Merge tag 'v3.5.10' into hometown-3.5.10-merge

3 years ago · 6599159d48
130 changed files with 1590 additions and 337 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -68,7 +68,9 @@ jobs:
          cache-version: v1
          pkg-manager: yarn
      - run:
-          command: ./bin/rails assets:precompile
+          command: |
            export NODE_OPTIONS=--openssl-legacy-provider
            ./bin/rails assets:precompile
          name: Precompile assets
      - persist_to_workspace:
          paths:
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@ -10,33 +10,55 @@ on:
    paths:
      - .github/workflows/build-image.yml
      - Dockerfile
 permissions:
  contents: read
  packages: write
 jobs:
  build-image:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
-      - uses: docker/setup-qemu-action@v1
+      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v1
+      - uses: docker/setup-buildx-action@v2
-      - uses: docker/login-action@v1
+
      - name: Log in to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
-        if: github.event_name != 'pull_request'
+        if: github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request'
-      - uses: docker/metadata-action@v3
+
      - name: Log in to the Github Container registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
        if: github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request'
      - uses: docker/metadata-action@v4
        id: meta
        with:
-          images: tootsuite/mastodon
+          images: |
            tootsuite/mastodon
            ghcr.io/mastodon/mastodon
          flavor: |
            latest=auto
          tags: |
            type=edge,branch=main
            type=match,pattern=v(.*),group=0
            type=ref,event=pr
-      - uses: docker/build-push-action@v2
+
      - uses: docker/build-push-action@v4
        with:
          context: .
          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
+          provenance: false
          builder: ${{ steps.buildx.outputs.name }}
          push: ${{ github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
-          cache-from: type=registry,ref=tootsuite/mastodon:latest
+          labels: ${{ steps.meta.outputs.labels }}
-          cache-to: type=inline
+          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/.ruby-version
+++ b/.ruby-version
@ -1 +1 @@
-3.0.3
+3.0.6
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,7 +3,114 @@ Changelog
 All notable changes to this project will be documented in this file.
-## [3.4.5] - 2022-11-14
+## [3.5.10] - 2023-07-07
 ### Fixed
 - Fix crash in admin interface when viewing a remote user with verified links ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25796))
 - Fix processing of media files with unusual names ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25788))
 ## [3.5.9] - 2023-07-06
 ### Changed
 - Change OpenGraph-based embeds to allow fullscreen ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25058))
 - Change profile updates to be sent to recently-mentioned servers ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24852))
 - Change auto-linking to allow carets in URL query params ([renchap](https://github.com/mastodon/mastodon/pull/25216))
 ### Removed
 - Remove invalid `X-Frame-Options: ALLOWALL` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25070))
 ### Fixed
 - Fix soft-deleted post cleanup scheduler overwhelming the streaming server ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25519))
 - Fix incorrect pagination headers in `/api/v2/admin/accounts` ([danielmbrasil](https://github.com/mastodon/mastodon/pull/25477))
 - Fix performance of streaming by parsing message JSON once ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25278), [ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25361))
 - Fix CSP headers when `S3_ALIAS_HOST` includes a path component ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25273))
 - Fix `tootctl accounts approve --number N` not aproving N earliest registrations ([danielmbrasil](https://github.com/mastodon/mastodon/pull/24605))
 - Fix being able to vote on your own polls ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25015))
 - Fix race condition when reblogging a status ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25016))
 - Fix “Authorized applications” inefficiently and incorrectly getting last use date ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25060))
 - Fix multiple N+1s in ConversationsController ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25134), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25399), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25499))
 - Fix user archive takeouts when using OpenStack Swift ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24431))
 - Fix inefficiencies in indexing content for search ([VyrCossont](https://github.com/mastodon/mastodon/pull/24285), [VyrCossont](https://github.com/mastodon/mastodon/pull/24342))
 ### Security
 - Update dependencies
 - Add hardening headers for user-uploaded files ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25756))
 - Fix verified links possibly hiding important parts of the URL (CVE-2023-36462)
 - Fix timeout handling of outbound HTTP requests (CVE-2023-36461)
 - Fix arbitrary file creation through media processing (CVE-2023-36460)
 - Fix possible XSS in preview cards (CVE-2023-36459)
 ## [3.5.8] - 2023-04-04
 ### Fixed
 - Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24182), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24377))
 - Fix crash in `db:setup` when Elasticsearch is enabled ([rrgeorge](https://github.com/mastodon/mastodon/pull/24302))
 - Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24200))
 - Fix invalid/expired invites being processed on sign-up ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24337))
 ### Security
 - Update Ruby to 3.0.6 due to ReDoS vulnerabilities ([saizai](https://github.com/mastodon/mastodon/pull/24332))
 - Fix unescaped user input in LDAP query ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24379))
 # [3.5.7] - 2023-03-16
 ### Added
 - Add `lang` attribute to native language names in language picker in Web UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23749))
 - Add headers to outgoing mails to avoid auto-replies ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23597))
 ### Fixed
 - Fix “Remove all followers from the selected domains” being more destructive than it claims ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23805))
 - Fix case-sensitive check for previously used hashtags in hashtag autocompletion ([deanveloper](https://github.com/mastodon/mastodon/pull/23526))
 - Fix inefficiency when searching accounts per username in admin interface ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23801))
 - Fix server error when failing to follow back followers from `/relationships` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23787))
 - Fix original account being unfollowed on migration before the follow request to the new account could be sent ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21957))
 - Fix pgBouncer resetting application name on every transaction ([Gargron](https://github.com/mastodon/mastodon/pull/23958))
 - Fix unconfirmed accounts being counted as active users ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23803))
 - Fix `/api/v1/streaming` sub-paths not being redirected ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23988))
 - Fix drag'n'drop upload area text that spans multiple lines not being centered ([vintprox](https://github.com/mastodon/mastodon/pull/24029))
 - Fix sidekiq jobs not triggering Elasticsearch index updates ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24046))
 - Fix missing null check on applications on strike disputes ([kescherCode](https://github.com/mastodon/mastodon/pull/19851))
 - Fix dashboard crash on ElasticSearch server error ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23751))
 - Fix incorrect post links in strikes when the account is remote ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23611))
 - Fix misleading error code when receiving invalid WebAuthn credentials ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23568))
 ### Security
 - Change user backups to use expiring URLs for download when possible ([Gargron](https://github.com/mastodon/mastodon/pull/24136))
 - Add warning for object storage misconfiguration ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24137))
 ## [3.5.6] - 2023-02-09
 ### Fixed
 - **Fix changing domain block severity not undoing individual account effects** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23480))
 - Fix suspension worker crashing on S3-compatible setups without ACL support ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23481))
 - Fix possible race conditions when suspending/unsuspending accounts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23482))
 - Fix some performance issues with `/admin/instances` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23483))
 - Fix voter count not being cleared when a poll is reset ([afontenot](https://github.com/mastodon/mastodon/pull/23484))
 - Fix attachments of edited statuses not being fetched ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23485))
 - Fix 500 error when marking posts as sensitive while some of them are deleted ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23486))
 - Fix user clean-up scheduler crash when an unconfirmed account has a moderation note ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23487))
 - Fix pending account approval and rejection not being recorded in the admin audit log ([FrancisMurillo](https://github.com/mastodon/mastodon/pull/23488))
 - Fix replies sometimes being delivered to user-blocked domains ([tribela](https://github.com/mastodon/mastodon/pull/23490))
 - Fix sanitizer parsing link text as HTML when stripping unsupported links ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23491))
 - Fix REST API serializer for `Account` not including `moved` when the moved account has itself moved ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23492))
 ### Security
 - Add `form-action` CSP directive ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23478))
 - Fix unbounded recursion in account discovery ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22026))
 - Fix unbounded recursion in post discovery ([ClearlyClaire,nametoolong](https://github.com/mastodon/mastodon/pull/23507))
 ## [3.5.5] - 2022-11-14
 ## Fixed
 - Fix nodes order being sometimes mangled when rewriting emoji ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20677))
--- a/2
+++ b/2
@ -27,7 +27,7 @@ RUN ARCH= && \
 	mv node-v$NODE_VER-linux-$ARCH /opt/node
 # Install Ruby 3.0
-ENV RUBY_VER="3.0.3"
+ENV RUBY_VER="3.0.6"
 RUN apt-get update && \
  apt-get install -y --no-install-recommends build-essential \
    bison libyaml-dev libgdbm-dev libreadline-dev libjemalloc-dev \
--- a/1
+++ b/1
@ -66,6 +66,7 @@ gem 'oj', '~> 3.13'
 gem 'ox', '~> 2.14'
 gem 'parslet'
 gem 'posix-spawn'
 gem 'public_suffix', '~> 4.0.7'
 gem 'pundit', '~> 2.2'
 gem 'premailer-rails'
 gem 'rack-attack', '~> 6.6'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -10,40 +10,40 @@ GIT
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (6.1.6)
+    actioncable (6.1.7.4)
-      actionpack (= 6.1.6)
+      actionpack (= 6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.6)
+    actionmailbox (6.1.7.4)
-      actionpack (= 6.1.6)
+      actionpack (= 6.1.7.4)
-      activejob (= 6.1.6)
+      activejob (= 6.1.7.4)
-      activerecord (= 6.1.6)
+      activerecord (= 6.1.7.4)
-      activestorage (= 6.1.6)
+      activestorage (= 6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
      mail (>= 2.7.1)
-    actionmailer (6.1.6)
+    actionmailer (6.1.7.4)
-      actionpack (= 6.1.6)
+      actionpack (= 6.1.7.4)
-      actionview (= 6.1.6)
+      actionview (= 6.1.7.4)
-      activejob (= 6.1.6)
+      activejob (= 6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
-    actionpack (6.1.6)
+    actionpack (6.1.7.4)
-      actionview (= 6.1.6)
+      actionview (= 6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
      rack (~> 2.0, >= 2.0.9)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.6)
+    actiontext (6.1.7.4)
-      actionpack (= 6.1.6)
+      actionpack (= 6.1.7.4)
-      activerecord (= 6.1.6)
+      activerecord (= 6.1.7.4)
-      activestorage (= 6.1.6)
+      activestorage (= 6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
      nokogiri (>= 1.8.5)
-    actionview (6.1.6)
+    actionview (6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
@ -54,22 +54,22 @@ GEM
      case_transform (>= 0.2)
      jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
    active_record_query_trace (1.8)
-    activejob (6.1.6)
+    activejob (6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
      globalid (>= 0.3.6)
-    activemodel (6.1.6)
+    activemodel (6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
-    activerecord (6.1.6)
+    activerecord (6.1.7.4)
-      activemodel (= 6.1.6)
+      activemodel (= 6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
-    activestorage (6.1.6)
+    activestorage (6.1.7.4)
-      actionpack (= 6.1.6)
+      actionpack (= 6.1.7.4)
-      activejob (= 6.1.6)
+      activejob (= 6.1.7.4)
-      activerecord (= 6.1.6)
+      activerecord (= 6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
-    activesupport (6.1.6)
+    activesupport (6.1.7.4)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
@ -174,7 +174,7 @@ GEM
    climate_control (0.2.0)
    coderay (1.1.3)
    color_diff (0.1)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.2)
    connection_pool (2.2.5)
    cose (1.2.1)
      cbor (~> 0.5.9)
@ -206,7 +206,7 @@ GEM
    docile (1.3.4)
    domain_name (0.5.20190701)
      unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (5.5.4)
+    doorkeeper (5.6.6)
      railties (>= 5)
    dotenv (2.7.6)
    dotenv-rails (2.7.6)
@ -223,7 +223,7 @@ GEM
      faraday (~> 1)
      multi_json
    encryptor (3.0.0)
-    erubi (1.10.0)
+    erubi (1.12.0)
    et-orbi (1.2.7)
      tzinfo
    excon (0.76.0)
@ -282,7 +282,7 @@ GEM
      addressable (~> 2.7)
      omniauth (~> 1.9)
      openid_connect (~> 1.2)
-    globalid (1.0.0)
+    globalid (1.0.1)
