fix errors when rendering RSS feeds (#18531) commit 52f4e834f293c9fdbf5805639d022ac4e3856b75 Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:14:47 2022 +0200 Fix concurrent unfollowing decrementing follower count more than once (#18527) commit 8a9acbe604667215c9589154d72b3f313755c210 Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:08:12 2022 +0200 Fix being able to appeal a strike unlimited times (#18529) Peculiarity of the `has_one` association is that the convenience creation method deletes the previous association even if the new one is invalid commit c4d2c39a75eccdbc60c3540c259e1e7ea5881ac6 Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:08:02 2022 +0200 Fix being able to report otherwise inaccessible statuses (#18528) commit 1ff4877945e18820f3e518a1cfbac243da65e1a5 Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:06:10 2022 +0200 Fix empty votes arbitrarily increasing voters count in polls (#18526) commit 976cd6413e9b2a1531a2ad17945342deaeec538c Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:04:16 2022 +0200 Fix moderator leak in undo_mark_statuses_as_sensitive (#18525) Signed-off-by: Eugen Rochko <[email protected]> Co-authored-by: 40826d <[email protected]> commit 9f81b9f29a14093cefcdbf09058ace089cd8e06b Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:04:05 2022 +0200 Fix suspended users being able to access APIs that don't require a user (#18524) commit 96129c2f10a82520648f6ae04e585cf797403617 Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:03:54 2022 +0200 Fix confirmation redirect to app without `Location` header (#18523) commit 3e0e7a1cfb617837ccada330afc13ed804c3c47b Author: Eugen Rochko <[email protected]> Date: Thu May 26 20:32:48 2022 +0200 Fix follower and other counters being able to go negative (#18517) commit 702b709d9a8df2ed65c54d32d585a4cf5fe13de1 Author: Yamagishi Kazutoshi <[email protected]> Date: Fri May 27 03:29:28 2022 +0900 Add ES6 compatibility to browserslist (#18519) commit d8abc0018f59ed63fb6c5fae2f6081c141a4b978 Author: Eugen Rochko <[email protected]> Date: Thu May 26 18:43:14 2022 +0200 Remove 3.3.x from supported versions in security policy (#18516) commit 088dc0ec5a383006952c0b15508af882a4c1109c Author: Eugen Rochko <[email protected]> Date: Thu May 26 18:05:47 2022 +0200 Fix regression in `tootctl search deploy` caused by unloaded attribute (#18514) commit a4fa9e23fc1ddb42452bb8f051a31894796c8002 Author: Eugen Rochko <[email protected]> Date: Thu May 26 17:55:05 2022 +0200 Change "dangerous" to "sensitive" in privacy policy and web UI (#18515) Fix #18470 commit 440eb71310e41d668f00980b73358edd5f8df043 Author: Claire <[email protected]> Date: Thu May 26 15:50:33 2022 +0200 Change unapproved and unconfirmed account to not be accessible in the REST API (#17530) * Change unapproved and unconfirmed account to not be accessible in the REST API * Change Account#searchable? to reject unconfirmed and unapproved users * Disable search for unapproved and unconfirmed users in Account.search_for * Disable search for unapproved and unconfirmed users in Account.advanced_search_for * Remove unconfirmed and unapproved accounts from Account.searchable scope * Prevent mentions to unapproved/unconfirmed accounts * Fix some old tests for Account.advanced_search_for * Add some Account.advanced_search_for tests for existing behaviors * Add some tests for Account.search_for * Add Account.advanced_search_for tests unconfirmed and unapproved accounts * Add Account.searchable tests * Fix Account.without_unapproved scope potentially messing with previously-applied scopes * Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup This is so that the API can still be used to check whether an username is free to use. commit 86f4dba47ef26aa8690354948c49009c3fd49960 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 09:16:19 2022 +0900 Bump @babel/preset-env from 7.17.12 to 7.18.2 (#18512) Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.12 to 7.18.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 77823333bb38a12705af486fa9b69cbd646dbd79 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 09:06:44 2022 +0900 Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.2 (#18511) Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-plugin-transform-runtime) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-runtime" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit ddddd4c043bd722b7e01a0595cd5f7a606fde281 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 08:41:07 2022 +0900 Bump immutable from 4.0.0 to 4.1.0 (#18502) Bumps [immutable](https://github.com/immutable-js/immutable-js) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0) --- updated-dependencies: - dependency-name: immutable dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 01db33165757042f3d95a6e372a9652b0223c5c2 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 08:06:55 2022 +0900 Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.0 (#18489) Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-plugin-transform-runtime) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-runtime" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 2bc5e41b8384b1c62832be2abead47670d169dfa Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 08:06:29 2022 +0900 Bump @babel/runtime from 7.17.9 to 7.18.0 (#18494) Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.17.9 to 7.18.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 4d48d83b0088f9e039691435407bd3d6e92e6f63 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 08:05:53 2022 +0900 Bump @babel/core from 7.17.12 to 7.18.0 (#18490) Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.17.12 to 7.18.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 25dda3061e4308a5005d3a2fef373acffc510a66 Author: Claire <[email protected]> Date: Thu May 26 00:20:30 2022 +0200 Fix unnecessary query on status creation (#17901) commit 96f29ce91ad622a0127bc3c3bf2dc503062ed0dc Author: Eugen Rochko <[email protected]> Date: Tue May 24 16:33:18 2022 +0200 New Crowdin updates (#18458) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations doorkeeper.en.yml (Ido) * New translations devise.en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations doorkeeper.en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations doorkeeper.en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations doorkeeper.en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations en.json (Esperanto) * New translations en.yml (Esperanto) * New translations en.json (Esperanto) * New translations doorkeeper.en.yml (Esperanto) * New translations en.json (Esperanto) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations en.json (Ido) * New translations doorkeeper.en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations simple_form.en.yml (Ido) * New translations en.json (Armenian) * New translations en.json (Armenian) * New translations en.json (Armenian) * New translations en.json (Scottish Gaelic) * New translations en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations en.yml (Russian) * New translations en.json (Estonian) * New translations en.json (Estonian) * New translations en.json (Estonian) * New translations en.json (Estonian) * New translations en.yml (Estonian) * New translations en.json (Estonian) * New translations en.json (Estonian) * New translations en.yml (Estonian) * New translations en.json (Estonian) * New translations en.yml (Estonian) * New translations en.json (Estonian) * New translations en.json (Estonian) * New translations en.yml (Russian) * New translations en.yml (Russian) * New translations simple_form.en.yml (Russian) * New translations en.yml (Russian) * New translations simple_form.en.yml (Russian) * New translations en.json (Sorani (Kurdish)) * New translations en.json (Sorani (Kurdish)) * New translations en.json (Sorani (Kurdish)) * New translations activerecord.en.yml (Sorani (Kurdish)) * New translations doorkeeper.en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * New translations doorkeeper.en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * Run `yarn manage:translations` * Run `bundle exec i18n-tasks normalize` Co-authored-by: Yamagishi Kazutoshi <[email protected]> commit e5997a195602624efdb366e9f09ffa377e859580 Author: Claire <[email protected]> Date: Mon May 23 20:38:29 2022 +0200 Fix warning an account outside of a report closing all reports for that account (#18387) * Fix warning an account outside of a report closing all reports for that account * Make it clear what actions solve other reports * Revert "Make it clear what actions solve other reports" This reverts commit ad006de821f72e75480701298d13f0945b509059. commit a9b64b24d6c076cb96a66307c07d4f0158dc07da Author: Eugen Rochko <[email protected]> Date: Sun May 22 22:16:43 2022 +0200 Change algorithm of `tootctl search deploy` to improve performance (#18463) commit 54bb659ad14fda8d3427752d2c99716420997d6e Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat May 21 15:43:36 2022 +0900 Bump sidekiq from 6.4.1 to 6.4.2 (#18091) Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.4.1 to 6.4.2. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.4.1...v6.4.2) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit dfb9e6dab1b119c907dece5555408c9b98ec8f2c Author: Yamagishi Kazutoshi <[email protected]> Date: Fri May 20 11:39:05 2022 +0900 Disable transpile to older iOS versions (#18462) commit e925b06721057f83f2e3e8e7bdb21f39318b90a2 Author: Yamagishi Kazutoshi <[email protected]> Date: Fri May 20 02:26:19 2022 +0900 Fix languages dropdown on light theme (#18460) commit 9a0fa28993568cb3f106f0ea6457b0ff0f9a132e Author: Eugen Rochko <[email protected]> Date: Thu May 19 12:58:16 2022 +0200 New Crowdin updates (#18419) * New translations en.json (German) * New translations en.json (Welsh) * New translations en.json (Japanese) * New translations en.json (Korean) * New translations en.json (Turkish) * New translations en.json (Chinese Simplified) * New translations en.json (Vietnamese) * New translations en.json (Portuguese, Brazilian) * New translations en.json (Asturian) * New translations en.json (Irish) * New translations en.json (Arabic) * New translations en.json (Scottish Gaelic) * New translations en.json (Galician) * New translations en.json (Czech) * New translations en.json (Slovak) * New translations en.json (Icelandic) * New translations en.json (Sorani (Kurdish)) * New translations en.json (English, United Kingdom) * New translations en.json (Norwegian) * New translations en.json (Romanian) * New translations en.json (French) * New translations en.json (Spanish) * New translations en.json (Afrikaans) * New translations en.json (Bulgarian) * New translations en.json (Persian) * New translations en.json (Tamil) * New translations en.json (Malayalam) * New translations en.json (Silesian) * New translations en.json (Taigi) * New translations en.json (Ido) * New translations en.json (Kabyle) * New translations en.json (Sanskrit) * New translations en.json (Sardinian) * New translations en.json (Corsican) * New translations en.json (Kurmanji (Kurdish)) * New translations en.json (Serbian (Latin)) * New translations en.json (Occitan) * New translations en.json (Kannada) * New translations en.json (Cornish) * New translations en.json (Sinhala) * New translations en.json (Breton) * New translations en.json (Tatar) * New translations en.json (Spanish, Argentina) * New translations en.json (Kazakh) * New translations en.json (Spanish, Mexico) * New translations en.json (Bengali) * New translations en.json (Marathi) * New translations en.json (Thai) * New translations en.json (Croatian) * New translations en.json (Norwegian Nynorsk) * New translations en.json (Estonian) * New translations en.json (Chinese Traditional, Hong Kong) * New translations en.json (Latvian) * New translations en.json (Hindi) * New translations en.json (Malay) * New translations en.json (Telugu) * New translations en.json (Esperanto) * New translations en.json (Uyghur) * New translations en.json (Standard Moroccan Tamazight) * New translations en.yml (Icelandic) * New translations en.json (German) * New translations en.json (Turkish) * New translations en.json (Icelandic) * New translations en.json (Greek) * New translations en.json (Chinese Traditional) * New translations en.json (Catalan) * New translations en.json (Latvian) * New translations en.json (Czech) * New translations en.json (Indonesian) * New translations en.json (Korean) * New translations en.json (Russian) * New translations en.json (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (German) * New translations en.json (Spanish, Argentina) * New translations en.json (Spanish, Argentina) * New translations en.json (Danish) * New translations en.json (Chinese Simplified) * New translations en.json (Afrikaans) * New translations en.json (Ukrainian) * New translations en.json (Portuguese) * New translations en.yml (Italian) * New translations en.json (Italian) * New translations en.yml (Italian) * New translations en.json (Catalan) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (French) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Arabic) * New translations en.yml (Arabic) * New translations en.yml (Hungarian) * New translations en.json (Hungarian) * New translations en.yml (Galician) * New translations en.json (Galician) * New translations en.yml (Scottish Gaelic) * New translations en.yml (Ido) * New translations en.json (Scottish Gaelic) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Catalan) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Korean) * New translations en.json (Polish) * New translations en.yml (Ido) * New translations en.json (Czech) * New translations en.json (Hungarian) * New translations en.json (Spanish, Argentina) * New translations en.json (Ido) * New translations en.json (Russian) * New translations en.json (Latvian) * New translations en.yml (Russian) * New translations en.json (Russian) * New translations devise.en.yml (Russian) * New translations en.yml (Ido) * New translations en.json (Icelandic) * New translations en.json (Portuguese) * New translations en.yml (Ido) * New translations en.json (Catalan) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * Run `yarn manage:translations` * New translations en.json (Chinese Simplified) * New translations en.yml (Slovenian) * New translations en.json (Slovenian) * New translations en.json (Vietnamese) * New translations en.json (Chinese Traditional) * New translations en.json (Chinese Simplified) * New translations en.json (Spanish) * New translations en.json (Greek) * New translations en.json (Thai) * New translations en.json (Turkish) * New translations en.json (Turkish) * New translations en.json (Italian) * New translations en.json (Kurmanji (Kurdish)) * New translations en.yml (Japanese) * New translations en.json (Japanese) * New translations en.json (Afrikaans) * New translations en.yml (Basque) * New translations en.yml (German) * New translations en.json (German) * New translations en.yml (Esperanto) * New translations en.json (German) * New translations en.yml (Esperanto) * New translations en.yml (Esperanto) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Chinese Simplified) * New translations en.json (German) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Korean) * New translations en.yml (Galician) * New translations en.json (Galician) * New translations devise.en.yml (Galician) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Russian) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Chinese Simplified) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Kurmanji (Kurdish)) * New translations en.yml (Ido) * New translations en.json (Kurmanji (Kurdish)) * New translations en.yml (German) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Korean) * New translations en.json (Korean) * New translations simple_form.en.yml (Korean) * New translations en.yml (Korean) * New translations en.json (Ukrainian) * New translations en.yml (Arabic) * New translations en.json (Arabic) * New translations en.json (Arabic) * New translations en.json (Arabic) * New translations en.json (Arabic) * New translations en.json (Thai) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Russian) * New translations en.json (Portuguese, Brazilian) * New translations en.yml (Chinese Simplified) * New translations en.json (Chinese Simplified) * New translations simple_form.en.yml (Chinese Simplified) * New translations devise.en.yml (Chinese Simplified) * New translations en.yml (Ido) * New translations en.json (French) * New translations en.json (Indonesian) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Vietnamese) * New translations en.json (Esperanto) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations doorkeeper.en.yml (Portuguese, Brazilian) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * Run `yarn manage:translations` * Run `bundle exec i18n-tasks normalize` Co-authored-by: Yamagishi Kazutoshi <[email protected]> commit 679b7158e3cd3881e8cbaf2d2c0c97725b3b5fd9 Author: Eugen Rochko <[email protected]> Date: Wed May 18 23:29:14 2022 +0200 Change search indexing to use batches to minimize resource usage (#18451) commit ded5a0254a4d29a7384ef766a1e92467fe4ebd2b Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 19 03:33:13 2022 +0900 Bump yargs from 17.4.1 to 17.5.1 (#18437) Bumps [yargs](https://github.com/yargs/yargs) from 17.4.1 to 17.5.1. - [Release notes](https://github.com/yargs/yargs/releases) - [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md) - [Commits](https://github.com/yargs/yargs/compare/v17.4.1...v17.5.1) --- updated-dependencies: - dependency-name: yargs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit ffc2971466417aafe778eddcb1510ea934cef973 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 19 03:30:31 2022 +0900 Bump dotenv from 16.0.0 to 16.0.1 (#18438) Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.0.0 to 16.0.1. - [Release notes](https://github.com/motdotla/dotenv/releases) - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](https://github.com/motdotla/dotenv/compare/v16.0.0...v16.0.1) --- updated-dependencies: - dependency-name: dotenv dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit a918a76bfbdd300e3ef549307706bdfa630f824b Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 19 03:29:53 2022 +0900 Bump glob from 8.0.1 to 8.0.3 (#18440) Bumps [glob](https://github.com/isaacs/node-glob) from 8.0.1 to 8.0.3. - [Release notes](https://github.com/isaacs/node-glob/releases) - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](https://github.com/isaacs/node-glob/compare/v8.0.1...v8.0.3) --- updated-dependencies: - dependency-name: glob dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 6b4e2d5ce686140797dd207b1ba932a86665262f Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 19 03:27:55 2022 +0900 Bump rubocop from 1.28.2 to 1.29.1 (#18433) Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.28.2 to 1.29.1. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.28.2...v1.29.1) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 6048eeed045693be63ad34dc97e98f7b2e519a70 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 19 03:27:02 2022 +0900 Bump faker from 2.20.0 to 2.21.0 (#18434) Bumps [faker](https://github.com/faker-ruby/faker) from 2.20.0 to 2.21.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v2.20.0...v2.21.0) --- updated-dependencies: - dependency-name: faker dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 1a880533acb1a8b6ee11db357d8cb8864f0e05e3 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed May 18 21:25:23 2022 +0900 Bump @babel/preset-env from 7.17.10 to 7.17.12 (#18443) Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.10 to 7.17.12. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.17.12/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <[email protected]> commit d842f645d11e99521d1c27a13ce53f97de357d52 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed May 18 21:16:16 2022 +0900 Bump @babel/plugin-proposal-decorators from 7.17.9 to 7.17.12 (#18442) Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.17.9 to 7.…
chasedream1129
added a commit
to monado-ren/mastodon
that referenced
this pull request
Aug 12, 2024
commit e9123ad691727ffec3672ff3912ef56e67c930ef Author: Claire <[email protected]> Date: Thu Feb 15 12:02:24 2024 +0100 Bump version to v3.5.19 commit c397c1a9e3090a0e879c15cafd48d5f1414b6836 Author: Claire <[email protected]> Date: Fri Feb 16 11:56:12 2024 +0100 Merge pull request from GHSA-jhrq-qvrm-qr36 * Fix insufficient Content-Type checking of fetched ActivityStreams objects * Allow JSON-LD documents with multiple profiles commit d509b6b3420d303728b13832d79b05d602dba4e2 Author: Claire <[email protected]> Date: Wed Feb 14 22:49:45 2024 +0100 Fix user creation failure handling in OmniAuth paths (#29207) Co-authored-by: Matt Jankowski <[email protected]> commit 44c265e4c7983e17bf7713db91938d95efd33046 Author: Claire <[email protected]> Date: Wed Feb 14 13:35:56 2024 +0100 Bump version to v3.5.18 commit 4a57e44809e33a8050c0062a244c351ab0871c71 Author: Claire <[email protected]> Date: Wed Feb 14 15:16:07 2024 +0100 Merge pull request from GHSA-vm39-j3vx-pch3 * Prevent different identities from a same SSO provider from accessing a same account * Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true` * Rename methods to avoid confusion between OAuth and OmniAuth commit 47c6079d8da3810889f70166950a29af2c2f1333 Author: Claire <[email protected]> Date: Wed Feb 14 15:15:34 2024 +0100 Merge pull request from GHSA-7w3c-p9j8-mq3x * Ensure destruction of OAuth Applications notifies streaming Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens. * Ensure password resets revoke access to Streaming API * Improve performance of deleting OAuth tokens --------- Co-authored-by: Emelia Smith <[email protected]> commit 69205dff9a252f42f9a75bf5a247b1376f312895 Author: Claire <[email protected]> Date: Wed Feb 14 13:12:13 2024 +0100 Add `sidekiq_unique_jobs:delete_all_locks` task and disable `sidekiq-unique-jobs` UI by default (#29199) commit d187195f2ccaeab8786e62cf2ef3a499c1b54b7f Author: Emelia Smith <[email protected]> Date: Tue Feb 13 19:11:47 2024 +0100 Disable administrative doorkeeper routes (#29187) commit 3387868dd9841cfffdae875d3296cf0aae36dc2b Author: blah <blah@blah> Date: Wed Feb 14 10:58:36 2024 +0000 Update dependency sidekiq-unique-jobs to 7.1.33 commit 3ba6ed76ea07d2856f988689e62a76882e5c9d4d Author: blah <blah@blah> Date: Wed Feb 14 10:51:59 2024 +0000 Update dependency nokogiri to 1.16.2 commit b1ed009c65802b70c9b780f3c7c3a866cba72478 Author: Claire <[email protected]> Date: Thu Feb 1 15:56:46 2024 +0100 Merge pull request from GHSA-3fjr-858r-92rw * Fix insufficient origin validation * Bump version to v3.5.17 commit 35f21191ee9fa3a99af6c207d2fb42484d58f196 Author: Claire <[email protected]> Date: Mon Nov 27 15:00:52 2023 +0100 Bump version to v3.5.16 commit 2ffce0d5f7e43138fd19a1c1b7a31b0177ae00a3 Author: Claire <[email protected]> Date: Fri Oct 20 10:45:46 2023 +0200 Fix processing LDSigned activities from actors with unknown public keys (#27474) commit 688defd60d9a31d7a4f9052985119a88d810e436 Author: Claire <[email protected]> Date: Fri Nov 24 10:31:28 2023 +0100 Change GIF max matrix size error to explicitly mention GIF files (#27927) commit d9b05f6860a574d81d1fd9fc47ca3adabf0d70cc Author: Jonathan de Jong <[email protected]> Date: Fri Oct 27 16:55:00 2023 +0200 Have `Follow` activities bypass availability (#27586) Co-authored-by: Claire <[email protected]> commit f3fd8d869596da809448d5d0105e122e8ba3db22 Author: Claire <[email protected]> Date: Mon Nov 27 14:25:54 2023 +0100 Clamp dates when serializing to Elasticsearch API (#28081) commit 49693fe42f4528db4b41a2c346391016e9fe954a Author: Claire <[email protected]> Date: Mon Nov 6 10:28:14 2023 +0100 Fix incoming status creation date not being restricted to standard ISO8601 (#27655) commit 16262f815d7d120bd73ffb71740ffaea3771683b Author: Claire <[email protected]> Date: Mon Oct 30 23:32:25 2023 +0100 Fix posts from force-sensitized accounts being able to trend (#27620) commit d4e0a12b27aa01012c50ac7f0d4ba26085258990 Author: Claire <[email protected]> Date: Mon Oct 23 14:27:07 2023 +0200 Change Content-Security-Policy to be tighter on media paths (#26889) commit db59d8486bd12f7d32dd9785cbf2daf9115d0e16 Author: Claire <[email protected]> Date: Mon Oct 9 14:03:10 2023 +0200 Bump version to v3.5.15 commit 7fb3ee0bc67cd7078fa7558483121dbe08202d8a Author: Matt Jankowski <[email protected]> Date: Tue Oct 3 11:01:45 2023 -0400 Dont match mention in url query string (#25656) Co-authored-by: Claire <[email protected]> commit 9bd027823d91fe8cc9d3c63b19c649296e626e0d Author: David Aaron <[email protected]> Date: Tue Oct 3 02:48:57 2023 -0700 Change min age of backup policy from 1 week to 6 days (#27200) commit 57d4d460503fa9ad01670533296a84c7c3f49ff3 Author: Jakob Gillich <[email protected]> Date: Tue Oct 3 10:47:50 2023 +0200 Fix importer returning negative row estimates (#27258) commit c91116f7800fe622750c93ea7d51d5d72e143ed3 Author: Claire <[email protected]> Date: Thu Sep 28 13:41:24 2023 +0200 Fix filtering audit log for entries about disabling 2FA (#27186) commit f45b5f5006f59d895da158e65cecead37d9a5b38 Author: Essem <[email protected]> Date: Mon Sep 25 12:21:07 2023 -0500 Properly remove tIME chunk from PNG uploads (#27111) commit 47441e51f3749894ac5699abffdd1cc190c0256e Author: Claire <[email protected]> Date: Fri Oct 6 12:58:16 2023 +0200 Fix crash when filtering for “dormant” relationships (#27306) commit af02650322aad7468bfa7363f8232b0ae7151e6f Author: Claire <[email protected]> Date: Mon Sep 25 15:06:43 2023 +0200 Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116) commit 75346a71f7f4f0a3deb2841c19e6105a06f98f1e Author: Claire <[email protected]> Date: Tue Sep 19 12:49:15 2023 +0200 Bump version to v3.5.14 commit 49af3e26dc3a433922d78ae01be50549f29d1949 Author: Claire <[email protected]> Date: Wed Sep 6 16:40:19 2023 +0200 Fix moderator rights inconsistencies (#26729) commit 412c3e13ecae1bc9a6fd204b6e4018c5c4c2e6ba Author: Claire <[email protected]> Date: Wed Sep 6 12:17:51 2023 +0200 Fix crash when encountering invalid URL (#26814) commit 31c5e63a58923b9d227d90b48994ed48491dd52e Author: Claire <[email protected]> Date: Thu Aug 17 16:11:48 2023 +0200 Fix cached posts including stale stats (#26409) commit e8eeb746ac2d2ec635d46c9c07b73a56b4f2c77c Author: Nicolai Søborg <[email protected]> Date: Fri Aug 18 08:32:47 2023 +0200 Fix `frame_rate` for videos where `ffprobe` reports 0/0 (#26500) commit 0158c31c02b62f39add6f41f1584bf23a8dda047 Author: yufushiro <[email protected]> Date: Wed Aug 23 15:44:56 2023 +0900 Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608) Co-authored-by: Claire <[email protected]> commit 9deb1781269fd817c930d38f916672bec3d566a8 Author: Claire <[email protected]> Date: Tue Sep 19 16:53:58 2023 +0200 Merge pull request from GHSA-v3xf-c9qf-j667 commit 8e6fe192258fab9df50cfa7c4c0f6c22a756868e Author: Claire <[email protected]> Date: Mon Sep 18 08:31:53 2023 +0200 Change Dockerfile to upgrade packages when building (#26931) Co-authored-by: Renaud Chaput <[email protected]> commit 4eb709ea7ea6b5bc1fcdbe1762dd3b7efcc07f6e Author: Claire <[email protected]> Date: Wed Sep 6 09:18:28 2023 +0200 Update actions for stable-3.5 (#26804) Co-authored-by: Renaud Chaput <[email protected]> commit 86a31fc0196f876f6671a883198fcc460bcd60c5 Author: Claire <[email protected]> Date: Tue Sep 5 17:46:39 2023 +0200 Fix Dockerfile installing incompatible npm version (#26803) commit 16e47e1aae55c0ead7207030ad8a554c18ff1250 Author: Claire <[email protected]> Date: Tue Sep 5 15:30:24 2023 +0200 Bump version to v3.5.13 commit dcffd6b3d76a5e9d420119d0730724d56f7fe968 Author: Emelia Smith <[email protected]> Date: Mon May 22 13:15:21 2023 +0200 Allow reports with long comments from remote instances, but truncate (#25028) commit 8de0f7e198b25741cd6cb849095520b88fab088d Author: Daniel M Brasil <[email protected]> Date: Thu Aug 31 08:53:24 2023 -0300 Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled (#26237) commit e37551421ee30ccd9e6a36e2ad4c88ddf5a1b3d8 Author: Claire <[email protected]> Date: Wed Aug 9 09:39:36 2023 +0200 Fix blocking subdomains of an already-blocked domain (#26392) commit 2e0eab9d18f1473654542f96ff9172cab0e8661e Author: Claire <[email protected]> Date: Wed Aug 30 17:36:16 2023 +0200 Change text extraction in `PlainTextFormatter` to be faster (#26727) commit ce75c175cdf12bdfdf8b84271b52989abe54cb50 Author: Claire <[email protected]> Date: Thu Aug 31 19:54:17 2023 +0200 Backport container build changes to the stable-3.5 branch (#26742) Co-authored-by: Renaud Chaput <[email protected]> commit a3d31ffc1ead2abe98a8b722b406a7574a14a915 Author: Claire <[email protected]> Date: Fri Jul 28 10:07:57 2023 +0200 Bump version to v3.5.12 commit 50f4af28b0f1fde03e1a57583bccc1387d6f08bf Author: Emelia Smith <[email protected]> Date: Fri Jul 28 12:06:29 2023 +0200 Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228) commit e655b35d7e4ebf9c5a2ab6cb4bf4e950785cfee0 Author: Claire <[email protected]> Date: Sat Jul 22 20:42:31 2023 +0200 Fix incorrect connect timeout in outgoing requests (#26116) commit 80c00f4aa57fd21679fade777310422e55274c65 Author: Claire <[email protected]> Date: Fri Jul 21 14:33:34 2023 +0200 Bump version to v3.5.11 commit 1a0192537d11fb8932735c33f904e8fc4263356b Author: Claire <[email protected]> Date: Fri Jul 21 14:18:04 2023 +0200 Add check preventing Sidekiq workers from running with Makara configured (#25850) Co-authored-by: Eugen Rochko <[email protected]> commit 668cd00e130c152ed05b19f7d7f663d33790d9ac Author: Claire <[email protected]> Date: Fri Jul 21 14:14:10 2023 +0200 Fix testsuite failure introduced in last release commit 0bd52de49263af22d2fed02e9cec84fbeb3d6f9b Author: Claire <[email protected]> Date: Fri Jul 21 13:34:15 2023 +0200 Fix CSP headers being unintendedly wide (#26105) commit ced65ffbb48a37ca46c278156bc0987378bf0a8a Author: Claire <[email protected]> Date: Tue Jul 18 20:51:20 2023 +0200 Change request timeout handling to use a longer deadline (#26055) commit 6398fc0b66fad30112de9b4ea026436c4ebc9b32 Author: Claire <[email protected]> Date: Mon Jul 10 18:42:10 2023 +0200 Fix moderation interface for remote instances with a .zip TLD (#25885) commit 7709bbba65cb07158a74292542a2a6bf0b8452bb Author: Claire <[email protected]> Date: Mon Jul 10 18:42:19 2023 +0200 Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886) commit 4f6d121b248dcc6b80a9d2597fb7b6ac73a50cf4 Author: Michael Stanclift <[email protected]> Date: Thu Jul 13 04:12:51 2023 -0500 Fix trending publishers table not rendering correctly on narrow screens (#25945) commit 687421ebbe3a8245c2fd2b7fe9bf8c325e9f3bb2 Author: Claire <[email protected]> Date: Fri Jul 7 18:56:11 2023 +0200 Bump version to v3.5.10 commit 517c4a8a7a96bd2f16e369fa794575c30be370c8 Author: Claire <[email protected]> Date: Fri Jul 7 13:35:22 2023 +0200 Fix processing of media files with unusual names (#25788) commit dca0d8427e42e9a498b2c88b85660fef19d8fd1a Author: Claire <[email protected]> Date: Fri Jul 7 18:10:17 2023 +0200 Fix crash in admin interface when viewing a remote user with verified links (#25796) commit b10c974ba1952c545acff505bfd36feb0c60b000 Author: Claire <[email protected]> Date: Wed Jun 21 10:38:16 2023 +0200 Bump version to v3.5.9 commit ca4b23bf0d936f09f0bf60ab1055f6c2f0373dd9 Author: Claire <[email protected]> Date: Thu Jul 6 15:06:49 2023 +0200 Merge pull request from GHSA-55j9-c3mp-6fcq commit 32e5a9f053d4d59cd7cd782a889055295554a697 Author: Claire <[email protected]> Date: Thu Jul 6 15:06:24 2023 +0200 Merge pull request from GHSA-9pxv-6qvf-pjwc * Fix timeout handling of outbound HTTP requests * Use CLOCK_MONOTONIC instead of Time.now commit 987f9099947fdcd71e79d4908cdc4373eca92a85 Author: Claire <[email protected]> Date: Thu Jul 6 15:05:05 2023 +0200 Merge pull request from GHSA-9928-3cp5-93fm * Fix attachments getting processed despite failing content-type validation * Add a restrictive ImageMagick security policy tailored for Mastodon * Fix misdetection of MP3 files with large cover art * Reject unprocessable audio/video files instead of keeping them unchanged commit