Skip to content

Commit

Permalink
v4.1.18
Browse files Browse the repository at this point in the history 
Squashed commit of the following:

commit ff90ebffaa80bb48d12a838d9a4f82fa7edb602b
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 4 16:46:39 2024 +0200

    Bump version to v4.1.18 (#30911)

commit a1c7aae28aecf06659c5b18cfa131b37cd1512a3
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 4 16:45:52 2024 +0200

    Merge pull request from GHSA-xjvf-fm67-4qc3

commit 34aeef345320f7808a1eec00c8b5025e9a9b8329
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 4 16:26:49 2024 +0200

    Merge pull request from GHSA-58x8-3qxw-6hm7

    * Fix insufficient permission checking for public timeline endpoints

    Note that this changes unauthenticated access failure code from 401 to 422

    * Add more tests for public timelines

    * Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`

commit 122740047a1a0361e32991e791322e0e6e41ac9f
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 4 16:11:28 2024 +0200

    Merge pull request from GHSA-vp5r-5pgw-jwqx

    * Fix streaming sessions not being closed when revoking access to an app

    * Add tests for GHSA-7w3c-p9j8-mq3x

commit 4b45333aff37671e26ec2650e8a0b10ee02d4509
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Jul 3 09:15:47 2024 +0200

    fix: Return HTTP 422 when scheduled status time is less than 5 minutes (#30584)

commit 6cf83a2a64bf2f0f4848fb0fabae4d5f181ba587
Author: David Roetzel <david@roetzel.de>
Date:   Fri Jun 21 14:51:10 2024 +0200

    Improve encoding detection for link cards (#30780)

commit 2a5819e8bb35a0f04cda7c1c45103a1bf2a3cc91
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Jun 27 23:34:34 2024 +0200

    Change search modifiers to be case-insensitive (#30865)

commit 815680bd1383840502982e98b0079d9a4dc10cec
Author: David Roetzel <david@roetzel.de>
Date:   Thu Jun 27 16:40:19 2024 +0200

    Add size limit for link preview URLs (#30854)

commit d8e8437a29d20cf6151ebfcf82d4a941377848fa
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Jul 2 15:34:44 2024 +0200

    Update dependency rails

commit 839147e09932fbc0a9e9f75b8a76005a5a4704f8
Author: Tim Rogers <rogers.timothy.john@gmail.com>
Date:   Mon Jun 24 09:41:04 2024 -0500

    Added check for STATSD_ADDR setting to emit a warning and proceed rather than crashing if the address is unreachable (#30691)

commit 8e924e4338b41080282719bb0421a92cf0df448f
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Jun 24 15:11:10 2024 +0200

    Fix `/admin/accounts/:account_id/statuses/:id` for edited posts with media attachments (#30819)

commit 2ee88a99d973e99a996b49973ed3bf992ea095e8
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Oct 12 16:47:18 2023 +0200

    Change PWA start URL from `/home` to `/` (#27377)

commit 1cad857f14f08370a023e46c24eb81f702bc7e86
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 30 15:49:14 2024 +0200

    Bump version to v4.1.17 (#30472)

commit 95ebcff98e9ec7f3079c4fb21b74bfc9893c1321
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 30 14:56:18 2024 +0200

    Fix rate-limiting incorrectly triggering a session cookie on most endpoints (#30483)

commit d770b61a749569cc222eb598e1a5d12ee8ceefe9
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 30 14:24:29 2024 +0200

    Merge pull request from GHSA-c2r5-cfqr-c553

    * Add hardening monkey-patch to prevent IP spoofing on misconfigured installations

    * Remove rack-attack safelist

commit 020228ddba50c5da461093766c0a679382c48a59
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 30 14:14:04 2024 +0200

    Merge pull request from GHSA-q3rg-xx5v-4mxh

commit e292a28933c390745bbce78cdc87d69c7db82354
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 30 14:03:13 2024 +0200

    Merge pull request from GHSA-5fq7-3p3j-9vrf

commit ba240cea0c935cc8ca095b4bf91600c1fa82c68a
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 23 19:28:18 2024 +0200

    Normalize language code of incoming posts (#30403)

commit 257f9abd5606504a1a258aacaabc7963c142dd11
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed May 29 10:15:06 2024 +0200

    Fix leaking Elasticsearch connections in Sidekiq processes (#30450)

commit b4e3a789b1b5f81f4e651a8c2c338e399c739d3d
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed May 29 11:17:20 2024 +0200

    Update dependency rexml to 3.2.8

commit b39fbe7c833a0ff23776b03c31b6815d8fe688d7
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 16 10:47:45 2024 +0200

    Update dependency nokogiri to 1.16.5

commit c717b7da998070d56f01993ceaae30fdc839e56a
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 16 10:46:04 2024 +0200

    Update dependency puma to 5.6.8

commit 13bbcdf4d4937df9fe798d0a29a2527761e64acf
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 16 10:44:27 2024 +0200

    Update dependency json-jwt to 1.15.3.1

commit 3aec33f5a2c2008ca7a1fae24777b9598f9ee45d
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed May 15 15:11:13 2024 +0200

    Fix off-by-one in `tootctl media` commands (#30306)

commit 984d7d3dc8c8fd11d5469e9169eeee12c4c46a64
Author: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date:   Tue Apr 30 10:48:02 2024 +0200

    Fix missing destory audit logs for Domain Allows (#30125)

commit 33a50884e5ea30bb74eafedfe78a2885f22eed1e
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 2 22:56:21 2024 +0200

    Fix not being able to block a subdomain of an already-blocked domain through the API (#30119)

commit 70c4d70dbedb94ecde099cd71bf7a4deb01d8598
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Apr 26 15:19:02 2024 +0200

    Fix Idempotency-Key ignored when scheduling a post (#30084)

commit a6089cdfca1d8089318dd694edf44db8ce9bec59
Author: Tim Rogers <rogers.timothy.john@gmail.com>
Date:   Mon Apr 22 04:00:24 2024 -0500

    Fixed crash when supplying FFMPEG_BINARY environment variable (#30022)

commit 5973d7a4b628c2f9cfe2c8dd4c0f29765b633301
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Apr 8 15:46:13 2024 +0200

    Remove caching in `cache_collection` (#29862)

commit ba5551fd1d6eae3edb45b2ee3934e2d3c5c781ae
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Apr 5 09:48:45 2024 +0200

    Improve email address validation (#29838)

commit 8ce403a85b5e79ed8b7a429397092f5efb137b67
Author: Matt Jankowski <matt@jankowski.online>
Date:   Fri Mar 22 11:08:27 2024 -0400