      activesupport (>= 5.0)
    hamlit (2.13.0)
      temple (>= 0.8.2)
@ -313,7 +313,7 @@ GEM
    httplog (1.5.0)
      rack (>= 1.0)
      rainbow (>= 2.0.0)
-    i18n (1.10.0)
+    i18n (1.14.1)
      concurrent-ruby (~> 1.0)
    i18n-tasks (1.0.10)
      activesupport (>= 4.0.2)
@ -383,9 +383,9 @@ GEM
      activesupport (>= 4)
      railties (>= 4)
      request_store (~> 1.0)
-    loofah (2.18.0)
+    loofah (2.21.3)
      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
    mail (2.7.1)
      mini_mime (>= 0.1.1)
    makara (0.5.1)
@ -403,8 +403,8 @@ GEM
      mime-types-data (~> 3.2015)
    mime-types-data (3.2022.0105)
    mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
+    mini_portile2 (2.8.2)
-    minitest (5.15.0)
+    minitest (5.18.1)
    msgpack (1.5.1)
    multi_json (1.15.0)
    multipart-post (2.1.1)
@ -412,9 +412,9 @@ GEM
    net-scp (3.0.0)
      net-ssh (>= 2.6.5, < 7.0.0)
    net-ssh (6.1.0)
-    nio4r (2.5.8)
+    nio4r (2.5.9)
-    nokogiri (1.13.6)
+    nokogiri (1.15.2)
-      mini_portile2 (~> 2.8.0)
+      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
    nsa (0.2.8)
      activesupport (>= 4.2, < 7)
@ -422,7 +422,7 @@ GEM
      sidekiq (>= 3.5)
      statsd-ruby (~> 1.4, >= 1.4.0)
    oj (3.13.11)
-    omniauth (1.9.1)
+    omniauth (1.9.2)
      hashie (>= 3.4.6)
      rack (>= 1.6.2, < 3)
    omniauth-cas (2.0.0)
@ -483,8 +483,8 @@ GEM
    pundit (2.2.0)
      activesupport (>= 3.0.0)
    raabro (1.4.0)
-    racc (1.6.0)
+    racc (1.7.1)
-    rack (2.2.3)
+    rack (2.2.7)
    rack-attack (6.6.1)
      rack (>= 1.0, < 3)
    rack-cors (1.1.1)
@ -499,20 +499,20 @@ GEM
      rack
    rack-test (1.1.0)
      rack (>= 1.0, < 3)
-    rails (6.1.6)
+    rails (6.1.7.4)
-      actioncable (= 6.1.6)
+      actioncable (= 6.1.7.4)
-      actionmailbox (= 6.1.6)
+      actionmailbox (= 6.1.7.4)
-      actionmailer (= 6.1.6)
+      actionmailer (= 6.1.7.4)
-      actionpack (= 6.1.6)
+      actionpack (= 6.1.7.4)
-      actiontext (= 6.1.6)
+      actiontext (= 6.1.7.4)
-      actionview (= 6.1.6)
+      actionview (= 6.1.7.4)
-      activejob (= 6.1.6)
+      activejob (= 6.1.7.4)
-      activemodel (= 6.1.6)
+      activemodel (= 6.1.7.4)
-      activerecord (= 6.1.6)
+      activerecord (= 6.1.7.4)
-      activestorage (= 6.1.6)
+      activestorage (= 6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
      bundler (>= 1.15.0)
-      railties (= 6.1.6)
+      railties (= 6.1.7.4)
      sprockets-rails (>= 2.0.0)
    rails-controller-testing (1.0.5)
      actionpack (>= 5.0.1.rc1)
@ -521,16 +521,17 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
+    rails-html-sanitizer (1.6.0)
-      loofah (~> 2.3)
+      loofah (~> 2.21)
      nokogiri (~> 1.14)
    rails-i18n (6.0.0)
      i18n (>= 0.7, < 2)
      railties (>= 6.0.0, < 7)
    rails-settings-cached (0.6.6)
      rails (>= 4.2.0)
-    railties (6.1.6)
+    railties (6.1.7.4)
-      actionpack (= 6.1.6)
+      actionpack (= 6.1.7.4)
-      activesupport (= 6.1.6)
+      activesupport (= 6.1.7.4)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
@ -602,7 +603,7 @@ GEM
      fugit (~> 1.1, >= 1.1.6)
    safety_net_attestation (0.4.0)
      jwt (~> 2.0)
-    sanitize (6.0.0)
+    sanitize (6.0.1)
      crass (~> 1.0.2)
      nokogiri (>= 1.12.0)
    scenic (1.6.0)
@ -661,7 +662,7 @@ GEM
      unicode-display_width (>= 1.1.1, < 3)
    terrapin (0.6.0)
      climate_control (>= 0.0.3, < 1.0)
-    thor (1.2.1)
+    thor (1.2.2)
    tilt (2.0.10)
    tpm-key_attestation (0.11.0)
      bindata (~> 2.4)
@ -680,7 +681,7 @@ GEM
    twitter-text (3.1.0)
      idn-ruby
      unf (~> 0.1.0)
-    tzinfo (2.0.4)
+    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
    tzinfo-data (1.2022.1)
      tzinfo (>= 1.0.0)
@ -725,7 +726,7 @@ GEM
    xorcist (1.1.2)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    zeitwerk (2.5.4)
+    zeitwerk (2.6.8)
 PLATFORMS
  ruby
@ -809,6 +810,7 @@ DEPENDENCIES
  private_address_check (~> 0.5)
  pry-byebug (~> 3.9)
  pry-rails (~> 0.3)
  public_suffix (~> 4.0.7)
  puma (~> 5.6)
  pundit (~> 2.2)
  rack (~> 2.2.3)
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@ -49,12 +49,14 @@ module Admin
    def approve
      authorize @account.user, :approve?
      @account.user.approve!
      log_action :approve, @account.user
      redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.approved_msg', username: @account.acct)
    end
    def reject
      authorize @account.user, :reject?
      DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
      log_action :reject, @account.user
      redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.rejected_msg', username: @account.acct)
    end
--- a/app/controllers/admin/domain_blocks_controller.rb
+++ b/app/controllers/admin/domain_blocks_controller.rb
@ -43,12 +43,8 @@ module Admin
    def update
      authorize :domain_block, :update?
-      @domain_block.update(update_params)
+      if @domain_block.update(update_params)
-
+        DomainBlockWorker.perform_async(@domain_block.id, @domain_block.severity_previously_changed?)
      severity_changed = @domain_block.severity_changed?
      if @domain_block.save
        DomainBlockWorker.perform_async(@domain_block.id, severity_changed)
        log_action :update, @domain_block
        redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
      else
--- a/app/controllers/admin/instances_controller.rb
+++ b/app/controllers/admin/instances_controller.rb
@ -57,7 +57,7 @@ module Admin
    end
    def preload_delivery_failures!
-      warning_domains_map = DeliveryFailureTracker.warning_domains_map
+      warning_domains_map = DeliveryFailureTracker.warning_domains_map(@instances.map(&:domain))
      @instances.each do |instance|
        instance.failure_days = warning_domains_map[instance.domain]
--- a/app/controllers/api/v1/admin/accounts_controller.rb
+++ b/app/controllers/api/v1/admin/accounts_controller.rb
@ -54,12 +54,14 @@ class Api::V1::Admin::AccountsController < Api::BaseController
  def approve
    authorize @account.user, :approve?
    @account.user.approve!
    log_action :approve, @account.user
    render json: @account, serializer: REST::Admin::AccountSerializer
  end
  def reject
    authorize @account.user, :reject?
    DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
    log_action :reject, @account.user
    render json: @account, serializer: REST::Admin::AccountSerializer
  end
--- a/app/controllers/api/v1/conversations_controller.rb
+++ b/app/controllers/api/v1/conversations_controller.rb
@ -11,7 +11,7 @@ class Api::V1::ConversationsController < Api::BaseController
  def index
    @conversations = paginated_conversations
-    render json: @conversations, each_serializer: REST::ConversationSerializer
+    render json: @conversations, each_serializer: REST::ConversationSerializer, relationships: StatusRelationshipsPresenter.new(@conversations.map(&:last_status), current_user&.account_id)
  end
  def read
@ -32,6 +32,19 @@ class Api::V1::ConversationsController < Api::BaseController
  def paginated_conversations
    AccountConversation.where(account: current_account)
                       .includes(
                         account: :account_stat,
                         last_status: [
                           :media_attachments,
                           :preview_cards,
                           :status_stat,
                           :tags,
                           {
                             active_mentions: [account: :account_stat],
                             account: :account_stat,
                           },
                         ]
                       )
                       .to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
  end
--- a/app/controllers/api/v1/statuses/reblogs_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogs_controller.rb
@ -2,6 +2,8 @@
 class Api::V1::Statuses::ReblogsController < Api::BaseController
  include Authorization
  include Redisable
  include Lockable
  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }
  before_action :require_user!
@ -10,7 +12,9 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
  override_rate_limit_headers :create, family: :statuses
  def create
-    @status = ReblogService.new.call(current_account, @reblog, reblog_params)
+    with_lock("reblog:#{current_account.id}:#{@reblog.id}") do
      @status = ReblogService.new.call(current_account, @reblog, reblog_params)
    end
    render json: @status, serializer: REST::StatusSerializer
  end
--- a/app/controllers/api/v2/admin/accounts_controller.rb
+++ b/app/controllers/api/v2/admin/accounts_controller.rb
@ -17,6 +17,14 @@ class Api::V2::Admin::AccountsController < Api::V1::Admin::AccountsController
  private
  def next_path
    api_v2_admin_accounts_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
  def prev_path
    api_v2_admin_accounts_url(pagination_params(min_id: pagination_since_id)) unless @accounts.empty?
  end
  def filtered_accounts
    AccountFilter.new(filter_params).results
  end
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@ -46,7 +46,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
    super(hash)
    resource.locale                 = I18n.locale
-    resource.invite_code            = params[:invite_code] if resource.invite_code.blank?
+    resource.invite_code            = @invite&.code if resource.invite_code.blank?
    resource.registration_form_time = session[:registration_form_time]
    resource.sign_up_ip             = request.remote_ip
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@ -12,6 +12,10 @@ class Auth::SessionsController < Devise::SessionsController
  before_action :set_instance_presenter, only: [:new]
  before_action :set_body_classes
  content_security_policy only: :new do |p|
    p.form_action(false)
  end
  def create
    super do |resource|
      # We only need to call this if this hasn't already been
--- a/app/controllers/backups_controller.rb
+++ b/app/controllers/backups_controller.rb
@ -0,0 +1,31 @@
 # frozen_string_literal: true
 class BackupsController < ApplicationController
  include RoutingHelper
  skip_before_action :require_functional!
  before_action :authenticate_user!
  before_action :set_backup
  def download
    case Paperclip::Attachment.default_options[:storage]
    when :s3
      redirect_to @backup.dump.expiring_url(10)
    when :fog
      if Paperclip::Attachment.default_options.dig(:fog_credentials, :openstack_temp_url_key).present?
        redirect_to @backup.dump.expiring_url(Time.now.utc + 10)
      else
        redirect_to full_asset_url(@backup.dump.url)
      end
    when :filesystem
      redirect_to full_asset_url(@backup.dump.url)
    end
  end
  private
  def set_backup
    @backup = current_user.backups.find(params[:id])
  end
 end
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@ -46,6 +46,6 @@ class MediaController < ApplicationController
  end
  def allow_iframing
-    response.headers['X-Frame-Options'] = 'ALLOWALL'
+    response.headers.delete('X-Frame-Options')
  end
 end
--- a/app/controllers/oauth/authorizations_controller.rb
+++ b/app/controllers/oauth/authorizations_controller.rb
@ -7,6 +7,10 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
  before_action :authenticate_resource_owner!
  before_action :set_cache_headers
  content_security_policy do |p|
    p.form_action(false)
  end
  include Localized
  private
--- a/app/controllers/oauth/authorized_applications_controller.rb
+++ b/app/controllers/oauth/authorized_applications_controller.rb
@ -8,6 +8,8 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
  before_action :require_not_suspended!, only: :destroy
  before_action :set_body_classes
  before_action :set_last_used_at_by_app, only: :index, unless: -> { request.format == :json }
  skip_before_action :require_functional!
  include Localized
@ -30,4 +32,14 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
  def require_not_suspended!
    forbidden if current_account.suspended?
  end
  def set_last_used_at_by_app
    @last_used_at_by_app = Doorkeeper::AccessToken
                           .select('DISTINCT ON (application_id) application_id, last_used_at')
                           .where(resource_owner_id: current_resource_owner.id)
                           .where.not(last_used_at: nil)
                           .order(application_id: :desc, last_used_at: :desc)
                           .pluck(:application_id, :last_used_at)
                           .to_h
  end
 end
--- a/app/controllers/relationships_controller.rb
+++ b/app/controllers/relationships_controller.rb
@ -19,6 +19,8 @@ class RelationshipsController < ApplicationController
    @form.save
  rescue ActionController::ParameterMissing
    # Do nothing
  rescue Mastodon::NotPermittedError, ActiveRecord::RecordNotFound
    flash[:alert] = I18n.t('relationships.follow_failure') if action_from_button == 'follow'
  ensure
    redirect_to relationships_path(filter_params)
  end
@ -60,8 +62,8 @@ class RelationshipsController < ApplicationController
      'unfollow'
    elsif params[:remove_from_followers]
      'remove_from_followers'
-    elsif params[:block_domains]
+    elsif params[:block_domains] || params[:remove_domains_from_followers]
-      'block_domains'
+      'remove_domains_from_followers'
    end
  end
--- a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
@ -52,7 +52,7 @@ module Settings
            end
          else
            flash[:error] = I18n.t('webauthn_credentials.create.error')
-            status = :internal_server_error
+            status = :unprocessable_entity
          end
        else
          flash[:error] = t('webauthn_credentials.create.error')
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@ -48,7 +48,7 @@ class StatusesController < ApplicationController
    return not_found if @status.hidden? || @status.reblog?
    expires_in 180, public: true
-    response.headers['X-Frame-Options'] = 'ALLOWALL'
+    response.headers.delete('X-Frame-Options')
    render layout: 'embedded'
  end
--- a/app/helpers/formatting_helper.rb
+++ b/app/helpers/formatting_helper.rb
@ -53,6 +53,10 @@ module FormattingHelper
  end
  def account_field_value_format(field, with_rel_me: true)
-    html_aware_format(field.value, field.account.local?, with_rel_me: with_rel_me, with_domains: true, multiline: false)
+    if field.verified? && !field.account.local?
