Commit Graph

2552 Commits

Author SHA1 Message Date
Claire
a5641a9244 Fix incorrect rate limit on PUT requests (#31356) 2024-08-16 12:30:59 +02:00
Tim Rogers
17f69c0002 Added check for STATSD_ADDR setting to emit a warning and proceed rather than crashing if the address is unreachable (#30691) 2024-07-02 15:08:24 +02:00
Claire
9740c7eaea Fix rate-limiting incorrectly triggering a session cookie on most endpoints (#30483) 2024-05-30 15:14:03 +02:00
Claire
8ab0ca7d64
Merge pull request from GHSA-c2r5-cfqr-c553
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations

* Remove rack-attack safelist
2024-05-30 14:24:29 +02:00
Claire
7920aa59e8
Merge pull request from GHSA-q3rg-xx5v-4mxh 2024-05-30 14:14:04 +02:00
Emelia Smith
186f916192 Fix: remove broken OAuth Application vacuuming & throttle OAuth Application registrations (#30316)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-05-29 16:39:26 +02:00
Tim Rogers
e69780ec59 Fixed crash when supplying FFMPEG_BINARY environment variable (#30022) 2024-05-17 12:30:00 +02:00
Claire
328a9b8157
Change registrations to be disabled by default for new servers (#29353) 2024-02-22 18:15:59 +01:00
Claire
28b666b0d5
Automatically switch from open to approved registrations in absence of moderators (#29337) 2024-02-22 14:39:42 +01:00
Claire
870ee80fd3 Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 22:55:31 +01:00
Claire
1a33d348d0 Add sidekiq_unique_jobs:delete_all_locks task and disable sidekiq-unique-jobs UI by default (#29199) 2024-02-14 13:17:45 +01:00
Emelia Smith
6d43b63275 Disable administrative doorkeeper routes (#29187) 2024-02-14 11:03:21 +01:00
Claire
6fe2a47357 Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-24 15:31:13 +01:00
Claire
bece853e3c Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (#27459) 2023-12-04 15:28:15 +01:00
Claire
ef149674f0 Change Content-Security-Policy to be tighter on media paths (#26889) 2023-12-04 15:28:15 +01:00
Claire
eea2654236
Fix format-dependent redirects being cached regardless of requested format (#27634) 2023-11-13 17:58:00 +01:00
github-actions[bot]
4262cfbe41 New Crowdin Translations (automated) (#27347)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
5a33b81479 New Crowdin Translations (automated) (#27321)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
2e2936eb64 New Crowdin Translations (automated) (#27304)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
88fc73dbbc New Crowdin Translations (automated) (#27277)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
aba0c5abd9 New Crowdin Translations (automated) (#27270)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
7c6f41039d New Crowdin Translations (automated) (#27260)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
7b86708980 New Crowdin Translations (automated) (#27220)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
2cd969cca7 New Crowdin Translations (automated) (#27202)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
4e5791bba1 New Crowdin Translations (automated) (#27168)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
aed930b629 New Crowdin Translations (automated) (#27144)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
9cb7fa57f6 New Crowdin Translations (automated) (#27080)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot]
40702a81fa New Crowdin Translations (automated) (#27052)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
Claire
8acc75435b
Change S3 checksum mode to be disabled by default (#27007) 2023-09-21 14:00:51 +02:00
github-actions[bot]
effe4728cf
New Crowdin Translations (automated) (#27005)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-21 11:06:04 +02:00
github-actions[bot]
61fe25fe74
New Crowdin Translations (automated) (#26988)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-20 13:05:56 +02:00
github-actions[bot]
73ecc4de6e
New Crowdin Translations (automated) (#26978)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-19 16:26:51 +02:00
github-actions[bot]
67eaaa4b90
New Crowdin Translations (automated) (#26966)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-19 10:41:48 +02:00
github-actions[bot]
1b4902fabf
New Crowdin Translations (automated) (#26913)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-18 13:46:07 +02:00
Claire
a04ae16201
Fix CSP when using ONE_CLICK_SSO_LOGIN (#26901) 2023-09-13 19:54:04 +02:00
github-actions[bot]
921c6fe654
New Crowdin Translations (automated) (#26498)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-13 15:10:41 +02:00
Robert R George
20666482ef
Added admin api for managing tags (#26872) 2023-09-13 11:22:53 +02:00
CSDUMMI
9a70cac9de
Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857) 2023-09-12 13:04:51 +02:00
Renaud Chaput
e9b528eaee
Use NodeJS v20 by default (#26830) 2023-09-08 13:45:34 +02:00
Claire
475783d567
Add timezone to datetimes in e-mails (#26822) 2023-09-06 17:25:39 +02:00
Claire
cab4cbfa5c
Fix “Scoped order is ignored, it's forced to be batch order.” warnings (#26793) 2023-09-05 15:37:23 +02:00
Christian Schmidt
ea31929776
Fix invalid Content-Type header for WebP images (#26773) 2023-09-04 09:46:33 +02:00
Claire
16681e0f20
Add admin notifications for new Mastodon versions (#26582) 2023-09-01 17:47:07 +02:00
Claire
9e26cd5503
Add authorized_fetch server setting in addition to env var (#25798) 2023-09-01 15:41:10 +02:00
Christian Schmidt
075cc8e8a6
Improve Codespaces port forwarding (#26400) 2023-08-29 10:20:36 +02:00
Christian Schmidt
286a21afdc
Support webpacker live-reloading on Docker (#26419) 2023-08-29 10:17:57 +02:00
Lukas Martini
a7d96e6aff
Improve error messages when DeepL quota is exceeded (#26704) 2023-08-29 09:14:44 +02:00
jsgoldstein
30c191aaa0
Add new public status index (#26344)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-08-24 16:40:04 +02:00
Claire
163b004bb1
Change admin e-mail notification settins to be their own settings group (#26596) 2023-08-24 14:43:00 +02:00
Renaud Chaput
bb2db2aec0
Add circular-dependency-plugin to detect any circular deps issues (#26600) 2023-08-22 13:24:16 +02:00