    Fix results/query in `api/v1/featured_tags/suggestions` (#29597)

commit 3ff575f54cd7c8156557852fb31601913cae60f3
Author: Jeong Arm <kjwonmail@gmail.com>
Date:   Mon Mar 11 18:28:08 2024 +0900

    Normalize idna domain before account unblock domain (#29530)

commit affbb10566fd4388f5b761cc66857be15fd010eb
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Feb 23 20:04:57 2024 +0100

    Fix admin account created by `mastodon:setup` not being auto-approved (#29379)

commit 209632a0fd585690e5c456b54f8781a7e822669a
Author: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date:   Tue Feb 6 13:38:14 2024 +0100

    Return domain block digests from admin domain blocks API (#29092)

commit 079d3e5189903c197eef439dd14a893b16ca044b
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jan 4 15:14:46 2024 +0100

    Add fallback redirection when getting a webfinger query `WEB_DOMAIN@WEB_DOMAIN` (#28592)

commit 57b72cccc4e67121f7ba0239e2e4f4f2aa5fe3b4
Author: Matt Jankowski <matt@jankowski.online>
Date:   Thu Dec 14 09:02:33 2023 -0500

    Fix reference to non-existent var in CLI maintenance command (#28363)

commit 37adb144dbb0729515546eb86076b3223e9b6fc5
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 16 11:52:02 2024 +0200

    Fix auto close registration mail (#30323)

commit 142dd34b688d05304951e7b90ae434c903ad46fe
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 16 11:28:04 2024 +0200

    Fix CI not actually running ruby tests in 4.1 branch (#30321)

commit c2d8666bbfd8f771b759ead50a41535f988efe9c
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Feb 23 14:09:38 2024 +0100

    Bump version to v4.1.16 (#29371)

commit d3c4441af8d82f2135a0453d1cf6fd08e944cb31
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Feb 23 09:53:09 2024 +0100

    Fix processing of `Link` objects in `Image` objects (#29364)

commit f0541adbd44bc031fb8b070e24a605e0a0e853e4
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Feb 22 19:12:57 2024 +0100

    Fix link verifications when page size exceeds 1MB (#29362)

commit 3fecb3673970c4495a3757cecc33c64c5af793d1
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Feb 22 18:28:41 2024 +0100

    Change registrations to be disabled by default for new servers (#29354)

commit c7312411b84498ded85b64d0600823cd4e56c850
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Feb 22 18:15:38 2024 +0100

    Fix auto-close email being sent to users with devops permissions instead of settings permissions (#29356)

commit 2fc87611be94cd5bfba5cc08d716fff051a18838
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Feb 22 14:39:42 2024 +0100

    Automatically switch from open to approved registrations in absence of moderators (#29337)

commit 1629ac4c811f215a565647a43144bd88be7cc7a2
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Feb 22 14:52:07 2024 +0100

    Update dependencies (#29350)

commit 54ae3d5ca526c9aaaed6679ae89bae28a0e84b4f
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Feb 22 14:38:11 2024 +0100

    Add basic CI to 4.1 branch (#29351)

commit b7b03e8d26a4344ef331ba667c16311110a0d6dd
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Feb 15 11:57:34 2024 +0100

    Bump version to v4.1.15

commit a07fff079b184435b156cd9d4fb155cf02694fe9
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Feb 16 11:56:12 2024 +0100

    Merge pull request from GHSA-jhrq-qvrm-qr36

    * Fix insufficient Content-Type checking of fetched ActivityStreams objects

    * Allow JSON-LD documents with multiple profiles

commit 6f29d50aa51ab81ea4ab9d2b390549cae697927d
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Feb 16 09:42:31 2024 +0100

    Update dependency pg to 1.5.5

commit 9e5af6bb58241134a8ff313e40768b1b067e5715
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Feb 14 22:49:45 2024 +0100

    Fix user creation failure handling in OAuth paths (#29207)

    Co-authored-by: Matt Jankowski <matt@jankowski.online>

commit 6499850ac45128a7f5836f4c97e5ce032130a5bd
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Feb 14 13:30:32 2024 +0100

    Bump version to v4.1.14

commit 6f36b633a7545a2cbbe5f28dc5c8e512aeb98ea9
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Feb 14 15:16:07 2024 +0100

    Merge pull request from GHSA-vm39-j3vx-pch3

    * Prevent different identities from a same SSO provider from accessing a same account

    * Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

    * Rename methods to avoid confusion between OAuth and OmniAuth

commit d807b3960e96dc29669b7767cea1246ac68d508d
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Feb 14 15:15:34 2024 +0100

    Merge pull request from GHSA-7w3c-p9j8-mq3x

    * Ensure destruction of OAuth Applications notifies streaming

    Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

    * Ensure password resets revoke access to Streaming API

    * Improve performance of deleting OAuth tokens

    ---------

    Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>

commit 2f6518cae2c5d19bfb5ccf46f7b1946f5dac6caf
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Feb 14 13:12:13 2024 +0100

    Add `sidekiq_unique_jobs:delete_all_locks` task and disable `sidekiq-unique-jobs` UI by default (#29199)

commit cdbe2855f3e33db3cea84b0c91a5f93c782125e2
Author: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date:   Tue Feb 13 19:11:47 2024 +0100

    Disable administrative doorkeeper routes (#29187)

commit fdde3cdb4e0c9b2d625e22a2957317cae066e1fe
Author: blah <blah@blah>
Date:   Wed Feb 14 10:33:42 2024 +0000

    Update dependency sidekiq-unique-jobs to 7.1.33

commit ce9c641d9a0f55d3c718e701b220da272b0edc69
Author: blah <blah@blah>
Date:   Wed Feb 14 10:22:28 2024 +0000

    Update dependency nokogiri to 1.16.2

commit 5799bc4af76813294a9eee8164d64a96612c0c0d
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Feb 1 15:56:46 2024 +0100

    Merge pull request from GHSA-3fjr-858r-92rw

    * Fix insufficient origin validation

    * Bump version to v4.1.13

commit fc4e2eca9f48c2c50842e24453f3ad1d8e8e2238
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Jan 23 15:28:21 2024 +0100

    Bump version to v4.1.12

commit 2e8943aecd0462e8642befe4d1395c1fda9767d3
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jan 19 13:19:49 2024 +0100

    Add rate-limit of TOTP authentication attempts at controller level (#28801)

commit e6072a8d13272179671128fa319e4f617106eb00
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jan 19 19:52:59 2024 +0100

