Age | Commit message (Collapse) | Author |
|
|
|
(#30483)
|
|
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations
* Remove rack-attack safelist
|
|
|
|
|
|
registrations (#30316)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
the API (#30119)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
`WEB_DOMAIN@WEB_DOMAIN` (#28592)
|
|
|
|
|
|
|
|
|
|
|
|
settings permissions (#29356)
|
|
moderators (#29337)
|
|
|
|
|
|
|
|
* Fix insufficient Content-Type checking of fetched ActivityStreams objects
* Allow JSON-LD documents with multiple profiles
|
|
|
|
Co-authored-by: Matt Jankowski <matt@jankowski.online>
|
|
|
|
|
|
|
|
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
|
|
* Ensure destruction of OAuth Applications notifies streaming
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
* Ensure password resets revoke access to Streaming API
* Improve performance of deleting OAuth tokens
---------
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
|
|
`sidekiq-unique-jobs` UI by default (#29199)
|
|
|
|
|
|
|
|
* Fix insufficient origin validation
* Bump version to v4.2.5
|
|
|