Tree: eaee208667

WIP-hometown-skip-link

dariusk-working/4_3_0

dariusk-working/4_4_0

dariusk-working/4_5_0

hometown-1.0.8-security

hometown-3.5.10-merge

hometown-3.5.14-merge

hometown-4.0.10-merge

hometown-4.0.4

hometown-4.0.6-merge

hometown-4.2-merge

hometown-dev

hometown-rich-text

lets-bump-hometown-to-mastodon-4.2

v4.2.17+hometown-1.1.1

v4.2.17+hometown-1.1.2

2019-06-18

pre-release-0.1.0

v0.0.1.0

v0.1.0

v0.1.1

v0.1.2

v0.6

v0.7

v0.8

v0.9

v0.9.9

v1.0

v1.0.0+2.9.3

v1.0.1+2.9.3

v1.0.2+2.9.3

v1.0.3+3.0.1

v1.0.3+3.1.2

v1.0.4+3.1.4

v1.0.4+3.1.5

v1.0.5+3.2.0

v1.0.5+3.3.0

v1.0.5+3.4.0

v1.0.5+3.4.6

v1.0.5+3.5.2

v1.0.6+3.5.2

v1.0.7+3.5.4

v1.0.7+3.5.5

v1.1

v1.1.1

v1.1.2

v1.2

v1.2.1

v1.2.2

v1.3

v1.3.1

v1.3.2

v1.3.3

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4rc1

v1.4rc2

v1.4rc3

v1.4rc4

v1.4rc5

v1.4rc6

v1.5.0

v1.5.0rc1

v1.5.0rc2

v1.5.0rc3

v1.5.1

v1.6.0

v1.6.0rc1

v1.6.0rc2

v1.6.0rc3

v1.6.0rc4

v1.6.0rc5

v1.6.1

v2.0.0

v2.0.0rc1

v2.0.0rc2

v2.0.0rc3

v2.0.0rc4

v2.1.0

v2.1.0rc1

v2.1.0rc2

v2.1.0rc3

v2.1.0rc4

v2.1.0rc5

v2.1.0rc6

v2.1.1

v2.1.2

v2.1.3

v2.2.0

v2.2.0rc1

v2.2.0rc2

v2.3.0

v2.3.0rc1

v2.3.0rc2

v2.3.0rc3

v2.3.1

v2.3.1rc1

v2.3.1rc2

v2.3.1rc3

v2.3.2

v2.3.2rc1

v2.3.2rc2

v2.3.2rc3

v2.3.2rc4

v2.3.2rc5

v2.3.3

v2.4.0

v2.4.0rc1

v2.4.0rc2

v2.4.0rc3

v2.4.0rc4

v2.4.0rc5

v2.4.1

v2.4.1rc1

v2.4.1rc2

v2.4.1rc3

v2.4.1rc4

v2.4.2

v2.4.2rc1

v2.4.2rc2

v2.4.2rc3

v2.4.3

v2.4.3rc1

v2.4.3rc2

v2.4.3rc3

v2.4.4

v2.4.5

v2.5.0

v2.5.0rc1

v2.5.0rc2

v2.5.1

v2.5.2

v2.6.0

v2.6.0rc1

v2.6.0rc2

v2.6.0rc3

v2.6.0rc4

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.7.0

v2.7.0rc1

v2.7.0rc2

v2.7.0rc3

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.8.0

v2.8.0rc1

v2.8.0rc2

v2.8.0rc3

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.9.0

v2.9.0rc1

v2.9.0rc2

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v3.0.0

v3.0.0rc1

v3.0.0rc2

v3.0.0rc3

v3.0.1

v3.0.2

v3.1.0

v3.1.0rc1

v3.1.0rc2

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.2.0

v3.2.0rc1

v3.2.0rc2

v3.2.1

v3.2.2

v3.3.0

v3.3.0rc1

v3.3.0rc2

v3.3.0rc3

v3.3.1

v3.3.2

v3.3.3

v3.4.0

v3.4.0rc1

v3.4.0rc2

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.5.0

v3.5.0rc1

v3.5.0rc2

v3.5.0rc3

v3.5.1

v3.5.10+hometown-1.0.8

v3.5.14+hometown-1.0.8

v3.5.17+hometown-1.0.8

v3.5.19+hometown-1.0.8

v3.5.2

v3.5.5+hometown-1.0.8

v4.0.10+hometown-1.1.1

v4.0.13+hometown-1.1.1

v4.0.14+hometown-1.1.1

v4.0.15+hometown-1.1.1

v4.0.2+hometown-1.1.0

v4.0.2+hometown-1.1.1

v4.0.4+hometown-1.1.1

v4.0.4+hometown-1.1.1-patch

v4.0.5+hometown-1.1.1

v4.0.6+hometown-1.1.1

v4.2.10+hometown-1.1.1

v4.2.17+hometown-1.1.2

v4.5.6+hometown-1.2.0

v4.5.7+hometown-1.2.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'eaee208667'