    Fix error when processing remote files with unusually long names (#28823)

commit 460e4fbdd62ed6bb8b04e037fb1359618f9150a7
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jan 19 13:43:10 2024 +0100

    Fix processing of compacted single-item JSON-LD collections (#28816)

commit de6032271198e3c50852acc22447d7cc8732e00b
Author: Jonathan de Jong <jonathandejong02@gmail.com>
Date:   Fri Jan 19 10:18:21 2024 +0100

    Retry 401 errors on replies fetching (#28788)

    Co-authored-by: Claire <claire.github-309c@sitedethib.com>

commit 90bb87068009121fe2824b0e3ef7d2229c895c46
Author: Jeong Arm <kjwonmail@gmail.com>
Date:   Tue Jan 16 17:35:54 2024 +0900

    Ignore RecordNotUnique errors in LinkCrawlWorker (#28748)

commit 9292d998fe2ab523bb8ffbf6418e8cf7810b487d
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Jan 3 12:29:26 2024 +0100

    Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476)

commit 92643f48de80992f1598a97250954c52897b3479
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Dec 22 19:56:22 2023 +0100

    Convert signature verification specs to request specs (#28443)

commit 458620bdd4d0b8af49b6eef02050b32814acf6e8
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Jan 10 16:05:46 2024 +0100

    Fix potential redirection loop of streaming endpoint (#28665)

commit a1a71263e09704ca84d30763a03512e2a59091bf
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Jan 2 13:27:51 2024 +0100

    Fix streaming API redirection ignoring the port of `streaming_api_base_url` (#28558)

commit 4c5575e8e050e69860dd775e8fa98be00d86008c
Author: MitarashiDango <mitarashi_dango@mail.matcha-soft.com>
Date:   Sat Jan 13 00:58:28 2024 +0900

    Fix Undo Announce activity is not sent, when not followed by the reblogged post author (#18482)

    Co-authored-by: Claire <claire.github-309c@sitedethib.com>

commit a2ddd849e273d6d28e5c85f8b0059a93146ba1a5
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Dec 12 09:29:46 2023 +0100

    Fix `LinkCrawlWorker` error when encountering empty OEmbed response (#28268)

commit 2e4d43933d2775be21bbdce6e904ca8d08c6cc0a
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Dec 18 11:03:20 2023 +0100

    Fix SQL query in `/api/v1/directory` (#28412)

commit 363bedd0504a29d444a585cd914e7f741915eb8f
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Nov 27 15:00:52 2023 +0100

    Bump version to v4.1.11

commit cc94c7097084bf8213130dfba96317ecada58c5f
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Nov 27 14:25:54 2023 +0100

    Clamp dates when serializing to Elasticsearch API (#28081)

commit 613d00706c3177b345feeafd0f797e31fd5ba2fe
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Nov 24 10:31:28 2023 +0100

    Change GIF max matrix size error to explicitly mention GIF files (#27927)

commit 8bbe2b970f8cd0c62c83616886c7084d9c93c167
Author: Jonathan de Jong <jonathandejong02@gmail.com>
Date:   Fri Oct 27 16:55:00 2023 +0200

    Have `Follow` activities bypass availability (#27586)

    Co-authored-by: Claire <claire.github-309c@sitedethib.com>

commit 803e15a3cfe1a21661258b40e5276af29b676481
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Nov 6 10:28:14 2023 +0100

    Fix incoming status creation date not being restricted to standard ISO8601 (#27655)

commit 1d835c94232ede532f89d87fdcf573db2832d9a9
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Oct 30 23:32:25 2023 +0100

    Fix posts from force-sensitized accounts being able to trend (#27620)

commit ab68df9af087ac8fa0261a5de4c0d5a383de229c
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Oct 27 16:04:51 2023 +0200

    Fix hashtag matching pattern matching some URLs (#27584)

commit a89a25714dc07ace7dc1762f87faad5c9470f620
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Oct 23 14:19:38 2023 +0200

    Fix some link anchors being recognized as hashtags (#27271)

commit 1210524a3d897565e1de9dc0d3051d68f94f9c70
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Oct 20 10:45:46 2023 +0200

    Fix processing LDSigned activities from actors with unknown public keys (#27474)

commit ff3a9dad0de79dff981ded4a3691917521e90b4e
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Oct 27 10:35:21 2023 +0200

    Fix error and incorrect URLs in `/api/v1/accounts/:id/featured_tags` for remote accounts (#27459)

commit 3ef0a19baceb6ace5201fa1f8a39a324feef11ac
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Oct 26 19:03:31 2023 +0200

    Fix report processing notice not mentioning the report number when performing a custom action (#27442)

commit 78e457614cae328f73555f11d77dc4cf341019b1
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Oct 23 14:27:07 2023 +0200

    Change Content-Security-Policy to be tighter on media paths (#26889)

commit 1e896e99d2b85968eaee87b601bd04b8cf0f35bc
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Oct 10 15:32:42 2023 +0200

    Update dependencies (#27354)

commit df60d04dc170edf9d1203894958a181caf1910f1
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Sun Oct 8 16:27:12 2023 +0200

    Bump version to v4.1.10

commit 335982325e32430858da8112cb86e382e1eaeaa2
Author: Matt Jankowski <matt@jankowski.online>
Date:   Tue Oct 3 11:01:45 2023 -0400

    Dont match mention in url query string (#25656)

    Co-authored-by: Claire <claire.github-309c@sitedethib.com>

commit 15c5727f71eeeb321802f3d3ed264a15e1934c01
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Oct 3 12:21:32 2023 +0200

    Add a short-lived lock to trend refresh scheduler (#27253)

commit f8154cf732ed07b276fc303e620943e15caf70d6
Author: David Aaron <1858430+suddjian@users.noreply.github.com>
Date:   Tue Oct 3 02:48:57 2023 -0700

    Change min age of backup policy from 1 week to 6 days (#27200)

commit 45669ac5e6564301446ab5b22217cc4fbc653b12
Author: Jakob Gillich <jakob@gillich.me>
Date:   Tue Oct 3 10:47:50 2023 +0200

    Fix importer returning negative row estimates (#27258)

commit 8d73fbee87c18300c1b088ae4cb55912075588e2
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Oct 3 10:09:00 2023 +0200

    Change some worker lock TTLs (#27246)

commit f1d3eda159fcc9341a19d1d8060a556f8801d7d4
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Sep 28 13:41:24 2023 +0200