c02fa93c578d6578f39de689752c02dd92f3b079 Author: Claire <[email protected]> Date: Thu Jul 6 15:03:33 2023 +0200 Merge pull request from GHSA-ccm4-vgcc-73hp * Tighten allowed HTML in oEmbed-based preview cards * Sanitize preview cards at render time * Add `sandbox` attribute to preview card iframes commit c30901134654b759d06b8e5b16bf7f9608f199fc Author: Claire <[email protected]> Date: Wed Jun 21 14:18:04 2023 +0200 Add hardened headers to user-uploaded files commit 6b538225af099276a6113b40f3763b8cde6284fd Author: Claire <[email protected]> Date: Wed Jun 28 14:27:12 2023 +0200 Update rack, rails, nokogiri, omniauth, sanitize and doorkeeper gems commit 3c72c7b34e7cd5904bf0070d95201a2bd0fe7e54 Author: Renaud Chaput <[email protected]> Date: Thu Jun 1 12:14:49 2023 +0200 Allow carets in URL search params (#25216) commit 07f60ffcbbbaf661347cd3cd7098f20d3a3730f7 Author: Vyr Cossont <[email protected]> Date: Fri Mar 31 23:28:35 2023 -0700 Fix Redis client and type errors introduced in #24285 (#24342) commit c1467453f6e67e108308b4cba531eb013caed319 Author: Vyr Cossont <[email protected]> Date: Fri Mar 31 05:38:47 2023 -0700 IndexingScheduler: fetch and import in batches (#24285) Co-authored-by: Claire <[email protected]> commit 00e65a77df600330c4ae694616fb185e15b8835f Author: Emelia Smith <[email protected]> Date: Tue Jun 20 18:04:35 2023 +0200 Prevent UserCleanupScheduler from overwhelming streaming (#25519) commit f9521bc2b54dff1c616ef271024426776e9434e2 Author: Daniel M Brasil <[email protected]> Date: Mon Jun 19 03:53:05 2023 -0300 Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477) commit e4bff6cd76d8e615bd2d2ed0ba8250d5d2438c0f Author: Emelia Smith <[email protected]> Date: Sat Jun 10 18:24:37 2023 +0200 Fix logging of messages that are binary before closing their connection (#25361) commit 6f819c7071ed5fc810e4e5f0063f76185a41f4a0 Author: Emelia Smith <[email protected]> Date: Fri Jun 9 19:29:16 2023 +0200 Fix performance of streaming by parsing message JSON once (#25278) commit 4aa1c4e2ad1969376cb95336a7a86cacbe547c18 Author: Claire <[email protected]> Date: Mon Jun 5 17:35:05 2023 +0200 Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) commit 176ae71fd42fb4990c3a8660c3e710cd31b3686e Author: Daniel M Brasil <[email protected]> Date: Sun Apr 30 01:50:58 2023 -0300 Fix `tootctl accounts approve --number N` not aproving N earliest registrations (#24605) commit feac95333fbfc8ef54bd96a273f9454bc25a3ca8 Author: Claire <[email protected]> Date: Fri May 12 13:13:04 2023 +0200 Change profile updates to be sent to recently-mentioned servers (#24852) commit bb1e7e112e5e929388417e22828d3eb235151d20 Author: Claire <[email protected]> Date: Wed May 17 00:08:42 2023 +0200 Fix being able to vote on your own polls (#25015) commit e233060ea5d0cf7e5baf247e34a38119bc4bf903 Author: Claire <[email protected]> Date: Wed May 17 00:09:21 2023 +0200 Fix race condition when reblogging a status (#25016) commit 3faebae2d1a5f72bf93167b1fbb279406bb738de Author: Claire <[email protected]> Date: Mon May 22 12:25:56 2023 +0200 Change OpenGraph-based embeds to allow fullscreen (#25058) commit 95f59da1578272efee84f06375d6e77944a4d5b0 Author: Claire <[email protected]> Date: Mon May 22 14:03:38 2023 +0200 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) commit 6f94b4ae19144e6fbf625e47b821c1aacf391722 Author: Claire <[email protected]> Date: Tue May 23 14:27:17 2023 +0200 Remove invalid X-Frame-Options: ALLOWALL (#25070) commit 283184b390bdd9b8200fd2dac0c1abd2def25fca Author: Claire <[email protected]> Date: Tue May 23 15:00:36 2023 +0200 Change Identity to not destroy associated User on destroy (#25098) commit d54980ef2df2704c0a1698ce3de19eb4e3916be1 Author: Claire <[email protected]> Date: Tue Jun 20 18:32:26 2023 +0200 Fix /api/v1/conversations sometimes returning empty accounts (#25499) commit 08579976e02c582f4465e63b03e38e4b8886705f Author: Claire <[email protected]> Date: Wed Jun 14 08:54:52 2023 +0200 Fix ArgumentError when loading newer Private Mentions (#25399) commit ff3f40a675c1dcbf17e121b0d09ce65ea441d8a5 Author: Claire <[email protected]> Date: Thu Jun 1 02:41:51 2023 +0200 Fix multiple N+1s in ConversationsController (#25134) commit 0dce749192b1d7a1513bdf45b7eafa6181bac3b9 Author: Claire <[email protected]> Date: Wed Apr 5 19:31:49 2023 +0200 Fix user archive takeouts when using OpenStack Swift (#24431) commit 1bd831b9a9d288566ca38045f6410c771946634b Author: Claire <[email protected]> Date: Mon Mar 27 17:50:34 2023 +0200 Bump version to v3.5.8 commit 55144262d054a52b76baa9d077e235e5c61fac37 Author: Claire <[email protected]> Date: Mon Apr 3 15:47:04 2023 +0200 Fix unescaped user input in LDAP query (#24379) Fix CVE-2023-28853 commit 40438675f8ddf0a6e30af4edef63286f8026f2b5 Author: Claire <[email protected]> Date: Mon Apr 3 15:05:39 2023 +0200 Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327) commit 0f4c908b64c34d94936dad1cfa4b2e2d225285cc Author: Claire <[email protected]> Date: Fri Mar 31 21:42:28 2023 +0200 Fix invalid/expired invites being processed on sign-up (#24337) commit 3eb5b47768ec8387d3a0ec9ffd27ff777be18407 Author: Sai <[email protected]> Date: Fri Mar 31 15:42:59 2023 +0100 Upgrade Ruby to 3.0.6 (#24332) commit 520e9cc765b9b8263270f9e311b8beefd6b322f9 Author: Robert R George <[email protected]> Date: Wed Mar 29 00:58:27 2023 -0700 Wrap db:setup with Chewy.strategy(:mastodon) (#24302) commit d25493e26295d27af34441a5f120226f2c17eda9 Author: Claire <[email protected]> Date: Mon Mar 27 17:07:37 2023 +0200 Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) commit 3d67a9329ef9859559d8c9143227c493088a620a Author: Claire <[email protected]> Date: Mon Mar 20 20:02:58 2023 +0100 Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled (#24182) commit 547634dfa64a59012f37b60a6dd830bc4be76be4 Author: Claire <[email protected]> Date: Thu Mar 16 22:39:45 2023 +0100 Bump version to v3.5.7 commit f90daf58dbc09a492b65a281d2cf5b5c4f5055b6 Author: Claire <[email protected]> Date: Thu Mar 16 22:47:01 2023 +0100 Add warning for object storage misconfiguration (#24137) commit a42b48ea4e66f3081dc6c21c06ed98db94116c02 Author: Eugen Rochko <[email protected]> Date: Thu Mar 16 22:46:52 2023 +0100 Change user backups to use expiring URLs for download when possible (#24136) commit 251dd0b72b2ca6aafe6676c6dbcc81260b2c1355 Author: Claire <[email protected]> Date: Thu Mar 16 13:41:55 2023 +0100 Update changelog commit 18840cbc6ef4fd8e9c48b0053a9f9b68978f4ffc Author: Nick Schonning <[email protected]> Date: Wed Mar 15 11:43:44 2023 -0400 Skip pushing containers on forks (#24106) commit 727126255a043aec46d20cc07962771376b6d82b Author: Renaud Chaput <[email protected]> Date: Wed Mar 15 16:41:13 2023 +0100 Use Github Container Registry as the official container image source (#24113) commit 98d654b8bb59de4d412007b1864d1376394652c7 Author: Nick Schonning <[email protected]> Date: Tue Mar 14 22:43:49 2023 -0400 Skip Docker CI Login/Push on forks (#23564) commit 25c517144c294b4d3a3b85c6358aff15f8d4ed6e Author: Renaud Chaput <[email protected]> Date: Tue Mar 14 20:27:43 2023 +0100 Push Docker images to Github Container Registry as well (#24101) commit f036546c220fef1fccfdf816cfce1533262fb3af Author: Claire <[email protected]> Date: Wed Mar 15 04:15:20 2023 +0100 Fix misleading error code when receiving invalid WebAuthn credentials (#23568) commit 9256d653a5677fa726f0a93d0d5428d79c6020a7 Author: Claire <[email protected]> Date: Wed Mar 15 04:14:47 2023 +0100 Fix incorrect post links in strikes when the account is remote (#23611) commit d0c0808ad4ede98873e753df1543f33b0349f4be Author: Jeremy Kescher <[email protected]> Date: Mon Nov 7 02:40:17 2022 +0000 Add null check on application in dispute viewer (#19851) commit cb622b23b1465dfde7731a1f9bc82dd3fe51a561 Author: Claire <[email protected]> Date: Wed Mar 15 04:01:49 2023 +0100 Fix dashboard crash on ElasticSearch server error (#23751) commit fe866f8afb89e07e2fa72aaddccd6388f9ed4183 Author: Claire <[email protected]> Date: Tue Mar 14 10:34:16 2023 +0100 Update changelog commit a1e765991e416cdd5fb1ededa1ab0245c5062882 Author: Claire <[email protected]> Date: Fri Mar 3 20:44:46 2023 +0100 Add mail headers to avoid auto-replies (#23597) commit 76b9f4271291e0700680f182e94326f27f95390f Author: Claire <[email protected]> Date: Tue Feb 21 09:23:39 2023 +0100 Add `lang` tag to native language names in language picker (#23749) commit 708e590117c68c3c851c4eb7287cfa03c68a0ac0 Author: Claire <[email protected]> Date: Sun Mar 12 23:47:55 2023 +0100 Fix sidekiq jobs not triggering Elasticsearch index updates (#24046) commit a717aa929cf6c60239266f45671862802e9f29ed Author: Rodion Borisov <[email protected]> Date: Thu Mar 9 16:35:44 2023 +0300 Center the text itself in upload area (#24029) commit bbb7c54367b8a284f5fcef8e910b50005e8ad197 Author: Claire <[email protected]> Date: Mon Mar 6 17:44:55 2023 +0100 Fix `/api/v1/streaming` sub-paths not being redirected (#23988) commit 282596a66e68e2ca5d7bef90c39fc50fe770d63a Author: Eugen Rochko <[email protected]> Date: Sun Mar 5 01:52:42 2023 +0100 Fix pgBouncer resetting application name on every transaction (#23958) commit e6f6fe6106709b2efd342e7ce7339f08c5fa0682 Author: Claire <[email protected]> Date: Fri Mar 3 21:13:55 2023 +0100 Fix original account being unfollowed on migration before the follow request could be sent (#21957) commit 86b1adf7d74b07b0fd99e923de59b8d7b44485df Author: Claire <[email protected]> Date: Mon Mar 6 16:00:08 2023 +0100 Fix unconfirmed accounts being registered as active users (#23803) commit 4beeec4e50169ef8c370e0a9793a2d303c5eb403 Author: Claire <[email protected]> Date: Fri Mar 3 20:36:18 2023 +0100 Fix server error when failing to follow back followers from `/relationships` (#23787) commit 3c44ba04112a5136ad56385868f30347fce392b4 Author: Claire <[email protected]> Date: Wed Feb 22 11:53:13 2023 +0100 Fix inefficiency when searching accounts per username in admin interface (#23801) commit 339d4fa61cf6a8e04a4b40b17dfb036adb9e5f86 Author: Dean Bassett <[email protected]> Date: Mon Feb 13 05:54:08 2023 -0800 Fix case-sensitive check for previously used hashtags (#23526) commit 62f0eab635da5ae94c9add6eb62b8f251409e77f Author: Claire <[email protected]> Date: Fri Mar 3 20:25:15 2023 +0100 Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) commit 8c8d578e3884214dd4c8252f8f6fddb2e785aab8 Author: Claire <[email protected]> Date: Fri Feb 10 22:18:15 2023 +0100 Bump version to 3.5.6 (#23493) commit a8a3e86216a569cf8c0c48ff1b0c48069bc9a1e2 Author: Claire <[email protected]> Date: Fri Feb 10 22:16:47 2023 +0100 Fix unbounded recursion in post discovery (#23507) * Add a limit to how many posts can get fetched as a result of a single request * Add tests * Always pass `request_id` when processing `Announce` activities --------- Co-authored-by: nametoolong <[email protected]> commit be1caad9338157773ca91f7aee89d440347cf49b Author: Claire <[email protected]> Date: Thu Feb 9 21:02:09 2023 +0100 Fix REST API serializer for Account not including `moved` when the moved account has itself moved (#22483) (#23492) Instead of cutting immediately, cut after one recursion. commit 84a40824adb477f4956f49c64a0746f4f7048a3a Author: Claire <[email protected]> Date: Thu Feb 9 21:02:01 2023 +0100 Fix sanitizer parsing link text as HTML when stripping unsupported links (#22558) (#23491) commit 533bf92d21b9ca2dfe64dff597980bb4fb6578c4 Author: Claire <[email protected]> Date: Thu Feb 9 21:01:53 2023 +0100 Don't delivery a reply to domains which are blocked by author (#22117) (#23490) Co-authored-by: Jeong Arm <[email protected]> commit 6a2b48190c62ddf2d4f1278972f6897ed9da83e8 Author: Claire <[email protected]> Date: Thu Feb 9 21:01:45 2023 +0100 Log admin approve and reject account (#22088) (#23488) * Log admin approve and reject account * Add unit tests for approve and reject logging Co-authored-by: Francis Murillo <[email protected]> commit 6cbc5899905b47af82833f19882c4b57b0b4c34b Author: Claire <[email protected]> Date: Thu Feb 9 21:01:38 2023 +0100 Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note (#23318) (#23487) * Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note * Add tests commit a2bfb16cb82ad0549f4e7431cc0228dc5189108e Author: Claire <[email protected]> Date: Thu Feb 9 21:01:21 2023 +0100 Fix crash when marking statuses as sensitive while some statuses are deleted (#22134) (#23486) * Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments * Fix crash when marking statuses as sensitive while some statuses are deleted Fixes #21910 * Fix multiple strikes being created for a single report when selecting “Mark as sensitive” * Add tests commit cfc0507010108a2e862a07ab7e9707beb972b2db Author: Claire <[email protected]> Date: Thu Feb 9 20:57:31 2023 +0100 Fix attachments of edited statuses not being fetched (#21565) (#23485) * Fix attachments of edited statuses not being fetched * Fix tests commit eade64097c48eb24d78d42ddd47c6cabb6df7d5f Author: Claire <[email protected]> Date: Thu Feb 9 20:57:24 2023 +0100 Clear voter count when poll is reset (#21700) (#23484) When a poll is edited, we reset the poll and remove all previous votes. However, prior to this commit, the voter count on the poll was not reset. This leads to incorrect percentages being shown in poll results. Fixes #21696 Co-authored-by: afontenot <[email protected]> commit 1f0be21317295e1f3a47ace6454d5afcc502d077 Author: Claire <[email protected]> Date: Thu Feb 9 20:57:14 2023 +0100 Fix some performance issues with /admin/instances (#21907) (#23483) /admin/instances?availability=failing remains wholly unefficient commit 0ca877f08478c0acb6958a893fb7384c64b4c57c Author: Claire <[email protected]> Date: Thu Feb 9 20:57:06 2023 +0100 Fix possible race conditions when suspending/unsuspending accounts (#22363) (#23482) * Fix possible race conditions when suspending/unsuspending accounts * Fix tests Tests were assuming SuspensionWorker and UnsuspensionWorker would do the suspending/unsuspending themselves, but this has changed. commit cc233af129a8f183487dbd4a9562c0533b4e5513 Author: Claire <[email protected]> Date: Thu Feb 9 20:56:58 2023 +0100 Fix suspension worker crashing on S3-compatible setups without ACL support (#22487) (#23481) commit 83f1c6460aaa7ca6f8dc11fc03a6befa71c374c3 Author: Claire <[email protected]> Date: Thu Feb 9 20:56:49 2023 +0100 Fix changing domain block severity not undoing individual account effects (#22135) (#23480) * Fix changing domain block severity not undoing individual account effects Fixes #22133 * Add tests commit e26dd2ea8f2e911448578f5bc7a00ea877e3b668 Author: Claire <[email protected]> Date: Thu Feb 9 20:56:37 2023 +0100 Add `form-action` CSP directive (#23478) * Add form-action CSP directive (#20781) * Fix OAuth flow being broken by recent CSP change (#20958) * Fix form-action CSP directive for external login (#20962) commit da5d81c90dd6199d9f615ee48b579178284cf8f2 Author: Claire <[email protected]> Date: Thu Feb 9 18:34:19 2023 +0100 Fix CircleCI issues caused by Node and OpenSSL versions (#23489) Co-authored-by: mhkhung <[email protected]> commit ee66f5790f6bee17ba5d6876021ba8ffd1ef222b Author: Claire <[email protected]> Date: Thu Dec 15 19:21:17 2022 +0100 Fix unbounded recursion in account discovery (v3.5 backport) (#22026) * Fix trying to fetch posts from other users when fetching featured posts * Rate-limit discovery of new subdomains * Put a limit on recursively discovering new accounts commit 696f7b360882e71ff45b6ddafc8eea17184a0f31 Author: Claire <[email protected]> Date: Mon Nov 14 22:26:24 2022 +0100 Bump version to 3.5.5 commit b22e1476ca667e1ab83ab26a93203c3f253540af Author: Claire <[email protected]> Date: Mon Nov 14 22:14:55 2022 +0100 Fix nodes order being sometimes mangled when rewriting emoji (#20677) * Fix front-end emoji tests * Fix nodes order being sometimes mangled when rewriting emoji commit 105ab8242582c6df02e3693f4620793add5c84f6 Author: Claire <[email protected]> Date: Mon Nov 14 11:23:10 2022 +0100 Bump version to 3.5.4 commit 2dd8f977e84b67ed073a932accd2fbf4d2f38f3a Author: Claire <[email protected]> Date: Wed Nov 9 14:21:57 2022 +0100 Fix emoji substitution not applying only to text nodes in backend code