      TextFormatter.shortened_link(field.value_for_verification)
    else
      html_aware_format(field.value, field.account.local?, with_rel_me: with_rel_me, with_domains: true, multiline: false)
    end
  end
 end
--- a/app/javascript/mastodon/features/compose/components/language_dropdown.js
+++ b/app/javascript/mastodon/features/compose/components/language_dropdown.js
@ -222,7 +222,7 @@ class LanguageDropdownMenu extends React.PureComponent {
    return (
      <div key={lang[0]} role='option' tabIndex='0' data-index={lang[0]} className={classNames('language-dropdown__dropdown__results__item', { active: lang[0] === value })} aria-selected={lang[0] === value} onClick={this.handleClick} onKeyDown={this.handleKeyDown}>
-        <span className='language-dropdown__dropdown__results__item__native-name'>{lang[2]}</span> <span className='language-dropdown__dropdown__results__item__common-name'>({lang[1]})</span>
+        <span className='language-dropdown__dropdown__results__item__native-name' lang={lang[0]}>{lang[2]}</span> <span className='language-dropdown__dropdown__results__item__common-name'>({lang[1]})</span>
      </div>
    );
  }
--- a/app/javascript/mastodon/reducers/compose.js
+++ b/app/javascript/mastodon/reducers/compose.js
@ -188,11 +188,12 @@ const ignoreSuggestion = (state, position, token, completion, path) => {
 };
 const sortHashtagsByUse = (state, tags) => {
-  const personalHistory = state.get('tagHistory');
+  const personalHistory = state.get('tagHistory').map(tag => tag.toLowerCase());
-  return tags.sort((a, b) => {
+  const tagsWithLowercase = tags.map(t => ({ ...t, lowerName: t.name.toLowerCase() }));
-    const usedA = personalHistory.includes(a.name);
+  const sorted = tagsWithLowercase.sort((a, b) => {
-    const usedB = personalHistory.includes(b.name);
+    const usedA = personalHistory.includes(a.lowerName);
    const usedB = personalHistory.includes(b.lowerName);
    if (usedA === usedB) {
      return 0;
@ -202,6 +203,8 @@ const sortHashtagsByUse = (state, tags) => {
      return 1;
    }
  });
  sorted.forEach(tag => delete tag.lowerName);
  return sorted;
 };
 const insertEmoji = (state, position, emojiData, needsSpace) => {
--- a/app/javascript/styles/mastodon/components.scss
+++ b/app/javascript/styles/mastodon/components.scss
@ -4373,6 +4373,7 @@ a.status-card.compact:hover {
  display: flex;
  align-items: center;
  justify-content: center;
  text-align: center;
  color: $secondary-text-color;
  font-size: 18px;
  font-weight: 500;
--- a/app/lib/account_reach_finder.rb
+++ b/app/lib/account_reach_finder.rb
@ -6,7 +6,7 @@ class AccountReachFinder
  end
  def inboxes
-    (followers_inboxes + reporters_inboxes + relay_inboxes).uniq
+    (followers_inboxes + reporters_inboxes + recently_mentioned_inboxes + relay_inboxes).uniq
  end
  private
@ -19,6 +19,13 @@ class AccountReachFinder
    Account.where(id: @account.targeted_reports.select(:account_id)).inboxes
  end
  def recently_mentioned_inboxes
    cutoff_id       = Mastodon::Snowflake.id_at(2.days.ago, with_random: false)
    recent_statuses = @account.statuses.recent.where(id: cutoff_id...).limit(200)
    Account.joins(:mentions).where(mentions: { status: recent_statuses }).inboxes.take(2000)
  end
  def relay_inboxes
    Relay.enabled.pluck(:inbox_url)
  end
--- a/app/lib/activitypub/activity.rb
+++ b/app/lib/activitypub/activity.rb
@ -106,7 +106,8 @@ class ActivityPub::Activity
      actor_id = value_or_id(first_of_value(@object['attributedTo']))
      if actor_id == @account.uri
-        return ActivityPub::Activity.factory({ 'type' => 'Create', 'actor' => actor_id, 'object' => @object }, @account).perform
+        virtual_object = { 'type' => 'Create', 'actor' => actor_id, 'object' => @object }
        return ActivityPub::Activity.factory(virtual_object, @account, request_id: @options[:request_id]).perform
      end
    end
@ -152,9 +153,9 @@ class ActivityPub::Activity
  def fetch_remote_original_status
    if object_uri.start_with?('http')
      return if ActivityPub::TagManager.instance.local_uri?(object_uri)
-      ActivityPub::FetchRemoteStatusService.new.call(object_uri, id: true, on_behalf_of: @account.followers.local.first)
+      ActivityPub::FetchRemoteStatusService.new.call(object_uri, id: true, on_behalf_of: @account.followers.local.first, request_id: @options[:request_id])
    elsif @object['url'].present?
-      ::FetchRemoteStatusService.new.call(@object['url'])
+      ::FetchRemoteStatusService.new.call(@object['url'], request_id: @options[:request_id])
    end
  end
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@ -283,7 +283,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
    return if tag['href'].blank?
    account = account_from_uri(tag['href'])
-    account = ActivityPub::FetchRemoteAccountService.new.call(tag['href']) if account.nil?
+    account = ActivityPub::FetchRemoteAccountService.new.call(tag['href'], request_id: @options[:request_id]) if account.nil?
    return if account.nil?
@ -388,18 +388,18 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
  def resolve_thread(status)
    return unless status.reply? && status.thread.nil? && Request.valid_url?(in_reply_to_uri)
-    ThreadResolveWorker.perform_async(status.id, in_reply_to_uri)
+    ThreadResolveWorker.perform_async(status.id, in_reply_to_uri, { 'request_id' => @options[:request_id]})
  end
  def fetch_replies(status)
    collection = @object['replies']
    return if collection.nil?
-    replies = ActivityPub::FetchRepliesService.new.call(status, collection, false)
+    replies = ActivityPub::FetchRepliesService.new.call(status, collection, allow_synchronous_requests: false, request_id: @options[:request_id])
    return unless replies.nil?
    uri = value_or_id(collection)
-    ActivityPub::FetchRepliesWorker.perform_async(status.id, uri) unless uri.nil?
+    ActivityPub::FetchRepliesWorker.perform_async(status.id, uri, { 'request_id' => @options[:request_id]}) unless uri.nil?
  end
  def conversation_from_uri(uri)
--- a/app/lib/activitypub/activity/update.rb
+++ b/app/lib/activitypub/activity/update.rb
@ -18,7 +18,7 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
  def update_account
    return reject_payload! if @account.uri != object_uri
-    ActivityPub::ProcessAccountService.new.call(@account.username, @account.domain, @object, signed_with_known_key: true)
+    ActivityPub::ProcessAccountService.new.call(@account.username, @account.domain, @object, signed_with_known_key: true, request_id: @options[:request_id])
  end
  def update_status
@ -28,6 +28,6 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
    return if @status.nil?
-    ActivityPub::ProcessStatusUpdateService.new.call(@status, @object)
+    ActivityPub::ProcessStatusUpdateService.new.call(@status, @object, request_id: @options[:request_id])
  end
 end
--- a/app/lib/admin/system_check.rb
+++ b/app/lib/admin/system_check.rb
@ -2,6 +2,7 @@
 class Admin::SystemCheck
  ACTIVE_CHECKS = [
    Admin::SystemCheck::MediaPrivacyCheck,
    Admin::SystemCheck::DatabaseSchemaCheck,
    Admin::SystemCheck::SidekiqProcessCheck,
    Admin::SystemCheck::RulesCheck,
--- a/app/lib/admin/system_check/elasticsearch_check.rb
+++ b/app/lib/admin/system_check/elasticsearch_check.rb
@ -20,7 +20,7 @@ class Admin::SystemCheck::ElasticsearchCheck < Admin::SystemCheck::BaseCheck
  def running_version
    @running_version ||= begin
      Chewy.client.info['version']['number']
-    rescue Faraday::ConnectionFailed
+    rescue Faraday::ConnectionFailed, Elasticsearch::Transport::Transport::Error
      nil
    end
  end
--- a/app/lib/admin/system_check/media_privacy_check.rb
+++ b/app/lib/admin/system_check/media_privacy_check.rb
@ -0,0 +1,105 @@
 # frozen_string_literal: true
 class Admin::SystemCheck::MediaPrivacyCheck < Admin::SystemCheck::BaseCheck
  include RoutingHelper
  def skip?
    !current_user.can?(:view_devops)
  end
  def pass?
    check_media_uploads!
    @failure_message.nil?
  end
  def message
    Admin::SystemCheck::Message.new(@failure_message, @failure_value, @failure_action, true)
  end
  private
  def check_media_uploads!
    if Rails.configuration.x.use_s3
      check_media_listing_inaccessible_s3!
    else
      check_media_listing_inaccessible!
    end
  end
  def check_media_listing_inaccessible!
    full_url = full_asset_url(media_attachment.file.url(:original, false))
    # Check if we can list the uploaded file. If true, that's an error
    directory_url = Addressable::URI.parse(full_url)
    directory_url.query = nil
    filename = directory_url.path.gsub(%r{.*/}, '')
    directory_url.path = directory_url.path.gsub(%r{/[^/]+\Z}, '/')
    Request.new(:get, directory_url, allow_local: true).perform do |res|
      if res.truncated_body&.include?(filename)
        @failure_message = use_storage? ? :upload_check_privacy_error_object_storage : :upload_check_privacy_error
        @failure_action = 'https://docs.joinmastodon.org/admin/optional/object-storage/#FS'
      end
    end
  rescue
    nil
  end
  def check_media_listing_inaccessible_s3!
    urls_to_check = []
    paperclip_options = Paperclip::Attachment.default_options
    s3_protocol = paperclip_options[:s3_protocol]
    s3_host_alias = paperclip_options[:s3_host_alias]
    s3_host_name  = paperclip_options[:s3_host_name]
    bucket_name = paperclip_options.dig(:s3_credentials, :bucket)
    urls_to_check << "#{s3_protocol}://#{s3_host_alias}/" if s3_host_alias.present?
    urls_to_check << "#{s3_protocol}://#{s3_host_name}/#{bucket_name}/"
    urls_to_check.uniq.each do |full_url|
      check_s3_listing!(full_url)
      break if @failure_message.present?
    end
  rescue
    nil
  end
  def check_s3_listing!(full_url)
    bucket_url = Addressable::URI.parse(full_url)
    bucket_url.path = bucket_url.path.delete_suffix(media_attachment.file.path(:original))
    bucket_url.query = "max-keys=1&x-random=#{SecureRandom.hex(10)}"
    Request.new(:get, bucket_url, allow_local: true).perform do |res|
      if res.truncated_body&.include?('ListBucketResult')
        @failure_message = :upload_check_privacy_error_object_storage
        @failure_action  = 'https://docs.joinmastodon.org/admin/optional/object-storage/#S3'
      end
    end
  end
  def media_attachment
    @media_attachment ||= begin
      attachment = Account.representative.media_attachments.first
      if attachment.present?
        attachment.touch # rubocop:disable Rails/SkipsModelValidations
        attachment
      else
        create_test_attachment!
      end
    end
  end
  def create_test_attachment!
