42afd30324 
								
							 
						 
						
							
							
								
								Replace Sprockets with Propshaft ( #28239 )  
							
							
							
						 
						
							2023-12-06 10:19:24 +00:00  
				
					
						
							
							
								 
						
							
								a8473f582d 
								
							 
						 
						
							
							
								
								Add zeitwerk inflector for cli->CLI ( #27635 )  
							
							
							
						 
						
							2023-11-30 13:55:20 +00:00  
				
					
						
							
							
								 
						
							
								85662a5a57 
								
							 
						 
						
							
							
								
								Change `img-src` and `media-src` CSP directives to not include `https:` ( #28025 )  
							
							
							
						 
						
							2023-11-30 13:47:01 +00:00  
				
					
						
							
							
								 
						
							
								31bef99b9e 
								
							 
						 
						
							
							
								
								Move lib/mastodon/premailer_webpack_strategy to lib/ ( #27636 )  
							
							
							
						 
						
							2023-11-29 10:08:55 +00:00  
				
					
						
							
							
								 
						
							
								9429e30d75 
								
							 
						 
						
							
							
								
								Disable sidekiq unique jobs in test env ( #27737 )  
							
							
							
						 
						
							2023-11-09 16:19:04 +00:00  
				
					
						
							
							
								 
						
							
								c875dfc90b 
								
							 
						 
						
							
							
								
								Fix `Lint/UnusedBlockArgument` cop ( #27777 )  
							
							
							
						 
						
							2023-11-09 09:43:26 +00:00  
				
					
						
							
							
								 
						
							
								33cc3ae8fa 
								
							 
						 
						
							
							
								
								Fix `Style/StabbyLambdaParentheses` cop ( #27771 )  
							
							
							
						 
						
							2023-11-08 12:01:18 +00:00  
				
					
						
							
							
								 
						
							
								02d27de5ce 
								
							 
						 
						
							
							
								
								Move i18n locale configuration to separate initializer ( #27571 )  
							
							
							
						 
						
							2023-11-07 15:22:14 +00:00  
				
					
						
							
							
								 
						
							
								d6f50839e1 
								
							 
						 
						
							
							
								
								Fix `RSpec/SpecFilePathFormat` cops ( #27730 )  
							
							
							
						 
						
							2023-11-06 16:25:40 +00:00  
				
					
						
							
							
								 
						
							
								7ef56d6e50 
								
							 
						 
						
							
							
								
								Move json_ld context loaders to `config/initializers` ( #27590 )  
							
							
							
						 
						
							2023-10-31 15:21:23 +00:00  
				
					
						
							
							
								 
						
							
								3107a9410c 
								
							 
						 
						
							
							
								
								Silence deprecation warning about secrets/credentials with Devise patch ( #27578 )  
							
							
							
						 
						
							2023-10-31 11:10:15 +00:00  
				
					
						
							
							
								 
						
							
								eae5c7334a 
								
							 
						 
						
							
							
								
								Extract class from CSP configuration/initialization ( #26905 )  
							
							
							
						 
						
							2023-10-27 16:20:40 +00:00  
				
					
						
							
							
								 
						
							
								4aa05d45fc 
								
							 
						 
						
							
							
								
								Capture minimum postgres version 12 ( #27528 )  
							
							
							
						 
						
							2023-10-26 20:35:15 +00:00  
				
					
						
							
							
								 
						
							
								9a3d047f3e 
								
							 
						 
						
							
							
								
								Run `bin/rails app:update` with Rails 7.1 ( #27522 )  
							
							
							
						 
						
							2023-10-25 13:56:09 +00:00  
				
					
						
							
							
								 
						
							
								379115e601 
								
							 
						 
						
							
							
								
								Add SELF_DESTRUCT env variable to process self-destructions in the background ( #26439 )  
							
							
							
						 
						
							2023-10-23 15:46:21 +00:00  
				
					
						
							
							
