160c575c8b
Making the "media gallery" not show up on Articles
...
When we fetch Articles, we render images inline as intended by the Article. There is no need for a Media Gallery item.
2022-12-01 21:07:04 -08:00
73bdd71e09
Merge tag 'v3.5.5' into hometown-dev
2022-11-14 13:44:19 -08:00
696f7b3608
Bump version to 3.5.5
2022-11-14 22:26:24 +01:00
b22e1476ca
Fix nodes order being sometimes mangled when rewriting emoji ( #20677 )
...
* Fix front-end emoji tests
* Fix nodes order being sometimes mangled when rewriting emoji
2022-11-14 22:20:29 +01:00
f5ffda7cf3
Merge tag 'v3.5.4' into hometown-dev
2022-11-14 11:47:27 -08:00
105ab82425
Bump version to 3.5.4
2022-11-14 20:09:16 +01:00
2dd8f977e8
Fix emoji substitution not applying only to text nodes in backend code
...
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 11:20:41 +01:00
2db06e1d08
Fix emoji substitution not applying only to text nodes in Web UI
...
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 11:20:41 +01:00
063579373e
Fix rate limiting for paths with formats
2022-11-14 11:20:41 +01:00
1659788de4
blurhash_transcoder: prevent out-of-bound reads with <8bpp images ( #20388 )
...
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.
Fixes #19235 .
2022-11-14 11:20:41 +01:00
47eaf85f02
Fix crash when a remote Flag activity mentions a private post ( #18760 )
...
* Add tests
* Fix crash when a remote Flag activity mentions a private post
2022-11-14 11:20:41 +01:00
7adebd4349
Bump version
2022-11-11 16:12:45 -08:00
66e6c0108a
Merge pull request #1186 from therabidbanana/dh-fix-article-format
...
Updates the article formatter to strip unsafe HTML
2022-11-11 16:05:18 -08:00
e70e576ba5
Merge pull request #1193 from johnholdun/local-only-public-hashtag
...
Hide local-only posts from public tag view
2022-11-11 16:01:30 -08:00
8180eda331
Merge pull request #1194 from johnholdun/update-replies-policy
...
Support changing list replies policy from web UI
2022-11-11 15:59:50 -08:00
2d4cd4d561
Merge pull request #1195 from johnholdun/federated-dropdown-value
...
Add data-index attribute to local-only dropdown option
2022-11-11 15:59:35 -08:00
fe340a6a80
Merge pull request #1196 from johnholdun/hide-private-pinned-statuses
...
Hide follower-only pinned statuses from logged-out users
2022-11-11 15:58:37 -08:00
3f2b00542b
Fixing German localization
2022-11-11 15:47:06 -08:00
a67ac3cabd
Fixing stray "Mastodon" text
2022-11-11 15:46:54 -08:00
2427c24c47
Updating gemfile.llock to comply with 035470e
2022-11-11 15:46:26 -08:00
035470e081
Fix backend compatibility with OpenSSL 3.0 ( #18449 )
...
* Update webpush to fork with OpenSSL 3 compatibility
* Fix tests with OpenSSL 3.0
* Update webauthn gem to latest release and update dependencies
2022-11-11 14:56:24 -08:00
e311837121
Merge tag 'v3.5.3' into hometown-3.5.3-merge
2022-11-11 14:50:45 -08:00
7eedaeb007
Hide follower-only pinned statuses from logged-out users
...
Fixes #1178
2022-11-09 18:51:46 -08:00
e09c30053b
Add data-index attribute to local-only dropdown option
...
The dropdown previously relied on the fact that the falsy value in the federation dropdown had no data-index attribute. This commit changes the falsy value to false, allowing for better control with CSS.
Fixes #1185 .
2022-11-09 18:27:39 -08:00
4f7fa085cb
Support changing list replies policy from web UI
...
Modifest the arguments sent to the updateList function to properly set the new replies policy value, as well allowing for an undefined value for the exclusive setting which will result in no new value being sent to the API for that attribute--that is, it will be left unchanged unless otherwise specified.
Fixes #1191
2022-11-09 18:04:45 -08:00
6e2ed8a8f9
Hide local-only posts from public tag view
...
Fixes #1180
2022-11-09 16:34:09 -08:00
69ff67746b
Trying to be clearer what "light weight" means
2022-11-08 13:39:40 -08:00
d8f85dfcb6
Also download file
2022-10-30 22:47:10 +00:00
2f970e8bb7
Updates the formatter to be smarter
2022-10-30 22:13:45 +00:00
8527f01987
Merge pull request #1173 from garritfra/feature/update-de-translations
...