    Fix filtering audit log for entries about disabling 2FA (#27186)

commit c97fbabb614e6b775a2d13e187ab0375414deb06
Author: Essem <smswessem@gmail.com>
Date:   Mon Sep 25 12:21:07 2023 -0500

    Properly remove tIME chunk from PNG uploads (#27111)

commit f2fff6be669d6fcf66a8bd5f46f9db3e3492bc37
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Oct 6 12:58:16 2023 +0200

    Fix crash when filtering for “dormant” relationships (#27306)

commit b40c42fd1ef57f24a56cc17b20da8aa151e3b117
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Sep 25 15:06:43 2023 +0200

    Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116)

commit 9950e59578f59f7e0d2edbb7e4eb26273087c2c4
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Sep 21 18:14:24 2023 +0200

    Disable setting the `latest` tag for 4.1 docker builds (#27023)

commit e4c0aaf6264907de2efd46924946d2281d80e3d4
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Sep 20 17:25:05 2023 +0200

    Bump version to v4.1.9 (#26997)

commit 5d93c5f0196b556c1faf18fe6cc7ad38ae6e0fc2
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Sep 20 15:59:57 2023 +0200

    Fix post translation erroring out (v4.1.x) (#26990)

commit af0ee129082bc9c57ec0606dc1899ec13d2dfffb
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Sep 20 12:54:08 2023 +0200

    Disable ruby linting for 4.1.x branch (#26993)

commit 46bd58f74d11591a0180319285b0c79b2212ef69
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Sep 19 12:11:33 2023 +0200

    Bump version to v4.1.8

commit d6c0ae995c45fe5e5e0a8acfc10dff04a774fa75
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Sep 15 19:54:32 2023 +0200

    Fix post edits not being forwarded as expected (#26936)

commit 5fd89e53d2039cf3062fcae3b25fcbdfa7da0333
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Sep 6 16:40:19 2023 +0200

    Fix moderator rights inconsistencies (#26729)

commit 5caade9fb0754fa13ae11f86145cd0ca1dcb830b
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Sep 6 12:17:51 2023 +0200

    Fix crash when encountering invalid URL (#26814)

commit 34959eccd2094500539bbad5c5f03a3723debc18
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Aug 17 16:11:48 2023 +0200

    Fix cached posts including stale stats (#26409)

commit 21bf42bca14907284cb03ad3ba1be47124d66866
Author: Nicolai Søborg <NicolaiSoeborg@users.noreply.github.com>
Date:   Fri Aug 18 08:32:47 2023 +0200

    Fix `frame_rate` for videos where `ffprobe` reports 0/0 (#26500)

commit 780283788515bb13007f4574fb6d9f8c82281da2
Author: yufushiro <62991447+yufushiro@users.noreply.github.com>
Date:   Wed Aug 23 15:44:56 2023 +0900

    Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608)

    Co-authored-by: Claire <claire.github-309c@sitedethib.com>

commit 48ee3ae13de9125beaee726ac737a770a5160961
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Sep 19 16:53:58 2023 +0200

    Merge pull request from GHSA-v3xf-c9qf-j667

commit 5f9511c389041570d21c383ce07dd2786df9cc2d
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Sep 19 16:53:21 2023 +0200

    Merge pull request from GHSA-2693-xr3m-jhqr

commit 38a5d92f3814b071803c046144d94643a3ecb934
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Sep 18 08:32:04 2023 +0200

    Change Dockerfile to upgrade packages when building (#26929)

    Co-authored-by: Renaud Chaput <renchap@gmail.com>

commit 7f7e068975315b094a67b49d52241480e6b5db76
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Sep 6 12:19:02 2023 +0200

    Update actions for stable-4.1 (#26815)

    Co-authored-by: Renaud Chaput <renchap@gmail.com>

commit 5f88a2d70bee2a48b43bb34f0fde780ae9749162
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Sep 5 14:50:09 2023 +0200

    Bump version to v4.1.7

commit cf80d54cbae952705af250a9764c6e25e77cc3c7
Author: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date:   Mon May 22 13:15:21 2023 +0200

    Allow reports with long comments from remote instances, but truncate (#25028)

commit ea7fa048f374b31956211b87e265800e83574476
Author: Daniel M Brasil <danielmbrasil@protonmail.com>
Date:   Thu Aug 31 08:53:24 2023 -0300

    Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled (#26237)

commit 6339806f05cbbe630639df69421394119433896a
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Aug 9 09:39:36 2023 +0200

    Fix blocking subdomains of an already-blocked domain (#26392)

commit 86afbf25d01349bd2fe0ee98f1d60890ef71b7b9
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Aug 30 17:36:16 2023 +0200

    Change text extraction in `PlainTextFormatter` to be faster (#26727)

commit 1ad64b5557f8980b8ec54ac09cd79ac51223a2ea
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Aug 31 19:54:10 2023 +0200

    Backport container build changes to the stable-4.1 branch (#26738)

    Co-authored-by: Renaud Chaput <renchap@gmail.com>

commit ac7d40b561101084baf4688167d155600eefe9dc
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 27 17:08:09 2023 +0200

    Bump version to v4.1.6

commit 2fc6117d1b5643c0de908706d22702a35388a2a4
Author: Renaud Chaput <renchap@gmail.com>
Date:   Fri Jul 28 19:11:58 2023 +0200

    Fix missing return values in streaming (#26233)

commit 2eb1a5b7b6d8b6a0b9426e7ee5a1fd04519dd7e2
Author: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date:   Fri Jul 28 12:06:29 2023 +0200

    Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228)

commit 6c321bb5e1543c78dbd0fa8e4962e95e544e1f63
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Sat Jul 22 20:42:31 2023 +0200

    Fix incorrect connect timeout in outgoing requests (#26116)

commit da230600acda1d1a151eab4caa3d536ce828a097
Author: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date:   Thu Jul 27 15:38:18 2023 +0200

    Refactor streaming's filtering logic & improve documentation (#26213)

commit 1792be342a3cfad7bdfa54311b3962a8051962bb
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 27 15:12:10 2023 +0200

    Fix wrong filters sometimes applying in streaming (#26159)

commit ebf4f034c2e3841fde2d0109667c036fb352f3a8
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jul 21 14:30:46 2023 +0200

    Bump version to v4.1.5

commit 889102013fd687113cec75fe252b5328707e8cc1
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jul 21 13:34:15 2023 +0200

    Fix CSP headers being unintendedly wide (#26105)

commit d94a2c8aca731b4986e20401ae8ce5255e041b80
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Jul 18 20:51:20 2023 +0200