								 
						
							
								c3e0eb3699 
								
							 
						 
						
							
							
								
								Change Content-Security-Policy to be tighter on media paths ( #26889 )  
							
							
							
						 
						
							2023-10-23 14:27:07 +02:00  
				
					
						
							
							
								 
						
							
								bcd0171e5e 
								
							 
						 
						
							
							
								
								Fix `Lint/UselessAssignment` cop ( #27472 )  
							
							
							
						 
						
							2023-10-19 16:55:06 +02:00  
				
					
						
							
							
								 
						
							
								23f8e93c64 
								
							 
						 
						
							
							
								
								Fixes   #23135  - Allow cross origin request for /nodeinfo/2.0 API ( #27413 )  
							
							
							
						 
						
							2023-10-16 13:39:25 +02:00  
				
					
						
							
							
								 
						
							
								e0da64bb4e 
								
							 
						 
						
							
							
								
								Fix empty ENV variables not using default nil value ( #27400 )  
							
							
							
						 
						
							2023-10-13 19:00:53 +02:00  
				
					
						
							
							
								 
						
							
								85db392464 
								
							 
						 
						
							
							
								
								Autofix Rubocop cops for config/ ( #24145 )  
							
							
							
						 
						
							2023-10-03 15:24:12 +02:00  
				
					
						
							
							
								 
						
							
								56c0babc0b 
								
							 
						 
						
							
							
								
								Fix rubocop `Layout/ArgumentAlignment` cop ( #26060 )  
							
							
							
						 
						
							2023-09-28 15:48:47 +02:00  
				
					
						
							
							
								 
						
							
								8acc75435b 
								
							 
						 
						
							
							
								
								Change S3 checksum mode to be disabled by default ( #27007 )  
							
							
							
						 
						
							2023-09-21 14:00:51 +02:00  
				
					
						
							
							
								 
						
							
								a04ae16201 
								
							 
						 
						
							
							
								
								Fix CSP when using `ONE_CLICK_SSO_LOGIN` ( #26901 )  
							
							
							
						 
						
							2023-09-13 19:54:04 +02:00  
				
					
						
							
							
								 
						
							
								9a70cac9de 
								
							 
						 
						
							
							
								
								Fix   #26849  by adding the domain of the current SSO provider to the form-action CSP ( #26857 )  
							
							
							
						 
						
							2023-09-12 13:04:51 +02:00  
				
					
						
							
							
								 
						
							
								ea31929776 
								
							 
						 
						
							
							
								
								Fix invalid Content-Type header for WebP images ( #26773 )  
							
							
							
						 
						
							2023-09-04 09:46:33 +02:00  
				
					
						
							
							
								 
						
							
								9e26cd5503 
								
							 
						 
						
							
							
								
								Add `authorized_fetch` server setting in addition to env var ( #25798 )  
							
							
							
						 
						
							2023-09-01 15:41:10 +02:00  
				
					
						
							
							
								 
						
							
								286a21afdc 
								
							 
						 
						
							
							
								
								Support webpacker live-reloading on Docker ( #26419 )  
							
							
							
						 
						
							2023-08-29 10:17:57 +02:00  
				
					
						
							
							
								 
						
							
								b95867ad1f 
								
							 
						 
						
							
							
								
								Allow setting a custom HTTP method in CacheBuster ( #26528 )  
							
							... 
							
							
							
							Co-authored-by: Jorijn Schrijvershof <jorijn@jorijn.com> 
							
						 
						
							2023-08-18 08:18:40 +02:00  
				
					
						
							
							
								 
						
							
								dd049fc37a 
								
							 
						 
						
							
							
								
								Fix ES_PRESET not being applied to Chewy's internal index ( #26489 )  
							
							
							
						 
						
							2023-08-14 19:00:56 +02:00  
				
					
						
							
							
								 
						
							
								f5778caa3a 
								
							 
						 
						
							
							
								
								Add `ES_PRESET` option to customize numbers of shards and replicas ( #26483 )  
							
							... 
							