Signed-off-by: Claire <[email protected]> commit 2db06e1d089404844b632b3a2164c4bd3af24424 Author: Claire <[email protected]> Date: Wed Nov 9 14:16:02 2022 +0100 Fix emoji substitution not applying only to text nodes in Web UI Signed-off-by: Claire <[email protected]> commit 063579373e401fdac72b856971ecc01b06065365 Author: Eugen Rochko <[email protected]> Date: Wed Oct 26 14:58:52 2022 +0200 Fix rate limiting for paths with formats commit 1659788de4aa12f78108defb7294a1a23fa363bf Author: Pierre Bourdon <[email protected]> Date: Fri Nov 11 07:45:16 2022 +0100 blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388) The Blurhash library used by Mastodon requires an input encoded as 24 bits raw RGB data. The conversion to raw RGB using Imagemagick did not previously specify the desired bit depth. In some situations, this leads Imagemagick to output in a pixel format using less bpp than expected. This then manifested as segfaults of the Sidekiq process due to out-of-bounds read, or potentially a (highly noisy) memory infoleak. Fixes #19235. commit 47eaf85f02e280db8c24cfc4f9bc5a34e99da49e Author: Claire <[email protected]> Date: Mon Jul 4 11:08:30 2022 +0200 Fix crash when a remote Flag activity mentions a private post (#18760) * Add tests * Fix crash when a remote Flag activity mentions a private post commit fbcbf7898f000d9d1a21d52e8a8d3ed4602aa7db Author: Eugen Rochko <[email protected]> Date: Thu May 26 23:26:15 2022 +0200 Bump version to 3.5.3 (#18530) commit 0a1992430db7a859b3b7faa3d9ce4f07734b5fd8 Author: Eugen Rochko <[email protected]> Date: Thu May 26 23:02:42 2022 +0200 Fix errors when rendering RSS feeds (#18531) commit 52f4e834f293c9fdbf5805639d022ac4e3856b75 Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:14:47 2022 +0200 Fix concurrent unfollowing decrementing follower count more than once (#18527) commit 8a9acbe604667215c9589154d72b3f313755c210 Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:08:12 2022 +0200 Fix being able to appeal a strike unlimited times (#18529) Peculiarity of the `has_one` association is that the convenience creation method deletes the previous association even if the new one is invalid commit c4d2c39a75eccdbc60c3540c259e1e7ea5881ac6 Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:08:02 2022 +0200 Fix being able to report otherwise inaccessible statuses (#18528) commit 1ff4877945e18820f3e518a1cfbac243da65e1a5 Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:06:10 2022 +0200 Fix empty votes arbitrarily increasing voters count in polls (#18526) commit 976cd6413e9b2a1531a2ad17945342deaeec538c Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:04:16 2022 +0200 Fix moderator leak in undo_mark_statuses_as_sensitive (#18525) Signed-off-by: Eugen Rochko <[email protected]> Co-authored-by: 40826d <[email protected]> commit 9f81b9f29a14093cefcdbf09058ace089cd8e06b Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:04:05 2022 +0200 Fix suspended users being able to access APIs that don't require a user (#18524) commit 96129c2f10a82520648f6ae04e585cf797403617 Author: Eugen Rochko <[email protected]> Date: Thu May 26 22:03:54 2022 +0200 Fix confirmation redirect to app without `Location` header (#18523) commit 3e0e7a1cfb617837ccada330afc13ed804c3c47b Author: Eugen Rochko <[email protected]> Date: Thu May 26 20:32:48 2022 +0200 Fix follower and other counters being able to go negative (#18517) commit 702b709d9a8df2ed65c54d32d585a4cf5fe13de1 Author: Yamagishi Kazutoshi <[email protected]> Date: Fri May 27 03:29:28 2022 +0900 Add ES6 compatibility to browserslist (#18519) commit d8abc0018f59ed63fb6c5fae2f6081c141a4b978 Author: Eugen Rochko <[email protected]> Date: Thu May 26 18:43:14 2022 +0200 Remove 3.3.x from supported versions in security policy (#18516) commit 088dc0ec5a383006952c0b15508af882a4c1109c Author: Eugen Rochko <[email protected]> Date: Thu May 26 18:05:47 2022 +0200 Fix regression in `tootctl search deploy` caused by unloaded attribute (#18514) commit a4fa9e23fc1ddb42452bb8f051a31894796c8002 Author: Eugen Rochko <[email protected]> Date: Thu May 26 17:55:05 2022 +0200 Change "dangerous" to "sensitive" in privacy policy and web UI (#18515) Fix #18470 commit 440eb71310e41d668f00980b73358edd5f8df043 Author: Claire <[email protected]> Date: Thu May 26 15:50:33 2022 +0200 Change unapproved and unconfirmed account to not be accessible in the REST API (#17530) * Change unapproved and unconfirmed account to not be accessible in the REST API * Change Account#searchable? to reject unconfirmed and unapproved users * Disable search for unapproved and unconfirmed users in Account.search_for * Disable search for unapproved and unconfirmed users in Account.advanced_search_for * Remove unconfirmed and unapproved accounts from Account.searchable scope * Prevent mentions to unapproved/unconfirmed accounts * Fix some old tests for Account.advanced_search_for * Add some Account.advanced_search_for tests for existing behaviors * Add some tests for Account.search_for * Add Account.advanced_search_for tests unconfirmed and unapproved accounts * Add Account.searchable tests * Fix Account.without_unapproved scope potentially messing with previously-applied scopes * Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup This is so that the API can still be used to check whether an username is free to use. commit 86f4dba47ef26aa8690354948c49009c3fd49960 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 09:16:19 2022 +0900 Bump @babel/preset-env from 7.17.12 to 7.18.2 (#18512) Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.12 to 7.18.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 77823333bb38a12705af486fa9b69cbd646dbd79 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 09:06:44 2022 +0900 Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.2 (#18511) Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-plugin-transform-runtime) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-runtime" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit ddddd4c043bd722b7e01a0595cd5f7a606fde281 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 08:41:07 2022 +0900 Bump immutable from 4.0.0 to 4.1.0 (#18502) Bumps [immutable](https://github.com/immutable-js/immutable-js) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0) --- updated-dependencies: - dependency-name: immutable dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 01db33165757042f3d95a6e372a9652b0223c5c2 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 08:06:55 2022 +0900 Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.0 (#18489) Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-plugin-transform-runtime) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-runtime" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 2bc5e41b8384b1c62832be2abead47670d169dfa Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 08:06:29 2022 +0900 Bump @babel/runtime from 7.17.9 to 7.18.0 (#18494) Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.17.9 to 7.18.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 4d48d83b0088f9e039691435407bd3d6e92e6f63 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 26 08:05:53 2022 +0900 Bump @babel/core from 7.17.12 to 7.18.0 (#18490) Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.17.12 to 7.18.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 25dda3061e4308a5005d3a2fef373acffc510a66 Author: Claire <[email protected]> Date: Thu May 26 00:20:30 2022 +0200 Fix unnecessary query on status creation (#17901) commit 96f29ce91ad622a0127bc3c3bf2dc503062ed0dc Author: Eugen Rochko <[email protected]> Date: Tue May 24 16:33:18 2022 +0200 New Crowdin updates (#18458) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations doorkeeper.en.yml (Ido) * New translations devise.en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations doorkeeper.en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations doorkeeper.en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations doorkeeper.en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations en.json (Esperanto) * New translations en.yml (Esperanto) * New translations en.json (Esperanto) * New translations doorkeeper.en.yml (Esperanto) * New translations en.json (Esperanto) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations en.json (Ido) * New translations doorkeeper.en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Ido) * New translations simple_form.en.yml (Ido) * New translations en.json (Armenian) * New translations en.json (Armenian) * New translations en.json (Armenian) * New translations en.json (Scottish Gaelic) * New translations en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations en.yml (Ido) * New translations simple_form.en.yml (Ido) * New translations en.yml (Russian) * New translations en.json (Estonian) * New translations en.json (Estonian) * New translations en.json (Estonian) * New translations en.json (Estonian) * New translations en.yml (Estonian) * New translations en.json (Estonian) * New translations en.json (Estonian) * New translations en.yml (Estonian) * New translations en.json (Estonian) * New translations en.yml (Estonian) * New translations en.json (Estonian) * New translations en.json (Estonian) * New translations en.yml (Russian) * New translations en.yml (Russian) * New translations simple_form.en.yml (Russian) * New translations en.yml (Russian) * New translations simple_form.en.yml (Russian) * New translations en.json (Sorani (Kurdish)) * New translations en.json (Sorani (Kurdish)) * New translations en.json (Sorani (Kurdish)) * New translations activerecord.en.yml (Sorani (Kurdish)) * New translations doorkeeper.en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * New translations doorkeeper.en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * New translations en.yml (Sorani (Kurdish)) * Run `yarn manage:translations` * Run `bundle exec i18n-tasks normalize` Co-authored-by: Yamagishi Kazutoshi <[email protected]> commit e5997a195602624efdb366e9f09ffa377e859580 Author: Claire <[email protected]> Date: Mon May 23 20:38:29 2022 +0200 Fix warning an account outside of a report closing all reports for that account (#18387) * Fix warning an account outside of a report closing all reports for that account * Make it clear what actions solve other reports * Revert "Make it clear what actions solve other reports" This reverts commit ad006de821f72e75480701298d13f0945b509059. commit a9b64b24d6c076cb96a66307c07d4f0158dc07da Author: Eugen Rochko <[email protected]> Date: Sun May 22 22:16:43 2022 +0200 Change algorithm of `tootctl search deploy` to improve performance (#18463) commit 54bb659ad14fda8d3427752d2c99716420997d6e Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat May 21 15:43:36 2022 +0900 Bump sidekiq from 6.4.1 to 6.4.2 (#18091) Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.4.1 to 6.4.2. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.4.1...v6.4.2) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit dfb9e6dab1b119c907dece5555408c9b98ec8f2c Author: Yamagishi Kazutoshi <[email protected]> Date: Fri May 20 11:39:05 2022 +0900 Disable transpile to older iOS versions (#18462) commit e925b06721057f83f2e3e8e7bdb21f39318b90a2 Author: Yamagishi Kazutoshi <[email protected]> Date: Fri May 20 02:26:19 2022 +0900 Fix languages dropdown on light theme (#18460) commit 9a0fa28993568cb3f106f0ea6457b0ff0f9a132e Author: Eugen Rochko <[email protected]> Date: Thu May 19 12:58:16 2022 +0200 New Crowdin updates (#18419) * New translations en.json (German) * New translations en.json (Welsh) * New translations en.json (Japanese) * New translations en.json (Korean) * New translations en.json (Turkish) * New translations en.json (Chinese Simplified) * New translations en.json (Vietnamese) * New translations en.json (Portuguese, Brazilian) * New translations en.json (Asturian) * New translations en.json (Irish) * New translations en.json (Arabic) * New translations en.json (Scottish Gaelic) * New translations en.json (Galician) * New translations en.json (Czech) * New translations en.json (Slovak) * New translations en.json (Icelandic) * New translations en.json (Sorani (Kurdish)) * New translations en.json (English, United Kingdom) * New translations en.json (Norwegian) * New translations en.json (Romanian) * New translations en.json (French) * New translations en.json (Spanish) * New translations en.json (Afrikaans) * New translations en.json (Bulgarian) * New translations en.json (Persian) * New translations en.json (Tamil) * New translations en.json (Malayalam) * New translations en.json (Silesian) * New translations en.json (Taigi) * New translations en.json (Ido) * New translations en.json (Kabyle) * New translations en.json (Sanskrit) * New translations en.json (Sardinian) * New translations en.json (Corsican) * New translations en.json (Kurmanji (Kurdish)) * New translations en.json (Serbian (Latin)) * New translations en.json (Occitan) * New translations en.json (Kannada) * New translations en.json (Cornish) * New translations en.json (Sinhala) * New translations en.json (Breton) * New translations en.json (Tatar) * New translations en.json (Spanish, Argentina) * New translations en.json (Kazakh) * New translations en.json (Spanish, Mexico) * New translations en.json (Bengali) * New translations en.json (Marathi) * New translations en.json (Thai) * New translations en.json (Croatian) * New translations en.json (Norwegian Nynorsk) * New translations en.json (Estonian) * New translations en.json (Chinese Traditional, Hong Kong) * New translations en.json (Latvian) * New translations en.json (Hindi) * New translations en.json (Malay) * New translations en.json (Telugu) * New translations en.json (Esperanto) * New translations en.json (Uyghur) * New translations en.json (Standard Moroccan Tamazight) * New translations en.yml (Icelandic) * New translations en.json (German) * New translations en.json (Turkish) * New translations en.json (Icelandic) * New translations en.json (Greek) * New translations en.json (Chinese Traditional) * New translations en.json (Catalan) * New translations en.json (Latvian) * New translations en.json (Czech) * New translations en.json (Indonesian) * New translations en.json (Korean) * New translations en.json (Russian) * New translations en.json (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (German) * New translations en.json (Spanish, Argentina) * New translations en.json (Spanish, Argentina) * New translations en.json (Danish) * New translations en.json (Chinese Simplified) * New translations en.json (Afrikaans) * New translations en.json (Ukrainian) * New translations en.json (Portuguese) * New translations en.yml (Italian) * New translations en.json (Italian) * New translations en.yml (Italian) * New translations en.json (Catalan) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (French) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Arabic) * New translations en.yml (Arabic) * New translations en.yml (Hungarian) * New translations en.json (Hungarian) * New translations en.yml (Galician) * New translations en.json (Galician) * New translations en.yml (Scottish Gaelic) * New translations en.yml (Ido) * New translations en.json (Scottish Gaelic) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Catalan) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Korean) * New translations en.json (Polish) * New translations en.yml (Ido) * New translations en.json (Czech) * New translations en.json (Hungarian) * New translations en.json (Spanish, Argentina) * New translations en.json (Ido) * New translations en.json (Russian) * New translations en.json (Latvian) * New translations en.yml (Russian) * New translations en.json (Russian) * New translations devise.en.yml (Russian) * New translations en.yml (Ido) * New translations en.json (Icelandic) * New translations en.json (Portuguese) * New translations en.yml (Ido) * New translations en.json (Catalan) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * Run `yarn manage:translations` * New translations en.json (Chinese Simplified) * New translations en.yml (Slovenian) * New translations en.json (Slovenian) * New translations