    Change request timeout handling to use a longer deadline (#26055)

commit efd066670d67676d5f5e73a75c268a2bd09c59c7
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Jul 10 18:42:10 2023 +0200

    Fix moderation interface for remote instances with a .zip TLD (#25885)

commit 13ec425b721c959415921046d7a24ed8c9994cee
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Jul 10 18:42:19 2023 +0200

    Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886)

commit 7a99f0744d7c69a69b7552e31f6bb3914a6a03e8
Author: Michael Stanclift <mx@vmstan.com>
Date:   Thu Jul 13 04:12:51 2023 -0500

    Fix trending publishers table not rendering correctly on narrow screens (#25945)

commit 69c8f26946a5cdeff09ca8fe410bc11be78c158c
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jul 21 14:18:04 2023 +0200

    Add check preventing Sidekiq workers from running with Makara configured (#25850)

    Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

commit 3f5af768c8f1401f77d14ad5b6aeccdb7e02a9f0
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jul 7 18:21:10 2023 +0200

    Bump version to v4.1.4

commit cb8ab46302ad783869078ab4a26de04c09417a09
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jul 7 18:22:50 2023 +0200

    Update dependencies

commit 53b979d5c73f0b28b161581ec3e824d89f66633c
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jul 7 13:35:22 2023 +0200

    Fix processing of media files with unusual names (#25788)

commit f2bbac3f9fb37f6f870f25362e140d647d60caf5
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jul 7 18:10:17 2023 +0200

    Fix crash in admin interface when viewing a remote user with verified links (#25796)

commit 015ed99612241b8dbf2810db478b1485f4c31031
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Jul 7 18:10:00 2023 +0200

    Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794)

commit cf58535193708d9a4bd584266423168cda75f415
Author: nemobis <federicoleva@tiscali.it>
Date:   Fri Jul 7 15:15:54 2023 +0300

    Fix typo in CHANGELOG.md (#25764)

commit 0d5781ca7609590a6d5340bb685bb1804056bb46
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Jun 21 09:13:30 2023 +0200

    Bump version to v4.1.3

commit 32ebeed59ba424732130073474fe03699efe07fc
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 6 15:06:50 2023 +0200

    Merge pull request from GHSA-55j9-c3mp-6fcq

commit e75ad1de0f95f38b45748cafb1212560fe7587f5
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 6 15:06:24 2023 +0200

    Merge pull request from GHSA-9pxv-6qvf-pjwc

    * Fix timeout handling of outbound HTTP requests

    * Use CLOCK_MONOTONIC instead of Time.now

commit 0aa0b71f2cae9e35cff613b13d05ee3aeaf9f944
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 6 15:05:05 2023 +0200

    Merge pull request from GHSA-9928-3cp5-93fm

    * Fix attachments getting processed despite failing content-type validation

    * Add a restrictive ImageMagick security policy tailored for Mastodon

    * Fix misdetection of MP3 files with large cover art

    * Reject unprocessable audio/video files instead of keeping them unchanged

commit c4f2609f7a604daef1648e164ef8181d858bd058
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 6 15:03:33 2023 +0200

    Merge pull request from GHSA-ccm4-vgcc-73hp

    * Tighten allowed HTML in oEmbed-based preview cards

    * Sanitize preview cards at render time

    * Add `sandbox` attribute to preview card iframes

commit 9b6c0cac7d435905bdbea6e3b0cbb47da9490270
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jul 6 14:31:37 2023 +0200

    Add hardened headers to user-uploaded files (#25756)

commit fac2c9eb7d904e44244e20a8e1e8f6feb3b9db5b
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Jun 28 12:47:00 2023 +0200

    Update rack, rails, nokogiri and doorkeeper gems

commit a3d69a2c5d3fcc0df61929684fe31567860e7f2e
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Jul 4 18:58:23 2023 +0200

    Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713)

commit 8eb1bb8ba697bce5b72027a0a5263db29fa5e34b
Author: Renaud Chaput <renchap@gmail.com>
Date:   Thu Jun 1 12:14:49 2023 +0200

    Allow carets in URL search params (#25216)

commit 652ff76462f33f90e257e331009f89c41d600409
Author: Vyr Cossont <VyrCossont@users.noreply.github.com>
Date:   Fri Mar 31 23:28:35 2023 -0700

    Fix Redis client and type errors introduced in #24285 (#24342)

commit 6f484fbbd280294bd8e43b5a9d0e54d6e34604b9
Author: Vyr Cossont <VyrCossont@users.noreply.github.com>
Date:   Fri Mar 31 05:38:47 2023 -0700

    IndexingScheduler: fetch and import in batches (#24285)

    Co-authored-by: Claire <claire.github-309c@sitedethib.com>

commit 79f5b8f156f65c25ada4712f8415c8d5f1f6dde7
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jun 29 14:48:54 2023 +0200

    Fix ResolveURLService not resolving local URLs for remote content (#25637)

commit f8930a67a05f9adcaef5bc3f6e874d86f3228415
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jun 22 14:56:14 2023 +0200

    Change /api/v1/statuses/:id/history to always return at least one item (#25510)

commit e65e3a6d14174378b8bf58f5997cde3de40c3ca7
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jun 22 14:52:25 2023 +0200

    Add finer permission requirements for managing webhooks (#25463)

commit 8acbfc6ab1b1a1f026fd85208089b9f31255aba6
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Jun 20 18:15:35 2023 +0200

    Fix wrong view being displayed when a webhook fails validation (#25464)

commit 3ef53958b27da2edd1f1eba27ef2316fef64099f
Author: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date:   Tue Jun 20 18:04:35 2023 +0200

    Prevent UserCleanupScheduler from overwhelming streaming (#25519)

commit fd1ffd72ebec4c435b5e4406c1eafa80da69b317
Author: Daniel M Brasil <danielmbrasil@protonmail.com>
Date:   Mon Jun 19 03:53:05 2023 -0300

    Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477)

commit 7bd34f8b23f26fc4ebd10bcc3f2e0bae7cdd6520
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 4 10:13:00 2023 +0200

    Fix infinite loop in AccountsStatusesCleanupScheduler (#24840)

commit 7012bf6ed3188148e91870d83c446c529d46907d
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed May 3 10:31:40 2023 +0200

    Improve automatic post cleanup worker performances (#24785)

commit d9e45f2fa94449fe367a92b34f12775a0c85a8ee
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Sun Apr 23 22:25:40 2023 +0200