							
							
							Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> 
							
						 
						
							2023-08-14 17:46:16 +02:00  
				
					
						
							
							
								 
						
							
								4bc0dd751c 
								
							 
						 
						
							
							
								
								Add `S3_DISABLE_CHECKSUM_MODE` environment variable for compatibility with some S3-compatible providers ( #26435 )  
							
							
							
						 
						
							2023-08-10 14:15:18 +02:00  
				
					
						
							
							
								 
						
							
								12c43e4ab5 
								
							 
						 
						
							
							
								
								Re-add StatsD support through the `nsa` gem ( #26310 )  
							
							
							
						 
						
							2023-08-03 20:28:14 +02:00  
				
					
						
							
							
								 
						
							
								e258b4cb64 
								
							 
						 
						
							
							
								
								Refactor: replace whitelist_mode mentions with limited_federation_mode ( #26252 )  
							
							
							
						 
						
							2023-08-02 19:32:48 +02:00  
				
					
						
							
							
								 
						
							
								ad81be6c8e 
								
							 
						 
						
							
							
								
								Update rubocop rules for linelength ( #26190 )  
							
							
							
						 
						
							2023-07-28 23:11:45 +02:00  
				
					
						
							
							
								 
						
							
								bada7a65aa 
								
							 
						 
						
							
							
								
								Ignore long line in regex initializer ( #26182 )  
							
							
							
						 
						
							2023-07-26 09:45:27 +02:00  
				
					
						
							
							
								 
						
							
								e5f1000ad1 
								
							 
						 
						
							
							
								
								Fix CSP headers being unintendedly wide ( #26105 )  
							
							
							
						 
						
							2023-07-21 13:34:15 +02:00  
				
					
						
							
							
								 
						
							
								934c7b33d1 
								
							 
						 
						
							
							
								
								Change default KeyGenerator digest to SHA1 to fix cookies in rolling upgrades ( #26023 )  
							
							
							
						 
						
							2023-07-21 13:17:43 +02:00  
				
					
						
							
							
								 
						
							
								b848ba3867 
								
							 
						 
						
							
							
								
								Paperclip: add support for Azure blob storage ( #23607 )  
							
							
							
						 
						
							2023-07-19 09:02:49 +02:00  
				
					
						
							
							
								 
						
							
								ce43ed144c 
								
							 
						 
						
							
							
								
								Rails 7.0 update ( #25668 )  
							
							
							
						 
						
							2023-07-13 09:36:07 +02:00  
				
					
						
							
							
								 
						
							
								2e1391fdd2 
								
							 
						 
						
							
							
								
								Fix `Naming/MemoizedInstanceVariableName` cop ( #25928 )  
							
							
							
						 
						
							2023-07-12 10:08:51 +02:00  
				
					
						
							
							
								 
						
							
								1d557305d2 
								
							 
						 
						
							
							
								
								Enable Rubocop Style/FrozenStringLiteralComment ( #23793 )  
							
							
							
						 
						
							2023-07-12 09:47:08 +02:00  
				
					
						
							
							
								 
						
							
								e4cfe4b3db 
								
							 
						 
						
							
							
								
								First pass at multi-database for read replica using Rails native adapter ( #25693 )  
							
							... 
							
							
							
							Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com> 
							
						 
						
							2023-07-08 19:45:36 +02:00  
				
					
						
							
							
								 
						
							
								dc8f1fbd97 
								
							 
						 
						
							
							
								
								Merge pull request from GHSA-9928-3cp5-93fm  
							
							... 
							