    Tempfile.create(%w(test-upload .jpg), binmode: true) do |tmp_file|
      tmp_file.write(
        Base64.decode64(
          '/9j/4QAiRXhpZgAATU0AKgAAAAgAAQESAAMAAAABAAYAAAA' \
          'AAAD/2wCEAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA' \
          'QEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE' \
          'BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAf/AABEIAAEAAgMBEQACEQEDEQH/x' \
          'ABKAAEAAAAAAAAAAAAAAAAAAAALEAEAAAAAAAAAAAAAAAAAAAAAAQEAAAAAAAAAAAAAAAA' \
          'AAAAAEQEAAAAAAAAAAAAAAAAAAAAA/9oADAMBAAIRAxEAPwA/8H//2Q=='
        )
      )
      tmp_file.flush
      Account.representative.media_attachments.create!(file: tmp_file)
    end
  end
 end
--- a/app/lib/admin/system_check/message.rb
+++ b/app/lib/admin/system_check/message.rb
@ -1,11 +1,12 @@
 # frozen_string_literal: true
 class Admin::SystemCheck::Message
-  attr_reader :key, :value, :action
+  attr_reader :key, :value, :action, :critical
-  def initialize(key, value = nil, action = nil)
+  def initialize(key, value = nil, action = nil, critical = false)
-    @key    = key
+    @key      = key
-    @value  = value
+    @value    = value
-    @action = action
+    @action   = action
    @critical = critical
  end
 end
--- a/app/lib/application_extension.rb
+++ b/app/lib/application_extension.rb
@ -9,10 +9,6 @@ module ApplicationExtension
    validates :redirect_uri, length: { maximum: 2_000 }
  end
  def most_recently_used_access_token
    @most_recently_used_access_token ||= access_tokens.where.not(last_used_at: nil).order(last_used_at: :desc).first
  end
  def confirmation_redirect_uri
    redirect_uri.lines.first.strip
  end
--- a/app/lib/delivery_failure_tracker.rb
+++ b/app/lib/delivery_failure_tracker.rb
@ -65,8 +65,13 @@ class DeliveryFailureTracker
      domains - UnavailableDomain.all.pluck(:domain)
    end
-    def warning_domains_map
+    def warning_domains_map(domains = nil)
-      warning_domains.index_with { |domain| redis.scard(exhausted_deliveries_key_by(domain)) }
+      if domains.nil?
        warning_domains.index_with { |domain| redis.scard(exhausted_deliveries_key_by(domain)) }
      else
        domains -= UnavailableDomain.where(domain: domains).pluck(:domain)
        domains.index_with { |domain| redis.scard(exhausted_deliveries_key_by(domain)) }.filter { |_, days| days.positive? }
      end
    end
    private
--- a/app/lib/link_details_extractor.rb
+++ b/app/lib/link_details_extractor.rb
@ -140,7 +140,7 @@ class LinkDetailsExtractor
  end
  def html
-    player_url.present? ? content_tag(:iframe, nil, src: player_url, width: width, height: height, allowtransparency: 'true', scrolling: 'no', frameborder: '0') : nil
+    player_url.present? ? content_tag(:iframe, nil, src: player_url, width: width, height: height, allowfullscreen: 'true', allowtransparency: 'true', scrolling: 'no', frameborder: '0') : nil
  end
  def width
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@ -7,11 +7,48 @@ require 'resolv'
 # Monkey-patch the HTTP.rb timeout class to avoid using a timeout block
 # around the Socket#open method, since we use our own timeout blocks inside
 # that method
 #
 # Also changes how the read timeout behaves so that it is cumulative (closer
 # to HTTP::Timeout::Global, but still having distinct timeouts for other
 # operation types)
 class HTTP::Timeout::PerOperation
  def connect(socket_class, host, port, nodelay = false)
    @socket = socket_class.open(host, port)
    @socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) if nodelay
  end
  # Reset deadline when the connection is re-used for different requests
  def reset_counter
    @deadline = nil
  end
  # Read data from the socket
  def readpartial(size, buffer = nil)
    @deadline ||= Process.clock_gettime(Process::CLOCK_MONOTONIC) + @read_timeout
    timeout = false
    loop do
      result = @socket.read_nonblock(size, buffer, exception: false)
      return :eof if result.nil?
      remaining_time = @deadline - Process.clock_gettime(Process::CLOCK_MONOTONIC)
      raise HTTP::TimeoutError, "Read timed out after #{@read_timeout} seconds" if timeout || remaining_time <= 0
      return result if result != :wait_readable
      # marking the socket for timeout. Why is this not being raised immediately?
      # it seems there is some race-condition on the network level between calling
      # #read_nonblock and #wait_readable, in which #read_nonblock signalizes waiting
      # for reads, and when waiting for x seconds, it returns nil suddenly without completing
      # the x seconds. In a normal case this would be a timeout on wait/read, but it can
      # also mean that the socket has been closed by the server. Therefore we "mark" the
      # socket for timeout and try to read more bytes. If it returns :eof, it's all good, no
      # timeout. Else, the first timeout was a proper timeout.
      # This hack has to be done because io/wait#wait_readable doesn't provide a value for when
      # the socket is closed by the server, and HTTP::Parser doesn't provide the limit for the chunks.
      timeout = true unless @socket.to_io.wait_readable(remaining_time)
    end
  end
 end
 class Request
--- a/app/lib/status_reach_finder.rb
+++ b/app/lib/status_reach_finder.rb
@ -70,7 +70,7 @@ class StatusReachFinder
  def followers_inboxes
    if @status.in_reply_to_local_account? && distributable?
-      @status.account.followers.or(@status.thread.account.followers).inboxes
+      @status.account.followers.or(@status.thread.account.followers.not_domain_blocked_by_account(@status.account)).inboxes
    elsif @status.direct_visibility? || @status.limited_visibility?
      []
    else
--- a/app/lib/text_formatter.rb
+++ b/app/lib/text_formatter.rb
@ -48,6 +48,26 @@ class TextFormatter
    html.html_safe # rubocop:disable Rails/OutputSafety
  end
  class << self
    include ERB::Util
    def shortened_link(url, rel_me: false)
      url = Addressable::URI.parse(url).to_s
      rel = rel_me ? (DEFAULT_REL + %w(me)) : DEFAULT_REL
      prefix      = url.match(URL_PREFIX_REGEX).to_s
      display_url = url[prefix.length, 30]
      suffix      = url[prefix.length + 30..-1]
      cutoff      = url[prefix.length..-1].length > 30
      <<~HTML.squish.html_safe # rubocop:disable Rails/OutputSafety
        <a href="#{h(url)}" target="_blank" rel="#{rel.join(' ')}"><span class="invisible">#{h(prefix)}</span><span class="#{cutoff ? 'ellipsis' : ''}">#{h(display_url)}</span><span class="invisible">#{h(suffix)}</span></a>
      HTML
    rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError
      h(url)
    end
  end
  private
  def rewrite
@ -70,19 +90,7 @@ class TextFormatter
  end
  def link_to_url(entity)
-    url = Addressable::URI.parse(entity[:url]).to_s
+    TextFormatter.shortened_link(entity[:url], rel_me: with_rel_me?)
    rel = with_rel_me? ? (DEFAULT_REL + %w(me)) : DEFAULT_REL
    prefix      = url.match(URL_PREFIX_REGEX).to_s
    display_url = url[prefix.length, 30]
    suffix      = url[prefix.length + 30..-1]
    cutoff      = url[prefix.length..-1].length > 30
    <<~HTML.squish
      <a href="#{h(url)}" target="_blank" rel="#{rel.join(' ')}"><span class="invisible">#{h(prefix)}</span><span class="#{cutoff ? 'ellipsis' : ''}">#{h(display_url)}</span><span class="invisible">#{h(suffix)}</span></a>
    HTML
  rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError
    h(entity[:url])
  end
  def link_to_hashtag(entity)
--- a/app/mailers/application_mailer.rb
+++ b/app/mailers/application_mailer.rb
@ -7,6 +7,8 @@ class ApplicationMailer < ActionMailer::Base
  helper :instance
  helper :formatting
  after_action :set_autoreply_headers!
  protected
  def locale_for_account(account)
@ -14,4 +16,10 @@ class ApplicationMailer < ActionMailer::Base
      yield
    end
  end
  def set_autoreply_headers!
    headers['Precedence'] = 'list'
    headers['X-Auto-Response-Suppress'] = 'All'
    headers['Auto-Submitted'] = 'auto-generated'
  end
 end
--- a/app/models/account.rb
+++ b/app/models/account.rb
@ -106,7 +106,7 @@ class Account < ApplicationRecord
  scope :bots, -> { where(actor_type: %w(Application Service)) }
  scope :groups, -> { where(actor_type: 'Group') }
  scope :alphabetic, -> { order(domain: :asc, username: :asc) }
-  scope :matches_username, ->(value) { where(arel_table[:username].matches("#{value}%")) }
+  scope :matches_username, ->(value) { where('lower((username)::text) LIKE lower(?)', "#{value}%") }
  scope :matches_display_name, ->(value) { where(arel_table[:display_name].matches("#{value}%")) }
  scope :matches_domain, ->(value) { where(arel_table[:domain].matches("%#{value}%")) }
  scope :without_unapproved, -> { left_outer_joins(:user).remote.or(left_outer_joins(:user).merge(User.approved.confirmed)) }
--- a/app/models/account_conversation.rb
+++ b/app/models/account_conversation.rb
@ -16,34 +16,44 @@
 class AccountConversation < ApplicationRecord
  include Redisable
  attr_writer :participant_accounts
  before_validation :set_last_status
  after_commit :push_to_streaming_api
  belongs_to :account
  belongs_to :conversation
  belongs_to :last_status, class_name: 'Status'
  before_validation :set_last_status
  def participant_account_ids=(arr)
    self[:participant_account_ids] = arr.sort
    @participant_accounts = nil
  end
  def participant_accounts
-    if participant_account_ids.empty?
+    @participant_accounts ||= Account.where(id: participant_account_ids).to_a
-      [account]
+    @participant_accounts.presence || [account]
    else
      participants = Account.where(id: participant_account_ids)
      participants.empty? ? [account] : participants
    end
  end
  class << self
    def to_a_paginated_by_id(limit, options = {})
-      if options[:min_id]
+      array = begin
-        paginate_by_min_id(limit, options[:min_id], options[:max_id]).reverse
+        if options[:min_id]
-      else
+          paginate_by_min_id(limit, options[:min_id], options[:max_id]).reverse
-        paginate_by_max_id(limit, options[:max_id], options[:since_id]).to_a
+        else
          paginate_by_max_id(limit, options[:max_id], options[:since_id]).to_a
        end
      end
      # Preload participants
      participant_ids = array.flat_map(&:participant_account_ids)
      accounts_by_id = Account.where(id: participant_ids).index_by(&:id)
      array.each do |conversation|
        conversation.participant_accounts = conversation.participant_account_ids.filter_map { |id| accounts_by_id[id] }
      end
      array
    end
    def paginate_by_min_id(limit, min_id = nil, max_id = nil)
--- a/app/models/admin/status_batch_action.rb
+++ b/app/models/admin/status_batch_action.rb
@ -73,7 +73,7 @@ class Admin::StatusBatchAction
    # Can't use a transaction here because UpdateStatusService queues
    # Sidekiq jobs
    statuses.includes(:media_attachments, :preview_cards).find_each do |status|
-      next unless status.with_media? || status.with_preview_card?
+      next if status.discarded? || !(status.with_media? || status.with_preview_card?)
      authorize(status, :update?)
@ -89,15 +89,15 @@ class Admin::StatusBatchAction
        report.resolve!(current_account)
        log_action(:resolve, report)
      end
      @warning = target_account.strikes.create!(
        action: :mark_statuses_as_sensitive,
        account: current_account,
        report: report,
        status_ids: status_ids
      )
    end
    @warning = target_account.strikes.create!(
      action: :mark_statuses_as_sensitive,
      account: current_account,
      report: report,
      status_ids: status_ids
    )
    UserMailer.warning(target_account.user, @warning).deliver_later! if warnable?
  end
--- a/app/models/backup.rb
+++ b/app/models/backup.rb
@ -17,6 +17,6 @@
 class Backup < ApplicationRecord
  belongs_to :user, inverse_of: :backups
-  has_attached_file :dump
+  has_attached_file :dump, s3_permissions: ->(*) { ENV['S3_PERMISSION'] == '' ? nil : 'private' }
  do_not_validate_attachment_file_type :dump
 end
--- a/app/models/concerns/attachmentable.rb
+++ b/app/models/concerns/attachmentable.rb
@ -22,15 +22,14 @@ module Attachmentable
  included do
    def self.has_attached_file(name, options = {}) # rubocop:disable Naming/PredicateName
      options = { validate_media_type: false }.merge(options)
      super(name, options)
-      send(:"before_#{name}_post_process") do
+
      send(:"before_#{name}_validate", prepend: true) do
        attachment = send(name)
        check_image_dimension(attachment)
        set_file_content_type(attachment)
        obfuscate_file_name(attachment)
        set_file_extension(attachment)
        Paperclip::Validators::MediaTypeSpoofDetectionValidator.new(attributes: [name]).validate(self)
      end
    end
  end
--- a/app/models/concerns/domain_materializable.rb
+++ b/app/models/concerns/domain_materializable.rb
@ -3,11 +3,24 @@
 module DomainMaterializable
  extend ActiveSupport::Concern
  include Redisable
  included do
    after_create_commit :refresh_instances_view
  end
  def refresh_instances_view
-    Instance.refresh unless domain.nil? || Instance.where(domain: domain).exists?
