Commit Graph

14791 Commits

Author SHA1 Message Date
Claire fe92b241b2 Fix status processing failing halfway when a remote post has a malformed `replies` attribute (#31246) 2024-08-16 12:30:59 +02:00
Claire a5641a9244 Fix incorrect rate limit on PUT requests (#31356) 2024-08-16 12:30:59 +02:00
ida schmidt d913f47258 fix tests to reflect longer post lengths 2024-07-22 13:43:29 +01:00
ida schmidt 15aadc34fc remove obsolete tests 2024-07-22 12:48:41 +01:00
ida schmidt ca3f7f9cf9 make notif mailer test reflect locale changes 2024-07-22 12:43:06 +01:00
ida schmidt cd53021aed fix profle view to allow for longer display name length 2024-07-21 21:14:49 +01:00
ida schmidt 7841f9f5f7 Revert "Fix spurious errors when receiving an Add activity for a private post (#17425)"
This reverts commit 6d831fe274.
2024-07-21 20:45:57 +01:00
ida schmidt a63e039979 Merge tag 'v4.2.10' of https://github.com/mastodon/mastodon into HEAD 2024-07-04 16:05:22 +01:00
Claire a5b4a2b7e7
Bump version to v4.2.10 (#30910) 2024-07-04 16:46:35 +02:00
ida schmidt 6abf4a64ff Merge branch 'releases/v4.2.10' of https://github.com/mastodon/mastodon into HEAD 2024-07-04 15:45:56 +01:00
Claire d4bf22b632
Merge pull request from GHSA-xjvf-fm67-4qc3 2024-07-04 16:45:52 +02:00
Claire 98fd2af345 Bump version to v4.2.10 2024-07-04 16:42:53 +02:00
Claire 4fb4721072
Merge pull request from GHSA-58x8-3qxw-6hm7
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
Claire df974a912b
Merge pull request from GHSA-vp5r-5pgw-jwqx
* Fix streaming sessions not being closed when revoking access to an app

* Add tests for GHSA-7w3c-p9j8-mq3x
2024-07-04 16:11:28 +02:00
Claire 6cd9bd6ae1 fix: Return HTTP 422 when scheduled status time is less than 5 minutes (#30584) 2024-07-03 10:57:46 +02:00
David Roetzel 9b6219c48f Improve encoding detection for link cards (#30780) 2024-07-03 10:57:46 +02:00
Eugen Rochko 88b2d6eca5 Change search modifiers to be case-insensitive (#30865) 2024-07-03 10:57:46 +02:00
David Roetzel 846f59c6e9 Add size limit for link preview URLs (#30854) 2024-07-03 10:57:46 +02:00
Tim Rogers 17f69c0002 Added check for STATSD_ADDR setting to emit a warning and proceed rather than crashing if the address is unreachable (#30691) 2024-07-02 15:08:24 +02:00
Claire 1e87634a43 Update dependency charlock_holmes 2024-07-02 15:08:24 +02:00
Claire 5fd7cd79e0 Specify yarn version to avoid confusion with main which uses Yarn 4 2024-07-02 15:08:24 +02:00
Claire fcae9435ec Fix `/admin/accounts/:account_id/statuses/:id` for edited posts with media attachments (#30819) 2024-07-02 15:08:24 +02:00
Claire 55408f8085 Update dependency cbor 2024-07-02 15:08:24 +02:00
Claire 3f75c6f048 Update dependency rails 2024-07-02 15:08:24 +02:00
Claire bfc287fd6b Remove dependency on posix-spawn (#18559) 2024-07-02 15:08:24 +02:00
Claire 19ed22dc58 Fix duplicate `@context` attribute in user export (#30653) 2024-06-18 15:37:41 +02:00
Claire 520b2086af Change PWA start URL from `/home` to `/` (#27377) 2024-06-18 15:37:41 +02:00
ida schmidt 3c740fc1b0 Merge tag 'v4.2.9' of https://github.com/mastodon/mastodon into HEAD 2024-06-02 01:32:18 -07:00
Claire c93aacafde
Bump version to v4.2.9 (#30470) 2024-05-30 15:34:50 +02:00
Claire 9740c7eaea Fix rate-limiting incorrectly triggering a session cookie on most endpoints (#30483) 2024-05-30 15:14:03 +02:00
Claire 8ab0ca7d64
Merge pull request from GHSA-c2r5-cfqr-c553
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations

* Remove rack-attack safelist
2024-05-30 14:24:29 +02:00
Claire 7920aa59e8
Merge pull request from GHSA-q3rg-xx5v-4mxh 2024-05-30 14:14:04 +02:00
Claire 943792c187
Merge pull request from GHSA-5fq7-3p3j-9vrf 2024-05-30 14:03:13 +02:00
Emelia Smith 186f916192 Fix: remove broken OAuth Application vacuuming & throttle OAuth Application registrations (#30316)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-05-29 16:39:26 +02:00
Claire f9c41ae43b Normalize language code of incoming posts (#30403) 2024-05-29 15:31:26 +02:00
Claire b8edc95e8a Fix leaking Elasticsearch connections in Sidekiq processes (#30450) 2024-05-29 15:31:26 +02:00
Claire 16213a678d Update dependency rexml to 3.2.8 2024-05-29 15:31:26 +02:00
Claire a8dd32102f Update dependency nokogiri to 1.16.5 2024-05-17 12:30:00 +02:00
Claire 6fc07ff31f Update dependency fastimage to 2.3.1 2024-05-17 12:30:00 +02:00
Claire 997b021b69 Update dependency rotp to 6.3.0 2024-05-17 12:30:00 +02:00
Claire 2865bfadaf Update dependency json-jwt to 1.15.3.1 2024-05-17 12:30:00 +02:00
Claire 8c72e80019 Update dependency rack-cors to 2.0.2 2024-05-17 12:30:00 +02:00
Claire 8cf78825a2 Fix off-by-one in `tootctl media` commands (#30306) 2024-05-17 12:30:00 +02:00
Emelia Smith 67b2e62331 Fix missing destory audit logs for Domain Allows (#30125) 2024-05-17 12:30:00 +02:00
Claire 56b7d1a7b6 Fix not being able to block a subdomain of an already-blocked domain through the API (#30119) 2024-05-17 12:30:00 +02:00
Claire 51ef619140 Fix Idempotency-Key ignored when scheduling a post (#30084) 2024-05-17 12:30:00 +02:00
Tim Rogers e69780ec59 Fixed crash when supplying FFMPEG_BINARY environment variable (#30022) 2024-05-17 12:30:00 +02:00
Claire c3be5a3d2e Remove caching in `cache_collection` (#29862) 2024-05-17 12:30:00 +02:00
Claire 86807e4799 Improve email address validation (#29838) 2024-05-17 12:30:00 +02:00
Matt Jankowski 0143c9d3e1 Fix results/query in `api/v1/featured_tags/suggestions` (#29597) 2024-05-17 12:30:00 +02:00