    Fix AccountsStatusesCleanupScheduler not spreading deletes across accounts correctly (#24607)

commit 0e139e3c4d8faa94fe0357d235f84a3f4c2abb50
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri Apr 21 18:14:19 2023 +0200

    Change automatic post deletion thresholds and load detection (#24614)

commit 23e7b4d28dc94ef927f6db4e5832a45e333b252e
Author: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date:   Sat Jun 10 18:24:37 2023 +0200

    Fix logging of messages that are binary before closing their connection (#25361)

commit e78ee582f7b845c16cdcada44c96ed7053f07ff1
Author: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date:   Fri Jun 9 19:29:16 2023 +0200

    Fix performance of streaming by parsing message JSON once (#25278)

commit a197fc094f9f55379d34a46bb530a7ce97d530b6
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon Jun 5 17:35:05 2023 +0200

    Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273)

commit bd7cbeeadfbb7d087c71cd6e0a016d44ca39a786
Author: Daniel M Brasil <danielmbrasil@protonmail.com>
Date:   Sun Apr 30 01:50:58 2023 -0300

    Fix  `tootctl accounts approve --number N` not aproving N earliest registrations (#24605)

commit 2779bce9a22f556b6c7a2e39eab82ab7438ac240
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue May 2 17:42:42 2023 +0200

    Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` (#23600)

    Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

commit 210ff368605c6752dcd8740b088570f393d322cf
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu May 11 04:40:03 2023 +0200

    Change AccessTokensVacuum to also delete expired tokens (#24868)

commit 99c2bbbec9bb004fd54d4f0920c1109e960ebb04
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Fri May 12 13:13:04 2023 +0200

    Change profile updates to be sent to recently-mentioned servers (#24852)

commit 7e587793004c0558d5131ff8eff359a77617a206
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue May 16 14:56:49 2023 +0200

    Fix reports not being closed when performing batch suspensions (#24988)

commit cca464bce3c2ac43e2759d6a0ab0c977b4098d90
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed May 17 00:08:42 2023 +0200

    Fix being able to vote on your own polls (#25015)

commit 1301af60e042fb9db39172977fb3a5d720ca7a31
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed May 17 00:09:21 2023 +0200

    Fix race condition when reblogging a status (#25016)

commit f962e838567143640036c9a4f01e161e2a88941b
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon May 22 12:25:56 2023 +0200

    Change OpenGraph-based embeds to allow fullscreen (#25058)

commit b3cbcd744719cd3a8a65f6dbefbc0f3912827a55
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Mon May 22 14:03:38 2023 +0200

    Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060)

commit 72d96bf17a6c44344f5896b2b26d751315650f0e
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue May 23 14:27:17 2023 +0200

    Remove invalid X-Frame-Options: ALLOWALL (#25070)

commit b1ac3562dff4c2e21a51bacf7cf963e3203097b8
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue May 23 15:00:36 2023 +0200

    Change Identity to not destroy associated User on destroy (#25098)

commit 4c6c790f80f598d80e4fce44c06309a17dfd65e6
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Tue Jun 20 18:32:26 2023 +0200

    Fix /api/v1/conversations sometimes returning empty accounts (#25499)

commit 036ac5b5c9597f8a2042a102439f14eaa9474f6c
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Jun 14 08:54:52 2023 +0200

    Fix ArgumentError when loading newer Private Mentions (#25399)

commit 3e1724e97282a2725778eccdf46d7756773d2771
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Thu Jun 1 02:41:51 2023 +0200

    Fix multiple N+1s in ConversationsController (#25134)

commit bc8592627bc7effa94c12d17bd8ee7e0b6ff52be
Author: Claire <claire.github-309c@sitedethib.com>
Date:   Wed Apr 5 19:31:49 2023 +0200

    Fix user archive takeouts when using OpenStack Swift (#24431)
  • Loading branch information
@204504bySE
204504bySE committed Jul 5, 2024
1 parent e76fb5c commit de2c804
Show file tree
Hide file tree
Showing 32 changed files with 498 additions and 102 deletions.
22 changes: 22 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,28 @@ Changelog

All notable changes to this project will be documented in this file.

## [4.1.18] - 2024-07-04

### Security

- Fix incorrect permission checking on multiple API endpoints ([GHSA-58x8-3qxw-6hm7](https://github.com/mastodon/mastodon/security/advisories/GHSA-58x8-3qxw-6hm7))
- Fix incorrect authorship checking when processing some activities (CVE-2024-37903, [GHSA-xjvf-fm67-4qc3](https://github.com/mastodon/mastodon/security/advisories/GHSA-xjvf-fm67-4qc3))
- Fix ongoing streaming sessions not being invalidated when application tokens get revoked ([GHSA-vp5r-5pgw-jwqx](https://github.com/mastodon/mastodon/security/advisories/GHSA-vp5r-5pgw-jwqx))
- Update dependencies

### Changed

- Change preview cards generation to skip unusually long URLs ([oneiros](https://github.com/mastodon/mastodon/pull/30854))
- Change search modifiers to be case-insensitive ([Gargron](https://github.com/mastodon/mastodon/pull/30865))
- Change `STATSD_ADDR` handling to emit a warning rather than crashing if the address is unreachable ([timothyjrogers](https://github.com/mastodon/mastodon/pull/30691))
- Change PWA start URL from `/home` to `/` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27377))

### Fixed

- Fix scheduled statuses scheduled in less than 5 minutes being immediately published ([danielmbrasil](https://github.com/mastodon/mastodon/pull/30584))
- Fix encoding detection for link cards ([oneiros](https://github.com/mastodon/mastodon/pull/30780))
- Fix `/admin/accounts/:account_id/statuses/:id` for edited posts with media attachments ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30819))