en.json (Vietnamese) * New translations en.json (Chinese Traditional) * New translations en.json (Chinese Simplified) * New translations en.json (Spanish) * New translations en.json (Greek) * New translations en.json (Thai) * New translations en.json (Turkish) * New translations en.json (Turkish) * New translations en.json (Italian) * New translations en.json (Kurmanji (Kurdish)) * New translations en.yml (Japanese) * New translations en.json (Japanese) * New translations en.json (Afrikaans) * New translations en.yml (Basque) * New translations en.yml (German) * New translations en.json (German) * New translations en.yml (Esperanto) * New translations en.json (German) * New translations en.yml (Esperanto) * New translations en.yml (Esperanto) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Chinese Simplified) * New translations en.json (German) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Korean) * New translations en.yml (Galician) * New translations en.json (Galician) * New translations devise.en.yml (Galician) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Russian) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Chinese Simplified) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.json (Kurmanji (Kurdish)) * New translations en.yml (Ido) * New translations en.json (Kurmanji (Kurdish)) * New translations en.yml (German) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Korean) * New translations en.json (Korean) * New translations simple_form.en.yml (Korean) * New translations en.yml (Korean) * New translations en.json (Ukrainian) * New translations en.yml (Arabic) * New translations en.json (Arabic) * New translations en.json (Arabic) * New translations en.json (Arabic) * New translations en.json (Arabic) * New translations en.json (Thai) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Russian) * New translations en.json (Portuguese, Brazilian) * New translations en.yml (Chinese Simplified) * New translations en.json (Chinese Simplified) * New translations simple_form.en.yml (Chinese Simplified) * New translations devise.en.yml (Chinese Simplified) * New translations en.yml (Ido) * New translations en.json (French) * New translations en.json (Indonesian) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Vietnamese) * New translations en.json (Esperanto) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations doorkeeper.en.yml (Portuguese, Brazilian) * New translations en.yml (Ido) * New translations en.yml (Ido) * New translations en.yml (Ido) * Run `yarn manage:translations` * Run `bundle exec i18n-tasks normalize` Co-authored-by: Yamagishi Kazutoshi <[email protected]> commit 679b7158e3cd3881e8cbaf2d2c0c97725b3b5fd9 Author: Eugen Rochko <[email protected]> Date: Wed May 18 23:29:14 2022 +0200 Change search indexing to use batches to minimize resource usage (#18451) commit ded5a0254a4d29a7384ef766a1e92467fe4ebd2b Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 19 03:33:13 2022 +0900 Bump yargs from 17.4.1 to 17.5.1 (#18437) Bumps [yargs](https://github.com/yargs/yargs) from 17.4.1 to 17.5.1. - [Release notes](https://github.com/yargs/yargs/releases) - [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md) - [Commits](https://github.com/yargs/yargs/compare/v17.4.1...v17.5.1) --- updated-dependencies: - dependency-name: yargs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit ffc2971466417aafe778eddcb1510ea934cef973 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 19 03:30:31 2022 +0900 Bump dotenv from 16.0.0 to 16.0.1 (#18438) Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.0.0 to 16.0.1. - [Release notes](https://github.com/motdotla/dotenv/releases) - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](https://github.com/motdotla/dotenv/compare/v16.0.0...v16.0.1) --- updated-dependencies: - dependency-name: dotenv dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit a918a76bfbdd300e3ef549307706bdfa630f824b Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 19 03:29:53 2022 +0900 Bump glob from 8.0.1 to 8.0.3 (#18440) Bumps [glob](https://github.com/isaacs/node-glob) from 8.0.1 to 8.0.3. - [Release notes](https://github.com/isaacs/node-glob/releases) - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](https://github.com/isaacs/node-glob/compare/v8.0.1...v8.0.3) --- updated-dependencies: - dependency-name: glob dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 6b4e2d5ce686140797dd207b1ba932a86665262f Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 19 03:27:55 2022 +0900 Bump rubocop from 1.28.2 to 1.29.1 (#18433) Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.28.2 to 1.29.1. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.28.2...v1.29.1) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 6048eeed045693be63ad34dc97e98f7b2e519a70 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu May 19 03:27:02 2022 +0900 Bump faker from 2.20.0 to 2.21.0 (#18434) Bumps [faker](https://github.com/faker-ruby/faker) from 2.20.0 to 2.21.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v2.20.0...v2.21.0) --- updated-dependencies: - dependency-name: faker dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 1a880533acb1a8b6ee11db357d8cb8864f0e05e3 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed May 18 21:25:23 2022 +0900 Bump @babel/preset-env from 7.17.10 to 7.17.12 (#18443) Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.10 to 7.17.12. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.17.12/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <[email protected]> commit d842f645d11e99521d1c27a13ce53f97de357d52 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed May 18 21:16:16 2022 +0900 Bump @babel/plugin-proposal-decorators from 7.17.9 to 7.17.12 (#18442) Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.17.9 to 7.…
noellabo
pushed a commit
to fedibird/mastodon
that referenced
this pull request
Sep 9, 2024
noellabo
pushed a commit
to fedibird/mastodon
that referenced
this pull request
Sep 19, 2024
robin-maki
added a commit
to byulmaru/mastodon
that referenced
this pull request
Oct 8, 2024
commit 32251e2a7fd71c03e0457d366575ef87550d39c7 Merge: 7c2133fe3 f9a929ed5 Author: robin* <[email protected]> Date: Mon Aug 19 20:43:29 2024 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit 7c2133fe349528b1cceaf02ab234827b8cc24c15 Merge: 7161689f8 a02ff33f0 Author: robin* <[email protected]> Date: Sun Aug 18 23:33:58 2024 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit 7161689f827cacdf503a43e2dab02601595f8a7e Merge: 1152bc9c5 a5b4a2b7e Author: robin* <[email protected]> Date: Fri Jul 5 00:13:42 2024 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit 1152bc9c5c394545b8ec35b8350a933f8e98030d Merge: a6ccf550a c93aacafd Author: robin* <[email protected]> Date: Fri May 31 12:28:06 2024 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit a6ccf550a35435dbd166e81a3e8960a8f25216a9 Merge: f4f298cca bdb6650eb Author: robin* <[email protected]> Date: Sat Feb 24 12:40:12 2024 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit f4f298ccacab425937f80ab4100c55b26475aa4e Merge: 6d11218ff c5d56de98 Author: robin* <[email protected]> Date: Sat Feb 17 00:16:43 2024 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit 6d11218ffa03b1e2fd815b5511f0a59b0fa3e8a0 Merge: 95edac06b a6641f828 Author: robin* <[email protected]> Date: Fri Feb 2 10:45:01 2024 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit 95edac06bf6d60f50b5fecfe32b8c9fa691cc78d Merge: 20e0dd831 4633bb8ce Author: robin* <[email protected]> Date: Thu Jan 25 11:22:17 2024 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit 20e0dd831a39b151d8876e3340a84079dbdbacda Merge: 0dabd54f8 90371a4fc Author: robin* <[email protected]> Date: Thu Dec 7 00:37:55 2023 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit 0dabd54f8a4f1d5967ec5b407ce7a4cb4252c9cb Merge: 665c97bcc 74dd32511 Author: robin* <[email protected]> Date: Thu Oct 12 12:00:27 2023 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit 665c97bcc12f553bc89b31fc29e99df8b1d037b4 Author: robin* <[email protected]> Date: Thu Oct 12 12:00:22 2023 +0900 사용하지 않는 action 제거 commit 4acb399d7e8da8fc6c6220daaa301d3f1d252d0a Author: robin* <[email protected]> Date: Fri Sep 29 00:10:48 2023 +0900 bird-ui update commit b2e0451777d5286b20bfdff2db36aeccdef4ed03 Author: robin* <[email protected]> Date: Sun Sep 24 15:47:01 2023 +0900 es 형태소 토크나이저 관련 수정 commit 5cbbddefe43be20b4e8f1f74e7bcb0a2e59bb22e Author: robin* <[email protected]> Date: Sun Sep 24 13:25:05 2023 +0900 오류수정 commit 8156ebf3fb3ff355ffdc53ed73ecc289a6c7c971 Merge: a653ba531 4fcc026f0 Author: robin* <[email protected]> Date: Fri Sep 22 14:25:06 2023 +0900 Merge remote-tracking branch 'mastodon/stable-4.2' commit a653ba53127d5f6e1267238c4dc4e42b4c7172ae Author: robin* <[email protected]> Date: Thu Sep 21 10:49:32 2023 +0900 오류 일으키는 bui light 임시 삭제 commit 5d841d74a97ca3aa120deaf3be39388b54605e6b Merge: 95be9c7ef e4c0aaf62 Author: robin* <[email protected]> Date: Thu Sep 21 00:33:23 2023 +0900 Merge remote-tracking branch 'mastodon/stable-4.1' commit e4c0aaf6264907de2efd46924946d2281d80e3d4 Author: Claire <[email protected]> Date: Wed Sep 20 17:25:05 2023 +0200 Bump version to v4.1.9 (#26997) commit 95be9c7ef42734fe53c62da2d8197c486dbc2372 Author: Jiyu Park <[email protected]> Date: Thu Sep 21 00:04:21 2023 +0900 태그 raw로 생성 commit 239c15a6141636ff2f65b69cca84b9243b800607 Author: Jiyu Park <[email protected]> Date: Thu Sep 21 00:01:01 2023 +0900 나빌드시켜줘... commit 5d93c5f0196b556c1faf18fe6cc7ad38ae6e0fc2 Author: Claire <[email protected]> Date: Wed Sep 20 15:59:57 2023 +0200 Fix post translation erroring out (v4.1.x) (#26990) commit af0ee129082bc9c57ec0606dc1899ec13d2dfffb Author: Claire <[email protected]> Date: Wed Sep 20 12:54:08 2023 +0200 Disable ruby linting for 4.1.x branch (#26993) commit 46bd58f74d11591a0180319285b0c79b2212ef69 Author: Claire <[email protected]> Date: Tue Sep 19 12:11:33 2023 +0200 Bump version to v4.1.8 commit d6c0ae995c45fe5e5e0a8acfc10dff04a774fa75 Author: Claire <[email protected]> Date: Fri Sep 15 19:54:32 2023 +0200 Fix post edits not being forwarded as expected (#26936) commit 5fd89e53d2039cf3062fcae3b25fcbdfa7da0333 Author: Claire <[email protected]> Date: Wed Sep 6 16:40:19 2023 +0200 Fix moderator rights inconsistencies (#26729) commit 5caade9fb0754fa13ae11f86145cd0ca1dcb830b Author: Claire <[email protected]> Date: Wed Sep 6 12:17:51 2023 +0200 Fix crash when encountering invalid URL (#26814) commit 34959eccd2094500539bbad5c5f03a3723debc18 Author: Claire <[email protected]> Date: Thu Aug 17 16:11:48 2023 +0200 Fix cached posts including stale stats (#26409) commit 21bf42bca14907284cb03ad3ba1be47124d66866 Author: Nicolai Søborg <[email protected]> Date: Fri Aug 18 08:32:47 2023 +0200 Fix `frame_rate` for videos where `ffprobe` reports 0/0 (#26500) commit 780283788515bb13007f4574fb6d9f8c82281da2 Author: yufushiro <[email protected]> Date: Wed Aug 23 15:44:56 2023 +0900 Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608) Co-authored-by: Claire <[email protected]> commit 48ee3ae13de9125beaee726ac737a770a5160961 Author: Claire <[email protected]> Date: Tue Sep 19 16:53:58 2023 +0200 Merge pull request from GHSA-v3xf-c9qf-j667 commit 5f9511c389041570d21c383ce07dd2786df9cc2d Author: Claire <[email protected]> Date: Tue Sep 19 16:53:21 2023 +0200 Merge pull request from GHSA-2693-xr3m-jhqr commit 38a5d92f3814b071803c046144d94643a3ecb934 Author: Claire <[email protected]> Date: Mon Sep 18 08:32:04 2023 +0200 Change Dockerfile to upgrade packages when building (#26929) Co-authored-by: Renaud Chaput <[email protected]> commit 43cdb0e1feb4e8b50c7cdaa44f96f5ca08ad87c4 Author: robin* <[email protected]> Date: Wed Sep 13 09:50:07 2023 +0900 임시방편으로 네이티브 안함 commit ed1abc94a5fa91e85f5ce54d20523dd917476898 Author: robin* <[email protected]> Date: Wed Sep 13 09:40:41 2023 +0900 SSL 안 써도 되나? commit 0fe6019f580367f8ea86aa5cf7069c8769c1a950 Author: robin* <[email protected]> Date: Wed Sep 13 09:35:15 2023 +0900 마스터에 푸시만 해도 빌드 시작되도록 수정 commit 03e64438a6e25d91579b96dcb6599c04f0c7d8bf Merge: 1298c7b2c 7f7e06897 Author: robin* <[email protected]> Date: Wed Sep 13 09:32:59 2023 +0900 Merge remote-tracking branch 'mastodon/stable-4.1' commit 7f7e068975315b094a67b49d52241480e6b5db76 Author: Claire <[email protected]> Date: Wed Sep 6 12:19:02 2023 +0200 Update actions for stable-4.1 (#26815) Co-authored-by: Renaud Chaput <[email protected]> commit 5f88a2d70bee2a48b43bb34f0fde780ae9749162 Author: Claire <[email protected]> Date: Tue Sep 5 14:50:09 2023 +0200 Bump version to v4.1.7 commit cf80d54cbae952705af250a9764c6e25e77cc3c7 Author: Emelia Smith <[email protected]> Date: Mon May 22 13:15:21 2023 +0200 Allow reports with long comments from remote instances, but truncate (#25028) commit ea7fa048f374b31956211b87e265800e83574476 Author: Daniel M Brasil <[email protected]> Date: Thu Aug 31 08:53:24 2023 -0300 Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled (#26237) commit 6339806f05cbbe630639df69421394119433896a Author: Claire <[email protected]> Date: Wed Aug 9 09:39:36 2023 +0200 Fix blocking subdomains of an already-blocked domain (#26392) commit 86afbf25d01349bd2fe0ee98f1d60890ef71b7b9 Author: Claire <[email protected]> Date: Wed Aug 30 17:36:16 2023 +0200 Change text extraction in `PlainTextFormatter` to be faster (#26727) commit 1ad64b5557f8980b8ec54ac09cd79ac51223a2ea Author: Claire <[email protected]> Date: Thu Aug 31 19:54:10 2023 +0200 Backport container build changes to the stable-4.1 branch (#26738) Co-authored-by: Renaud Chaput <[email protected]> commit 1298c7b2c885e89a7b437238d2b763aec367b022 Author: robin* <[email protected]> Date: Mon Aug 14 02:06:42 2023 +0900 테마 재적용(임시) commit c92aa039a0b213b201670c3061b2e724b0f2e444 Author: robin* <[email protected]> Date: Fri Aug 4 00:04:01 2023 +0900 Bird-UI 커스텀 재적용 commit d5b5f558944341797ea3c0879cd5baba9531c1d1 Merge: 568bf624a ac7d40b56 Author: robin* <[email protected]> Date: Wed Aug 2 23:46:29 2023 +0900 Bird-UI 테마 커스텀 업데이트 commit ac7d40b561101084baf4688167d155600eefe9dc Author: Claire <[email protected]> Date: Thu Jul 27 17:08:09 2023 +0200 Bump version to v4.1.6 commit 2fc6117d1b5643c0de908706d22702a35388a2a4 Author: Renaud Chaput <[email protected]> Date: Fri Jul 28 19:11:58 2023 +0200 Fix missing return values in streaming (#26233) commit 2eb1a5b7b6d8b6a0b9426e7ee5a1fd04519dd7e2 Author: Emelia Smith <[email protected]> Date: Fri Jul 28 12:06:29 2023 +0200 Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228) commit 6c321bb5e1543c78dbd0fa8e4962e95e544e1f63 Author: Claire <[email protected]> Date: Sat Jul 22 20:42:31 2023 +0200 Fix incorrect connect timeout in outgoing requests (#26116) commit da230600acda1d1a151eab4caa3d536ce828a097 Author: Emelia Smith <[email protected]> Date: Thu Jul 27 15:38:18 2023 +0200 Refactor streaming's filtering logic & improve documentation (#26213) commit 1792be342a3cfad7bdfa54311b3962a8051962bb Author: Claire <[email protected]> Date: Thu Jul 27 15:12:10 2023 +0200 Fix wrong filters sometimes applying in streaming (#26159) commit 568bf624a973a8e9b779b0c4e9d9d27410a46808 Merge: c33aad3f3 370b8f0b8 Author: robin* <[email protected]> Date: Mon Jul 31 16:13:32 2023 +0900 마스토돈 4.1.6 사전 업데이트 commit 370b8f0b811988375e87207574eff5f293afbfcc Author: Claire <[email protected]> Date: Thu Jul 27 17:08:09 2023 +0200 Bump version to v4.1.6 commit b7bf343b26f7857683b5102b1aacf74d8f6d3d6b Author: Renaud Chaput <[email protected]> Date: Fri Jul 28 19:11:58 2023 +0200 Fix missing return values in streaming (#26233) commit caf1c87ecd4c08a99a9311212cee64d8c64c5a68 Author: Emelia Smith <[email protected]> Date: Fri Jul 28 12:06:29 2023 +0200 Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228) commit eace7f9fcff78ab002dfd30c3973523a015b4303 Author: Claire <[email protected]> Date: Sat Jul 22 20:42:31 2023 +0200 Fix incorrect connect timeout in outgoing requests (#26116) commit 2461ffbff9b080e02626c92008fe01319722a807 Author: Emelia Smith <[email protected]> Date: Thu Jul 27 15:38:18 2023 +0200 Refactor streaming's filtering logic & improve documentation (#26213) commit b5791487b1548410e83c3b61e8ef05d5aa60dce8 Author: Claire <[email protected]> Date: Thu Jul 27 15:12:10 2023 +0200 Fix wrong filters sometimes applying in streaming (#26159) commit c33aad3f324c22a5725bd2cacaf056519fccbd29 Author: robin* <[email protected]> Date: Sat Jul 22 13:43:01 2023 +0900 Bird UI 1.6.4 업데이트 commit c6b220d22c21c264e30debce76154cca2d662803 Merge: 7f3ec8557 ebf4f034c Author: robin* <[email protected]> Date: Fri Jul 21 23:30:28 2023 +0900 Merge remote-tracking branch 'mastodon/stable-4.1' commit ebf4f034c2e3841fde2d0109667c036fb352f3a8 Author: Claire <[email protected]> Date: Fri Jul 21 14:30:46 2023 +0200 Bump version to v4.1.5 commit 889102013fd687113cec75fe252b5328707e8cc1 Author: Claire <[email protected]> Date: Fri Jul 21 13:34:15 2023 +0200 Fix CSP headers being unintendedly wide (#26105) commit d94a2c8aca731b4986e20401ae8ce5255e041b80 Author: Claire <[email protected]> Date: Tue Jul 18 20:51:20 2023 +0200 Change request timeout handling to use a longer deadline (#26055) commit efd066670d67676d5f5e73a75c268a2bd09c59c7 Author: Claire <[email protected]> Date: Mon Jul 10 18:42:10 2023 +0200 Fix moderation interface for remote instances with a .zip TLD (#25885) commit 13ec425b721c959415921046d7a24ed8c9994cee Author: Claire <[email protected]> Date: Mon Jul 10 18:42:19 2023 +0200 Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886) commit 7a99f0744d7c69a69b7552e31f6bb3914a6a03e8 Author: Michael Stanclift <[email protected]> Date: Thu Jul 13 04:12:51 2023 -0500 Fix trending publishers table not rendering correctly on narrow screens (#25945) commit 69c8f26946a5cdeff09ca8fe410bc11be78c158c Author: Claire <[email protected]> Date: Fri Jul 21 14:18:04 2023 +0200 Add check preventing Sidekiq workers from running with Makara configured (#25850) Co-authored-by: Eugen Rochko <[email protected]> commit 7f3ec8557aa4c429da97bede501fc062df21bb6a Author: robin* <[email protected]> Date: Tue Jul 11 14:57:11 2023 +0900 bird-ui 1.6.3 업데이트 commit a1971bebaa4807be32adfe23ecc0683e2ab2280e Author: robin* <[email protected]> Date: Tue Jul 11 14:56:50 2023 +0900 오류 발생하는 테마 임시 주석처리 commit 3add2e5fe05334a64ee6f5bfce1b664b8db60200 Author: robin* <[email protected]> Date: Sun Jul 9 22:51:40 2023 +0900 bird-ui 테마 로케일 추가 commit 7a7ed3c6b76ba2e1051c5c7c053c705b73355846 Author: robin* <[email protected]> Date: Sat Jul 8 23:19:24 2023 +0900 css import 파일명 오류 수정 commit d10324aef5b45f02332a6ce5744c8dd18c12b098 Author: robin* <[email protected]> Date: Sat Jul 8 20:49:15 2023 +0900 bird-ui 밝음/고대비 테마 추가 commit 7bfe9a7fb85bd6f65074690fc66d2155b513dacf Merge: 44c5f1348 3f5af768c Author: robin* <[email protected]> Date: Sat Jul 8 07:53:34 2023 +0900 Merge remote-tracking branch 'mastodon/stable-4.1' commit 3f5af768c8f1401f77d14ad5b6aeccdb7e02a9f0 Author: Claire <[email protected]> Date: Fri Jul 7 18:21:10 2023 +0200 Bump version to v4.1.4 commit cb8ab46302ad783869078ab4a26de04c09417a09 Author: Claire <[email protected]> Date: Fri Jul 7 18:22:50 2023 +0200 Update dependencies commit 53b979d5c73f0b28b161581ec3e824d89f66633c Author: Claire <[email protected]> Date: Fri Jul 7 13:35:22 2023 +0200 Fix processing of media files with unusual names (#25788) commit f2bbac3f9fb37f6f870f25362e140d647d60caf5 Author: Claire <[email protected]> Date: Fri Jul 7 18:10:17 2023 +0200 Fix crash in admin interface when viewing a remote user with verified links (#25796) commit 015ed99612241b8dbf2810db478b1485f4c31031 Author: Claire <[email protected]> Date: Fri Jul 7 18:10:00 2023 +0200 Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) commit cf58535193708d9a4bd584266423168cda75f415 Author: nemobis <[email protected]> Date: Fri Jul 7 15:15:54 2023 +0300 Fix typo in CHANGELOG.md (#25764) commit 44c5f134874af9b4e852624ccce7d3fc2a9819fd Author: robin* <[email protected]> Date: Thu Jul 6 22:21:48 2023 +0900 Update bird-ui to 1.5.9 commit 37c0362dee36d748d79fb16f3eec6ed49f4dc733 Merge: d58e39c5c 0d5781ca7 Author: robin* <[email protected]> Date: Thu Jul 6 22:21:22 2023 +0900 Merge remote-tracking branch 'mastodon/stable-4.1' commit 0d5781ca7609590a6d5340bb685bb1804056bb46 Author: Claire <[email protected]> Date: Wed Jun 21 09:13:30 2023 +0200 Bump version to v4.1.3 commit 32ebeed59ba424732130073474fe03699efe07fc Author: Claire <[email protected]> Date: Thu Jul 6 15:06:50 2023 +0200 Merge pull request from GHSA-55j9-c3mp-6fcq commit e75ad1de0f95f38b45748cafb1212560fe7587f5 Author: Claire <[email protected]> Date: Thu Jul 6 15:06:24 2023 +0200 Merge pull request from GHSA-9pxv-6qvf-pjwc * Fix timeout handling of outbound HTTP requests * Use CLOCK_MONOTONIC instead of Time.now commit 0aa0b71f2cae9e35cff613b13d05ee3aeaf9f944 Author: Claire <[email protected]> Date: Thu Jul 6 15:05:05 2023 +0200 Merge pull request from GHSA-9928-3cp5-93fm * Fix attachments getting processed despite failing content-type validation * Add a restrictive ImageMagick security policy tailored for Mastodon * Fix misdetection of MP3 files with large cover art * Reject unprocessable audio/video files instead of keeping them unchanged commit c4f2609f7a604daef1648e164ef8181d858bd058 Author: Claire <[email protected]> Date: Thu Jul 6 15:03:33 2023 +0200 Merge pull request from GHSA-ccm4-vgcc-73hp * Tighten allowed HTML in oEmbed-based preview cards * Sanitize preview cards at render time * Add `sandbox` attribute to preview card iframes commit 9b6c0cac7d435905bdbea6e3b0cbb47da9490270 Author: Claire <[email protected]> Date: Thu Jul 6 14:31:37 2023 +0200 Add hardened headers to user-uploaded files (#25756) commit fac2c9eb7d904e44244e20a8e1e8f6feb3b9db5b Author: Claire <[email protected]> Date: Wed Jun 28 12:47:00 2023 +0200 Update rack, rails, nokogiri and doorkeeper gems commit a3d69a2c5d3fcc0df61929684fe31567860e7f2e Author: Claire <[email protected]> Date: Tue Jul 4 18:58:23 2023 +0200 Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713) commit 8eb1bb8ba697bce5b72027a0a5263db29fa5e34b Author: Renaud Chaput <[email protected]> Date: Thu Jun 1 12:14:49 2023 +0200 Allow carets in URL search params (#25216) commit 652ff76462f33f90e257e331009f89c41d600409 Author: Vyr Cossont <[email protected]> Date: Fri Mar 31 23:28:35 2023 -0700 Fix Redis client and type errors introduced in #24285 (#24342) commit 6f484fbbd280294bd8e43b5a9d0e54d6e34604b9 Author: Vyr Cossont <[email protected]> Date: Fri Mar 31 05:38:47 2023 -0700 IndexingScheduler: fetch and import in batches (#24285) Co-authored-by: Claire <[email protected]> commit 79f5b8f156f65c25ada4712f8415c8d5f1f6dde7 Author: Claire <[email protected]> Date: Thu Jun 29 14:48:54 2023 +0200 Fix ResolveURLService not resolving local URLs for remote content (#25637) commit f8930a67a05f9adcaef5bc3f6e874d86f3228415 Author: Claire <[email protected]> Date: Thu Jun 22 14:56:14 2023 +0200 Change /api/v1/statuses/:id/history to always return at least one item (#25510) commit e65e3a6d14174378b8bf58f5997cde3de40c3ca7 Author: Claire <[email protected]> Date: Thu Jun 22 14:52:25 2023 +0200 Add finer permission requirements for managing webhooks (#25463) commit 8acbfc6ab1b1a1f026fd85208089b9f31255aba6 Author: Claire <[email protected]> Date: Tue Jun 20 18:15:35 2023 +0200 Fix wrong view being displayed when a webhook fails validation (#25464) commit 3ef53958b27da2edd1f1eba27ef2316fef64099f Author: Emelia Smith <[email protected]> Date: Tue Jun 20 18:04:35 2023 +0200 Prevent UserCleanupScheduler from overwhelming streaming (#25519) commit fd1ffd72ebec4c435b5e4406c1eafa80da69b317 Author: Daniel M Brasil <[email protected]> Date: Mon Jun 19 03:53:05 2023 -0300 Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477) commit 7bd34f8b23f26fc4ebd10bcc3f2e0bae7cdd6520 Author: Claire <[email protected]> Date: Thu May 4 10:13:00 2023 +0200 Fix infinite loop in AccountsStatusesCleanupScheduler (#24840) commit 7012bf6ed3188148e91870d83c446c529d46907d Author: Claire <[email protected]> Date: Wed May 3 10:31:40 2023 +0200 Improve automatic post cleanup worker performances (#24785) commit d9e45f2fa94449fe367a92b34f12775a0c85a8ee Author: Claire <[email protected]> Date: Sun Apr 23 22:25:40 2023 +0200 Fix AccountsStatusesCleanupScheduler not spreading deletes across accounts correctly (#24607) commit 0e139e3c4d8faa94fe0357d235f84a3f4c2abb50 Author: Claire <[email protected]> Date: Fri Apr 21 18:14:19 2023 +0200 Change automatic post deletion thresholds and load detection (#24614) commit 23e7b4d28dc94ef927f6db4e5832a45e333b252e Author: Emelia Smith <[email protected]> Date: Sat Jun 10 18:24:37 2023 +0200 Fix logging of messages that are binary before closing their connection (#25361) commit e78ee582f7b845c16cdcada44c96ed7053f07ff1 Author: Emelia Smith <[email protected]> Date: Fri Jun 9 19:29:16 2023 +0200 Fix performance of streaming by parsing message JSON once (#25278) commit a197fc094f9f55379d34a46bb530a7ce97d530b6 Author: Claire <[email protected]> Date: Mon Jun 5 17:35:05 2023 +0200 Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) commit bd7cbeeadfbb7d087c71cd6e0a016d44ca39a786 Author: Daniel M Brasil <[email protected]> Date: Sun Apr 30 01:50:58 2023 -0300 Fix `tootctl accounts approve --number N` not aproving N earliest registrations (#24605) commit 2779bce9a22f556b6c7a2e39eab82ab7438ac240 Author: Claire <[email protected]> Date: Tue May 2 17:42:42 2023 +0200 Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` (#23600) Co-authored-by: Eugen Rochko <[email protected]> commit 210ff368605c6752dcd8740b088570f393d322cf Author: Claire <[email protected]> Date: Thu May 11 04:40:03 2023 +0200 Change AccessTokensVacuum to also delete expired tokens (#24868) commit 99c2bbbec9bb004fd54d4f0920c1109e960ebb04 Author: Claire <[email protected]> Date: Fri May 12 13:13:04 2023 +0200 Change profile updates to be sent to recently-mentioned servers (#24852) commit 7e587793004c0558d5131ff8eff359a77617a206 Author: Claire <[email protected]> Date: Tue May 16 14:56:49 2023 +0200 Fix reports not being closed when performing batch suspensions (#24988) commit cca464bce3c2ac43e2759d6a0ab0c977b4098d90 Author: Claire <[email protected]> Date: Wed May 17 00:08:42 2023 +0200 Fix being able to vote on your own polls (#25015) commit 1301af60e042fb9db39172977fb3a5d720ca7a31 Author: Claire <[email protected]> Date: Wed May 17 00:09:21 2023 +0200 Fix race condition when reblogging a status (#25016) commit f962e838567143640036c9a4f01e161e2a88941b Author: Claire <[email protected]> Date: Mon May 22 12:25:56 2023 +0200 Change OpenGraph-based embeds to allow fullscreen (#25058) commit b3cbcd744719cd3a8a65f6dbefbc0f3912827a55 Author: Claire <[email protected]> Date: Mon May 22 14:03:38 2023 +0200 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) commit 72d96bf17a6c44344f5896b2b26d751315650f0e Author: Claire <[email protected]> Date: Tue May 23 14:27:17 2023 +0200 Remove invalid X-Frame-Options: ALLOWALL (#25070) commit b1ac3562dff4c2e21a51bacf7cf963e3203097b8 Author: Claire <[email protected]> Date: Tue May 23 15:00:36 2023 +0200 Change Identity to not destroy associated User on destroy (#25098) commit 4c6c790f80f598d80e4fce44c06309a17dfd65e6 Author: Claire <[email protected]> Date: Tue Jun 20 18:32:26 2023 +0200 Fix /api/v1/conversations sometimes returning empty accounts (#25499) commit 036ac5b5c9597f8a2042a102439f14eaa9474f6c Author: Claire <[email protected]> Date: Wed Jun 14 08:54:52 2023 +0200 Fix ArgumentError when loading newer Private Mentions (#25399) commit 3e1724e97282a2725778eccdf46d7756773d2771 Author: Claire <[email protected]> Date: Thu Jun 1 02:41:51 2023 +0200 Fix multiple N+1s in ConversationsController (#25134) commit bc8592627bc7effa94c12d17bd8ee7e0b6ff52be Author: Claire <[email protected]> Date: Wed Apr 5 19:31:49 2023 +0200 Fix user archive takeouts when using OpenStack Swift (#24431) commit d58e39c5c051bd685a19890b640b13cc7ce8d45b Author: robin* <[email protected]> Date: Mon Jul 3 21:59:05 2023 +0900 리모트 해시태그는 트렌딩에 반영되지 않도록 수정 commit ef2e93e091a27f036b4fbce47434487ea773930a Author: robin* <[email protected]> Date: Mon Jun 26 01:20:06 2023 +0900 에러 이미지 레니로 변경 commit cb7f56c60682ac4cbab32eaf75036a78eb2b5b86 Author: robin* <[email protected]> Date: Sun May 21 12:49:37 2023 +0900 안드로이드 테마 색상 변경 commit 71bc462e781661fa3afc212b9a08532e8919ce6a Author: robin* <[email protected]> Date: Sun May 21 12:30:52 2023 +0900 bird-ui 경로 수정 commit 19ad35b2aeae0387756f066674e6bc093bcf081b Author: robin* <[email protected]> Date: Sun May 21 10:56:56 2023 +0900 bird-ui 1.5.6 업데이트 commit 3cfc11929131ac6cdac6bd0c21ec764fbaecd2b1 Author: robin* <[email protected]> Date: Sun May 21 10:56:33 2023 +0900 서버 로고 레니로 재적용 commit 5c0ddf2b02d589430c1bba02e2facd59ebf232a5 Author: robin* <[email protected]> Date: Wed May 17 00:05:35 2023 +0900 Change SVG Icon commit 5657cfc3b1a8354fd720b1700a81a28f226e0860 Author: robin* <[email protected]> Date: Sun Apr 30 21:09:02 2023 +0900 Add bird ui in config/themes.yml commit f59b0366f42569d313c6fde98b0b576b0ce10b06 Author: robin* <[email protected]> Date: Sun Apr 30 21:08:45 2023 +0900 Update bird-ui version to 1.5.2 commit 7ac33f3897efaaca0dc628e10c6923a1d4c959dd Author: robin* <[email protected]> Date: Sat Apr 22 00:56:34 2023 +0900 style: lint commit 52c9a20083680d7f0308d3af240b884da09d0d56 Author: robin* <[email protected]> Date: Sat Apr 22 00:02:31 2023 +0900 수정: 서브모듈도 체크아웃하도록 commit 1fcf07443ee13aa03f39b25a91ed6e25411b3d16 Author: robin* <[email protected]> Date: Thu Apr 20 20:49:29 2023 +0900 bird-ui 1.4.7 추가 commit 88b1cd0ac75e8b8b404d56eed6195e02dd3ba15f Merge: 327736d93 4b9e4f639 Author: robin* <[email protected]> Date: Tue Apr 4 22:18:30 2023 +0900 Merge tag 'v4.1.2' commit 4b9e4f6398760cc04f9fde2c659f30ffea216e12 Author: Claire <[email protected]> Date: Mon Mar 27 17:43:24 2023 +0200 Bump version to v4.1.2 commit b9f271364e8be91e822fc621c0d99cdd66a7acf1 Author: Claire <[email protected]> Date: Mon Apr 3 15:47:04 2023 +0200 Fix unescaped user input in LDAP query (#24379) Fix CVE-2023-28853 commit 4eaa6d58b2679b27b2fb6f9a3a41101ee65db63c Author: Claire <[email protected]> Date: Mon Apr 3 15:05:39 2023 +0200 Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327) commit 51572ac615208197ceced4c81192aa0dfd47e923 Author: Claire <[email protected]> Date: Fri Mar 31 21:42:28 2023 +0200 Fix invalid/expired invites being processed on sign-up (#24337) commit 01617534fac1f7f9c5646556d7b78baef6c1dfb0 Author: Sai <[email protected]> Date: Fri Mar 31 16:11:22 2023 +0100 Update Ruby to 3.0.6 (#24334) commit af6eb37c704e4114157fdc04e54f682a9de0e8d9 Author: Robert R George <[email protected]> Date: Wed Mar 29 00:58:27 2023 -0700 Wrap db:setup with Chewy.strategy(:mastodon) (#24302) commit 590df443f11c21ad0bad49dd0d4dfb6560e75930 Author: Eugen Rochko <[email protected]> Date: Sat Feb 11 04:02:07 2023 +0100 Bump blurhash from 0.1.6 to 0.1.7 (#23517) commit ae64c5b7eca37be65f87b2ea82c92d9732b641dd Author: Claire <[email protected]> Date: Mon Mar 27 17:07:37 2023 +0200 Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) commit 3c82c4e7806e1c95964738027d7e907e8557116b Author: Claire <[email protected]> Date: Mon Mar 20 20:02:58 2023 +0100 Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled (#24182) commit 327736d93e8201de8f8c3f7c385bd4740a213bb0 Author: robin* <[email protected]> Date: Fri Mar 17 17:51:50 2023 +0900 fix: workflow branch가 잘못되어 있음 commit 1343cfa9dd6711afc8834c5bd8167300e9f3ad24 Merge: 7e7ace527 ab85f59c3 Author: robin* <[email protected]> Date: Fri Mar 17 17:46:47 2023 +0900 Merge tag 'v4.1.1' commit ab85f59c30ff523cb2a6551ca1f36779c2fa81f3 Author: Claire <[email protected]> Date: Thu Mar 16 22:33:41 2023 +0100 Bump version to v4.1.1 commit 6a7b91a038d78c525c7c74596306e25aa0d2e44e Author: Claire <[email protected]> Date: Thu Mar 16 22:47:01 2023 +0100 Add warning for object storage misconfiguration (#24137) commit 6db76875fdeff4f112db0f5b9077ffeaece71ad6 Author: Eugen Rochko <[email protected]> Date: Thu Mar 16 22:46:52 2023 +0100 Change user backups to use expiring URLs for download when possible (#24136) commit 19def1a1f1d5171ba5408ba90fb20dc0de0ae33f Author: Claire <[email protected]> Date: Thu Mar 16 22:03:22 2023 +0100 Update changelog commit 0e58e7f5d88d3d9873bde799e892bcbbc747dad4 Author: Claire <[email protected]> Date: Thu Mar 16 11:51:36 2023 +0100 Update changelog