mirrors
/
hometown
mirror of https://github.com/hometown-fork/hometown.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,313 Commits 10 Branches 212 Tags 286 MiB
Commit Graph

586 Commits

Author SHA1 Message Date
Darius Kazemi 23cdd0cd4f Merge tag 'v3.5.18' into hometown-1.0.8-security 2024-02-16 07:45:20 -08:00
Claire 44c265e4c7 Bump version to v3.5.18 2024-02-14 15:17:48 +01:00
Claire 69205dff9a Add `sidekiq_unique_jobs:delete_all_locks` task and disable `sidekiq-unique-jobs` UI by default (#29199) 2024-02-14 13:18:08 +01:00
Jasmin 3fd984f95c
Merge security fixes of v3.5.17 (#1341) 
_todo_

---------

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Essem <smswessem@gmail.com>
Co-authored-by: Jakob Gillich <jakob@gillich.me>
Co-authored-by: David Aaron <1858430+suddjian@users.noreply.github.com>
Co-authored-by: Matt Jankowski <matt@jankowski.online>
Co-authored-by: Jonathan de Jong <jonathandejong02@gmail.com>
 2024-02-01 10:37:20 -05:00
Claire b1ed009c65
Merge pull request from GHSA-3fjr-858r-92rw 
* Fix insufficient origin validation

* Bump version to v3.5.17
 2024-02-01 15:56:46 +01:00
Claire 35f21191ee Bump version to v3.5.16 2023-12-04 15:27:44 +01:00
Claire db59d8486b Bump version to v3.5.15 2023-10-10 13:50:10 +02:00
Darius Kazemi 1eaaff303c Merge tag 'v3.5.14' into hometown-3.5.14-merge 2023-09-19 19:30:03 -07:00
Claire 75346a71f7 Bump version to v3.5.14 2023-09-19 17:01:17 +02:00
yufushiro 0158c31c02 Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-09-19 17:01:17 +02:00
Claire 16e47e1aae Bump version to v3.5.13 2023-09-05 17:22:43 +02:00
Claire a3d31ffc1e Bump version to v3.5.12 2023-07-31 14:33:27 +02:00
Claire 80c00f4aa5 Bump version to v3.5.11 2023-07-21 16:07:24 +02:00
Darius Kazemi 6599159d48 Merge tag 'v3.5.10' into hometown-3.5.10-merge 2023-07-09 15:02:39 -07:00
Claire 687421ebbe Bump version to v3.5.10 2023-07-07 19:35:24 +02:00
Claire b10c974ba1 Bump version to v3.5.9 2023-07-06 15:08:10 +02:00
Claire 987f909994
Merge pull request from GHSA-9928-3cp5-93fm 
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
 2023-07-06 15:05:05 +02:00
Claire c02fa93c57
Merge pull request from GHSA-ccm4-vgcc-73hp 
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
 2023-07-06 15:03:33 +02:00
Daniel M Brasil 176ae71fd4 Fix `tootctl accounts approve --number N` not aproving N earliest registrations (#24605) 2023-07-06 13:46:21 +02:00
Claire 1bd831b9a9 Bump version to v3.5.8 2023-04-04 12:38:58 +02:00
Claire 40438675f8 Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327) 2023-04-04 12:38:58 +02:00
Claire 3d67a9329e Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled (#24182) 2023-04-04 12:38:58 +02:00
Claire 547634dfa6 Bump version to v3.5.7 2023-03-16 22:50:15 +01:00
Claire 708e590117 Fix sidekiq jobs not triggering Elasticsearch index updates (#24046) 2023-03-14 11:46:12 +01:00
Claire 8c8d578e38
Bump version to 3.5.6 (#23493) 2023-02-10 22:18:15 +01:00
Claire 84a40824ad
Fix sanitizer parsing link text as HTML when stripping unsupported links (#22558) (#23491) 2023-02-09 21:02:01 +01:00
Darius Kazemi 4360a50949 Fix sanitizer rule 
We don't need to add a class to every span!
 2022-12-02 17:38:01 -08:00
Darius Kazemi ca5c920a37 Swap version numbers and add identifier 
For better compatibility with third party apps and to be more in line with what other fediverse software does (including other Mastodon forks), I am changing the semver version to reflect the synchronized Mastodon version, and making the Hometown version part of the build metadata after the '+' sign. I am also adding a 'hometown' identifier to the build metadata.