+    return if domain.nil? || Instance.exists?(domain: domain)
    Instance.refresh
    count_unique_subdomains!
  end
  def count_unique_subdomains!
    second_and_top_level_domain = PublicSuffix.domain(domain, ignore_private: true)
    with_redis do |redis|
      redis.pfadd("unique_subdomains_for:#{second_and_top_level_domain}", domain)
      redis.expire("unique_subdomains_for:#{second_and_top_level_domain}", 1.minute.seconds)
    end
  end
 end
--- a/app/models/concerns/ldap_authenticable.rb
+++ b/app/models/concerns/ldap_authenticable.rb
@ -6,7 +6,7 @@ module LdapAuthenticable
  class_methods do
    def authenticate_with_ldap(params = {})
      ldap   = Net::LDAP.new(ldap_options)
-      filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, mail: Devise.ldap_mail, email: params[:email])
+      filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, mail: Devise.ldap_mail, email: Net::LDAP::Filter.escape(params[:email]))
      if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: params[:password]))
        ldap_get_user(user_info.first)
--- a/app/models/form/account_batch.rb
+++ b/app/models/form/account_batch.rb
@ -16,8 +16,8 @@ class Form::AccountBatch
      unfollow!
    when 'remove_from_followers'
      remove_from_followers!
-    when 'block_domains'
+    when 'remove_domains_from_followers'
-      block_domains!
+      remove_domains_from_followers!
    when 'approve'
      approve!
    when 'reject'
@ -34,9 +34,15 @@ class Form::AccountBatch
  private
  def follow!
    error = nil
    accounts.each do |target_account|
      FollowService.new.call(current_account, target_account)
    rescue Mastodon::NotPermittedError, ActiveRecord::RecordNotFound => e
      error ||= e
    end
    raise error if error.present?
  end
  def unfollow!
@ -49,10 +55,8 @@ class Form::AccountBatch
    RemoveFromFollowersService.new.call(current_account, account_ids)
  end
-  def block_domains!
+  def remove_domains_from_followers!
-    AfterAccountDomainBlockWorker.push_bulk(account_domains) do |domain|
+    RemoveDomainsFromFollowersService.new.call(current_account, account_domains)
      [current_account.id, domain]
    end
  end
  def account_domains
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@ -12,7 +12,7 @@
 #
 class Identity < ApplicationRecord
-  belongs_to :user, dependent: :destroy
+  belongs_to :user
  validates :uid, presence: true, uniqueness: { scope: :provider }
  validates :provider, presence: true
--- a/app/models/poll.rb
+++ b/app/models/poll.rb
@ -85,6 +85,7 @@ class Poll < ApplicationRecord
  def reset_votes!
    self.cached_tallies = options.map { 0 }
    self.votes_count = 0
    self.voters_count = 0
    votes.delete_all unless new_record?
  end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -442,10 +442,13 @@ class User < ApplicationRecord
  def prepare_new_user!
    BootstrapTimelineWorker.perform_async(account_id)
    ActivityTracker.increment('activity:accounts:local')
    ActivityTracker.record('activity:logins', id)
    UserMailer.welcome(self).deliver_later
  end
  def prepare_returning_user!
    return unless confirmed?
    ActivityTracker.record('activity:logins', id)
    regenerate_feed! if needs_feed_update?
  end
--- a/app/serializers/rest/account_serializer.rb
+++ b/app/serializers/rest/account_serializer.rb
@ -15,6 +15,16 @@ class REST::AccountSerializer < ActiveModel::Serializer
  attribute :suspended, if: :suspended?
  attribute :silenced, key: :limited, if: :silenced?
  class AccountDecorator < SimpleDelegator
    def self.model_name
      Account.model_name
    end
    def moved?
      false
    end
  end
  class FieldSerializer < ActiveModel::Serializer
    include FormattingHelper
@ -84,7 +94,7 @@ class REST::AccountSerializer < ActiveModel::Serializer
  end
  def moved_to_account
-    object.suspended? ? nil : object.moved_to_account
+    object.suspended? ? nil : AccountDecorator.new(object.moved_to_account)
  end
  def emojis
@ -106,6 +116,6 @@ class REST::AccountSerializer < ActiveModel::Serializer
  delegate :suspended?, :silenced?, to: :object
  def moved_and_not_nested?
-    object.moved? && object.moved_to_account.moved_to_account_id.nil?
+    object.moved?
  end
 end
--- a/app/serializers/rest/preview_card_serializer.rb
+++ b/app/serializers/rest/preview_card_serializer.rb
@ -11,4 +11,8 @@ class REST::PreviewCardSerializer < ActiveModel::Serializer
  def image
    object.image? ? full_asset_url(object.image.url(:original)) : nil
  end
  def html
    Sanitize.fragment(object.html, Sanitize::Config::MASTODON_OEMBED)
  end
 end
--- a/app/services/activitypub/fetch_featured_collection_service.rb
+++ b/app/services/activitypub/fetch_featured_collection_service.rb
@ -3,10 +3,11 @@
 class ActivityPub::FetchFeaturedCollectionService < BaseService
  include JsonLdHelper
-  def call(account)
+  def call(account, **options)
    return if account.featured_collection_url.blank? || account.suspended? || account.local?
    @account = account
    @options = options
    @json    = fetch_resource(@account.featured_collection_url, true, local_follower)
    return unless supported_context?(@json)
@ -38,9 +39,9 @@ class ActivityPub::FetchFeaturedCollectionService < BaseService
  def process_items(items)
    status_ids = items.filter_map do |item|
      uri = value_or_id(item)
-      next if ActivityPub::TagManager.instance.local_uri?(uri)
+      next if ActivityPub::TagManager.instance.local_uri?(uri) || invalid_origin?(uri)
-      status = ActivityPub::FetchRemoteStatusService.new.call(uri, on_behalf_of: local_follower)
+      status = ActivityPub::FetchRemoteStatusService.new.call(uri, on_behalf_of: local_follower, expected_actor_uri: @account.uri, request_id: @options[:request_id])
      next unless status&.account_id == @account.id
      status.id
--- a/app/services/activitypub/fetch_remote_account_service.rb
+++ b/app/services/activitypub/fetch_remote_account_service.rb
@ -8,7 +8,7 @@ class ActivityPub::FetchRemoteAccountService < BaseService
  SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze
  # Does a WebFinger roundtrip on each call, unless `only_key` is true
-  def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false)
+  def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, request_id: nil)
    return if domain_not_allowed?(uri)
    return ActivityPub::TagManager.instance.uri_to_resource(uri, Account) if ActivityPub::TagManager.instance.local_uri?(uri)
@ -28,7 +28,7 @@ class ActivityPub::FetchRemoteAccountService < BaseService
    return unless only_key || verified_webfinger?
-    ActivityPub::ProcessAccountService.new.call(@username, @domain, @json, only_key: only_key, verified_webfinger: !only_key)
+    ActivityPub::ProcessAccountService.new.call(@username, @domain, @json, only_key: only_key, verified_webfinger: !only_key, request_id: request_id)
  rescue Oj::ParseError
    nil
  end
--- a/app/services/activitypub/fetch_remote_status_service.rb
+++ b/app/services/activitypub/fetch_remote_status_service.rb
@ -2,9 +2,13 @@
 class ActivityPub::FetchRemoteStatusService < BaseService
  include JsonLdHelper
  include Redisable
  DISCOVERIES_PER_REQUEST = 1000
  # Should be called when uri has already been checked for locality
-  def call(uri, id: true, prefetched_body: nil, on_behalf_of: nil)
+  def call(uri, id: true, prefetched_body: nil, on_behalf_of: nil, expected_actor_uri: nil, request_id: nil)
    @request_id = request_id || "#{Time.now.utc.to_i}-status-#{uri}"
    @json = begin
      if prefetched_body.nil?
        fetch_resource(uri, id, on_behalf_of)
@ -30,6 +34,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService
    end
    return if activity_json.nil? || object_uri.nil? || !trustworthy_attribution?(@json['id'], actor_uri)
    return if expected_actor_uri.present? && actor_uri != expected_actor_uri
    return ActivityPub::TagManager.instance.uri_to_resource(object_uri, Status) if ActivityPub::TagManager.instance.local_uri?(object_uri)
    actor = account_from_uri(actor_uri)
@ -40,7 +45,13 @@ class ActivityPub::FetchRemoteStatusService < BaseService
    # activity as an update rather than create
    activity_json['type'] = 'Update' if equals_or_includes_any?(activity_json['type'], %w(Create)) && Status.where(uri: object_uri, account_id: actor.id).exists?
-    ActivityPub::Activity.factory(activity_json, actor).perform
+    with_redis do |redis|
      discoveries = redis.incr("status_discovery_per_request:#{@request_id}")
      redis.expire("status_discovery_per_request:#{@request_id}", 5.minutes.seconds)
      return nil if discoveries > DISCOVERIES_PER_REQUEST
    end
    ActivityPub::Activity.factory(activity_json, actor, request_id: @request_id).perform
  end
  private
@ -52,7 +63,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService
  def account_from_uri(uri)
    actor = ActivityPub::TagManager.instance.uri_to_resource(uri, Account)
-    actor = ActivityPub::FetchRemoteAccountService.new.call(uri, id: true) if actor.nil? || actor.possibly_stale?
+    actor = ActivityPub::FetchRemoteAccountService.new.call(uri, id: true, request_id: @request_id) if actor.nil? || actor.possibly_stale?
    actor
  end
--- a/app/services/activitypub/fetch_replies_service.rb
+++ b/app/services/activitypub/fetch_replies_service.rb
@ -3,14 +3,14 @@
 class ActivityPub::FetchRepliesService < BaseService
  include JsonLdHelper
-  def call(parent_status, collection_or_uri, allow_synchronous_requests = true)
+  def call(parent_status, collection_or_uri, allow_synchronous_requests: true, request_id: nil)
    @account = parent_status.account
    @allow_synchronous_requests = allow_synchronous_requests
    @items = collection_items(collection_or_uri)
    return if @items.nil?
-    FetchReplyWorker.push_bulk(filtered_replies)
+    FetchReplyWorker.push_bulk(filtered_replies) { |reply_uri| [reply_uri, { 'request_id' => request_id}] }
    @items
  end
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@ -6,6 +6,9 @@ class ActivityPub::ProcessAccountService < BaseService
  include Redisable
  include Lockable
  SUBDOMAINS_RATELIMIT = 10
  DISCOVERIES_PER_REQUEST = 400
  # Should be called with confirmed valid JSON
  # and WebFinger-resolved username and domain
  def call(username, domain, json, options = {})
@ -15,9 +18,12 @@ class ActivityPub::ProcessAccountService < BaseService
    @json        = json
    @uri         = @json['id']
    @username    = username
-    @domain      = domain
+    @domain      = TagManager.instance.normalize_domain(domain)
    @collections = {}
    # The key does not need to be unguessable, it just needs to be somewhat unique
    @options[:request_id] ||= "#{Time.now.utc.to_i}-#{username}@#{domain}"
    with_lock("process_account:#{@uri}") do
      @account            = Account.remote.find_by(uri: @uri) if @options[:only_key]
      @account          ||= Account.find_remote(@username, @domain)
@ -25,7 +31,18 @@ class ActivityPub::ProcessAccountService < BaseService
      @old_protocol       = @account&.protocol
      @suspension_changed = false
-      create_account if @account.nil?
+      if @account.nil?
        with_redis do |redis|
          return nil if redis.pfcount("unique_subdomains_for:#{PublicSuffix.domain(@domain, ignore_private: true)}") >= SUBDOMAINS_RATELIMIT
          discoveries = redis.incr("discovery_per_request:#{@options[:request_id]}")
          redis.expire("discovery_per_request:#{@options[:request_id]}", 5.minutes.seconds)
          return nil if discoveries > DISCOVERIES_PER_REQUEST
        end
        create_account
      end
      update_account
      process_tags
@ -149,7 +166,7 @@ class ActivityPub::ProcessAccountService < BaseService
  end
  def check_featured_collection!