commit 8c4ea7d715e60a8e78dff6446aac8026e2ed0774 Author: Claire <[email protected]> Date: Wed Mar 15 04:15:20 2023 +0100 Fix misleading error code when receiving invalid WebAuthn credentials (#23568) commit cc65f32714543bc7431c9bd739bc531a7ad7a1a8 Author: Claire <[email protected]> Date: Wed Mar 15 04:14:47 2023 +0100 Fix incorrect post links in strikes when the account is remote (#23611) commit 036306450141291101843b9d5f580305f847ad4b Author: Claire <[email protected]> Date: Wed Mar 15 04:01:49 2023 +0100 Fix dashboard crash on ElasticSearch server error (#23751) commit 46d6cb0f36616b879d52bf6cca61226b7ee1d17b Author: Nick Schonning <[email protected]> Date: Wed Mar 15 11:43:44 2023 -0400 Skip pushing containers on forks (#24106) commit 4213907aaf9ff62bbed1539e49d33f9a3b3b9a36 Author: Renaud Chaput <[email protected]> Date: Wed Mar 15 16:41:13 2023 +0100 Use Github Container Registry as the official container image source (#24113) commit 0891a8d4b0c7490e2306884ece6799afe0e1c849 Author: Nick Schonning <[email protected]> Date: Tue Mar 14 22:43:49 2023 -0400 Skip Docker CI Login/Push on forks (#23564) commit 0529fb0866563df05b348fdc8dd823243768c137 Author: Renaud Chaput <[email protected]> Date: Tue Mar 14 20:27:43 2023 +0100 Push Docker images to Github Container Registry as well (#24101) commit 59a2fe32ff1055f0ae33d3dc7efda877dd0c0440 Author: Eugen Rochko <[email protected]> Date: Thu Mar 16 02:55:54 2023 +0100 Add cache headers to static files served through Rails (#24120) commit 5cc39a3810f71ee9845af1102416512009b1ede9 Author: Eugen Rochko <[email protected]> Date: Thu Mar 16 02:55:13 2023 +0100 Add `SENDFILE_HEADER` environment variable (#24123) commit 4e02c7dc2c4ec744d2d075b4c0bdfca45373dc61 Author: CSDUMMI <[email protected]> Date: Tue Mar 14 14:47:57 2023 +0100 Support the PROXY protocol through the PROXY_PROTO_V1 env variable (#24064) commit fe7752f4b8515cd096255aa41735e6774b9d2d74 Author: Claire <[email protected]> Date: Mon Mar 13 18:50:33 2023 +0100 Update changelog commit 6962d117b73d190c386d2d083d2d876c9b304dd5 Author: Claire <[email protected]> Date: Fri Mar 3 21:08:22 2023 +0100 Change `ActivityPub::DeliveryWorker` retries to be spread out more (#21956) commit 2a37dc7967ed7f57143852805a1a2e28c5f3ff4e Author: Claire <[email protected]> Date: Fri Mar 3 20:37:22 2023 +0100 Change unintended SMTP read timeout from 5 seconds to 20 seconds (#23750) commit a54bd84690a3db9e857c87e6a7120c528e0e69ff Author: Terry Garcia <[email protected]> Date: Fri Mar 3 13:37:49 2023 -0600 Switched bookmark and favourites around (#23701) commit 68af19c328622ad5960014d4318483ef43d2656d Author: Claire <[email protected]> Date: Thu Feb 23 16:52:40 2023 +0100 Change auto-deletion throttling constants to better scale with server size (#23320) commit a133570b26a646867d211556c98e37e50b4c84d1 Author: Tim Lucas <[email protected]> Date: Thu Feb 23 22:58:42 2023 +1100 Increase contrast of upload progress background (#23836) commit 9972eb41ae04fa60d410c65eb70591b6442dfecc Author: PauloVilarinho <[email protected]> Date: Mon Mar 6 13:33:09 2023 -0300 add modal message when editing toot (#23936) Co-authored-by: PauloVilarinho <[email protected]> commit 78c7c79d789231036aaffffe15dfce19a2eaa575 Author: 9p4 <[email protected]> Date: Wed Mar 8 11:06:53 2023 -0500 Add refreshing many accounts at once with "tootctl accounts refresh" (#23304) commit cec59417d736a7725ab8effdc69c15c428b0f25a Author: Claire <[email protected]> Date: Fri Mar 3 20:44:46 2023 +0100 Add mail headers to avoid auto-replies (#23597) commit 9377c4a87c69bf2dcb9797a6c07d8ce377a32dae Author: Claire <[email protected]> Date: Tue Feb 21 09:23:39 2023 +0100 Add `lang` tag to native language names in language picker (#23749) commit 40ae8d5e03167fa3d0f4c2a901285b2243d8a80b Author: Thijs Kinkhorst <[email protected]> Date: Tue Feb 14 19:05:57 2023 +0100 Fix paths with url-encoded @ to redirect to the correct path (#23593) commit 3f2e31800ed9c74fc1b7bc4b475542f0256fefbd Author: Christian Schmidt <[email protected]> Date: Wed Mar 8 19:56:41 2023 +0100 Unescape HTML entities (#24019) commit 92a26638eb08c9ae0de64c0d161a0f5933d3832d Author: Christian Schmidt <[email protected]> Date: Mon Mar 6 15:37:19 2023 +0100 Do not strip tags from `Setting.site_short_description` (#23975) commit 479b66637b2383184e724c6ba59217a320109691 Author: Claire <[email protected]> Date: Sun Mar 12 23:47:55 2023 +0100 Fix sidekiq jobs not triggering Elasticsearch index updates (#24046) commit 14bcd1428977e41321569113d87fc901e7c102b7 Author: Rodion Borisov <[email protected]> Date: Thu Mar 9 16:35:44 2023 +0300 Center the text itself in upload area (#24029) commit 4bfbeb8139413c494314ed8e6fa6c03656fb2a5a Author: Claire <[email protected]> Date: Mon Mar 6 17:44:55 2023 +0100 Fix `/api/v1/streaming` sub-paths not being redirected (#23988) commit 2fed61a477b372a72841194001282e2bf07bf70e Author: Eugen Rochko <[email protected]> Date: Sun Mar 5 01:52:42 2023 +0100 Fix pgBouncer resetting application name on every transaction (#23958) commit 37a28ba2034b37c2550c59f1befca9a29520f46c Author: Christian Schmidt <[email protected]> Date: Sat Mar 4 23:18:19 2023 +0100 Do not leave Mastodon when clicking “Back” (#23953) commit 4cec3ad9b887e21875b4db4f4411589726e3ba86 Author: Claire <[email protected]> Date: Fri Mar 3 21:13:55 2023 +0100 Fix original account being unfollowed on migration before the follow request could be sent (#21957) commit 675c24a34ed8e8600aa750ae957aba9e5d4fc19e Author: Claire <[email protected]> Date: Mon Mar 6 16:00:08 2023 +0100 Fix unconfirmed accounts being registered as active users (#23803) commit f5f17e897b600b015b21f0b9ebe9e912c5be36d5 Author: Claire <[email protected]> Date: Fri Mar 3 20:45:12 2023 +0100 Fix tootctl accounts migrate error due to typo (#23567) commit 63532d9883b56cbe8adf2b145c49fb2d84277930 Author: Claire <[email protected]> Date: Fri Mar 3 20:44:02 2023 +0100 Fix error when displaying post history of a trendable post in the admin interface (#23574) commit aff3f850deec47efb69489f40d44eab13765161b Author: Claire <[email protected]> Date: Fri Mar 3 20:36:18 2023 +0100 Fix server error when failing to follow back followers from `/relationships` (#23787) commit b52746e64b5e150f05b6e55e7e9546f408719118 Author: Claire <[email protected]> Date: Fri Mar 3 20:25:36 2023 +0100 Fix duplicate “Publish” button on mobile (#23804) commit 69564db4473398fbb4362bbe05b760285d9c69e3 Author: Claire <[email protected]> Date: Wed Feb 22 11:53:13 2023 +0100 Fix inefficiency when searching accounts per username in admin interface (#23801) commit 00208b23b18d048c5f6d5e5c37954e13bdcc83ff Author: Botao Wang <[email protected]> Date: Tue Feb 21 18:06:13 2023 +0900 Fix sidebar cut-off on small screens in admin UI (#23764) commit 900790184aeeedbc8a53bcb28fe36fbe973aeb56 Author: Claire <[email protected]> Date: Sun Feb 19 07:11:18 2023 +0100 Fix focus point of already-attached media not saving after edit (#23566) commit 11d66630252c53f2b75278919ee8160be672edb1 Author: Dean Bassett <[email protected]> Date: Mon Feb 13 05:54:08 2023 -0800 Fix case-sensitive check for previously used hashtags (#23526) commit ea1d55a64eba0fc56f2531495fa08cfc422f19b7 Author: emilweth <[email protected]> Date: Sat Feb 11 03:00:44 2023 +0100 fix metrics format (#23520) commit ac7665193cfaa743bb42178b8537ae815e6ca455 Author: emilweth <[email protected]> Date: Sat Feb 11 02:15:07 2023 +0100 dot is not allowed (#23519) commit 0dc342df81197c84adf530646ba04da436cb08a7 Author: Claire <[email protected]> Date: Fri Mar 3 20:25:15 2023 +0100 Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) commit 7e7ace52776d9ee5a0feb3858e7fa44deaba6624 Author: robin* <[email protected]> Date: Sat Feb 11 11:02:22 2023 +0900 Delete dependabot.yml commit 0c8abdc465b4d6783312957313d2fe26c0ab3c40 Author: robin* <[email protected]> Date: Sat Feb 11 10:56:40 2023 +0900 빌드 타겟 변경 commit f634345a4fe06ce558d28f1b0215333fdb28eb22 Merge: 551bbcc31 61c5dfb92 Author: robin* <[email protected]> Date: Sat Feb 11 10:54:47 2023 +0900 Merge remote-tracking branch 'tootsuite/l10n_main' commit 551bbcc31c4568c649f149629cf322486fa6721c Author: robin* <[email protected]> Date: Tue Nov 22 16:16:04 2022 +0900 기본 프로필 이미지가 타 서버에서도 반영되도록 수정 commit 83973ad000d081da3070901c32126b50d8290f84 Author: robin* <[email protected]> Date: Mon Nov 21 20:36:22 2022 +0900 기본 프로필 사진 변경 commit 94694eb0c53dd569472348b808354afdd94536fb Author: robin* <[email protected]> Date: Tue Nov 15 22:37:18 2022 +0900 우리툿도절대지켜 commit ab1ee58251cca6aa5136543bb57dcf9a199dde48 Author: robin* <[email protected]> Date: Tue Nov 15 22:36:23 2022 +0900 우리뿌우절대지켜 commit 150d389fe62aaa7561ec6ab261009160018ccc66 Merge: c49849ee7 a1738f899 Author: robin* <[email protected]> Date: Tue Nov 15 15:13:11 2022 +0900 Merge remote-tracking branch 'tootsuite/main' commit c49849ee7930ecae3a7e4454edb613208a2f070d Author: robin* <[email protected]> Date: Wed Nov 9 01:57:17 2022 +0900 파비콘 추가 commit e6bcefb07dd3d1fe7452ecc95aa9b48c93a6f160 Author: robin* <[email protected]> Date: Wed Nov 2 14:47:08 2022 +0900 인수 오타 수정 commit f4a81d7031e1c6fc65d57ed12ea56ea4312c0ca4 Author: robin* <[email protected]> Date: Wed Nov 2 14:44:06 2022 +0900 Change docker image build platform commit 41154aed9d933cc024df3e031dfd4b5632d97d9c Merge: e25ea5224 73f3f3786 Author: robin* <[email protected]> Date: Wed Nov 2 14:16:26 2022 +0900 Merge remote-tracking branch 'byulmaru/master' commit e25ea5224f45bc73fc9985b876ca7f1457c0949b Author: robin* <[email protected]> Date: Wed Nov 2 14:16:10 2022 +0900 build 오타 수정 commit 73f3f37869eacbe2da5008c840278b7eb9a9b33f Author: robin* <[email protected]> Date: Wed Nov 2 14:13:34 2022 +0900 Update build-image.yml commit 27ff94e8e74fdeb6084f589c6cade98d7e0f47bf Author: robin* <[email protected]> Date: Wed Nov 2 14:11:53 2022 +0900 GitHub 자동 빌드 시스템 구현 commit 110307f48759dde0f7db0d898c36c19f45f0f788 Author: robin* <[email protected]> Date: Fri Oct 28 01:29:47 2022 +0900 nori tokenizer 적용 commit 95a908baadc7b0d2cc826260b23274ac317f7247 Merge: 71577d209 fbcbf7898 Author: robin* <[email protected]> Date: Sun May 29 08:23:17 2022 +0900 Merge branch '3.5.3' commit 71577d209982abb808b74ff89ba69e177d0caff6 Author: robin* <[email protected]> Date: Sun May 8 21:16:28 2022 +0900 불필요한 pull 삭제 commit 418b9d2bd4a94272e3ed290d3c47ec657cdfc26c Author: robin* <[email protected]> Date: Sun May 8 21:13:05 2022 +0900 dep와 release 분리 commit 37809672d0706f31bd97a0e0fc9703a9f60d6916 Author: robin* <[email protected]> Date: Fri May 6 09:41:30 2022 +0900 캐시 사용하게 변경 commit 0399b9b5e1897925c323b1df7d90113f92047371 Author: robin* <[email protected]> Date: Wed May 4 16:14:17 2022 +0900 CI stage 나누기 테스트 commit e8246af21f9c0b985459bb6edbf7379505890b86 Merge: e9f3cf782 014065913 Author: robin* <[email protected]> Date: Wed May 4 09:40:29 2022 +0900 Merge remote-tracking branch 'tootsuite/main' commit e9f3cf78256b3315f6cfc3e10c50df6b55ce86aa Author: robin* <[email protected]> Date: Wed May 4 09:40:14 2022 +0900 yarn 타임아웃을 크게 설정 commit 24e02129bee4d25f1e8037929b0d7b6e8fee27cc Author: robin* <[email protected]> Date: Sat Apr 23 10:36:57 2022 +0900 bundle과 yarn 설치를 분리하고 yarn 타임아웃을 크게 설정 commit e8b53b838101e92b08b9a59573b2da5f863735af Author: robin* <[email protected]> Date: Fri Apr 22 11:25:34 2022 +0900 이러면 캐시 이용하나?? commit 9015eda257784255419b1de762053b7100908818 Author: robin* <[email protected]> Date: Wed Apr 20 07:32:47 2022 +0000 Update .gitlab-ci.yml file commit 750319882455850be91289ea612bfd34fb783864 Author: robin* <[email protected]> Date: Wed Apr 20 14:38:54 2022 +0900 빌드 후 이미지를 푸시하도록 수정 commit ff575a026749222d40b1744d06208d171955ac75 Author: robin* <[email protected]> Date: Wed Apr 20 14:34:45 2022 +0900 buildx 커맨드 오타 수정 commit 8b84bcd9dd53acc1399d8031df219325747f5672 Author: robin* <[email protected]> Date: Wed Apr 20 14:26:39 2022 +0900 buildx로 arm에서 빌드 commit d229380129cce9698a7a8aa9a15211dfc73f7f2c Merge: aba0e2780 ed5491e5d Author: robin* <[email protected]> Date: Wed Apr 20 14:19:57 2022 +0900 Merge branch '3.5.1' commit aba0e2780b21b23e0801c48e9210514a24e45535 Author: robin* <[email protected]> Date: Thu Feb 10 22:41:01 2022 +0900 머지 실수 교정 commit 69e3b702d0170dd1d107612a127216d96a5e650f Merge: 07284eb94 3413f1c44 Author: robin* <[email protected]> Date: Thu Feb 10 22:33:53 2022 +0900 Merge remote-tracking branch 'tootsuite/main' commit 07284eb940c1182b7c5665cc0a48caa8b11094dc Author: Eugen Rochko <[email protected]> Date: Thu Feb 3 14:21:38 2022 +0100 Forward-port version bump to 3.4.6 (#17434) commit 0a4846fc2558e8f34c3d0c20afa9ad68f517e10f Author: Claire <[email protected]> Date: Thu Feb 3 14:09:04 2022 +0100 Fix compacted JSON-LD possibly causing compatibility issues on forwarding (#17428) commit 4ec9c9c7dfa197d2e72c164ea2844da1c0a428b2 Author: Claire <[email protected]> Date: Thu Feb 3 14:07:43 2022 +0100 Fix response_to_recipient? CTE (#17427) commit 06280c066951682b3ae7fa3950a3b2c2461794d9 Author: Claire <[email protected]> Date: Thu Feb 3 14:07:29 2022 +0100 Compact JSON-LD signed incoming activities (#17426) Co-authored-by: Puck Meerburg <[email protected]> commit d96954e1b4debce5d403544c42cc5451c1d9d919 Merge: f2587765d d0d15bf49 Author: robin* <[email protected]> Date: Wed Feb 2 15:24:26 2022 +0900 Merge remote-tracking branch 'tootsuite/main' commit f2587765dd99714547c73283252839c27fe0b299 Merge: 4e0be3940 fd868f8ca Author: robin* <[email protected]> Date: Fri Nov 26 11:16:05 2021 +0900 Merge remote-tracking branch 'tootsuite/stable-3.4' commit fd868f8ca0b13afdb3f6fb9a3be063ccec7e1349 Author: Eugen Rochko <[email protected]> Date: Fri Nov 26 01:27:08 2021 +0100 Bump version to 3.4.4 commit 4cd33a2c712acf038d856caaad077e34398306d2 Author: Claire <[email protected]> Date: Thu Nov 11 14:00:30 2021 +0100 Fix "bundle exec rails mastodon:setup" crashing in some circumstances (#16976) Fix regression from #16896 commit f264cca1d20dcd1d80343d31f7c960f1579b57ad Author: Claire <[email protected]> Date: Thu Nov 25 23:46:30 2021 +0100 Fix filtering DMs from non-followed users (#17042) commit 5e4b04de8853822a9b0c6b124d0427ac9df2327e Author: Claire <[email protected]> Date: Thu Nov 25 23:46:39 2021 +0100 Fix handling of recursive toots in WebUI (#17041) commit 3c18311d860e829a3bbefe34f166f701242f925a Author: Claire <[email protected]> Date: Wed Nov 24 17:41:03 2021 +0100 Fix error when suspending user with an already-existing canonical email block (#17036) * Fix error when suspending user with an already-existing canonical email block Fixes #17033 While attempting to create a `CanonicalEmailBlock` with an existing hash would raise an `ActiveRecord::RecordNotUnique` error, this being done within a transaction would cancel the whole transaction. For this reason, checking for uniqueness in Rails would query the database within the transaction and avoid invalidating the whole transaction for this reason. A race condition is still possible, where multiple accounts sharing a canonical email would be blocked in concurrent transactions, in which only one would succeed, but that is way less likely to happen that the current issue, and can always be retried after the first failure, unlike the current situation. * Add tests commit e5113a8cad23f686129ef04e908afee9ad0f6ada Author: Claire <[email protected]> Date: Fri Nov 19 18:22:49 2021 +0100 Fix overflow of long profile fields in admin view (#17010) commit 22cd1e6ab593830dc667ef09235faed0b7547891 Author: Claire <[email protected]> Date: Sun Nov 14 21:55:40 2021 +0100 Fix confusing error when webfinger request returns empty document (#16986) For some reason, some misconfigured servers return an empty document when queried over webfinger. Since an empty document does not lead to a parse error, the error is not caught properly and triggers uncaught exceptions later on. This PR fixes that by immediately erroring out with `Webfinger::Error` on getting an empty response. commit e65ede1ac538501883f7cb68516e9bada2ef25fe Author: Claire <[email protected]> Date: Tue Nov 16 21:36:28 2021 +0100 Fix upload of remote media with OpenStack Swift sometimes failing (#16998) Under certain conditions, files fetched from remotes trigger an error when being uploaded using OpenStack Swift. This