fedi/mastodon
1
0
Fork 1
mirror of https://github.com/mastodon/mastodon.git synced 2024-11-08 16:54:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
11761 commits 119 branches 266 tags 964 MiB
Commit graph

6584 commits

Author SHA1 Message Date
Claire c397c1a9e3
Merge pull request from GHSA-jhrq-qvrm-qr36 
* Fix insufficient Content-Type checking of fetched ActivityStreams objects

* Allow JSON-LD documents with multiple profiles
 2024-02-16 11:56:12 +01:00
Claire d509b6b342 Fix user creation failure handling in OmniAuth paths (#29207) 
Co-authored-by: Matt Jankowski <matt@jankowski.online>
 2024-02-14 23:26:29 +01:00
Claire 4a57e44809
Merge pull request from GHSA-vm39-j3vx-pch3 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
 2024-02-14 15:16:07 +01:00
Claire 47c6079d8d
Merge pull request from GHSA-7w3c-p9j8-mq3x 
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
 2024-02-14 15:15:34 +01:00
Claire b1ed009c65
Merge pull request from GHSA-3fjr-858r-92rw 
* Fix insufficient origin validation

* Bump version to v3.5.17
 2024-02-01 15:56:46 +01:00
Claire 2ffce0d5f7 Fix processing LDSigned activities from actors with unknown public keys (#27474) 2023-12-04 15:27:44 +01:00
Claire 688defd60d Change GIF max matrix size error to explicitly mention GIF files (#27927) 2023-12-04 15:27:44 +01:00
Jonathan de Jong d9b05f6860 Have Follow activities bypass availability (#27586) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-12-04 15:27:44 +01:00
Claire f3fd8d8695 Clamp dates when serializing to Elasticsearch API (#28081) 2023-12-04 15:27:44 +01:00
Claire 49693fe42f Fix incoming status creation date not being restricted to standard ISO8601 (#27655) 2023-12-04 15:27:44 +01:00
Claire 16262f815d Fix posts from force-sensitized accounts being able to trend (#27620) 2023-12-04 15:27:44 +01:00
Matt Jankowski 7fb3ee0bc6 Dont match mention in url query string (#25656) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-10-10 13:50:10 +02:00
David Aaron 9bd027823d Change min age of backup policy from 1 week to 6 days (#27200) 2023-10-10 13:50:10 +02:00
Jakob Gillich 57d4d46050 Fix importer returning negative row estimates (#27258) 2023-10-10 13:50:10 +02:00
Claire c91116f780 Fix filtering audit log for entries about disabling 2FA (#27186) 2023-10-10 13:50:10 +02:00
Essem f45b5f5006 Properly remove tIME chunk from PNG uploads (#27111) 2023-10-10 13:50:10 +02:00
Claire 47441e51f3 Fix crash when filtering for “dormant” relationships (#27306) 2023-10-10 13:50:10 +02:00
Claire af02650322 Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116) 2023-10-10 13:50:10 +02:00
Claire 49af3e26dc Fix moderator rights inconsistencies (#26729) 2023-09-19 17:01:17 +02:00
Claire 412c3e13ec Fix crash when encountering invalid URL (#26814) 2023-09-19 17:01:17 +02:00
Claire 31c5e63a58 Fix cached posts including stale stats (#26409) 2023-09-19 17:01:17 +02:00
Nicolai Søborg e8eeb746ac Fix frame_rate for videos where ffprobe reports 0/0 (#26500) 2023-09-19 17:01:17 +02:00
Claire 9deb178126
Merge pull request from GHSA-v3xf-c9qf-j667 2023-09-19 16:53:58 +02:00
Emelia Smith dcffd6b3d7 Allow reports with long comments from remote instances, but truncate (#25028) 2023-09-05 17:22:43 +02:00
Daniel M Brasil 8de0f7e198 Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (#26237) 2023-09-05 17:22:43 +02:00
Claire e37551421e Fix blocking subdomains of an already-blocked domain (#26392) 2023-09-05 17:22:43 +02:00
Claire 2e0eab9d18 Change text extraction in PlainTextFormatter to be faster (#26727) 2023-09-05 17:22:43 +02:00
Claire e655b35d7e Fix incorrect connect timeout in outgoing requests (#26116) 2023-07-31 14:33:27 +02:00
Claire ced65ffbb4 Change request timeout handling to use a longer deadline (#26055) 2023-07-21 16:07:24 +02:00
Claire 7709bbba65 Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886) 2023-07-21 16:07:24 +02:00
Michael Stanclift 4f6d121b24 Fix trending publishers table not rendering correctly on narrow screens (#25945) 2023-07-21 16:07:24 +02:00
Claire 517c4a8a7a Fix processing of media files with unusual names (#25788) 2023-07-07 19:35:24 +02:00
Claire dca0d8427e Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 19:35:24 +02:00
Claire ca4b23bf0d
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:49 +02:00
Claire 32e5a9f053
Merge pull request from GHSA-9pxv-6qvf-pjwc 
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
 2023-07-06 15:06:24 +02:00
Claire 987f909994
Merge pull request from GHSA-9928-3cp5-93fm 
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
 2023-07-06 15:05:05 +02:00
Claire c02fa93c57
Merge pull request from GHSA-ccm4-vgcc-73hp 
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
 2023-07-06 15:03:33 +02:00
Vyr Cossont 07f60ffcbb Fix Redis client and type errors introduced in #24285 (#24342) 2023-07-06 13:46:21 +02:00
Vyr Cossont c1467453f6 IndexingScheduler: fetch and import in batches (#24285) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-07-06 13:46:21 +02:00
Emelia Smith 00e65a77df Prevent UserCleanupScheduler from overwhelming streaming (#25519) 2023-07-06 13:46:21 +02:00
Daniel M Brasil f9521bc2b5 Fix incorrect pagination headers in /api/v2/admin/accounts (#25477) 2023-07-06 13:46:21 +02:00
Claire feac95333f Change profile updates to be sent to recently-mentioned servers (#24852) 2023-07-06 13:46:21 +02:00
Claire bb1e7e112e Fix being able to vote on your own polls (#25015) 2023-07-06 13:46:21 +02:00
Claire e233060ea5 Fix race condition when reblogging a status (#25016) 2023-07-06 13:46:21 +02:00
Claire 3faebae2d1 Change OpenGraph-based embeds to allow fullscreen (#25058) 2023-07-06 13:46:21 +02:00
Claire 95f59da157 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2023-07-06 13:46:21 +02:00
Claire 6f94b4ae19 Remove invalid X-Frame-Options: ALLOWALL (#25070) 2023-07-06 13:46:21 +02:00
Claire 283184b390 Change Identity to not destroy associated User on destroy (#25098) 2023-07-06 13:46:21 +02:00
Claire d54980ef2d Fix /api/v1/conversations sometimes returning empty accounts (#25499) 2023-07-06 13:46:21 +02:00
Claire 08579976e0 Fix ArgumentError when loading newer Private Mentions (#25399) 2023-07-06 13:46:21 +02:00