Commit Graph

12259 Commits

Author SHA1 Message Date
Darius Kazemi ca5c920a37 Swap version numbers and add identifier
For better compatibility with third party apps and to be more in line with what other fediverse software does (including other Mastodon forks), I am changing the semver version to reflect the synchronized Mastodon version, and making the Hometown version part of the build metadata after the '+' sign. I am also adding a 'hometown' identifier to the build metadata.

Fixes #1213
2022-12-01 18:47:21 -08:00
Darius Kazemi 73bdd71e09 Merge tag 'v3.5.5' into hometown-dev 2022-11-14 13:44:19 -08:00
Claire 696f7b3608 Bump version to 3.5.5 2022-11-14 22:26:24 +01:00
Claire b22e1476ca Fix nodes order being sometimes mangled when rewriting emoji (#20677)
* Fix front-end emoji tests

* Fix nodes order being sometimes mangled when rewriting emoji
2022-11-14 22:20:29 +01:00
Darius Kazemi f5ffda7cf3 Merge tag 'v3.5.4' into hometown-dev 2022-11-14 11:47:27 -08:00
Claire 105ab82425 Bump version to 3.5.4 2022-11-14 20:09:16 +01:00
Claire 2dd8f977e8 Fix emoji substitution not applying only to text nodes in backend code
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 11:20:41 +01:00
Claire 2db06e1d08 Fix emoji substitution not applying only to text nodes in Web UI
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 11:20:41 +01:00
Eugen Rochko 063579373e Fix rate limiting for paths with formats 2022-11-14 11:20:41 +01:00
Pierre Bourdon 1659788de4 blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388)
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.

Fixes #19235.
2022-11-14 11:20:41 +01:00
Claire 47eaf85f02 Fix crash when a remote Flag activity mentions a private post (#18760)
* Add tests

* Fix crash when a remote Flag activity mentions a private post
2022-11-14 11:20:41 +01:00
Darius Kazemi 7adebd4349 Bump version 2022-11-11 16:12:45 -08:00
Darius Kazemi 66e6c0108a
Merge pull request #1186 from therabidbanana/dh-fix-article-format
Updates the article formatter to strip unsafe HTML
2022-11-11 16:05:18 -08:00
Darius Kazemi e70e576ba5
Merge pull request #1193 from johnholdun/local-only-public-hashtag
Hide local-only posts from public tag view
2022-11-11 16:01:30 -08:00
Darius Kazemi 8180eda331
Merge pull request #1194 from johnholdun/update-replies-policy
Support changing list replies policy from web UI
2022-11-11 15:59:50 -08:00
Darius Kazemi 2d4cd4d561
Merge pull request #1195 from johnholdun/federated-dropdown-value
Add data-index attribute to local-only dropdown option
2022-11-11 15:59:35 -08:00
Darius Kazemi fe340a6a80
Merge pull request #1196 from johnholdun/hide-private-pinned-statuses
Hide follower-only pinned statuses from logged-out users
2022-11-11 15:58:37 -08:00
Darius Kazemi 3f2b00542b Fixing German localization 2022-11-11 15:47:06 -08:00
Darius Kazemi a67ac3cabd Fixing stray "Mastodon" text 2022-11-11 15:46:54 -08:00
Darius Kazemi 2427c24c47 Updating gemfile.llock to comply with 035470e 2022-11-11 15:46:26 -08:00
Claire 035470e081 Fix backend compatibility with OpenSSL 3.0 (#18449)
* Update webpush to fork with OpenSSL 3 compatibility

* Fix tests with OpenSSL 3.0

* Update webauthn gem to latest release and update dependencies
2022-11-11 14:56:24 -08:00
Darius Kazemi e311837121 Merge tag 'v3.5.3' into hometown-3.5.3-merge 2022-11-11 14:50:45 -08:00
John Holdun 7eedaeb007 Hide follower-only pinned statuses from logged-out users
Fixes #1178
2022-11-09 18:51:46 -08:00
John Holdun e09c30053b Add data-index attribute to local-only dropdown option
The dropdown previously relied on the fact that the falsy value in the federation dropdown had no data-index attribute. This commit changes the falsy value to false, allowing for better control with CSS.

Fixes #1185.
2022-11-09 18:27:39 -08:00
John Holdun 4f7fa085cb Support changing list replies policy from web UI
Modifest the arguments sent to the updateList function to properly set the new replies policy value, as well allowing for an undefined value for the exclusive setting which will result in no new value being sent to the API for that attribute--that is, it will be left unchanged unless otherwise specified.