-    ActivityPub::SynchronizeFeaturedCollectionWorker.perform_async(@account.id)
+    ActivityPub::SynchronizeFeaturedCollectionWorker.perform_async(@account.id, { 'request_id' => @options[:request_id] })
  end
  def check_links!
@ -249,7 +266,7 @@ class ActivityPub::ProcessAccountService < BaseService
  def moved_account
    account   = ActivityPub::TagManager.instance.uri_to_resource(@json['movedTo'], Account)
-    account ||= ActivityPub::FetchRemoteAccountService.new.call(@json['movedTo'], id: true, break_on_redirect: true)
+    account ||= ActivityPub::FetchRemoteAccountService.new.call(@json['movedTo'], id: true, break_on_redirect: true, request_id: @options[:request_id])
    account
  end
--- a/app/services/activitypub/process_status_update_service.rb
+++ b/app/services/activitypub/process_status_update_service.rb
@ -5,7 +5,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService
  include Redisable
  include Lockable
-  def call(status, json)
+  def call(status, json, request_id: nil)
    raise ArgumentError, 'Status has unsaved changes' if status.changed?
    @json                      = json
@ -15,6 +15,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService
    @account                   = status.account
    @media_attachments_changed = false
    @poll_changed              = false
    @request_id                = request_id
    # Only native types can be updated at the moment
    return @status if !expected_type? || already_updated_more_recently?
@ -92,7 +93,13 @@ class ActivityPub::ProcessStatusUpdateService < BaseService
        next if unsupported_media_type?(media_attachment_parser.file_content_type) || skip_download?
-        RedownloadMediaWorker.perform_async(media_attachment.id) if media_attachment.remote_url_previously_changed? || media_attachment.thumbnail_remote_url_previously_changed?
+        begin
          media_attachment.download_file! if media_attachment.remote_url_previously_changed?
          media_attachment.download_thumbnail! if media_attachment.thumbnail_remote_url_previously_changed?
          media_attachment.save
        rescue Mastodon::UnexpectedResponseError, HTTP::TimeoutError, HTTP::ConnectionError, OpenSSL::SSL::SSLError
          RedownloadMediaWorker.perform_in(rand(30..600).seconds, media_attachment.id)
        end
      rescue Addressable::URI::InvalidURIError => e
        Rails.logger.debug "Invalid URL in attachment: #{e}"
      end
@ -185,7 +192,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService
      next if href.blank?
      account   = ActivityPub::TagManager.instance.uri_to_resource(href, Account)
-      account ||= ActivityPub::FetchRemoteAccountService.new.call(href)
+      account ||= ActivityPub::FetchRemoteAccountService.new.call(href, request_id: @request_id)
      next if account.nil?
--- a/app/services/fetch_remote_status_service.rb
+++ b/app/services/fetch_remote_status_service.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true
 class FetchRemoteStatusService < BaseService
-  def call(url, prefetched_body = nil)
+  def call(url, prefetched_body: nil, request_id: nil)
    if prefetched_body.nil?
      resource_url, resource_options = FetchResourceService.new.call(url)
    else
@ -9,6 +9,6 @@ class FetchRemoteStatusService < BaseService
      resource_options = { prefetched_body: prefetched_body }
    end
-    ActivityPub::FetchRemoteStatusService.new.call(resource_url, **resource_options) unless resource_url.nil?
+    ActivityPub::FetchRemoteStatusService.new.call(resource_url, **resource_options.merge(request_id: request_id)) unless resource_url.nil?
  end
 end
--- a/app/services/follow_migration_service.rb
+++ b/app/services/follow_migration_service.rb
@ -0,0 +1,43 @@
 # frozen_string_literal: true
 class FollowMigrationService < FollowService
  # Follow an account with the same settings as another account, and unfollow the old account once the request is sent
  # @param [Account] source_account From which to follow
  # @param [Account] target_account Account to follow
  # @param [Account] old_target_account Account to unfollow once the follow request has been sent to the new one
  # @option [Boolean] bypass_locked Whether to immediately follow the new account even if it is locked
  def call(source_account, target_account, old_target_account, bypass_locked: false)
    @old_target_account = old_target_account
    follow    = source_account.active_relationships.find_by(target_account: old_target_account)
    reblogs   = follow&.show_reblogs?
    notify    = follow&.notify?
    super(source_account, target_account, reblogs: reblogs, notify: notify, bypass_locked: bypass_locked, bypass_limit: true)
  end
  private
  def request_follow!
    follow_request = @source_account.request_follow!(@target_account, **follow_options.merge(rate_limit: @options[:with_rate_limit], bypass_limit: @options[:bypass_limit]))
    if @target_account.local?
      LocalNotificationWorker.perform_async(@target_account.id, follow_request.id, follow_request.class.name, 'follow_request')
      UnfollowService.new.call(@source_account, @old_target_account, skip_unmerge: true)
    elsif @target_account.activitypub?
      ActivityPub::MigratedFollowDeliveryWorker.perform_async(build_json(follow_request), @source_account.id, @target_account.inbox_url, @old_target_account.id)
    end
    follow_request
  end
  def direct_follow!
    follow = super
    UnfollowService.new.call(@source_account, @old_target_account, skip_unmerge: true)
    follow
  end
  def follow_options
    @options.slice(:reblogs, :notify)
  end
 end
--- a/app/services/remove_domains_from_followers_service.rb
+++ b/app/services/remove_domains_from_followers_service.rb
@ -0,0 +1,23 @@
 # frozen_string_literal: true
 class RemoveDomainsFromFollowersService < BaseService
  include Payloadable
  def call(source_account, target_domains)
    source_account.passive_relationships.where(account_id: Account.where(domain: target_domains)).find_each do |follow|
      follow.destroy
      create_notification(follow) if source_account.local? && !follow.account.local? && follow.account.activitypub?
    end
  end
  private
  def create_notification(follow)
    ActivityPub::DeliveryWorker.perform_async(build_json(follow), follow.target_account_id, follow.account.inbox_url)
  end
  def build_json(follow)
    Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer))
  end
 end
--- a/app/services/remove_status_service.rb
+++ b/app/services/remove_status_service.rb
@ -12,6 +12,7 @@ class RemoveStatusService < BaseService
  # @option  [Boolean] :immediate
  # @option  [Boolean] :preserve
  # @option  [Boolean] :original_removed
  # @option  [Boolean] :skip_streaming
  def call(status, **options)
    @payload  = Oj.dump(event: :delete, payload: status.id.to_s)
    @status   = status
@ -50,6 +51,9 @@ class RemoveStatusService < BaseService
  private
  # The following FeedManager calls all do not result in redis publishes for
  # streaming, as the `:update` option is false
  def remove_from_self
    FeedManager.instance.unpush_from_home(@account, @status)
  end
@ -73,6 +77,8 @@ class RemoveStatusService < BaseService
    # followers. Here we send a delete to actively mentioned accounts
    # that may not follow the account
    return if skip_streaming?
    @status.active_mentions.find_each do |mention|
      redis.publish("timeline:#{mention.account_id}", @payload)
    end
@ -101,7 +107,7 @@ class RemoveStatusService < BaseService
    # without us being able to do all the fancy stuff
    @status.reblogs.includes(:account).reorder(nil).find_each do |reblog|
-      RemoveStatusService.new.call(reblog, original_removed: true)
+      RemoveStatusService.new.call(reblog, original_removed: true, skip_streaming: skip_streaming?)
    end
  end
@ -112,6 +118,8 @@ class RemoveStatusService < BaseService
    return unless @status.public_visibility?
    return if skip_streaming?
    @status.tags.map(&:name).each do |hashtag|
      redis.publish("timeline:hashtag:#{hashtag.mb_chars.downcase}", @payload)
      redis.publish("timeline:hashtag:#{hashtag.mb_chars.downcase}:local", @payload) if @status.local?
@ -121,6 +129,8 @@ class RemoveStatusService < BaseService
  def remove_from_public
    return unless @status.public_visibility?
    return if skip_streaming?
    redis.publish('timeline:public', @payload)
    redis.publish(@status.local? ? 'timeline:public:local' : 'timeline:public:remote', @payload)
  end
@ -128,6 +138,8 @@ class RemoveStatusService < BaseService
  def remove_from_media
    return unless @status.public_visibility?
    return if skip_streaming?
    redis.publish('timeline:public:media', @payload)
    redis.publish(@status.local? ? 'timeline:public:local:media' : 'timeline:public:remote:media', @payload)
  end
@ -141,4 +153,8 @@ class RemoveStatusService < BaseService
  def permanently?
    @options[:immediate] || !(@options[:preserve] || @status.reported?)
  end
  def skip_streaming?
    !!@options[:skip_streaming]
  end
 end
--- a/app/services/resolve_url_service.rb
+++ b/app/services/resolve_url_service.rb
@ -23,7 +23,7 @@ class ResolveURLService < BaseService
    if equals_or_includes_any?(type, ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES)
      ActivityPub::FetchRemoteAccountService.new.call(resource_url, prefetched_body: body)
    elsif equals_or_includes_any?(type, ActivityPub::Activity::Create::SUPPORTED_TYPES + ActivityPub::Activity::Create::CONVERTED_TYPES)
-      status = FetchRemoteStatusService.new.call(resource_url, body)
+      status = FetchRemoteStatusService.new.call(resource_url, prefetched_body: body)
      authorize_with @on_behalf_of, status, :show? unless status.nil?
      status
    end
--- a/app/services/suspend_account_service.rb
+++ b/app/services/suspend_account_service.rb
@ -3,10 +3,13 @@
 class SuspendAccountService < BaseService
  include Payloadable
  # Carry out the suspension of a recently-suspended account
  # @param [Account] account Account to suspend
  def call(account)
    return unless account.suspended?
    @account = account
    suspend!
    reject_remote_follows!
    distribute_update_actor!
    unmerge_from_home_timelines!
@ -16,10 +19,6 @@ class SuspendAccountService < BaseService
  private
  def suspend!
    @account.suspend! unless @account.suspended?
  end
  def reject_remote_follows!
    return if @account.local? || !@account.activitypub?
@ -76,10 +75,15 @@ class SuspendAccountService < BaseService
        styles.each do |style|
          case Paperclip::Attachment.default_options[:storage]
          when :s3
            # Prevent useless S3 calls if ACLs are disabled
            next if ENV['S3_PERMISSION'] == ''
            begin
              attachment.s3_object(style).acl.put(acl: 'private')
            rescue Aws::S3::Errors::NoSuchKey
              Rails.logger.warn "Tried to change acl on non-existent key #{attachment.s3_object(style).key}"
            rescue Aws::S3::Errors::NotImplemented => e
              Rails.logger.error "Error trying to change ACL on #{attachment.s3_object(style).key}: #{e.message}"
            end
          when :fog
            # Not supported
--- a/app/services/unsuspend_account_service.rb
+++ b/app/services/unsuspend_account_service.rb
@ -2,10 +2,12 @@
 class UnsuspendAccountService < BaseService
  include Payloadable
  # Restores a recently-unsuspended account
  # @param [Account] account Account to restore
  def call(account)
    @account = account
    unsuspend!
    refresh_remote_account!
    return if @account.nil? || @account.suspended?
@ -18,10 +20,6 @@ class UnsuspendAccountService < BaseService
  private
  def unsuspend!
    @account.unsuspend! if @account.suspended?
  end
  def refresh_remote_account!
    return if @account.local?
@ -73,10 +71,15 @@ class UnsuspendAccountService < BaseService
        styles.each do |style|
          case Paperclip::Attachment.default_options[:storage]
          when :s3
            # Prevent useless S3 calls if ACLs are disabled
            next if ENV['S3_PERMISSION'] == ''
            begin
              attachment.s3_object(style).acl.put(acl: Paperclip::Attachment.default_options[:s3_permissions])
            rescue Aws::S3::Errors::NoSuchKey
              Rails.logger.warn "Tried to change acl on non-existent key #{attachment.s3_object(style).key}"
            rescue Aws::S3::Errors::NotImplemented => e
              Rails.logger.error "Error trying to change ACL on #{attachment.s3_object(style).key}: #{e.message}"
            end
          when :fog
            # Not supported
--- a/app/validators/vote_validator.rb
+++ b/app/validators/vote_validator.rb
@ -3,8 +3,8 @@
 class VoteValidator < ActiveModel::Validator
  def validate(vote)
    vote.errors.add(:base, I18n.t('polls.errors.expired')) if vote.poll.expired?
    vote.errors.add(:base, I18n.t('polls.errors.invalid_choice')) if invalid_choice?(vote)
    vote.errors.add(:base, I18n.t('polls.errors.self_vote')) if self_vote?(vote)
    if vote.poll.multiple? && vote.poll.votes.where(account: vote.account, choice: vote.choice).exists?
      vote.errors.add(:base, I18n.t('polls.errors.already_voted'))
@ -18,4 +18,8 @@ class VoteValidator < ActiveModel::Validator
  def invalid_choice?(vote)
    vote.choice.negative? || vote.choice >= vote.poll.options.size
  end
  def self_vote?(vote)
    vote.account_id == vote.poll.account_id
  end
 end
--- a/app/views/admin/dashboard/index.html.haml
+++ b/app/views/admin/dashboard/index.html.haml
@ -12,7 +12,7 @@
 - unless @system_checks.empty?
