f90daf58db
Add warning for object storage misconfiguration ( #24137 )
2023-03-16 22:50:15 +01:00
a42b48ea4e
Change user backups to use expiring URLs for download when possible ( #24136 )
2023-03-16 22:50:15 +01:00
251dd0b72b
Update changelog
2023-03-16 22:05:39 +01:00
18840cbc6e
Skip pushing containers on forks ( #24106 )
2023-03-16 13:40:56 +01:00
727126255a
Use Github Container Registry as the official container image source ( #24113 )
2023-03-16 13:40:55 +01:00
98d654b8bb
Skip Docker CI Login/Push on forks ( #23564 )
2023-03-16 13:39:59 +01:00
25c517144c
Push Docker images to Github Container Registry as well ( #24101 )
2023-03-16 13:39:58 +01:00
f036546c22
Fix misleading error code when receiving invalid WebAuthn credentials ( #23568 )
2023-03-16 12:34:43 +01:00
9256d653a5
Fix incorrect post links in strikes when the account is remote ( #23611 )
2023-03-16 12:34:37 +01:00
d0c0808ad4
Add null check on application in dispute viewer ( #19851 )
2023-03-16 12:33:09 +01:00
cb622b23b1
Fix dashboard crash on ElasticSearch server error ( #23751 )
2023-03-16 12:31:20 +01:00
fe866f8afb
Update changelog
2023-03-14 11:46:12 +01:00
a1e765991e
Add mail headers to avoid auto-replies ( #23597 )
2023-03-14 11:46:12 +01:00
76b9f42712
Add `lang` tag to native language names in language picker ( #23749 )
2023-03-14 11:46:12 +01:00
708e590117
Fix sidekiq jobs not triggering Elasticsearch index updates ( #24046 )
2023-03-14 11:46:12 +01:00
a717aa929c
Center the text itself in upload area ( #24029 )
2023-03-14 11:46:12 +01:00
bbb7c54367
Fix `/api/v1/streaming` sub-paths not being redirected ( #23988 )
2023-03-14 11:46:12 +01:00
282596a66e
Fix pgBouncer resetting application name on every transaction ( #23958 )
2023-03-14 11:46:12 +01:00
e6f6fe6106
Fix original account being unfollowed on migration before the follow request could be sent ( #21957 )
2023-03-14 11:46:12 +01:00
86b1adf7d7
Fix unconfirmed accounts being registered as active users ( #23803 )
2023-03-14 10:26:38 +01:00
4beeec4e50
Fix server error when failing to follow back followers from `/relationships` ( #23787 )
2023-03-14 10:26:23 +01:00
3c44ba0411
Fix inefficiency when searching accounts per username in admin interface ( #23801 )
2023-03-14 10:26:14 +01:00
339d4fa61c
Fix case-sensitive check for previously used hashtags ( #23526 )
2023-03-14 10:25:48 +01:00
62f0eab635
Fix “Remove all followers from the selected domains” being more destructive than it claims ( #23805 )
2023-03-14 10:25:38 +01:00
8c8d578e38
Bump version to 3.5.6 ( #23493 )
2023-02-10 22:18:15 +01:00
a8a3e86216
Fix unbounded recursion in post discovery ( #23507 )
...
* Add a limit to how many posts can get fetched as a result of a single request
* Add tests
* Always pass `request_id` when processing `Announce` activities
---------
Co-authored-by: nametoolong <nametoolong@users.noreply.github.com>
2023-02-10 22:16:47 +01:00
be1caad933
Fix REST API serializer for Account not including `moved` when the moved account has itself moved ( #22483 ) ( #23492 )
...
Instead of cutting immediately, cut after one recursion.
2023-02-09 21:02:09 +01:00
84a40824ad
Fix sanitizer parsing link text as HTML when stripping unsupported links ( #22558 ) ( #23491 )
2023-02-09 21:02:01 +01:00
533bf92d21
Don't delivery a reply to domains which are blocked by author ( #22117 ) ( #23490 )
...
Co-authored-by: Jeong Arm <kjwonmail@gmail.com>
2023-02-09 21:01:53 +01:00
6a2b48190c
Log admin approve and reject account ( #22088 ) ( #23488 )
...