Translate Hometown-specific strings to German
2022-06-13 08:58:07 -07:00
ad9692b611
feat(l10n): translate missing german resources
2022-05-31 14:44:39 +02:00
e572a22553
feat(l10n): translate missing german frontend resources
2022-05-31 14:31:55 +02:00
fbcbf7898f
Bump version to 3.5.3 ( #18530 )
2022-05-26 23:26:15 +02:00
0a1992430d
Fix errors when rendering RSS feeds ( #18531 )
2022-05-26 23:02:42 +02:00
52f4e834f2
Fix concurrent unfollowing decrementing follower count more than once ( #18527 )
2022-05-26 22:14:47 +02:00
8a9acbe604
Fix being able to appeal a strike unlimited times ( #18529 )
...
Peculiarity of the `has_one` association is that the convenience
creation method deletes the previous association even if the new
one is invalid
2022-05-26 22:08:12 +02:00
c4d2c39a75
Fix being able to report otherwise inaccessible statuses ( #18528 )
2022-05-26 22:08:02 +02:00
1ff4877945
Fix empty votes arbitrarily increasing voters count in polls ( #18526 )
2022-05-26 22:06:10 +02:00
976cd6413e
Fix moderator leak in undo_mark_statuses_as_sensitive ( #18525 )
...
Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: 40826d <74816220+40826d@users.noreply.github.com>
2022-05-26 22:04:16 +02:00
9f81b9f29a
Fix suspended users being able to access APIs that don't require a user ( #18524 )
2022-05-26 22:04:05 +02:00
96129c2f10
Fix confirmation redirect to app without `Location` header ( #18523 )
2022-05-26 22:03:54 +02:00
3e0e7a1cfb
Fix follower and other counters being able to go negative ( #18517 )
2022-05-26 20:32:48 +02:00
702b709d9a
Add ES6 compatibility to browserslist ( #18519 )
2022-05-26 20:29:28 +02:00
d8abc0018f
Remove 3.3.x from supported versions in security policy ( #18516 )
2022-05-26 18:43:14 +02:00
088dc0ec5a
Fix regression in `tootctl search deploy` caused by unloaded attribute ( #18514 )
2022-05-26 18:05:47 +02:00
a4fa9e23fc
Change "dangerous" to "sensitive" in privacy policy and web UI ( #18515 )
...
Fix #18470
2022-05-26 17:55:05 +02:00
440eb71310
Change unapproved and unconfirmed account to not be accessible in the REST API ( #17530 )
...
* Change unapproved and unconfirmed account to not be accessible in the REST API
* Change Account#searchable? to reject unconfirmed and unapproved users
* Disable search for unapproved and unconfirmed users in Account.search_for
* Disable search for unapproved and unconfirmed users in Account.advanced_search_for
* Remove unconfirmed and unapproved accounts from Account.searchable scope
* Prevent mentions to unapproved/unconfirmed accounts
* Fix some old tests for Account.advanced_search_for
* Add some Account.advanced_search_for tests for existing behaviors
* Add some tests for Account.search_for
* Add Account.advanced_search_for tests unconfirmed and unapproved accounts
* Add Account.searchable tests
* Fix Account.without_unapproved scope potentially messing with previously-applied scopes
* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup
This is so that the API can still be used to check whether an username is free
to use.
2022-05-26 15:50:33 +02:00
86f4dba47e
Bump @babel/preset-env from 7.17.12 to 7.18.2 ( #18512 )
...
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) from 7.17.12 to 7.18.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-preset-env )
---
updated-dependencies:
- dependency-name: "@babel/preset-env"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 09:16:19 +09:00
77823333bb
Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.2 ( #18511 )
...
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime ) from 7.17.12 to 7.18.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-plugin-transform-runtime )
---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 09:06:44 +09:00
ddddd4c043
Bump immutable from 4.0.0 to 4.1.0 ( #18502 )
...
Bumps [immutable](https://github.com/immutable-js/immutable-js ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/immutable-js/immutable-js/releases )
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md )
- [Commits](https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0 )
---
updated-dependencies:
- dependency-name: immutable
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 08:41:07 +09:00
Darius Kazemi
Claire
Eugen Rochko
Pierre Bourdon
Darius Kazemi
John Holdun
David
Garrit Franke
Yamagishi Kazutoshi
dependabot[bot]