  .flash-message-stack
    - @system_checks.each do |message|
-      .flash-message.warning
+      .flash-message{ class: message.critical ? 'alert' : 'warning' }
        = t("admin.system_checks.#{message.key}.message_html", value: message.value ? content_tag(:strong, message.value) : nil)
        - if message.action
          = link_to t("admin.system_checks.#{message.key}.action"), message.action
--- a/app/views/admin/reports/_actions.html.haml
+++ b/app/views/admin/reports/_actions.html.haml
@ -5,7 +5,7 @@
        = link_to t('admin.reports.mark_as_resolved'), resolve_admin_report_path(@report), method: :post, class: 'button'
      .report-actions__item__description
        = t('admin.reports.actions.resolve_description_html')
-    - if @statuses.any? { |status| status.with_media? || status.with_preview_card? }
+    - if @statuses.any? { |status| (status.with_media? || status.with_preview_card?) && !status.discarded? }
      .report-actions__item
        .report-actions__item__button
          = button_tag t('admin.reports.mark_as_sensitive'), name: :mark_as_sensitive, class: 'button'
--- a/app/views/disputes/strikes/show.html.haml
+++ b/app/views/disputes/strikes/show.html.haml
@ -50,17 +50,18 @@
            .strike-card__statuses-list__item
              - if (status = status_map[status_id.to_i])
                .one-liner
-                  = link_to short_account_status_url(@strike.target_account, status_id), class: 'emojify' do
+                  .emojify= one_line_preview(status)
                    = one_line_preview(status)
-                    - status.ordered_media_attachments.each do |media_attachment|
+                  - status.ordered_media_attachments.each do |media_attachment|
-                      %abbr{ title: media_attachment.description }
+                    %abbr{ title: media_attachment.description }
-                        = fa_icon 'link'
+                      = fa_icon 'link'
-                        = media_attachment.file_file_name
+                      = media_attachment.file_file_name
                .strike-card__statuses-list__item__meta
-                  %time.formatted{ datetime: status.created_at.iso8601, title: l(status.created_at) }= l(status.created_at)
+                  = link_to ActivityPub::TagManager.instance.url_for(status), target: '_blank' do
-                  ·
+                    %time.formatted{ datetime: status.created_at.iso8601, title: l(status.created_at) }= l(status.created_at)
-                  = status.application.name
+                  - unless status.application.nil?
                    ·
                    = status.application.name
              - else
                .one-liner= t('disputes.strikes.status', id: status_id)
                .strike-card__statuses-list__item__meta
--- a/app/views/oauth/authorized_applications/index.html.haml
+++ b/app/views/oauth/authorized_applications/index.html.haml
@ -18,8 +18,8 @@
      .announcements-list__item__action-bar
        .announcements-list__item__meta
-          - if application.most_recently_used_access_token
+          - if @last_used_at_by_app[application.id]
-            = t('doorkeeper.authorized_applications.index.last_used_at', date: l(application.most_recently_used_access_token.last_used_at.to_date))
+            = t('doorkeeper.authorized_applications.index.last_used_at', date: l(@last_used_at_by_app[application.id].to_date))
          - else
            = t('doorkeeper.authorized_applications.index.never_used')
--- a/app/views/relationships/show.html.haml
+++ b/app/views/relationships/show.html.haml
@ -48,7 +48,7 @@
        = f.button safe_join([fa_icon('trash'), t('relationships.remove_selected_followers')]), name: :remove_from_followers, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } unless following_relationship?
-        = f.button safe_join([fa_icon('trash'), t('relationships.remove_selected_domains')]), name: :block_domains, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } if followed_by_relationship?
+        = f.button safe_join([fa_icon('trash'), t('relationships.remove_selected_domains')]), name: :remove_domains_from_followers, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } if followed_by_relationship?
    .batch-table__body
      - if @accounts.empty?
        = nothing_here 'nothing-here--under-tabs'
--- a/app/views/settings/exports/show.html.haml
+++ b/app/views/settings/exports/show.html.haml
@ -64,6 +64,6 @@
            %td= l backup.created_at
            - if backup.processed?
              %td= number_to_human_size backup.dump_file_size
-              %td= table_link_to 'download', t('exports.archive_takeout.download'), backup.dump.url
+              %td= table_link_to 'download', t('exports.archive_takeout.download'), download_backup_url(backup)
            - else
              %td{ colspan: 2 }= t('exports.archive_takeout.in_progress')
--- a/app/views/user_mailer/backup_ready.html.haml
+++ b/app/views/user_mailer/backup_ready.html.haml
@ -55,5 +55,5 @@
                            %tbody
                              %tr
                                %td.button-primary
-                                  = link_to full_asset_url(@backup.dump.url) do
+                                  = link_to download_backup_url(@backup) do
                                    %span= t 'exports.archive_takeout.download'
--- a/app/views/user_mailer/backup_ready.text.erb
+++ b/app/views/user_mailer/backup_ready.text.erb
@ -4,4 +4,4 @@
 <%= t 'user_mailer.backup_ready.explanation' %>
-=> <%= full_asset_url(@backup.dump.url) %>
+=> <%= download_backup_url(@backup) %>
--- a/app/workers/activitypub/fetch_replies_worker.rb
+++ b/app/workers/activitypub/fetch_replies_worker.rb
@ -6,8 +6,8 @@ class ActivityPub::FetchRepliesWorker
  sidekiq_options queue: 'pull', retry: 3
-  def perform(parent_status_id, replies_uri)
+  def perform(parent_status_id, replies_uri, options = {})
-    ActivityPub::FetchRepliesService.new.call(Status.find(parent_status_id), replies_uri)
+    ActivityPub::FetchRepliesService.new.call(Status.find(parent_status_id), replies_uri, **options.deep_symbolize_keys)
  rescue ActiveRecord::RecordNotFound
    true
  end
--- a/app/workers/activitypub/migrated_follow_delivery_worker.rb
+++ b/app/workers/activitypub/migrated_follow_delivery_worker.rb
@ -0,0 +1,17 @@
 # frozen_string_literal: true
 class ActivityPub::MigratedFollowDeliveryWorker < ActivityPub::DeliveryWorker
  def perform(json, source_account_id, inbox_url, old_target_account_id, options = {})
    super(json, source_account_id, inbox_url, options)
    unfollow_old_account!(old_target_account_id)
  end
  private
  def unfollow_old_account!(old_target_account_id)
    old_target_account = Account.find(old_target_account_id)
    UnfollowService.new.call(@source_account, old_target_account, skip_unmerge: true)
  rescue StandardError
    true
  end
 end
--- a/app/workers/activitypub/synchronize_featured_collection_worker.rb
+++ b/app/workers/activitypub/synchronize_featured_collection_worker.rb
@ -5,8 +5,10 @@ class ActivityPub::SynchronizeFeaturedCollectionWorker
  sidekiq_options queue: 'pull', lock: :until_executed
-  def perform(account_id)
+  def perform(account_id, options = {})
-    ActivityPub::FetchFeaturedCollectionService.new.call(Account.find(account_id))
+    options = { note: true, hashtag: false }.deep_merge(options.deep_symbolize_keys)
    ActivityPub::FetchFeaturedCollectionService.new.call(Account.find(account_id), **options)
  rescue ActiveRecord::RecordNotFound
    true
  end
--- a/app/workers/fetch_reply_worker.rb
+++ b/app/workers/fetch_reply_worker.rb
@ -6,7 +6,7 @@ class FetchReplyWorker
  sidekiq_options queue: 'pull', retry: 3
-  def perform(child_url)
+  def perform(child_url, options = {})
-    FetchRemoteStatusService.new.call(child_url)
+    FetchRemoteStatusService.new.call(child_url, **options.deep_symbolize_keys)
  end
 end
--- a/app/workers/scheduler/indexing_scheduler.rb
+++ b/app/workers/scheduler/indexing_scheduler.rb
@ -6,15 +6,17 @@ class Scheduler::IndexingScheduler
  sidekiq_options retry: 0
  IMPORT_BATCH_SIZE = 1000
  SCAN_BATCH_SIZE = 10 * IMPORT_BATCH_SIZE
  def perform
    indexes.each do |type|
      with_redis do |redis|
-        ids = redis.smembers("chewy:queue:#{type.name}")
+        redis.sscan_each("chewy:queue:#{type.name}", count: SCAN_BATCH_SIZE).each_slice(IMPORT_BATCH_SIZE) do |ids|
-
+          type.import!(ids)
-        type.import!(ids)
+          redis.pipelined do |pipeline|
-
+            pipeline.srem("chewy:queue:#{type.name}", ids)
-        redis.pipelined do |pipeline|
+          end
          ids.each { |id| pipeline.srem("chewy:queue:#{type.name}", id) }
        end
      end
    end
--- a/app/workers/scheduler/user_cleanup_scheduler.rb
+++ b/app/workers/scheduler/user_cleanup_scheduler.rb
@ -15,6 +15,8 @@ class Scheduler::UserCleanupScheduler
  def clean_unconfirmed_accounts!
    User.where('confirmed_at is NULL AND confirmation_sent_at <= ?', 2.days.ago).reorder(nil).find_in_batches do |batch|
      # We have to do it separately because of missing database constraints
      AccountModerationNote.where(target_account_id: batch.map(&:account_id)).delete_all
      Account.where(id: batch.map(&:account_id)).delete_all
      User.where(id: batch.map(&:id)).delete_all
    end
@ -29,7 +31,7 @@ class Scheduler::UserCleanupScheduler
  def clean_discarded_statuses!
    Status.unscoped.discarded.where('deleted_at <= ?', 30.days.ago).find_in_batches do |statuses|
      RemovalWorker.push_bulk(statuses) do |status|
-        [status.id, { 'immediate' => true }]
+        [status.id, { 'immediate' => true, 'skip_streaming' => true }]
      end
    end
  end
--- a/app/workers/thread_resolve_worker.rb
+++ b/app/workers/thread_resolve_worker.rb
@ -6,9 +6,9 @@ class ThreadResolveWorker
  sidekiq_options queue: 'pull', retry: 3
-  def perform(child_status_id, parent_url)
+  def perform(child_status_id, parent_url, options = {})
    child_status  = Status.find(child_status_id)
-    parent_status = FetchRemoteStatusService.new.call(parent_url)
+    parent_status = FetchRemoteStatusService.new.call(parent_url, **options.deep_symbolize_keys)
    return if parent_status.nil?
--- a/app/workers/unfollow_follow_worker.rb
+++ b/app/workers/unfollow_follow_worker.rb
@ -10,12 +10,7 @@ class UnfollowFollowWorker
    old_target_account = Account.find(old_target_account_id)
    new_target_account = Account.find(new_target_account_id)
-    follow  = follower_account.active_relationships.find_by(target_account: old_target_account)
+    FollowMigrationService.new.call(follower_account, new_target_account, old_target_account, bypass_locked: bypass_locked)
    reblogs = follow&.show_reblogs?
    notify  = follow&.notify?