							
							
							* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged 
							
						 
						
							2023-07-06 15:05:05 +02:00  
				
					
						
							
							
								 
						
							
								ba06a2f104 
								
							 
						 
						
							
							
								
								Revert "Rails 7 update" ( #25667 )  
							
							
							
						 
						
							2023-07-02 11:14:22 +02:00  
				
					
						
							
							
								 
						
							
								50c2a03695 
								
							 
						 
						
							
							
								
								Rails 7 update ( #24241 )  
							
							
							
						 
						
							2023-07-02 10:38:53 +02:00  
				
					
						
							
							
								 
						
							
								f378f10404 
								
							 
						 
						
							
							
								
								Fix compatibility of recent migration with PostgreSQL 10 ( #25324 )  
							
							
							
						 
						
							2023-06-07 01:53:50 +02:00  
				
					
						
							
							
								 
						
							
								c66250abf1 
								
							 
						 
						
							
							
								
								Autofix Rubocop Regex Style rules ( #23690 )  
							
							... 
							
							
							
							Co-authored-by: Claire <claire.github-309c@sitedethib.com> 
							
						 
						
							2023-06-06 14:50:51 +02:00  
				
					
						
							
							
								 
						
							
								e428670e61 
								
							 
						 
						
							
							
								
								Fix CSP headers when S3_ALIAS_HOST includes a path component ( #25273 )  
							
							
							
						 
						
							2023-06-05 17:35:05 +02:00  
				
					
						
							
							
								 
						
							
								e49819142f 
								
							 
						 
						
							
							
								
								Remove unmaintained `nsa` gem ( #25265 )  
							
							
							
						 
						
							2023-06-05 01:57:05 +02:00  
				
					
						
							
							
								 
						
							
								94329f28e1 
								
							 
						 
						
							
							
								
								Change wording of “Content cache retention period” setting to highlight destructive implications ( #23261 )  
							
							
							
						 
						
							2023-06-02 18:09:08 +02:00  
				
					
						
							
							
								 
						
							
								942d850b0a 
								
							 
						 
						
							
							
								
								Allow carets in URL search params ( #25216 )  
							
							
							
						 
						
							2023-06-01 12:14:49 +02:00  
				
					
						
							
							
								 
						
							
								c0b9664a31 
								
							 
						 
						
							
							
								
								Autofix Rubocop spacing in config ( #25022 )  
							
							
							
						 
						
							2023-05-22 13:17:56 +02:00  
				
					
						
							
							
								 
						
							
								cee4369cf5 
								
							 
						 
						
							
							
								
								Autofix Rubocop Lint/AmbiguousOperatorPrecedence ( #25002 )  
							
							
							
						 
						
							2023-05-16 10:51:59 +02:00  
				
					
						
							
							
								 
						
							
								d9a958fcf7 
								
							 
						 
						
							
							
								
								Fix Performance/RedundantMerge cop ( #24817 )  
							
							
							
						 
						
							2023-05-04 05:25:43 +02:00  
				
					
						
							
							
								 
						
							
								d902a707a3 
								
							 
						 
						
							
							
								
								Fix Rails/CompactBlank cop ( #24690 )  
							
							
							
						 
						
							2023-04-30 14:07:21 +02:00  
				
					
						
							
							
								 
						
							
								5a2aa06a51 
								
							 
						 
						
							
							
								
								Fix Rails/Present cop ( #24688 )  
							
							
							
						 
						
							2023-04-30 06:47:50 +02:00  
				
					
						
							
							
								 
						
							
								49fad26eca 
								
							 
						 
						
							
							
								
								Drop EOL Ruby 2.7 ( #24237 )  
							
							
							
						 
						
							2023-04-27 01:46:18 +02:00  
				
					
						
							
							
								 
						
							
								4687967176 
								
							 
						 
						
							
							
								
								Autofix Rubocop Style/NumericLiterals ( #24468 )  
							
							
							
						 
						
							2023-04-23 22:30:07 +02:00  
				
					
						
							
							
								 
						
							
								5c499f54e3 
								
							 
						 
						
							
							
								
								Change root Chewy strategy to emit a warning instead of erroring out in production mode ( #24327 )  
							
							
							
						 
						
							2023-04-03 15:05:39 +02:00  
				
					
						
							
							
								 
						
							
								500d6f93be 
								
							 
						 
						
							
							
								
								Autofix Rubocop Style/IdenticalConditionalBranches ( #24322 )  
							
							
							
						 
						
							2023-03-31 09:33:52 +02:00  
				
					
						
							
							
								 
						
							
								a9b5598c97 
								
							 
						 
						
							
							
								
								Change user settings to be stored in a more optimal way ( #23630 )  
							
							... 
							
