Claire
d3c4441af8
Fix processing of Link
objects in Image
objects ( #29364 )
2024-02-23 09:53:09 +01:00
Claire
f0541adbd4
Fix link verifications when page size exceeds 1MB ( #29362 )
2024-02-22 19:12:57 +01:00
Claire
3fecb36739
Change registrations to be disabled by default for new servers ( #29354 )
2024-02-22 18:28:41 +01:00
Claire
c7312411b8
Fix auto-close email being sent to users with devops permissions instead of settings permissions ( #29356 )
2024-02-22 18:28:28 +01:00
Claire
2fc87611be
Automatically switch from open to approved registrations in absence of moderators ( #29337 )
2024-02-22 18:28:28 +01:00
Claire
a07fff079b
Merge pull request from GHSA-jhrq-qvrm-qr36
...
* Fix insufficient Content-Type checking of fetched ActivityStreams objects
* Allow JSON-LD documents with multiple profiles
2024-02-16 11:56:12 +01:00
Claire
9e5af6bb58
Fix user creation failure handling in OAuth paths ( #29207 )
...
Co-authored-by: Matt Jankowski <matt@jankowski.online>
2024-02-14 23:16:39 +01:00
Claire
6f36b633a7
Merge pull request from GHSA-vm39-j3vx-pch3
...
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
Claire
d807b3960e
Merge pull request from GHSA-7w3c-p9j8-mq3x
...
* Ensure destruction of OAuth Applications notifies streaming
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
* Ensure password resets revoke access to Streaming API
* Improve performance of deleting OAuth tokens
---------
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
2024-02-14 15:15:34 +01:00
Claire
5799bc4af7
Merge pull request from GHSA-3fjr-858r-92rw
...
* Fix insufficient origin validation
* Bump version to v4.1.13
2024-02-01 15:56:46 +01:00
Claire
2e8943aecd
Add rate-limit of TOTP authentication attempts at controller level ( #28801 )
2024-01-24 15:31:06 +01:00
Claire
460e4fbdd6
Fix processing of compacted single-item JSON-LD collections ( #28816 )
2024-01-24 15:31:06 +01:00
Jonathan de Jong
de60322711
Retry 401 errors on replies fetching ( #28788 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-24 15:31:06 +01:00
Jeong Arm
90bb870680
Ignore RecordNotUnique errors in LinkCrawlWorker ( #28748 )
2024-01-24 15:31:06 +01:00
Claire
9292d998fe
Fix Mastodon not correctly processing HTTP Signatures with query strings ( #28476 )
2024-01-24 15:31:06 +01:00
Claire
458620bdd4
Fix potential redirection loop of streaming endpoint ( #28665 )
2024-01-24 15:31:06 +01:00
Claire
a1a71263e0
Fix streaming API redirection ignoring the port of streaming_api_base_url
( #28558 )
2024-01-24 15:31:06 +01:00
MitarashiDango
4c5575e8e0
Fix Undo Announce activity is not sent, when not followed by the reblogged post author ( #18482 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-24 15:31:06 +01:00
Claire
a2ddd849e2
Fix LinkCrawlWorker
error when encountering empty OEmbed response ( #28268 )
2024-01-24 15:31:06 +01:00
Claire
2e4d43933d
Fix SQL query in /api/v1/directory
( #28412 )
2023-12-18 11:03:20 +01:00
Claire
cc94c70970
Clamp dates when serializing to Elasticsearch API ( #28081 )
2023-12-04 15:28:02 +01:00
Claire
613d00706c
Change GIF max matrix size error to explicitly mention GIF files ( #27927 )
2023-12-04 15:28:02 +01:00
Jonathan de Jong
8bbe2b970f
Have Follow
activities bypass availability ( #27586 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-12-04 15:28:02 +01:00
Claire
803e15a3cf
Fix incoming status creation date not being restricted to standard ISO8601 ( #27655 )
2023-12-04 15:28:02 +01:00
Claire
1d835c9423
Fix posts from force-sensitized accounts being able to trend ( #27620 )
2023-12-04 15:28:02 +01:00
Claire
ab68df9af0
Fix hashtag matching pattern matching some URLs ( #27584 )
2023-12-04 15:28:02 +01:00
Claire
a89a25714d
Fix some link anchors being recognized as hashtags ( #27271 )
2023-12-04 15:28:02 +01:00
Claire
1210524a3d
Fix processing LDSigned activities from actors with unknown public keys ( #27474 )
2023-12-04 15:28:02 +01:00
Claire
ff3a9dad0d
Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags
for remote accounts ( #27459 )
2023-12-04 15:28:02 +01:00
Claire
3ef0a19bac
Fix report processing notice not mentioning the report number when performing a custom action ( #27442 )
2023-12-04 15:28:02 +01:00
Matt Jankowski
335982325e
Dont match mention in url query string ( #25656 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-10-10 13:51:56 +02:00
Claire
15c5727f71
Add a short-lived lock to trend refresh scheduler ( #27253 )
2023-10-10 13:51:56 +02:00
David Aaron
f8154cf732
Change min age of backup policy from 1 week to 6 days ( #27200 )
2023-10-10 13:51:56 +02:00
Jakob Gillich
45669ac5e6
Fix importer returning negative row estimates ( #27258 )
2023-10-10 13:51:56 +02:00
Claire
8d73fbee87
Change some worker lock TTLs ( #27246 )
2023-10-10 13:51:56 +02:00
Claire
f1d3eda159
Fix filtering audit log for entries about disabling 2FA ( #27186 )
2023-10-10 13:51:56 +02:00
Essem
c97fbabb61
Properly remove tIME chunk from PNG uploads ( #27111 )
2023-10-10 13:51:56 +02:00
Claire
f2fff6be66
Fix crash when filtering for “dormant” relationships ( #27306 )
2023-10-10 13:51:56 +02:00
Claire
b40c42fd1e
Fix inefficient queries in “Follows and followers” as well as several admin pages ( #27116 )
2023-10-10 13:51:56 +02:00
Claire
5d93c5f019
Fix post translation erroring out (v4.1.x) ( #26990 )
2023-09-20 15:59:57 +02:00
Claire
d6c0ae995c
Fix post edits not being forwarded as expected ( #26936 )
2023-09-19 17:01:44 +02:00
Claire
5fd89e53d2
Fix moderator rights inconsistencies ( #26729 )
2023-09-19 17:01:44 +02:00
Claire
5caade9fb0
Fix crash when encountering invalid URL ( #26814 )
2023-09-19 17:01:44 +02:00
Claire
34959eccd2
Fix cached posts including stale stats ( #26409 )
2023-09-19 17:01:44 +02:00
Nicolai Søborg
21bf42bca1
Fix frame_rate
for videos where ffprobe
reports 0/0 ( #26500 )
2023-09-19 17:01:44 +02:00
Claire
48ee3ae13d
Merge pull request from GHSA-v3xf-c9qf-j667
2023-09-19 16:53:58 +02:00
Claire
5f9511c389
Merge pull request from GHSA-2693-xr3m-jhqr
2023-09-19 16:53:21 +02:00
Emelia Smith
cf80d54cba
Allow reports with long comments from remote instances, but truncate ( #25028 )
2023-09-05 19:16:09 +02:00
Daniel M Brasil
ea7fa048f3
Fix /api/v1/timelines/tag/:hashtag
allowing for unauthenticated access when public preview is disabled ( #26237 )
2023-09-05 19:16:09 +02:00
Claire
6339806f05
Fix blocking subdomains of an already-blocked domain ( #26392 )
2023-09-05 19:16:09 +02:00