    FollowService.new.call(follower_account, new_target_account, reblogs: reblogs, notify: notify, bypass_locked: bypass_locked, bypass_limit: true)
    UnfollowService.new.call(follower_account, old_target_account, skip_unmerge: true)
  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    true
  end
--- a/bin/tootctl
+++ b/bin/tootctl
@ -5,7 +5,9 @@ require_relative '../config/boot'
 require_relative '../lib/cli'
 begin
-  Mastodon::CLI.start(ARGV)
+  Chewy.strategy(:mastodon) do
    Mastodon::CLI.start(ARGV)
  end
 rescue Interrupt
  exit(130)
 end
--- a/config/application.rb
+++ b/config/application.rb
@ -29,6 +29,7 @@ require_relative '../lib/paperclip/url_generator_extensions'
 require_relative '../lib/paperclip/attachment_extensions'
 require_relative '../lib/paperclip/lazy_thumbnail'
 require_relative '../lib/paperclip/gif_transcoder'
 require_relative '../lib/paperclip/media_type_spoof_detector_extensions'
 require_relative '../lib/paperclip/transcoder'
 require_relative '../lib/paperclip/type_corrector'
 require_relative '../lib/paperclip/response_with_limit_adapter'
@ -39,6 +40,7 @@ require_relative '../lib/mastodon/rack_middleware'
 require_relative '../lib/devise/two_factor_ldap_authenticatable'
 require_relative '../lib/devise/two_factor_pam_authenticatable'
 require_relative '../lib/chewy/strategy/mastodon'
 require_relative '../lib/chewy/strategy/bypass_with_warning'
 require_relative '../lib/webpacker/manifest_extensions'
 require_relative '../lib/webpacker/helper_extensions'
 require_relative '../lib/rails/engine_extensions'
@ -158,6 +160,12 @@ module Mastodon
      end
    end
    config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time, ActiveSupport::HashWithIndifferentAccess, ActiveSupport::TimeWithZone, ActiveSupport::TimeZone]
    config.public_file_server.headers = {
      'X-Content-Type-Options' => 'nosniff',
    }
    # config.paths.add File.join('app', 'api'), glob: File.join('**', '*.rb')
    # config.autoload_paths += Dir[Rails.root.join('app', 'api', '*')]
--- a/config/database.yml
+++ b/config/database.yml
@ -4,6 +4,7 @@ default: &default
  timeout: 5000
  encoding: unicode
  sslmode: <%= ENV['DB_SSLMODE'] || "prefer" %>
  application_name: ''
 development:
  <<: *default
--- a/config/imagemagick/policy.xml
+++ b/config/imagemagick/policy.xml
@ -0,0 +1,27 @@
 <policymap>
  <!-- Set some basic system resource limits -->
  <policy domain="resource" name="time" value="60" />
  <policy domain="module" rights="none" pattern="URL" />
  <policy domain="filter" rights="none" pattern="*" />
  <!--
    Ideally, we would restrict ImageMagick to only accessing its own
    disk-backed pixel cache as well as Mastodon-created Tempfiles.
    However, those paths depend on the operating system and environment
    variables, so they can only be known at runtime.
    Furthermore, those paths are not necessarily shared across Mastodon
    processes, so even creating a policy.xml at runtime is impractical.
    For the time being, only disable indirect reads.
  -->
  <policy domain="path" rights="none" pattern="@*" />
  <!-- Disallow any coder by default, and only enable ones required by Mastodon -->
  <policy domain="coder" rights="none" pattern="*" />
  <policy domain="coder" rights="read | write" pattern="{PNG,JPEG,GIF,HEIC,WEBP}" />
  <policy domain="coder" rights="write" pattern="{HISTOGRAM,RGB,INFO}" />
 </policymap>
--- a/config/initializers/chewy.rb
+++ b/config/initializers/chewy.rb
@ -19,7 +19,7 @@ Chewy.settings = {
 # cycle, which takes care of checking if Elasticsearch is enabled
 # or not. However, mind that for the Rails console, the :urgent
 # strategy is set automatically with no way to override it.
-Chewy.root_strategy              = :mastodon
+Chewy.root_strategy              = :bypass_with_warning if Rails.env.production?
 Chewy.request_strategy           = :mastodon
 Chewy.use_after_commit_callbacks = false
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@ -3,7 +3,7 @@
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 def host_to_url(str)
-  "http#{Rails.configuration.x.use_https ? 's' : ''}://#{str}" unless str.blank?
+  "http#{Rails.configuration.x.use_https ? 's' : ''}://#{str}".split('/').first if str.present?
 end
 base_host = Rails.configuration.x.web_domain
@ -26,6 +26,7 @@ Rails.application.config.content_security_policy do |p|
  p.media_src       :self, :https, :data, assets_host
  p.frame_src       :self, :https
  p.manifest_src    :self, assets_host
  p.form_action     :self
  if Rails.env.development?
    webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{Webpacker.dev_server.host_with_port}" }
--- a/config/initializers/paperclip.rb
+++ b/config/initializers/paperclip.rb
@ -118,6 +118,7 @@ elsif ENV['SWIFT_ENABLED'] == 'true'
      openstack_domain_name: ENV.fetch('SWIFT_DOMAIN_NAME') { 'default' },
      openstack_region: ENV['SWIFT_REGION'],
      openstack_cache_ttl: ENV.fetch('SWIFT_CACHE_TTL') { 60 },
      openstack_temp_url_key: ENV['SWIFT_TEMP_URL_KEY'],
    },
    fog_directory: ENV['SWIFT_CONTAINER'],
@ -146,3 +147,10 @@ unless defined?(Seahorse)
    end
  end
 end
 # Set our ImageMagick security policy, but allow admins to override it
 ENV['MAGICK_CONFIGURE_PATH'] = begin
  imagemagick_config_paths = ENV.fetch('MAGICK_CONFIGURE_PATH', '').split(File::PATH_SEPARATOR)
  imagemagick_config_paths << Rails.root.join('config', 'imagemagick').expand_path.to_s
  imagemagick_config_paths.join(File::PATH_SEPARATOR)
 end
--- a/config/initializers/twitter_regex.rb
+++ b/config/initializers/twitter_regex.rb
@ -25,7 +25,7 @@ module Twitter::TwitterText
      \)
    /iox
    UCHARS = '\u{A0}-\u{D7FF}\u{F900}-\u{FDCF}\u{FDF0}-\u{FFEF}\u{10000}-\u{1FFFD}\u{20000}-\u{2FFFD}\u{30000}-\u{3FFFD}\u{40000}-\u{4FFFD}\u{50000}-\u{5FFFD}\u{60000}-\u{6FFFD}\u{70000}-\u{7FFFD}\u{80000}-\u{8FFFD}\u{90000}-\u{9FFFD}\u{A0000}-\u{AFFFD}\u{B0000}-\u{BFFFD}\u{C0000}-\u{CFFFD}\u{D0000}-\u{DFFFD}\u{E1000}-\u{EFFFD}\u{E000}-\u{F8FF}\u{F0000}-\u{FFFFD}\u{100000}-\u{10FFFD}'
-    REGEXEN[:valid_url_query_chars] = /[a-z0-9!?\*'\(\);:&=\+\$\/%#\[\]\-_\.,~|@#{UCHARS}]/iou
+    REGEXEN[:valid_url_query_chars] = /[a-z0-9!?\*'\(\);:&=\+\$\/%#\[\]\-_\.,~|@\^#{UCHARS}]/iou
    REGEXEN[:valid_url_query_ending_chars] = /[a-z0-9_&=#\/\-#{UCHARS}]/iou
    REGEXEN[:valid_url_path] = /(?:
      (?:
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -786,6 +786,12 @@ en:
        message_html: You haven't defined any server rules.
      sidekiq_process_check:
        message_html: No Sidekiq process running for the %{value} queue(s). Please review your Sidekiq configuration
      upload_check_privacy_error:
        action: Check here for more information
        message_html: "<strong>Your web server is misconfigured. The privacy of your users is at risk.</strong>"
      upload_check_privacy_error_object_storage:
        action: Check here for more information
        message_html: "<strong>Your object storage is misconfigured. The privacy of your users is at risk.</strong>"
    tags:
      review: Review status
      updated_msg: Hashtag settings updated successfully
@ -1314,6 +1320,7 @@ en:
      expired: The poll has already ended
      invalid_choice: The chosen vote option does not exist
      over_character_limit: cannot be longer than %{max} characters each
      self_vote: You cannot vote in your own polls
      too_few_options: must have more than one item
      too_many_options: can't contain more than %{max} items
  preferences:
@ -1327,6 +1334,7 @@ en:
  relationships:
    activity: Account activity
    dormant: Dormant
    follow_failure: Could not follow some of the selected accounts.
    follow_selected_followers: Follow selected followers
    followers: Followers
    following: Following
--- a/config/routes.rb
+++ b/config/routes.rb
@ -183,6 +183,7 @@ Rails.application.routes.draw do
  get '/public', to: 'public_timelines#show', as: :public_timeline
  get '/media_proxy/:id/(*any)', to: 'media_proxy#show', as: :media_proxy, format: false
  get '/backups/:id/download', to: 'backups#download', as: :download_backup, format: false
  resource :authorize_interaction, only: [:show, :create]
  resource :share, only: [:show, :create]
@ -394,7 +395,9 @@ Rails.application.routes.draw do
        resources :list, only: :show
      end
-      resources :streaming, only: [:index]
+      get '/streaming', to: 'streaming#index'
      get '/streaming/(*any)', to: 'streaming#index'
      resources :custom_emojis, only: [:index]
      resources :suggestions, only: [:index, :destroy]
      resources :scheduled_statuses, only: [:index, :show, :update, :destroy]
--- a/db/seeds.rb
+++ b/db/seeds.rb
@ -1,11 +1,13 @@
-Doorkeeper::Application.create!(name: 'Web', superapp: true, redirect_uri: Doorkeeper.configuration.native_redirect_uri, scopes: 'read write follow push')
+Chewy.strategy(:mastodon) do
  Doorkeeper::Application.create!(name: 'Web', superapp: true, redirect_uri: Doorkeeper.configuration.native_redirect_uri, scopes: 'read write follow push')
-domain = ENV['LOCAL_DOMAIN'] || Rails.configuration.x.local_domain
+  domain = ENV['LOCAL_DOMAIN'] || Rails.configuration.x.local_domain
-account = Account.find_or_initialize_by(id: -99, actor_type: 'Application', locked: true, username: domain)
+  account = Account.find_or_initialize_by(id: -99, actor_type: 'Application', locked: true, username: domain)
-account.save!
+  account.save!
-if Rails.env.development?
+  if Rails.env.development?
-  admin  = Account.where(username: 'admin').first_or_initialize(username: 'admin')
+    admin  = Account.where(username: 'admin').first_or_initialize(username: 'admin')
-  admin.save(validate: false)
+    admin.save(validate: false)
-  User.where(email: "admin@#{domain}").first_or_initialize(email: "admin@#{domain}", password: 'mastodonadmin', password_confirmation: 'mastodonadmin', confirmed_at: Time.now.utc, admin: true, account: admin, agreement: true, approved: true).save!
+    User.where(email: "admin@#{domain}").first_or_initialize(email: "admin@#{domain}", password: 'mastodonadmin', password_confirmation: 'mastodonadmin', confirmed_at: Time.now.utc, admin: true, account: admin, agreement: true, approved: true).save!
  end
 end
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@ -61,12 +61,15 @@ server {
  location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
    add_header Cache-Control "public, max-age=31536000, immutable";
    add_header Strict-Transport-Security "max-age=31536000" always;
    add_header X-Content-Type-Options nosniff;
    add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
    try_files $uri @proxy;
  }
  location /sw.js {
    add_header Cache-Control "public, max-age=0";
    add_header Strict-Transport-Security "max-age=31536000" always;
    add_header X-Content-Type-Options nosniff;
    try_files $uri @proxy;
  }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -44,7 +44,7 @@ services:
  web:
    build: .
-    image: tootsuite/mastodon:v3.5.5
+    image: ghcr.io/mastodon/mastodon:v3.5.9
    restart: always
    env_file: .env.production
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
@ -65,7 +65,7 @@ services:
  streaming:
    build: .
-    image: tootsuite/mastodon:v3.5.5
+    image: ghcr.io/mastodon/mastodon:v3.5.9
    restart: always
    env_file: .env.production
    command: node ./streaming
@ -83,7 +83,7 @@ services:
  sidekiq:
    build: .
-    image: tootsuite/mastodon:v3.5.5
+    image: ghcr.io/mastodon/mastodon:v3.5.9
    restart: always
    env_file: .env.production
    command: bundle exec sidekiq
--- a/lib/chewy/strategy/bypass_with_warning.rb
+++ b/lib/chewy/strategy/bypass_with_warning.rb
@ -0,0 +1,12 @@
 # frozen_string_literal: true
 module Chewy
  class Strategy
    class BypassWithWarning < Base
      def update(...)
        Rails.logger.warn 'Chewy update without a root strategy' unless @warning_issued
        @warning_issued = true
      end
    end
  end
 end
--- a/lib/mastodon/accounts_cli.rb
+++ b/lib/mastodon/accounts_cli.rb
@ -492,7 +492,7 @@ module Mastodon
        User.pending.find_each(&:approve!)
        say('OK', :green)
      elsif options[:number]
-        User.pending.limit(options[:number]).each(&:approve!)
+        User.pending.order(created_at: :asc).limit(options[:number]).each(&:approve!)
        say('OK', :green)
      elsif username.present?
        account = Account.find_local(username)
--- a/Show More
+++ b/Show More
`@ -4,4 +4,4 @@`

	`<%= t 'user_mailer.backup_ready.explanation' %>`	`<%= t 'user_mailer.backup_ready.explanation' %>`

	`=> <%= full_asset_url(@backup.dump.url) %>`	`=> <%= download_backup_url(@backup) %>`