							
							
							Co-authored-by: Claire <claire.github-309c@sitedethib.com> 
							
						 
						
							2023-03-30 14:44:00 +02:00  
				
					
						
							
							
								 
						
							
								e084b5b82d 
								
							 
						 
						
							
							
								
								Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ( #24200 )  
							
							
							
						 
						
							2023-03-27 17:07:37 +02:00  
				
					
						
							
							
								 
						
							
								f432db7b9f 
								
							 
						 
						
							
							
								
								Fix sidekiq jobs not triggering Elasticsearch index updates ( #24046 )  
							
							
							
						 
						
							2023-03-12 23:47:55 +01:00  
				
					
						
							
							
								 
						
							
								922837dc96 
								
							 
						 
						
							
							
								
								Upgrade to latest redis-rb 4.x and fix deprecations ( #23616 )  
							
							... 
							
							
							
							Co-authored-by: Jean Boussier <jean.boussier@gmail.com> 
							
						 
						
							2023-03-04 16:38:28 +01:00  
				
					
						
							
							
								 
						
							
								de137e6bb0 
								
							 
						 
						
							
							
								
								Added support for specifying S3 storage classes in environment ( #22480 )  
							
							
							
						 
						
							2023-03-03 20:53:37 +01:00  
				
					
						
							
							
								 
						
							
								c6ef56fd5e 
								
							 
						 
						
							
							
								
								Change rate limits to 1,500/5m per user, 300/5m per app ( #23347 )  
							
							
							
						 
						
							2023-02-02 00:07:49 +01:00  
				
					
						
							
							
								 
						
							
								596923da4a 
								
							 
						 
						
							
							
								
								Fix typos in source documentation ( #21046 )  
							
							... 
							
							
							
							Fixed 2 source comment/documentation typos 
							
						 
						
							2022-12-15 15:57:26 +01:00  
				
					
						
							
							
								 
						
							
								d587a268fd 
								
							 
						 
						
							
							
								
								Add logging for Rails cache timeouts ( #21667 )  
							
							... 
							
							
							
							* Reduce redis cache store connect timeout from default 20 seconds to 5 seconds
* Log cache store errors 
							
						 
						
							2022-11-27 20:37:37 +01:00  
				
					
						
							
							
								 
						
							
								7955d4b959 
								
							 
						 
						
							
							
								
								Add form-action CSP directive ( #20781 )  
							
							
							
						 
						
							2022-11-17 10:55:03 +01:00  
				
					
						
							
							
								 
						
							
								a2931d19ae 
								
							 
						 
						
							
							
								
								Add missing admin scopes ( fix   #20892 ) ( #20918 )  
							
							
							
						 
						
							2022-11-17 10:50:21 +01:00  
				
					
						
							
							
								 
						
							
								43b0b2f3f4 
								
							 
						 
						
							
							
								
								Fix wrong directive `unsafe-wasm-eval` to `wasm-unsafe-eval` ( #20729 )  
							
							
							
						 
						
							2022-11-15 03:39:06 +01:00  
				
					
						
							
							
								 
						
							
								b46b7c3d5e 
								
							 
						 
						
							
							
								
								Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP ( #20606 )  
							
							... 
							
