Claire
1f0e040cb8
Merge pull request from GHSA-vm39-j3vx-pch3
...
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
Claire
c107375035
Merge pull request from GHSA-7w3c-p9j8-mq3x
...
* Ensure destruction of OAuth Applications notifies streaming
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
* Ensure password resets revoke access to Streaming API
* Improve performance of deleting OAuth tokens
---------
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
2024-02-14 15:15:34 +01:00
Claire
befd534eb8
Merge pull request from GHSA-3fjr-858r-92rw
...
* Fix insufficient origin validation
* Bump version to v4.0.13
2024-02-01 15:56:46 +01:00
Matt Jankowski
905baaaff2
Dont match mention in url query string ( #25656 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-10-10 13:51:14 +02:00
Claire
26f24f4de0
Add a short-lived lock to trend refresh scheduler ( #27253 )
2023-10-10 13:51:14 +02:00
David Aaron
0b10485a87
Change min age of backup policy from 1 week to 6 days ( #27200 )
2023-10-10 13:51:14 +02:00
Jakob Gillich
93bb9ae676
Fix importer returning negative row estimates ( #27258 )
2023-10-10 13:51:14 +02:00
Claire
d25cbac8a2
Change some worker lock TTLs ( #27246 )
2023-10-10 13:51:14 +02:00
Claire
f95015827d
Fix filtering audit log for entries about disabling 2FA ( #27186 )
2023-10-10 13:51:14 +02:00
Essem
44d12a8580
Properly remove tIME chunk from PNG uploads ( #27111 )
2023-10-10 13:51:14 +02:00
Claire
19af772dbd
Fix crash when filtering for “dormant” relationships ( #27306 )
2023-10-10 13:51:14 +02:00
Claire
e5772c9e55
Fix inefficient queries in “Follows and followers” as well as several admin pages ( #27116 )
2023-10-10 13:51:14 +02:00
Claire
481e1d4e0e
Fix post translation erroring out (v4.0.x) ( #26991 )
2023-09-20 15:59:53 +02:00
Claire
5c64f01b19
Fix moderator rights inconsistencies ( #26729 )
2023-09-19 17:01:32 +02:00
Claire
57acad0e9f
Fix crash when encountering invalid URL ( #26814 )
2023-09-19 17:01:32 +02:00
Claire
3ab722a79c
Fix cached posts including stale stats ( #26409 )
2023-09-19 17:01:32 +02:00
Nicolai Søborg
871e63edff
Fix frame_rate
for videos where ffprobe
reports 0/0 ( #26500 )
2023-09-19 17:01:32 +02:00
Claire
9ae857c035
Merge pull request from GHSA-v3xf-c9qf-j667
2023-09-19 16:53:58 +02:00
Claire
9fa89dbdcb
Merge pull request from GHSA-2693-xr3m-jhqr
2023-09-19 16:53:21 +02:00
Emelia Smith
d3e97e8c23
Allow reports with long comments from remote instances, but truncate ( #25028 )
2023-09-05 18:51:01 +02:00
Daniel M Brasil
db8db60244
Fix /api/v1/timelines/tag/:hashtag
allowing for unauthenticated access when public preview is disabled ( #26237 )
2023-09-05 18:51:01 +02:00
Claire
d30fbc0900
Fix blocking subdomains of an already-blocked domain ( #26392 )
2023-09-05 18:51:01 +02:00
Claire
a62d9a9a78
Change text extraction in PlainTextFormatter
to be faster ( #26727 )
2023-09-05 18:51:01 +02:00
Claire
fea5640374
Fix incorrect connect timeout in outgoing requests ( #26116 )
2023-07-31 14:33:14 +02:00
Claire
aca0db4bd6
Change request timeout handling to use a longer deadline ( #26055 )
2023-07-21 16:07:35 +02:00
Claire
bd2429b716
Fix remote accounts being possibly persisted to database with incomplete protocol values ( #25886 )
2023-07-21 16:07:35 +02:00
Michael Stanclift
8695409035
Fix trending publishers table not rendering correctly on narrow screens ( #25945 )
2023-07-21 16:07:35 +02:00
Claire
93a87b96c7
Fix processing of media files with unusual names ( #25788 )
2023-07-07 19:36:12 +02:00
Claire
614aaeff41
Fix crash in admin interface when viewing a remote user with verified links ( #25796 )
2023-07-07 19:36:12 +02:00
Claire
2d42175ef0
Merge pull request from GHSA-55j9-c3mp-6fcq
2023-07-06 15:06:50 +02:00
Claire
3af396e561
Merge pull request from GHSA-9pxv-6qvf-pjwc
...
* Fix timeout handling of outbound HTTP requests
* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire
2119aadf0a
Merge pull request from GHSA-9928-3cp5-93fm
...
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
102ed6e8ca
Merge pull request from GHSA-ccm4-vgcc-73hp
...
* Tighten allowed HTML in oEmbed-based preview cards
* Sanitize preview cards at render time
* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Vyr Cossont
798d26dd04
Fix Redis client and type errors introduced in #24285 ( #24342 )
2023-07-06 13:45:58 +02:00
Vyr Cossont
9ad33eb160
IndexingScheduler: fetch and import in batches ( #24285 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-06 13:45:58 +02:00
Claire
5e55ca25d6
Fix ResolveURLService not resolving local URLs for remote content ( #25637 )
2023-07-06 13:45:58 +02:00
Claire
0bcb4f73f1
Change /api/v1/statuses/:id/history to always return at least one item ( #25510 )
2023-07-06 13:45:58 +02:00
Claire
04f76675d1
Add finer permission requirements for managing webhooks ( #25463 )
2023-07-06 13:45:58 +02:00
Claire
53acab6d2b
Fix wrong view being displayed when a webhook fails validation ( #25464 )
2023-07-06 13:45:58 +02:00
Emelia Smith
78358b84b9
Prevent UserCleanupScheduler from overwhelming streaming ( #25519 )
2023-07-06 13:45:58 +02:00
Daniel M Brasil
c285f9d1a1
Fix incorrect pagination headers in /api/v2/admin/accounts
( #25477 )
2023-07-06 13:45:58 +02:00
Claire
660845f781
Change profile updates to be sent to recently-mentioned servers ( #24852 )
2023-07-06 13:45:58 +02:00
Claire
0b627dcf9e
Fix being able to vote on your own polls ( #25015 )
2023-07-06 13:45:58 +02:00
Claire
a3f58ceea4
Fix race condition when reblogging a status ( #25016 )
2023-07-06 13:45:58 +02:00
Claire
bb87736bf0
Change OpenGraph-based embeds to allow fullscreen ( #25058 )
2023-07-06 13:45:58 +02:00
Claire
37972fe3c7
Fix “Authorized applications” inefficiently and incorrectly getting last use date ( #25060 )
2023-07-06 13:45:58 +02:00
Claire
64416e4000
Remove invalid X-Frame-Options: ALLOWALL ( #25070 )
2023-07-06 13:45:58 +02:00
Claire
eceb960744
Change Identity to not destroy associated User on destroy ( #25098 )
2023-07-06 13:45:58 +02:00
Claire
ebe009ff09
Fix /api/v1/conversations sometimes returning empty accounts ( #25499 )
2023-07-06 13:45:58 +02:00
Claire
2617c33fc3
Fix ArgumentError when loading newer Private Mentions ( #25399 )
2023-07-06 13:45:58 +02:00