Fixes #1191
2022-11-09 18:04:45 -08:00
John Holdun 6e2ed8a8f9 Hide local-only posts from public tag view
Fixes #1180
2022-11-09 16:34:09 -08:00
Darius Kazemi 69ff67746b
Trying to be clearer what "light weight" means 2022-11-08 13:39:40 -08:00
David d8f85dfcb6 Also download file 2022-10-30 22:47:10 +00:00
David 2f970e8bb7 Updates the formatter to be smarter 2022-10-30 22:13:45 +00:00
Darius Kazemi 8527f01987
Merge pull request #1173 from garritfra/feature/update-de-translations
Translate Hometown-specific strings to German
2022-06-13 08:58:07 -07:00
Garrit Franke ad9692b611
feat(l10n): translate missing german resources 2022-05-31 14:44:39 +02:00
Garrit Franke e572a22553
feat(l10n): translate missing german frontend resources 2022-05-31 14:31:55 +02:00
Eugen Rochko fbcbf7898f
Bump version to 3.5.3 (#18530) 2022-05-26 23:26:15 +02:00
Eugen Rochko 0a1992430d
Fix errors when rendering RSS feeds (#18531) 2022-05-26 23:02:42 +02:00
Eugen Rochko 52f4e834f2
Fix concurrent unfollowing decrementing follower count more than once (#18527) 2022-05-26 22:14:47 +02:00
Eugen Rochko 8a9acbe604
Fix being able to appeal a strike unlimited times (#18529)
Peculiarity of the `has_one` association is that the convenience
creation method deletes the previous association even if the new
one is invalid
2022-05-26 22:08:12 +02:00
Eugen Rochko c4d2c39a75
Fix being able to report otherwise inaccessible statuses (#18528) 2022-05-26 22:08:02 +02:00
Eugen Rochko 1ff4877945
Fix empty votes arbitrarily increasing voters count in polls (#18526) 2022-05-26 22:06:10 +02:00
Eugen Rochko 976cd6413e
Fix moderator leak in undo_mark_statuses_as_sensitive (#18525)
Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>

Co-authored-by: 40826d <74816220+40826d@users.noreply.github.com>
2022-05-26 22:04:16 +02:00
Eugen Rochko 9f81b9f29a
Fix suspended users being able to access APIs that don't require a user (#18524) 2022-05-26 22:04:05 +02:00
Eugen Rochko 96129c2f10
Fix confirmation redirect to app without `Location` header (#18523) 2022-05-26 22:03:54 +02:00
Eugen Rochko 3e0e7a1cfb
Fix follower and other counters being able to go negative (#18517) 2022-05-26 20:32:48 +02:00
Yamagishi Kazutoshi 702b709d9a
Add ES6 compatibility to browserslist (#18519) 2022-05-26 20:29:28 +02:00
Eugen Rochko d8abc0018f
Remove 3.3.x from supported versions in security policy (#18516) 2022-05-26 18:43:14 +02:00
Eugen Rochko 088dc0ec5a
Fix regression in `tootctl search deploy` caused by unloaded attribute (#18514) 2022-05-26 18:05:47 +02:00
Eugen Rochko a4fa9e23fc
Change "dangerous" to "sensitive" in privacy policy and web UI (#18515)
Fix #18470
2022-05-26 17:55:05 +02:00
Claire 440eb71310
Change unapproved and unconfirmed account to not be accessible in the REST API (#17530)
* Change unapproved and unconfirmed account to not be accessible in the REST API

* Change Account#searchable? to reject unconfirmed and unapproved users

* Disable search for unapproved and unconfirmed users in Account.search_for

* Disable search for unapproved and unconfirmed users in Account.advanced_search_for

* Remove unconfirmed and unapproved accounts from Account.searchable scope

* Prevent mentions to unapproved/unconfirmed accounts

* Fix some old tests for Account.advanced_search_for

* Add some Account.advanced_search_for tests for existing behaviors

* Add some tests for Account.search_for

* Add Account.advanced_search_for tests unconfirmed and unapproved accounts

* Add Account.searchable tests

* Fix Account.without_unapproved scope potentially messing with previously-applied scopes

* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup

This is so that the API can still be used to check whether an username is free
to use.
2022-05-26 15:50:33 +02:00
dependabot[bot] 86f4dba47e
Bump @babel/preset-env from 7.17.12 to 7.18.2 (#18512)
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.12 to 7.18.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 09:16:19 +09:00
dependabot[bot] 77823333bb
Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.2 (#18511)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 09:06:44 +09:00
dependabot[bot] ddddd4c043
Bump immutable from 4.0.0 to 4.1.0 (#18502)
Bumps [immutable](https://github.com/immutable-js/immutable-js) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: immutable
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 08:41:07 +09:00