## [4.1.17] - 2024-05-30

### Security
Expand Down
3 changes: 0 additions & 3 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,8 +162,5 @@ gem 'cocoon', '~> 1.2'
# https://qiita.com/Bjp8kHYYPFq8MrI/items/90a9db03160f8d6f7e5c
gem 'psych', '~> 3.1'

gem 'net-http', '~> 0.3.2'
gem 'rubyzip', '~> 2.3'

gem 'hcaptcha', '~> 7.1'
gem 'mail', '~> 2.8'
126 changes: 61 additions & 65 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,40 +10,40 @@ GIT
GEM
remote: https://rubygems.org/
specs:
actioncable (6.1.7.7)
actionpack (= 6.1.7.7)
activesupport (= 6.1.7.7)
actioncable (6.1.7.8)
actionpack (= 6.1.7.8)
activesupport (= 6.1.7.8)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (6.1.7.7)
actionpack (= 6.1.7.7)
activejob (= 6.1.7.7)
activerecord (= 6.1.7.7)
activestorage (= 6.1.7.7)
activesupport (= 6.1.7.7)
actionmailbox (6.1.7.8)
actionpack (= 6.1.7.8)
activejob (= 6.1.7.8)
activerecord (= 6.1.7.8)
activestorage (= 6.1.7.8)
activesupport (= 6.1.7.8)
mail (>= 2.7.1)
actionmailer (6.1.7.7)
actionpack (= 6.1.7.7)
actionview (= 6.1.7.7)
activejob (= 6.1.7.7)
activesupport (= 6.1.7.7)
actionmailer (6.1.7.8)
actionpack (= 6.1.7.8)
actionview (= 6.1.7.8)
activejob (= 6.1.7.8)
activesupport (= 6.1.7.8)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (6.1.7.7)
actionview (= 6.1.7.7)
activesupport (= 6.1.7.7)
actionpack (6.1.7.8)
actionview (= 6.1.7.8)
activesupport (= 6.1.7.8)
rack (~> 2.0, >= 2.0.9)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.1.7.7)
actionpack (= 6.1.7.7)
activerecord (= 6.1.7.7)
activestorage (= 6.1.7.7)
activesupport (= 6.1.7.7)
actiontext (6.1.7.8)
actionpack (= 6.1.7.8)
activerecord (= 6.1.7.8)
activestorage (= 6.1.7.8)
activesupport (= 6.1.7.8)
nokogiri (>= 1.8.5)
actionview (6.1.7.7)
activesupport (= 6.1.7.7)
actionview (6.1.7.8)
activesupport (= 6.1.7.8)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
Expand All @@ -54,22 +54,22 @@ GEM
case_transform (>= 0.2)
jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
active_record_query_trace (1.8)
activejob (6.1.7.7)
activesupport (= 6.1.7.7)
activejob (6.1.7.8)
activesupport (= 6.1.7.8)
globalid (>= 0.3.6)
activemodel (6.1.7.7)
activesupport (= 6.1.7.7)
activerecord (6.1.7.7)
activemodel (= 6.1.7.7)
activesupport (= 6.1.7.7)
activestorage (6.1.7.7)
actionpack (= 6.1.7.7)
activejob (= 6.1.7.7)
activerecord (= 6.1.7.7)
activesupport (= 6.1.7.7)
activemodel (6.1.7.8)
activesupport (= 6.1.7.8)
activerecord (6.1.7.8)
activemodel (= 6.1.7.8)
activesupport (= 6.1.7.8)
activestorage (6.1.7.8)
actionpack (= 6.1.7.8)
activejob (= 6.1.7.8)
activerecord (= 6.1.7.8)
activesupport (= 6.1.7.8)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
activesupport (6.1.7.7)
activesupport (6.1.7.8)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
Expand Down Expand Up @@ -105,6 +105,7 @@ GEM
aws-sigv4 (~> 1.4)
aws-sigv4 (1.5.2)
aws-eventstream (~> 1, >= 1.0.2)
base64 (0.2.0)
bcrypt (3.1.17)
better_errors (2.9.1)
coderay (>= 1.0.0)
Expand Down Expand Up @@ -397,7 +398,7 @@ GEM
net-smtp
makara (0.5.1)
activerecord (>= 5.2.0)
marcel (1.0.2)
marcel (1.0.4)
mario-redis-lock (1.2.1)
redis (>= 3.0.5)
matrix (0.4.2)
Expand All @@ -407,13 +408,11 @@ GEM
mime-types-data (~> 3.2015)
mime-types-data (3.2022.0105)
mini_mime (1.1.5)
mini_portile2 (2.8.5)
mini_portile2 (2.8.7)
minitest (5.17.0)
msgpack (1.6.0)
multi_json (1.15.0)
multipart-post (2.1.1)
net-http (0.3.2)
uri
net-imap (0.3.7)
date
net-protocol
Expand All @@ -428,7 +427,7 @@ GEM
net-protocol
net-ssh (7.0.1)
nio4r (2.5.9)
nokogiri (1.16.5)
nokogiri (1.16.6)
mini_portile2 (~> 2.8.2)
racc (~> 1.4)
nsa (0.2.8)
Expand Down Expand Up @@ -502,7 +501,7 @@ GEM
activesupport (>= 3.0.0)
raabro (1.4.0)
racc (1.7.3)
rack (2.2.8.1)
rack (2.2.9)
rack-attack (6.6.1)
rack (>= 1.0, < 3)
rack-cors (1.1.1)
Expand All @@ -517,20 +516,20 @@ GEM
rack
rack-test (2.0.2)
rack (>= 1.3)
rails (6.1.7.7)
actioncable (= 6.1.7.7)
actionmailbox (= 6.1.7.7)
actionmailer (= 6.1.7.7)
actionpack (= 6.1.7.7)
actiontext (= 6.1.7.7)
actionview (= 6.1.7.7)
activejob (= 6.1.7.7)
activemodel (= 6.1.7.7)
activerecord (= 6.1.7.7)
activestorage (= 6.1.7.7)
activesupport (= 6.1.7.7)
rails (6.1.7.8)
actioncable (= 6.1.7.8)
actionmailbox (= 6.1.7.8)
actionmailer (= 6.1.7.8)
actionpack (= 6.1.7.8)
actiontext (= 6.1.7.8)
actionview (= 6.1.7.8)
activejob (= 6.1.7.8)
activemodel (= 6.1.7.8)
activerecord (= 6.1.7.8)
activestorage (= 6.1.7.8)
activesupport (= 6.1.7.8)
bundler (>= 1.15.0)
railties (= 6.1.7.7)
railties (= 6.1.7.8)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
Expand All @@ -546,9 +545,9 @@ GEM
railties (>= 6.0.0, < 7)
rails-settings-cached (0.6.6)
rails (>= 4.2.0)
railties (6.1.7.7)
actionpack (= 6.1.7.7)
activesupport (= 6.1.7.7)
railties (6.1.7.8)
actionpack (= 6.1.7.8)
activesupport (= 6.1.7.8)
method_source
rake (>= 12.2)
thor (~> 1.0)
Expand Down Expand Up @@ -629,7 +628,6 @@ GEM
nokogiri (>= 1.10.5)
rexml
ruby2_keywords (0.0.5)
rubyzip (2.3.2)
rufus-scheduler (3.8.2)
fugit (~> 1.1, >= 1.1.6)
safety_net_attestation (0.4.0)
Expand Down Expand Up @@ -670,7 +668,8 @@ GEM
simplecov-html (0.12.3)
simplecov_json_formatter (0.1.4)
smart_properties (1.17.0)
sprockets (3.7.2)
sprockets (3.7.3)
base64
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.4.2)
Expand Down Expand Up @@ -725,7 +724,6 @@ GEM
unf_ext (0.0.8.2)
unicode-display_width (2.4.2)
uniform_notifier (1.16.0)
uri (0.13.0)
validate_email (0.1.6)
activemodel (>= 3.0)
mail (>= 2.2.5)
Expand Down Expand Up @@ -762,7 +760,7 @@ GEM
xorcist (1.1.3)
xpath (3.2.0)
nokogiri (~> 1.8)
zeitwerk (2.6.13)
zeitwerk (2.6.16)