${ noResults }

Commit Graph

168 Commits (eaee208667c27b5dc5ca2bb3eaebed6841bdc21e)

Author	SHA1	Message	Date
Claire	5a44db38ac	Fix incorrect signature after HTTP redirect (#33757)	1 year ago
Claire	81cd489208	Fix Content-Security-Policy when using sso-redirect (#32241)	2 years ago
Renaud Chaput	3dc4ddc663	Fix search params being dropped when redirected to non-deck path (#31984)	2 years ago
Claire	a496aeabcb	Change form-action Content-Security-Policy directive to be more restrictive (#26897)	2 years ago
Matt Jankowski	7efe0bde9d	Add `have_http_link_header` matcher and set header values as strings (#31010)	2 years ago
Claire	2ec1181ee5	Fix contrast between background and form elements on some pages (#31266)	2 years ago
Matt Jankowski	85d9053b36	Move `pagination_params` into `API::BaseController` (#28845)	2 years ago
Claire	c3be5a3d2e	Remove caching in `cache_collection` (#29862)	2 years ago
Matt Jankowski	65e82211cd	Rename `cache_*` methods to `preload_*` in controller concern (#30209)	2 years ago
Matt Jankowski	1d3ecd3fba	Add `API::Pagination` concern (#28826)	2 years ago
Claire	babbf6017d	Remove caching in `cache_collection` (#29862)	2 years ago
Matt Jankowski	edde54e991	Update stoplight to version 4.1.0 (#28366)	2 years ago
Matt Jankowski	f9100743ec	Add `Api::ErrorHandling` concern for api/base controller (#29574)	2 years ago
Claire	7efc33b909	Move HTTP Signature parsing code to its own class (#28932)	2 years ago
Jasmin	13fa4f70cc	Merge security fixes of mastodon v4.0.13 (#1340) ... There were some smaller merge conflicts (e.g. in `lib/version.rb`), but all of them were of smaller nature. Due to the fact that other v4.0.* versions are also included, it's a bit bigger than the other PR for 3.5. I won't repeat the changelog here, the upgrade is the usual *git pull and restart all mastodon processes*. --------- Co-authored-by: Michael Stanclift <mx@vmstan.com> Co-authored-by: Claire <claire.github-309c@sitedethib.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com> Co-authored-by: Renaud Chaput <renchap@gmail.com> Co-authored-by: Daniel M Brasil <danielmbrasil@protonmail.com> Co-authored-by: yufushiro <62991447+yufushiro@users.noreply.github.com> Co-authored-by: Nicolai Søborg <NicolaiSoeborg@users.noreply.github.com> Co-authored-by: Essem <smswessem@gmail.com> Co-authored-by: Jakob Gillich <jakob@gillich.me> Co-authored-by: David Aaron <1858430+suddjian@users.noreply.github.com> Co-authored-by: Matt Jankowski <matt@jankowski.online>	2 years ago
Claire	a6641f828b	Merge pull request from GHSA-3fjr-858r-92rw ... * Fix insufficient origin validation * Bump version to v4.2.5	2 years ago
Claire	1726085db5	Merge pull request from GHSA-3fjr-858r-92rw ... * Fix insufficient origin validation * Bump version to 4.3.0-alpha.1	2 years ago
Claire	6fe2a47357	Add rate-limit of TOTP authentication attempts at controller level (#28801)	2 years ago
Claire	3837ec2227	Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476)	2 years ago
