73bdd71e09
Merge tag 'v3.5.5' into hometown-dev
3 years ago
696f7b3608
Bump version to 3.5.5
3 years ago
b22e1476ca
Fix nodes order being sometimes mangled when rewriting emoji ( #20677 )
...
* Fix front-end emoji tests
* Fix nodes order being sometimes mangled when rewriting emoji
3 years ago
f5ffda7cf3
Merge tag 'v3.5.4' into hometown-dev
3 years ago
105ab82425
Bump version to 3.5.4
3 years ago
2dd8f977e8
Fix emoji substitution not applying only to text nodes in backend code
...
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
2db06e1d08
Fix emoji substitution not applying only to text nodes in Web UI
...
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
063579373e
Fix rate limiting for paths with formats
3 years ago
1659788de4
blurhash_transcoder: prevent out-of-bound reads with <8bpp images ( #20388 )
...
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.
Fixes #19235 .
3 years ago
47eaf85f02
Fix crash when a remote Flag activity mentions a private post ( #18760 )
...
* Add tests
* Fix crash when a remote Flag activity mentions a private post
3 years ago
7adebd4349
Bump version
3 years ago
66e6c0108a
Merge pull request #1186 from therabidbanana/dh-fix-article-format
...
Updates the article formatter to strip unsafe HTML
3 years ago
e70e576ba5
Merge pull request #1193 from johnholdun/local-only-public-hashtag
...
Hide local-only posts from public tag view
3 years ago
8180eda331
Merge pull request #1194 from johnholdun/update-replies-policy
...
Support changing list replies policy from web UI
3 years ago
2d4cd4d561
Merge pull request #1195 from johnholdun/federated-dropdown-value
...
Add data-index attribute to local-only dropdown option
3 years ago
fe340a6a80
Merge pull request #1196 from johnholdun/hide-private-pinned-statuses
...
Hide follower-only pinned statuses from logged-out users
3 years ago
3f2b00542b
Fixing German localization
3 years ago
a67ac3cabd
Fixing stray "Mastodon" text
3 years ago
2427c24c47
Updating gemfile.llock to comply with 035470e
3 years ago
035470e081
Fix backend compatibility with OpenSSL 3.0 ( #18449 )
...
* Update webpush to fork with OpenSSL 3 compatibility
* Fix tests with OpenSSL 3.0
* Update webauthn gem to latest release and update dependencies
3 years ago
e311837121
Merge tag 'v3.5.3' into hometown-3.5.3-merge
3 years ago
7eedaeb007
Hide follower-only pinned statuses from logged-out users
...
Fixes #1178
3 years ago
e09c30053b
Add data-index attribute to local-only dropdown option
...
The dropdown previously relied on the fact that the falsy value in the federation dropdown had no data-index attribute. This commit changes the falsy value to false, allowing for better control with CSS.
Fixes #1185 .
3 years ago
4f7fa085cb
Support changing list replies policy from web UI
...
Modifest the arguments sent to the updateList function to properly set the new replies policy value, as well allowing for an undefined value for the exclusive setting which will result in no new value being sent to the API for that attribute--that is, it will be left unchanged unless otherwise specified.
Fixes #1191
3 years ago
6e2ed8a8f9
Hide local-only posts from public tag view
...
Fixes #1180
3 years ago
69ff67746b
Trying to be clearer what "light weight" means
3 years ago
d8f85dfcb6
Also download file
3 years ago
2f970e8bb7
Updates the formatter to be smarter
3 years ago
8527f01987
Merge pull request #1173 from garritfra/feature/update-de-translations
...
Translate Hometown-specific strings to German
4 years ago
ad9692b611
feat(l10n): translate missing german resources
4 years ago
e572a22553
feat(l10n): translate missing german frontend resources
4 years ago
fbcbf7898f
Bump version to 3.5.3 ( #18530 )
4 years ago
0a1992430d
Fix errors when rendering RSS feeds ( #18531 )
4 years ago
52f4e834f2
Fix concurrent unfollowing decrementing follower count more than once ( #18527 )
4 years ago
8a9acbe604
Fix being able to appeal a strike unlimited times ( #18529 )
...
Peculiarity of the `has_one` association is that the convenience
creation method deletes the previous association even if the new
one is invalid
4 years ago
c4d2c39a75
Fix being able to report otherwise inaccessible statuses ( #18528 )
4 years ago
1ff4877945
Fix empty votes arbitrarily increasing voters count in polls ( #18526 )
4 years ago
976cd6413e
Fix moderator leak in undo_mark_statuses_as_sensitive ( #18525 )
...
Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: 40826d <74816220+40826d@users.noreply.github.com>
4 years ago
9f81b9f29a
Fix suspended users being able to access APIs that don't require a user ( #18524 )
4 years ago
96129c2f10
Fix confirmation redirect to app without `Location` header ( #18523 )
4 years ago
3e0e7a1cfb
Fix follower and other counters being able to go negative ( #18517 )
4 years ago
702b709d9a
Add ES6 compatibility to browserslist ( #18519 )
4 years ago
d8abc0018f
Remove 3.3.x from supported versions in security policy ( #18516 )
4 years ago
088dc0ec5a
Fix regression in `tootctl search deploy` caused by unloaded attribute ( #18514 )
4 years ago
a4fa9e23fc
Change "dangerous" to "sensitive" in privacy policy and web UI ( #18515 )
...
Fix #18470
4 years ago
440eb71310
Change unapproved and unconfirmed account to not be accessible in the REST API ( #17530 )
...
* Change unapproved and unconfirmed account to not be accessible in the REST API
* Change Account#searchable? to reject unconfirmed and unapproved users
* Disable search for unapproved and unconfirmed users in Account.search_for
* Disable search for unapproved and unconfirmed users in Account.advanced_search_for
* Remove unconfirmed and unapproved accounts from Account.searchable scope
* Prevent mentions to unapproved/unconfirmed accounts
* Fix some old tests for Account.advanced_search_for
* Add some Account.advanced_search_for tests for existing behaviors
* Add some tests for Account.search_for
* Add Account.advanced_search_for tests unconfirmed and unapproved accounts
* Add Account.searchable tests
* Fix Account.without_unapproved scope potentially messing with previously-applied scopes
* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup
This is so that the API can still be used to check whether an username is free
to use.
4 years ago
86f4dba47e
Bump @babel/preset-env from 7.17.12 to 7.18.2 ( #18512 )
...
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) from 7.17.12 to 7.18.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-preset-env )
---
updated-dependencies:
- dependency-name: "@babel/preset-env"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 years ago
77823333bb
Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.2 ( #18511 )
...
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime ) from 7.17.12 to 7.18.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-plugin-transform-runtime )
---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 years ago
ddddd4c043
Bump immutable from 4.0.0 to 4.1.0 ( #18502 )
...
Bumps [immutable](https://github.com/immutable-js/immutable-js ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/immutable-js/immutable-js/releases )
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md )
- [Commits](https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0 )
---
updated-dependencies:
- dependency-name: immutable
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 years ago
01db331657
Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.0 ( #18489 )
...
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime ) from 7.17.12 to 7.18.0.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-plugin-transform-runtime )
---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 years ago
Darius Kazemi
Claire
Eugen Rochko
Pierre Bourdon
Darius Kazemi
John Holdun
David
Garrit Franke
Yamagishi Kazutoshi
dependabot[bot]