is because in some cases, the remote server will not return a content-length, so our ResponseWithLimitAdapter will hold a `nil` value for `#size`, which will lead to an invalid value for the Content-Length header of the Swift API call. This commit fixes that by taking the size from the actually-downloaded file size rather than the upstream-provided Content-Length header value. commit 1bcb3daf7e4255662d6185a2fb74c2263f75060a Author: Takeshi Umeda <[email protected]> Date: Fri Aug 6 19:14:13 2021 +0900 Fix logout link not working in safari (#16574) commit 9c610ca0a41b1a317188a94d7532e9937dda47b8 Author: Claire <[email protected]> Date: Sun Jul 25 01:13:46 2021 +0200 Fix “open” link of media modal not closing modal (#16524) commit 77d0297313ca7d0a26ec820381e93030a974c1a9 Author: Claire <[email protected]> Date: Sat Jul 17 17:06:52 2021 +0200 Fix replying from modal (#16516) Fixes #16515 Not using a router object somehow made `this.history` lag behind the real browser history whenever pushing a new history item in `replyCompose`. Not using the context-provided router in this case was an oversight made when porting glitch-soc changes in #16499. commit 4e0be394028fe52e868d9659bdfefd97f234f91c Merge: 5ec8d5e0a 4b6668868 Author: robin* <[email protected]> Date: Sat Nov 6 14:18:49 2021 +0900 Merge remote-tracking branch 'tootsuite/stable-3.4' commit 4b6668868e92b83c740849ddd397ca3ff5026a86 Author: Eugen Rochko <[email protected]> Date: Sat Nov 6 05:19:38 2021 +0100 Bump version to 3.4.3 commit 5c47a18c8df3231aa25c6d1f140a71a7fac9cbf9 Author: Eugen Rochko <[email protected]> Date: Sat Nov 6 05:17:39 2021 +0100 Fix login being broken due to inaccurately applied backport fix in 3.4.2 See #16943 commit 8a74d851d2035cf7adbb605b7e994334152fbfc4 Author: Eugen Rochko <[email protected]> Date: Sat Nov 6 00:09:41 2021 +0100 Bump version to 3.4.2 commit 76c2028859e5eef4ac4a07d5b3f4538eec933b88 Author: Claire <[email protected]> Date: Sat Nov 6 00:12:25 2021 +0100 Fix AccountNote not having a maximum length (#16942) commit 3251b8eeadbeb34fa7846b240ee48df963f16562 Author: Claire <[email protected]> Date: Sat Nov 6 00:13:58 2021 +0100 Fix reviving revoked sessions and invalidating login (#16943) Up until now, we have used Devise's Rememberable mechanism to re-log users after the end of their browser sessions. This mechanism relies on a signed cookie containing a token. That token was stored on the user's record, meaning it was shared across all logged in browsers, meaning truly revoking a browser's ability to auto-log-in involves revoking the token itself, and revoking access from *all* logged-in browsers. We had a session mechanism that dynamically checks whether a user's session has been disabled, and would log out the user if so. However, this would only clear a session being actively used, and a new one could be respawned with the `remember_user_token` cookie. In practice, this caused two issues: - sessions could be revived after being closed from /auth/edit (security issue) - auto-log-in would be disabled for *all* browsers after logging out from one of them This PR removes the `remember_token` mechanism and treats the `_session_id` cookie/token as a browser-specific `remember_token`, fixing both issues. commit f60bb0784fdf2ac67582ba4e96779acc078d9902 Author: Claire <[email protected]> Date: Fri Nov 5 21:14:35 2021 +0100 Fix handling announcements with links (#16941) Broken since #15827 commit c3a6f7b9411a86a8fce71ef99d8801d8930bb8f0 Author: Claire <[email protected]> Date: Wed Jul 14 05:35:49 2021 +0200 Fix user email address being banned on self-deletion (#16503) * Add tests * Fix user email address being banned on self-deletion Fixes #16498 commit 986397b3a255e5078ff4830a7d4d4687a12f4c19 Author: Claire <[email protected]> Date: Tue Jul 13 15:45:17 2021 +0200 Improve modal flow and back button handling (#16499) * Refactor shouldUpdateScroll passing So far, shouldUpdateScroll has been manually passed down from the very top of the React component hierarchy even though it is a static function common to all ScrollContainer instances, so replaced that with a custom class extending ScrollContainer. * Generalize “press back to close modal” to any modal and to public pages * Fix boost confirmation modal closing media modal commit c79d4711e9529ea024e0b70d3f64821bbde018d2 Author: Claire <[email protected]> Date: Tue Jul 13 15:46:20 2021 +0200 Change references to tootsuite/mastodon to mastodon/mastodon (#16491) * Change references to tootsuite/mastodon to mastodon/mastodon * Remove obsolete test fixture * Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG And a few other places commit be560337158c83d737fe4b4de3486caae718ca01 Author: Claire <[email protected]> Date: Wed Jul 7 21:13:08 2021 +0200 Change number_to_human calls to always use 3-digits precision (#16469) Fixes #16435 commit 8815e98aa231dd68cc9ff586f045f6c5fc3f0cd0 Author: Claire <[email protected]> Date: Mon Jul 5 19:16:06 2021 +0200 Fix pop-in player display when poster has long username or handle (#16468) commit 4bc1fde1059c6d953d91f5f57146781cd5559025 Author: Claire <[email protected]> Date: Sat Jul 3 21:13:47 2021 +0200 Fix anonymous access to outbox not being cached by the reverse proxy (#16458) * Fix anonymous access to outbox not being cached by the reverse proxy Up until now, anonymous access to outbox was marked as public, but with a 0 duration for caching, which means remote proxies would only serve from cache when the server was completely overwhelmed. Changed that cache duration to one minute, so that repeated anonymous access to one account's outbox can be appropriately cached. Also added `Signature` to the `Vary` header in case a page is requested, so that authenticated fetches are never served from cache (which only contains public toots). * Remove Vary: Accept header from webfinger controller Indeed, we have stopped returning xrd, and only ever return jrd, so the Accept request header does not matter anymore. * Cache negative webfinger hits for 3 minutes commit 34ab4111a7e32c1c0ae6055286bb94bf496295a2 Author: Claire <[email protected]> Date: Fri Jun 25 04:45:17 2021 +0200 Fix WebUI crash when a toot with a playing video gets deleted (#16384) * Fix WebUI crash when a toot with a playing video gets deleted * Fix pop-up player not closing the moment a status is deleted commit aebcb722aa9a092000448b6e143c12a74f5bb78f Author: Claire <[email protected]> Date: Mon Jun 21 20:14:47 2021 +0200 Fix serialization of followers/following counts when user hides their network (#16418) * Add tests * Fix serialization of followers/following counts when user hides their network Fixes #16382 Signed-off-by: Claire <[email protected]> commit 9a468c895be2b9970a9556e72a9162070337b87c Author: Claire <[email protected]> Date: Thu Jul 15 15:56:58 2021 +0200 Fix inefficiencies in auto-linking code (#16506) The auto-linking code basically rewrote the whole string escaping non-ascii characters in an inefficient way, and building a full character offset map between the unescaped and escaped texts before sending the contents to TwitterText's extractor. Instead of doing that, this commit changes the TwitterText regexps to include valid IRI characters in addition to valid URI characters. commit a1e5ff04e3278edbf7f71fe504f38c83de694d3b Author: Claire <[email protected]> Date: Thu Oct 14 19:59:28 2021 +0200 Fix tootctl self-destruct not sending Delete activities for recently-suspended accounts (#16688) * Do not block existing users' emails on self-destruct That is wasteful and unintuitive * Do not close registrations when running tootctl self-destruct with --dry-run * Close registrations on self-destruct regardless of known remote accounts * Fix tootctl self-destruct not sending Deletes for recently-suspended accounts * Suspend local users even if no remote account is known * Do not show scary confirmation text if ran with --dry-run commit e40d5414cce5a59083fd8ed50837186546a86ac4 Author: Claire <[email protected]> Date: Fri Jul 23 02:53:17 2021 +0200 Fix crashes with Microsoft Translate on Microsoft Edge (#16525) Fixes #16509 Microsoft Edge with translation enabled rewrites the DOM in ways that confuse react and prevent it from working properly. Wrapping the offending parts in a span avoids this issue. commit 40eaa8706b81f0c7fb20dcc8668cdf2b443f5363 Author: Claire <[email protected]> Date: Sat Sep 4 16:44:50 2021 +0200 Fix suspicious sign-in mail text being out of date (#16690) Fixes #16687 commit 4cc7efcb0856ce980352ab0566bb8b63976e56d5 Author: Claire <[email protected]> Date: Mon Sep 13 18:59:56 2021 +0200 Fix some Rails frameworks being unnecessarily loaded (#16725) Saves about 10MiB of memory usage at boot commit 9b34647c9b98ff751862782ea5b408d89adfcbdb Author: Claire <[email protected]> Date: Wed Sep 15 18:51:16 2021 +0200 Fix followers synchronization mechanism not working when URI has empty path (#16744) Follow-up to #16510, forgot the controller exposing the actual followers… commit 6b98fd0b4f79f887234ace4115914442183a84db Author: Eugen Rochko <[email protected]> Date: Fri Jul 2 12:03:15 2021 +0200 Fix not being able to suspend accounts that already have a canonical e-mail block (#16455) commit c7f534ab953f713c1f4be82ebb23c757f3b063fd Author: Claire <[email protected]> Date: Wed Jun 30 06:13:55 2021 +0200 Fix missing on_delete: :cascade for canonical_email_blocks foreign key (#16448) commit d5a50e9dfb2d64ba68271a06d4323da9869d92e8 Author: Eugen Rochko <[email protected]> Date: Sat Jul 10 17:58:41 2021 +0200 Add `configuration` attribute to `GET /api/v1/instance` (#16485) List various values like file size limits and supported mime types commit e1cf8d4d3741f6950808e9042e078ea5891e7fe6 Author: Jeong Arm <[email protected]> Date: Thu Nov 4 23:49:35 2021 +0900 Fix statuses order in account's statuses admin page (#16937) commit f366a23a232e41c486845acc2c9d119dd825e6d0 Author: Jeong Arm <[email protected]> Date: Fri Oct 29 02:30:44 2021 +0900 Skip blocked domains media on tootctl media refresh (#16914) commit aa828aea02fcf4c6e4aab180ae28a0891e18c052 Author: Claire <[email protected]> Date: Mon Oct 25 16:34:15 2021 +0200 Fix mastodon:setup to take dotenv/docker-compose differences into account (#16896) In order to work around https://github.com/mastodon/mastodon/issues/16895, add a warning to .env.production.sample, and change the mastodon:setup rake task to: - output a warning if a variable will be interpreted differently by dotenv and docker-compose - ensure the printed config is compatible with docker-compose commit 123a88b6b5b567901f0adbda84f6b356607cff0b Author: Claire <[email protected]> Date: Thu Oct 21 20:39:35 2021 +0200 Fix some link previews being incorrectly generated from other prior links (#16885) * Add tests * Fix some link previews being incorrectly generated from different prior links PR #12403 added a cache to avoid redundant queries when the OEmbed endpoint can be guessed from the URL. This caching mechanism is not perfectly correct as there is no guarantee that all pages from a given domain share the same OEmbed provider endpoint. This PR prevents the FetchOEmbedService from caching OEmbed endpoint that cannot be generalized by replacing a fully-qualified URL from the endpoint's parameters, greatly reducing the number of incorrect cached generalizations. commit e63370db191eb9ae12112789afe8e027095f9112 Author: Claire <[email protected]> Date: Thu Oct 14 19:59:21 2021 +0200 Fix scheduled statuses decreasing statuses counts (#16791) * Add tests * Fix scheduled statuses decreasing statuses counts Fixes #16774 commit 2396c9061a6b6895dc77479c88e82c2106caae3a Author: Claire <[email protected]> Date: Thu Sep 30 05:26:29 2021 +0200 Fix webauthn secure key authentication (#16792) * Add tests * Fix webauthn secure key authentication Fixes #16769 commit 663b58aaaebb31de8479773b1d79db9a49322020 Author: Holger <[email protected]> Date: Thu Sep 9 05:33:36 2021 +0800 use relative path for `scope` (#16714) Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains. commit 75441ac63de02cc5e65cd829a8448253f8c06140 Author: Claire <[email protected]> Date: Wed Sep 8 23:33:23 2021 +0200 Fix addressing of remote groups' followers (#16700) Fixes #16699 commit 5899fe70b66fe98dac2b87e29fc08fad05a399c8 Author: Claire <[email protected]> Date: Wed Sep 1 22:06:40 2021 +0200 Fix processing mentions to domains with non-ascii TLDs (#16689) Fixes #16602 commit 2688f18d06340ff858bd66d50ea3e0fd1c288695 Author: Claire <[email protected]> Date: Wed Aug 25 22:52:41 2021 +0200 Fix authentication failures after going halfway through a sign-in attempt (#16607) * Add tests * Add security-related tests My first (unpublished) attempt at fixing the issues introduced (extremely hard-to-exploit) security vulnerabilities, addressing them in a test. * Fix authentication failures after going halfway through a sign-in attempt * Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious commit f51c6cba1f88b68a23b86b164f08fb19e81c2497 Author: Claire <[email protected]> Date: Fri Aug 20 08:40:33 2021 +0200 Fix remotely-suspended accounts' toots being merged back into timelines (#16628) * Fix remotely-suspended accounts' toots being merged back into timelines * Mark remotely-deleted accounts as remotely suspended commit 4f852448e1b5543117ee91b0f7cc6f5c6388d6c9 Author: Claire <[email protected]> Date: Wed Aug 11 16:40:55 2021 +0200 Fix crash when encountering invalid account fields (#16598) * Add test * Fix crash when encountering invalid account fields commit c02d6c46e3b46b21370465e3637c9b95cdd008d2 Author: Takeshi Umeda <[email protected]> Date: Mon Aug 9 20:33:19 2021 +0900 Fix invalid blurhash handling in Create activity (#16583) commit 987f945930324f66f363287286f87d4ca337be5a Author: Takeshi Umeda <[email protected]> Date: Sun Aug 8 22:31:02 2021 +0900 Fix when MoveWorker cannot get locale from remote account (#16576) commit e62f488be5d468a2a09a9f0890ef0dad9209808d Author: Claire <[email protected]> Date: Wed Jun 23 23:55:47 2021 +0200 Fix newlines in accout notes added by the Move handler (#16415) * Fix newlines in account notes added by the move handler * Make MoveWorker more robust commit 5ec8d5e0a66cb7aba56a6c75025f093e28913304 Merge: 441c85ce8 d6486c969 Author: robin* <[email protected]> Date: Thu Jun 3 12:30:48 2021 +0900 Merge remote-tracking branch 'tootsuite/main' commit 441c85ce851a6045fa8a5c87ddb2ed5e9b2303c1 Merge: cfce8a9cc 4c7efdba4 Author: robin* <[email protected]> Date: Mon May 17 11:12:20 2021 +0900 Merge remote-tracking branch 'tootsuite/main' commit cfce8a9cc86ecf96663f4a90c8d0816986d9c9fa Author: robin* <[email protected]> Date: Mon Mar 15 17:35:03 2021 +0900 커스텀 이모지의 용량 제한 100KB로 증가 commit 54ff54987d1cc7370a1d0ff89d3fb989c4f7b57c Author: robin* <[email protected]> Date: Sat Mar 13 20:58:20 2021 +0900 display_name 길이 제한 50자로 완화(프론트) commit 675882aada107e63cf38915a334f63d3857d7aae Author: robin* <[email protected]> Date: Sat Mar 13 20:46:04 2021 +0900 display_name 길이 제한 50자로 완화 commit 5336827da92394d362f07e12c37d9b09ae40b955 Author: robin* <[email protected]> Date: Sun Jan 10 20:45:17 2021 +0900 공개설정 롤백 commit 8a5db4d6cba5a158b2adabd0fb77fa425b08098c Merge: a6cab215f 633d17514 Author: robin* <[email protected]> Date: Sun Dec 27 14:49:52 2020 +0900 Merge remote-tracking branch 'tootsuite/master' commit a6cab215f47a7d14da851d9181ed074a7101b807 Merge: 6af1ff66e 2d5a5bac6 Author: robin* <[email protected]> Date: Sat Dec 19 09:54:22 2020 +0900 Merge pull request #484 from tootsuite/stable-3.2 Stable 3.2 commit 2d5a5bac673c5d8fec78be865c10ad6ae5a958a5 Author: Eugen Rochko <[email protected]> Date: Sat Dec 19 00:41:49 2020 +0100 Bump version to 3.2.2 commit 36b9b8deaa252b458d2fa6a3c9b31cb82b8dfedb Author: ThibG <[email protected]> Date: Sat Dec 19 00:26:53 2020 +0100 Fix ResolveAccountService accepting mismatching acct: URI (#15368) Co-authored-by: Claire <[email protected]> commit 406adfca275909111153dfde91626a849fed5a1f Author: ThibG <[email protected]> Date: Fri Dec 18 23:31:14 2020 +0100 Backport fixes to 3.2 (#15360) * Fix 2FA/sign-in token sessions being valid after password change (#14802) If someone tries logging in to an acc…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.