Commit Graph

13837 Commits (5e1752ce3f21a06287d0a0821c02835c06227441)
 

Author SHA1 Message Date
Claire 5e1752ce3f
Bump version to v4.1.3 ()
Claire 610731b03d
Merge pull request from GHSA-55j9-c3mp-6fcq
Claire c5929798bf
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
Claire dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
Claire 6d8e0fae3e
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
Claire fed9cbfd2b
Add hardened headers to user-uploaded files ()
Eugen Rochko 000b835803
Add canonical link tags in web UI ()
Eugen Rochko b7910bc751
Add button to see results for polls in web UI ()
Claire eb2417ce99
Fix OAuth apps page crashing when listing apps with certain admin API scopes ()
Claire 4658263b4a
Fix re-activated accounts being deleted by AccountDeletionWorker ()
Trevor Wolf 182fd93a07
fix read more button overlapping thread line bug ()
Claire 12fa24a885
Fix forgotten unconfirmed_email migration file ()
mogaminsk 6268188543
Fix local live feeds does not expand ()
forsamori d9a5c1acfa
Add at-symbol prepended to mention span title ()
Co-authored-by: Sam BC <samuel.balbirnie-cumming@xdesign.com>
Eugen Rochko 54a10523e2
Change labels of live feeds tabs in web UI ()
Daniel M Brasil 383c00819c
Fix `/api/v2/search` not working with following query param ()
Eugen Rochko 69e124e2ed
Fix regression of icon button colors in web UI ()
Trevor Wolf 54cb679c19
Change button colors to increase hover/focus contrast and consistency ()
Claire e6a8faae81
Add users index on unconfirmed_email ()
Claire 933ba1a3eb
Add superapp index on `oauth_applications` ()
Claire 180f0e6715
Fix inefficient query when requesting a new confirmation email from a logged-in account ()
Eugen Rochko ba06a2f104
Revert "Rails 7 update" ()
mogaminsk 5b46345459
Prevent duplicate concurrent calls of `/api/*/instance` in web UI ()
Eugen Rochko 0512537eb6
Change dropdown icon above compose form from ellipsis to bars in web UI ()
Matt Jankowski 50c2a03695
Rails 7 update ()
Daniel M Brasil 4fe2d7cb59
Fix HTTP 500 in `/api/v1/emails/check_confirmation` ()
Claire cea9db5a0b
Change local and federated timelines to be in a single firehose column ()
Matt Jankowski 0139b1c8e1
Update uri to version 0.12.2 (CVE fix) ()
Matt Jankowski f8bd581126
Remove unused routes ()
Matt Jankowski 683ba5ecb1
Fix rails `rewhere` deprecation warning in directories api controller ()
Matt Jankowski c47cdf6e17
Add index to backups on `user_id` column ()
Renaud Chaput 78ba12f0bf
Use an Immutable Record as the root state ()
Claire 9934949fc4
Fix onboarding prompt being displayed because of disconnection gaps ()
Eugen Rochko 8bfbd19d2b Update Crowdin configuration file
Renaud Chaput c4a8c332b2
Remove `pkg-config` gem dependency ()
Claire a209d1e683
Fix ResolveURLService not resolving local URLs for remote content ()
jsgoldstein 4581a528f7
Change account search to match by text when opted-in ()
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Claire 285a691936
Remove the search button from UI header when logged out ()
Claire c7c6f02ae6
Fix suspending an already-limited domain ()
renovate[bot] ceca93d0d1
Update dependency glob to v10.3.0 ()
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate[bot] a9ba8263a0
Update mcr.microsoft.com/devcontainers/ruby Docker tag to v1 ()
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate[bot] dbd37f129d
Update dependency pg to v8.11.1 ()
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate[bot] b7f6280ef4
Update dependency pg-connection-string to v2.6.1 ()
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate[bot] a90190f813
Update dependency react-textarea-autosize to v8.5.0 ()
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate[bot] ccaa676452
Update dependency sass to v1.63.6 ()
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate[bot] d9b07b6a11
Update dependency rails to v6.1.7.4 ()
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Claire 0ccf6c0eb7
Fix batch attachment deletion leaving empty directories ()
renovate[bot] 9caa0475f8
Update dependency react-redux to v8.1.1 ()
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
S.H 7a25af64dd
Remove media attachment only when file was exist ()
Eugen Rochko bb4756c823
Change files to be deleted in batches instead of one-by-one ()