summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
4 daysBump version to v4.2.9 (#30470)v4.2.9stable-4.2Claire
4 daysFix rate-limiting incorrectly triggering a session cookie on most endpoints ↵Claire
(#30483)
4 daysMerge pull request from GHSA-c2r5-cfqr-c553Claire
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations * Remove rack-attack safelist
4 daysMerge pull request from GHSA-q3rg-xx5v-4mxhClaire
4 daysMerge pull request from GHSA-5fq7-3p3j-9vrfClaire
5 daysFix: remove broken OAuth Application vacuuming & throttle OAuth Application ↵Emelia Smith
registrations (#30316) Co-authored-by: Claire <claire.github-309c@sitedethib.com>
5 daysNormalize language code of incoming posts (#30403)Claire
5 daysFix leaking Elasticsearch connections in Sidekiq processes (#30450)Claire
5 daysUpdate dependency rexml to 3.2.8Claire
2024-05-17Update dependency nokogiri to 1.16.5Claire
2024-05-17Update dependency fastimage to 2.3.1Claire
2024-05-17Update dependency rotp to 6.3.0Claire
2024-05-17Update dependency json-jwt to 1.15.3.1Claire
2024-05-17Update dependency rack-cors to 2.0.2Claire
2024-05-17Fix off-by-one in `tootctl media` commands (#30306)Claire
2024-05-17Fix missing destory audit logs for Domain Allows (#30125)Emelia Smith
2024-05-17Fix not being able to block a subdomain of an already-blocked domain through ↵Claire
the API (#30119)
2024-05-17Fix Idempotency-Key ignored when scheduling a post (#30084)Claire
2024-05-17Fixed crash when supplying FFMPEG_BINARY environment variable (#30022)Tim Rogers
2024-05-17Remove caching in `cache_collection` (#29862)Claire
2024-05-17Improve email address validation (#29838)Claire
2024-05-17Fix results/query in `api/v1/featured_tags/suggestions` (#29597)Matt Jankowski
2024-05-17Normalize idna domain before account unblock domain (#29530)Jeong Arm
2024-05-17Fix admin account created by `mastodon:setup` not being auto-approved (#29379)Claire
2024-05-17Return domain block digests from admin domain blocks API (#29092)Emelia Smith
2024-05-17Add fallback redirection when getting a webfinger query ↵Claire
`WEB_DOMAIN@WEB_DOMAIN` (#28592)
2024-05-17Fix reference to non-existent var in CLI maintenance command (#28363)Matt Jankowski
2024-02-23Bump version to v4.2.8 (#29370)v4.2.8Claire
2024-02-23Fix processing of `Link` objects in `Image` objects (#29363)Claire
2024-02-22Fix link verifications when page size exceeds 1MB (#29361)Claire
2024-02-22Change registrations to be disabled by default for new servers (#29353)Claire
2024-02-22Fix auto-close email being sent to users with devops permissions instead of ↵Claire
settings permissions (#29356)
2024-02-22Automatically switch from open to approved registrations in absence of ↵Claire
moderators (#29337)
2024-02-22Update dependencies (#29346)Claire
2024-02-16Fix linting failureClaire
2024-02-16Bump version to v4.2.7v4.2.7Claire
2024-02-16Merge pull request from GHSA-jhrq-qvrm-qr36Claire
* Fix insufficient Content-Type checking of fetched ActivityStreams objects * Allow JSON-LD documents with multiple profiles
2024-02-16Update dependency pg to 1.5.5Claire
2024-02-14Update `nsa` gem to version 0.3.0 (#29065) (#29206)Claire
Co-authored-by: Matt Jankowski <matt@jankowski.online>
2024-02-14Fix user creation failure handling in OAuth paths (#29207)Claire
2024-02-14Fix OmniAuth tests (#29201)Claire
2024-02-14Bump version to v4.2.6v4.2.6Claire
2024-02-14Merge pull request from GHSA-vm39-j3vx-pch3Claire
* Prevent different identities from a same SSO provider from accessing a same account * Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true` * Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14Merge pull request from GHSA-7w3c-p9j8-mq3xClaire
* Ensure destruction of OAuth Applications notifies streaming Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens. * Ensure password resets revoke access to Streaming API * Improve performance of deleting OAuth tokens --------- Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
2024-02-14Add `sidekiq_unique_jobs:delete_all_locks` task and disable ↵Claire
`sidekiq-unique-jobs` UI by default (#29199)
2024-02-14Disable administrative doorkeeper routes (#29187)Emelia Smith
2024-02-14Update dependency sidekiq-unique-jobs to 7.1.33Claire
2024-02-14Update dependency nokogiri to 1.16.2Claire
2024-02-01Merge pull request from GHSA-3fjr-858r-92rwv4.2.5Claire
* Fix insufficient origin validation * Bump version to v4.2.5
2024-01-24Bump version to v4.2.4v4.2.4Claire
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 21:24:19 +0000