Commit graph

13847 commits

Author SHA1 Message Date
fusagiko / takayamaki e0d230fb37
simplify counters (#25541) 2023-07-08 11:11:22 +02:00
Matt Jankowski 0f9b803eb3
Regenerate brakeman ignore, pruning warnings (#25749) 2023-07-08 11:07:19 +02:00
Renaud Chaput 9f078e238d
Fix translate button position (#25807) 2023-07-08 00:12:31 +02:00
Claire 0051128387
Bump version to v4.1.4 (#25805) 2023-07-07 19:42:03 +02:00
Renaud Chaput d481e72e85
Tag images with the latest tag only when running against the latest stable branch (#25803) 2023-07-07 19:31:55 +02:00
Claire b6d173b459
Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 18:10:17 +02:00
Claire 71d44949bf
Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) 2023-07-07 18:10:00 +02:00
nemobis dfedf0ec64
Fix typo in CHANGELOG.md (#25764) 2023-07-07 14:15:54 +02:00
renovate[bot] 8b624553ef
Update dependency sanitize to v6.0.2 [SECURITY] (#25777)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-07 13:35:54 +02:00
Claire 94fbac77e7
Fix processing of media files with unusual names (#25788) 2023-07-07 13:35:22 +02:00
Claire 5e1752ce3f
Bump version to v4.1.3 (#25757) 2023-07-06 15:14:42 +02:00
Claire 610731b03d
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:49 +02:00
Claire c5929798bf
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:23 +02:00
Claire dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire 6d8e0fae3e
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire fed9cbfd2b
Add hardened headers to user-uploaded files (#25756) 2023-07-06 14:31:37 +02:00
Eugen Rochko 000b835803
Add canonical link tags in web UI (#25715) 2023-07-05 11:25:27 +02:00
Eugen Rochko b7910bc751
Add button to see results for polls in web UI (#25726) 2023-07-05 10:32:04 +02:00
Claire eb2417ce99
Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713) 2023-07-04 18:58:23 +02:00
Claire 4658263b4a
Fix re-activated accounts being deleted by AccountDeletionWorker (#25711) 2023-07-04 18:36:24 +02:00
Trevor Wolf 182fd93a07
fix read more button overlapping thread line bug (#25706) 2023-07-04 14:57:46 +02:00
Claire 12fa24a885
Fix forgotten unconfirmed_email migration file (#25702) 2023-07-04 11:25:29 +02:00
mogaminsk 6268188543
Fix local live feeds does not expand (#25694) 2023-07-04 00:37:57 +02:00
forsamori d9a5c1acfa
Add at-symbol prepended to mention span title (#25684)
Co-authored-by: Sam BC <samuel.balbirnie-cumming@xdesign.com>
2023-07-03 22:58:10 +02:00
Eugen Rochko 54a10523e2
Change labels of live feeds tabs in web UI (#25683) 2023-07-03 22:57:18 +02:00
Daniel M Brasil 383c00819c
Fix /api/v2/search not working with following query param (#25681) 2023-07-03 18:06:57 +02:00
Eugen Rochko 69e124e2ed
Fix regression of icon button colors in web UI (#25679) 2023-07-03 16:51:04 +02:00
Trevor Wolf 54cb679c19
Change button colors to increase hover/focus contrast and consistency (#25677) 2023-07-03 11:32:31 +02:00
Claire e6a8faae81
Add users index on unconfirmed_email (#25672) 2023-07-02 19:41:35 +02:00
Claire 933ba1a3eb
Add superapp index on oauth_applications (#25670) 2023-07-02 16:56:16 +02:00
Claire 180f0e6715
Fix inefficient query when requesting a new confirmation email from a logged-in account (#25669) 2023-07-02 16:08:58 +02:00
Eugen Rochko ba06a2f104
Revert "Rails 7 update" (#25667) 2023-07-02 11:14:22 +02:00
mogaminsk 5b46345459
Prevent duplicate concurrent calls of /api/*/instance in web UI (#25663) 2023-07-02 11:12:16 +02:00
Eugen Rochko 0512537eb6
Change dropdown icon above compose form from ellipsis to bars in web UI (#25661) 2023-07-02 10:39:55 +02:00
Matt Jankowski 50c2a03695
Rails 7 update (#24241) 2023-07-02 10:38:53 +02:00
Daniel M Brasil 4fe2d7cb59
Fix HTTP 500 in /api/v1/emails/check_confirmation (#25595) 2023-07-02 00:05:44 +02:00
Claire cea9db5a0b
Change local and federated timelines to be in a single firehose column (#25641) 2023-07-02 00:05:10 +02:00
Matt Jankowski 0139b1c8e1
Update uri to version 0.12.2 (CVE fix) (#25657) 2023-07-02 00:04:21 +02:00
Matt Jankowski f8bd581126
Remove unused routes (#25578) 2023-07-01 21:48:53 +02:00
Matt Jankowski 683ba5ecb1
Fix rails rewhere deprecation warning in directories api controller (#25625) 2023-07-01 21:48:16 +02:00
Matt Jankowski c47cdf6e17
Add index to backups on user_id column (#25647) 2023-06-30 19:09:03 +02:00
Renaud Chaput 78ba12f0bf
Use an Immutable Record as the root state (#25584) 2023-06-30 17:03:25 +02:00
Claire 9934949fc4
Fix onboarding prompt being displayed because of disconnection gaps (#25617) 2023-06-30 16:32:12 +02:00
Eugen Rochko 8bfbd19d2b Update Crowdin configuration file 2023-06-30 16:22:40 +02:00
Renaud Chaput c4a8c332b2
Remove pkg-config gem dependency (#25615) 2023-06-30 14:59:07 +02:00
Claire a209d1e683
Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-06-29 14:48:54 +02:00
jsgoldstein 4581a528f7
Change account search to match by text when opted-in (#25599)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-06-29 13:05:21 +02:00
Claire 285a691936
Remove the search button from UI header when logged out (#25631) 2023-06-28 14:57:51 +02:00
Claire c7c6f02ae6
Fix suspending an already-limited domain (#25603) 2023-06-27 12:32:51 +02:00
renovate[bot] ceca93d0d1
Update dependency glob to v10.3.0 (#25608)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-27 12:16:17 +02:00