* Log admin approve and reject account
* Add unit tests for approve and reject logging
Co-authored-by: Francis Murillo <evacuee.overlap.vs3op@aleeas.com>
2023-02-09 21:01:45 +01:00
6cbc589990
Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note ( #23318 ) ( #23487 )
...
* Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note
* Add tests
2023-02-09 21:01:38 +01:00
a2bfb16cb8
Fix crash when marking statuses as sensitive while some statuses are deleted ( #22134 ) ( #23486 )
...
* Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments
* Fix crash when marking statuses as sensitive while some statuses are deleted
Fixes #21910
* Fix multiple strikes being created for a single report when selecting “Mark as sensitive”
* Add tests
2023-02-09 21:01:21 +01:00
cfc0507010
Fix attachments of edited statuses not being fetched ( #21565 ) ( #23485 )
...
* Fix attachments of edited statuses not being fetched
* Fix tests
2023-02-09 20:57:31 +01:00
eade64097c
Clear voter count when poll is reset ( #21700 ) ( #23484 )
...
When a poll is edited, we reset the poll and remove all previous
votes. However, prior to this commit, the voter count on the poll
was not reset. This leads to incorrect percentages being shown in
poll results.
Fixes #21696
Co-authored-by: afontenot <adam.m.fontenot@gmail.com>
2023-02-09 20:57:24 +01:00
1f0be21317
Fix some performance issues with /admin/instances ( #21907 ) ( #23483 )
...
/admin/instances?availability=failing remains wholly unefficient
2023-02-09 20:57:14 +01:00
0ca877f084
Fix possible race conditions when suspending/unsuspending accounts ( #22363 ) ( #23482 )
...
* Fix possible race conditions when suspending/unsuspending accounts
* Fix tests
Tests were assuming SuspensionWorker and UnsuspensionWorker would do the
suspending/unsuspending themselves, but this has changed.
2023-02-09 20:57:06 +01:00
cc233af129
Fix suspension worker crashing on S3-compatible setups without ACL support ( #22487 ) ( #23481 )
2023-02-09 20:56:58 +01:00
83f1c6460a
Fix changing domain block severity not undoing individual account effects ( #22135 ) ( #23480 )
...
* Fix changing domain block severity not undoing individual account effects
Fixes #22133
* Add tests
2023-02-09 20:56:49 +01:00
e26dd2ea8f
Add `form-action` CSP directive ( #23478 )
...
* Add form-action CSP directive (#20781 )
* Fix OAuth flow being broken by recent CSP change (#20958 )
* Fix form-action CSP directive for external login (#20962 )
2023-02-09 20:56:37 +01:00
da5d81c90d
Fix CircleCI issues caused by Node and OpenSSL versions ( #23489 )
...
Co-authored-by: mhkhung <mhkhung@gmail.com>
2023-02-09 18:34:19 +01:00
ee66f5790f
Fix unbounded recursion in account discovery (v3.5 backport) ( #22026 )
...
* Fix trying to fetch posts from other users when fetching featured posts
* Rate-limit discovery of new subdomains
* Put a limit on recursively discovering new accounts
2022-12-15 19:21:17 +01:00
696f7b3608
Bump version to 3.5.5
2022-11-14 22:26:24 +01:00
b22e1476ca
Fix nodes order being sometimes mangled when rewriting emoji ( #20677 )
...
* Fix front-end emoji tests
* Fix nodes order being sometimes mangled when rewriting emoji
2022-11-14 22:20:29 +01:00
105ab82425
Bump version to 3.5.4
2022-11-14 20:09:16 +01:00
2dd8f977e8
Fix emoji substitution not applying only to text nodes in backend code
...
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 11:20:41 +01:00
2db06e1d08
Fix emoji substitution not applying only to text nodes in Web UI
...
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 11:20:41 +01:00
063579373e
Fix rate limiting for paths with formats
2022-11-14 11:20:41 +01:00
1659788de4
blurhash_transcoder: prevent out-of-bound reads with <8bpp images ( #20388 )
...
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.
Fixes #19235 .
2022-11-14 11:20:41 +01:00
47eaf85f02
Fix crash when a remote Flag activity mentions a private post ( #18760 )
...
* Add tests
* Fix crash when a remote Flag activity mentions a private post
2022-11-14 11:20:41 +01:00
fbcbf7898f
Bump version to 3.5.3 ( #18530 )
2022-05-26 23:26:15 +02:00
Claire