Fixes #1213
 2022-12-01 18:47:21 -08:00
Darius Kazemi 73bdd71e09 Merge tag 'v3.5.5' into hometown-dev 2022-11-14 13:44:19 -08:00
Claire 696f7b3608 Bump version to 3.5.5 2022-11-14 22:26:24 +01:00
Darius Kazemi f5ffda7cf3 Merge tag 'v3.5.4' into hometown-dev 2022-11-14 11:47:27 -08:00
Claire 105ab82425 Bump version to 3.5.4 2022-11-14 20:09:16 +01:00
Pierre Bourdon 1659788de4 blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388) 
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.

Fixes #19235.
 2022-11-14 11:20:41 +01:00
Darius Kazemi 7adebd4349 Bump version 2022-11-11 16:12:45 -08:00
Darius Kazemi e311837121 Merge tag 'v3.5.3' into hometown-3.5.3-merge 2022-11-11 14:50:45 -08:00
Eugen Rochko fbcbf7898f
Bump version to 3.5.3 (#18530) 2022-05-26 23:26:15 +02:00
Eugen Rochko a9b64b24d6
Change algorithm of `tootctl search deploy` to improve performance (#18463) 2022-05-22 22:16:43 +02:00
Eugen Rochko 679b7158e3
Change search indexing to use batches to minimize resource usage (#18451) 2022-05-18 23:29:14 +02:00
Claire f714e24ff1
Fix redis configuration not being changed by mastodon:setup (#18383) 
Fixes #18342
 2022-05-09 23:19:11 +02:00
Darius Kazemi 6107040193 Updating version number 2022-05-08 14:35:26 -07:00
Darius Kazemi 2c5862ede0 Merge tag 'v3.5.2' into hometown-dev-3.5.2 2022-05-05 21:08:15 -07:00
Darius Kazemi fccd9a537c Update Hometown version 2022-05-05 20:44:23 -07:00
Darius Kazemi ac01eee575 Merge tag 'v3.5.1' into hometown-dev-3.5.1 2022-05-05 20:41:34 -07:00
Claire 014065913c
Bump version to 3.5.2 (#18295) 
* Bump version to 3.5.2

* Change some entries to be more clear

* Add some extra notes

* Fix line wrap

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
 2022-05-04 00:57:42 +02:00
Claire bc19c083ce
Add ability to set approval-based registration through tootctl (#18248) 
Fixes #18235

Add `tootctl settings registrations approved` with
optional `--require-reason` switch.
 2022-05-02 17:41:34 +02:00
Eugen Rochko 7b0fe4aef9
Fix opening and closing Redis connections instead of using a pool (#18171) 
* Fix opening and closing Redis connections instead of using a pool

* Fix Redis connections not being returned to the pool in CLI commands
 2022-04-29 22:43:07 +02:00
Gaelan Steele 74e20f22cd
Fix light-mode emoji borders. (#18131) 2022-04-29 19:23:03 +02:00
Eugen Rochko 3917353645
Fix single Redis connection being used across all threads (#18135) 
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
 2022-04-28 17:47:34 +02:00
Claire 33cd80d69c
Fix instance actor being incorrectly created when running migrations (#18109) 
* Add migration test about instance actor key

* Fix old migration

* Work around incorrect database state
 2022-04-26 21:22:09 +02:00
Eugen Rochko ed5491e5de
Bump version to 3.5.1 (#18000) 2022-04-08 21:57:24 +02:00