PLATFORMS
ruby
Expand Down Expand Up @@ -831,7 +829,6 @@ DEPENDENCIES
mario-redis-lock (~> 1.2)
memory_profiler
mime-types (~> 3.4.1)
net-http (~> 0.3.2)
net-ldap (~> 0.17)
nokogiri (~> 1.14)
nsa (~> 0.2)
Expand Down Expand Up @@ -876,7 +873,6 @@ DEPENDENCIES
rubocop-rails
rubocop-rspec
ruby-progressbar (~> 1.11)
rubyzip (~> 2.3)
sanitize (~> 6.0)
scenic (~> 1.7)
sidekiq (~> 6.5)
Expand Down
1 change: 1 addition & 0 deletions app/controllers/api/v1/scheduled_statuses_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ class Api::V1::ScheduledStatusesController < Api::BaseController
before_action -> { doorkeeper_authorize! :read, :'read:statuses' }, except: [:update, :destroy]
before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only: [:update, :destroy]

before_action :require_user!
before_action :set_statuses, only: :index
before_action :set_status, except: :index

Expand Down
1 change: 1 addition & 0 deletions app/controllers/api/v1/statuses/translations_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ class Api::V1::Statuses::TranslationsController < Api::BaseController
include Authorization

before_action -> { doorkeeper_authorize! :read, :'read:statuses' }
before_action :require_user!
before_action :set_status
before_action :set_translation

Expand Down
1 change: 1 addition & 0 deletions app/controllers/api/v1/timelines/public_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# frozen_string_literal: true

class Api::V1::Timelines::PublicController < Api::BaseController
before_action -> { authorize_if_got_token! :read, :'read:statuses' }
before_action :require_user!, only: [:show], if: :require_auth?
after_action :insert_pagination_headers, unless: -> { @statuses.empty? }

Expand Down
3 changes: 2 additions & 1 deletion app/controllers/api/v1/timelines/tag_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
# frozen_string_literal: true

class Api::V1::Timelines::TagController < Api::BaseController
before_action -> { doorkeeper_authorize! :read, :'read:statuses' }, only: :show, if: :require_auth?
before_action -> { authorize_if_got_token! :read, :'read:statuses' }
before_action :require_user!, if: :require_auth?
before_action :load_tag
after_action :insert_pagination_headers, unless: -> { @statuses.empty? }

Expand Down
1 change: 1 addition & 0 deletions app/controllers/oauth/authorized_applications_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio

def destroy
Web::PushSubscription.unsubscribe_for(params[:id], current_resource_owner)
Doorkeeper::Application.find_by(id: params[:id])&.close_streaming_sessions(current_resource_owner)
super
end

Expand Down
2 changes: 1 addition & 1 deletion app/lib/activitypub/activity/create.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ def distribute
def find_existing_status
status = status_from_uri(object_uri)
status ||= Status.find_by(uri: @object['atomUri']) if @object['atomUri'].present?
status
status if status&.account_id == @account.id
end

def process_status_params
Expand Down
2 changes: 2 additions & 0 deletions app/lib/activitypub/parser/status_parser.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ class ActivityPub::Parser::StatusParser

NORMALIZED_LOCALE_NAMES = LanguagesHelper::SUPPORTED_LOCALES.keys.index_by(&:downcase).freeze

NORMALIZED_LOCALE_NAMES = LanguagesHelper::SUPPORTED_LOCALES.keys.index_by(&:downcase).freeze

# @param [Hash] json
# @param [Hash] magic_values
# @option magic_values [String] :followers_collection
Expand Down
8 changes: 5 additions & 3 deletions app/lib/application_extension.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,17 +14,19 @@ module ApplicationExtension
# dependent: delete_all, which means the ActiveRecord callback in
# AccessTokenExtension is not run, so instead we manually announce to
# streaming that these tokens are being deleted.
before_destroy :push_to_streaming_api, prepend: true
before_destroy :close_streaming_sessions, prepend: true
end

def confirmation_redirect_uri
redirect_uri.lines.first.strip
end

def push_to_streaming_api
def close_streaming_sessions(resource_owner = nil)
# TODO: #28793 Combine into a single topic
payload = Oj.dump(event: :kill)
access_tokens.in_batches do |tokens|
scope = access_tokens
scope = scope.where(resource_owner_id: resource_owner.id) unless resource_owner.nil?
scope.in_batches do |tokens|
redis.pipelined do |pipeline|
tokens.ids.each do |id|
pipeline.publish("timeline:access_token:#{id}", payload)
Expand Down
15 changes: 10 additions & 5 deletions app/lib/link_details_extractor.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,16 +255,21 @@ def structured_data
end

def document
@document ||= Nokogiri::HTML(@html, nil, encoding)
@document ||= detect_encoding_and_parse_document
end

def encoding
@encoding ||= begin
guess = detector.detect(@html, @html_charset)
guess&.fetch(:confidence, 0).to_i > 60 ? guess&.fetch(:encoding, nil) : nil
def detect_encoding_and_parse_document
[detect_encoding, nil, @html_charset, 'UTF-8'].uniq.each do |encoding|
document = Nokogiri::HTML(@html, nil, encoding)
return document if document.to_s.valid_encoding?
end
end

def detect_encoding
guess = detector.detect(@html, @html_charset)
guess&.fetch(:confidence, 0).to_i > 60 ? guess&.fetch(:encoding, nil) : nil
end

def detector
@detector ||= CharlockHolmes::EncodingDetector.new.tap do |detector|
detector.strip_tags = true
Expand Down
Loading

0 comments on commit de2c804

Please sign in to comment.