Eugen Rochko	b19ae521b7	Add confirmation when redirecting logged-out requests to permalink (#27792) ... Co-authored-by: Claire <claire.github-309c@sitedethib.com>	2 years ago
Claire	3593ee2e36	Add rate-limit of TOTP authentication attempts at controller level (#28801)	2 years ago
Jean Boussier	5a6d533c53	Enable Rails 7.1 Marshalling format (#28609)	2 years ago
Claire	092bb8a27a	Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476)	2 years ago
Claire	963354978a	Add `Account#unavailable?` and `Account#permanently_unavailable?` aliases (#28053)	2 years ago
Matt Jankowski	1f1c75bba5	File cleanup/organization in `controllers/concerns` (#27846)	2 years ago
Matt Jankowski	291dc04e67	Remove un-needed `action` and `template` options to `render` in controllers (#28022)	2 years ago
Matt Jankowski	d562fb8459	Specs for minimal CSP policy in `Api::` controllers (#27845)	2 years ago
Ricardo Trindade	33f8c1c5eb	Remove version check from update cache_concern.rb (#27592)	3 years ago
Claire	379115e601	Add SELF_DESTRUCT env variable to process self-destructions in the background (#26439)	3 years ago
Matt Jankowski	d4c2dca874	Fix haml-lint `InstanceVariables` rule for auth/sessions/two_factor/o… (#27372)	3 years ago
Claire	ffcf2c691e	Fix Vary headers not being set on some redirects (#27272)	3 years ago
Claire	40ba6e119b	Fix Vary headers not being set on some redirects (#27272)	3 years ago
Matt Jankowski	340f1a68be	Simplify instance presenter view access (#26046)	3 years ago
CSDUMMI	9a70cac9de	Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857)	3 years ago
Claire	09ec9c6aa5	Downgrade signature verification debug logging from `warn` to `debug` (#26812)	3 years ago
Claire	25bf640629	Add debug logging on signature verification failure (#26637)	3 years ago
Claire	8b37dd2c86	Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)	3 years ago
CSDUMMI	120f5802c0	Add direct link to the Single-Sign On provider if there is only one sign up method available (#26083)	3 years ago
Emelia Smith	e258b4cb64	Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252)	3 years ago
Matt Jankowski	2e1391fdd2	Fix `Naming/MemoizedInstanceVariableName` cop (#25928)	3 years ago
Matt Jankowski	5134fc65e2	Fix `Naming/AccessorMethodName` cop (#25924)	3 years ago
Eugen Rochko	39110d1d0a	Fix CAPTCHA page not following design pattern of sign-up flow (#25395)	3 years ago
Claire	bec6a1cad4	Add hCaptcha support (#25019)	3 years ago
Nick Schonning	d5a185d721	Autofix Rubocop Style/CaseLikeIf (#23756)	3 years ago
Matt Jankowski	668a19a2f3	Fix Performance/DeletePrefix cop (#24796)	3 years ago
Claire	b0bf6216e6	Fix /api/v1/instance/domain_blocks being unconditionally cached (#24662)	3 years ago
Claire	276c39361b	Fix anonymous visitors getting a session cookie on first visit (#24584)	3 years ago
Eugen Rochko	6084461cd0	Change unauthenticated responses to be cached in REST API (#24348)	3 years ago
Claire	58a1b2e330	Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604)	3 years ago
Eugen Rochko	e98c86050a	Refactor `Cache-Control` and `Vary` definitions (#24347)	3 years ago