							
							
							* Add "unsafe-eval" to script-src CSP
* Use 'unsafe-wasm-eval' instead of 'unsafe-eval' 
							
						 
						
							2022-11-15 03:22:38 +01:00  
				
					
						
							
							
								 
						
							
								21fd25a269 
								
							 
						 
						
							
							
								
								Fix rate limiting for paths with formats ( #20675 )  
							
							
							
						 
						
							2022-11-14 20:26:31 +01:00  
				
					
						
							
							
								 
						
							
								9d039209cc 
								
							 
						 
						
							
							
								
								Add `Cache-Control` header to openstack-stored files ( #20610 )  
							
							... 
							
							
							
							When storing files in S3, paperclip is configured with a Cache-Control header
indicating the file is immutable, however no such header was added when using
OpenStack storage.
Luckily Paperclip's fog integration makes this trivial, with a simple
`fog_file` `Cache-Control` default doing the trick. 
							
						 
						
							2022-11-14 05:26:49 +01:00  
				
					
						
							
							
								 
						
							
								290d78cea4 
								
							 
						 
						
							
							
								
								Allow unsetting x-amz-acl S3 Permission headers ( #20510 )  
							
							... 
							
							
							
							Some "S3 Compatible" storage providers (Cloudflare R2 is one such example) don't support setting ACLs on individual uploads with the `x-amz-acl` header, and instead just have a visibility for the whole bucket. To support uploads to such providers without getting unsupported errors back, lets use a black `S3_PERMISSION` env var to indicate that these headers shouldn't be sent.
This is tested as working with Cloudflare R2. 
							
						 
						
							2022-11-13 06:57:10 +01:00  
				
					
						
							
							
								 
						
							
								aafbc82d88 
								
							 
						 
						
							
							
								
								Add "unsafe-eval" to script-src CSP ( #18817 )  
							
							
							
						 
						
							2022-10-26 19:23:16 +02:00  
				
					
						
							
							
								 
						
							
								bf0ab3e0fa 
								
							 
						 
						
							
							
								
								Fix vacuum scheduler missing lock, locks never expiring ( #19458 )  
							
							... 
							
							
							
							Remove vacuuming of orphaned preview cards 
							
						 
						
							2022-10-26 12:10:48 +02:00  
				
					
						
							
							
								 
						
							
								0d6b878808 
								
							 
						 
						
							
							
								
								Add user content translations with configurable backends ( #19218 )  
							
							
							
						 
						
							2022-09-23 23:00:12 +02:00  
				
					
						
							
							
								 
						
							
								546672e292 
								
							 
						 
						
							
							
								
								Change "Allow trends without prior review" setting to include statuses ( #17977 )  
							
							... 
							
							
							
							* Change "Allow trends without prior review" setting to include posts
* Fix i18n-tasks 
							
						 
						
							2022-08-28 04:00:39 +02:00  
				
					
						
							
							
								 
						
							
								861b35dd54 
								
							 
						 
						
							
							
								
								Support "http_hidden_proxy" ENV var for hidden service only proxy ( #18427 )  
							
							... 
							
							
							
							* Support "http_hidden_proxy" ENV var for hidden service only proxy
* Fallback to http_proxy if http_hidden_proxy is not set 
							
						 
						
							2022-08-25 04:41:14 +02:00  
				
					
						
							
							
								 
						
							
								e7aa2be828 
								
							 
						 
						
							
							
								
								Change how hashtags are normalized ( #18795 )  
							
							... 
							
							
							
							* Change how hashtags are normalized
* Fix tests 
							
						 
						
							2022-07-13 15:03:28 +02:00  
				
					
						
							
							
								 
						
							
								ae4f068a84 
								
							 
						 
						
							
							
								
								Fix CAS_DISPLAY_NAME, SAML_DISPLAY_NAME and OIDC_DISPLAY_NAME being ignored ( #18568 )  
							
							
							
						 
						
							2022-06-01 19:22:55 +02:00  
				
					
						
							
							
								 
						
							
								96129c2f10 
								
							 
						 
						
							
							
								
								Fix confirmation redirect to app without `Location` header ( #18523 )  
							
							
							
						 
						
							2022-05-26 22:03:54 +02:00  
				
					
						
							
							
								 
						
							
								679b7158e3 
								
							 
						 
						
							
							
								
								Change search indexing to use batches to minimize resource usage ( #18451 )  
							
							
							
						 
						
							2022-05-18 23:29:14 +02:00  
				
					
						
							
							
								 
						
							
								7b0fe4aef9 
								
							 
						 
						
							
							
								
								Fix opening and closing Redis connections instead of using a pool ( #18171 )  
							
							... 
							
							
							
							* Fix opening and closing Redis connections instead of using a pool
* Fix Redis connections not being returned to the pool in CLI commands 
							
						 
						
							2022-04-29 22:43:07 +02:00  
				
					
						
							
							
								 
						
							
								8284110c55 
								
							 
						 
						
							
							
								
								Fix stoplight not using REDIS_NAMESPACE ( #18160 )  
							
							
							
						 
						
							2022-04-28 18:11:31 +02:00  
				
					
						
							
							
								 
						
							
								3917353645 
								
							 
						 
						
							
							
								
								Fix single Redis connection being used across all threads ( #18135 )  
							
							... 
							
							
							
							* Fix single Redis connection being used across all Sidekiq threads
* Fix tests 
							
						 
						
							2022-04-28 17:47:34 +02:00  
				
					
						
							
							
								 
						
							
								6e418bf346 
								
							 
						 
						
							
							
								
								Fix cookies secure flag being set when served over Tor ( #17992 )  
							
							
							
						 
						
							2022-04-08 12:47:18 +02:00  
				
					
						
							
							
								 
						
							
								39b489ba4c 
								
							 
						 
						
							
							
								
								fix: `s3_force_single_request` not parsed ( #17922 )  
							
							
							
						 
						
							2022-04-01 23:56:23 +02:00  
				
					
						
							
							
								 
						
							
								cefa526c6d 
								
							 
						 
						
							
							
								
								Refactor formatter ( #17828 )  
							
							... 
							
							
							
							* Refactor formatter
* Move custom emoji pre-rendering logic to view helpers
* Move more methods out of Formatter
* Fix code style issues
* Remove Formatter
* Add inline poll options to RSS feeds
* Remove unused helper method
* Fix code style issues
* Various fixes and improvements
* Fix test 
							
						 
						
							2022-03-26 02:53:34 +01:00  
				
					
						
							
							
								 
						
							
								895212bb2f 
								
							 
						 
						
							
							
								
								Fix PgHero suggesting migrations ( #17807 )  
							
							... 
							
							
							
							* Fix PgHero suggesting migrations
Fixes  #17768 
* Keep migration suggestions in development env 
							
						 
						
							2022-03-15 20:27:49 +01:00  
				
					
						
							
							
								 
						
							
								eb9a7e3626 
								
							 
						 
						
							
							
								
								Fix LetterOpennerWeb CSP ( #17770 )  
							
							
							
						 
						
							2022-03-14 19:20:40 +01:00  
				
					
						
							
							
								 
						
							
								46ad7fea9d 
								
							 
						 
						
							
							
								
								Bump rack-attack from 6.5.0 to 6.6.0 ( #17405 )  
							
							... 
							
							
							
							* Bump rack-attack from 6.5.0 to 6.6.0
Bumps [rack-attack](https://github.com/rack/rack-attack ) from 6.5.0 to 6.6.0.
- [Release notes](https://github.com/rack/rack-attack/releases )
- [Changelog](https://github.com/rack/rack-attack/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rack/rack-attack/compare/v6.5.0...v6.6.0 )
---
updated-dependencies:
- dependency-name: rack-attack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Fix usage of deprecated API
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> 
							
						 
						
							2022-03-12 09:23:53 +01:00  
				
					
						
							
							
								 
						
							
								a6ed6845c9 
								
							 
						 
						
							
							
								
								Allow login through OpenID Connect ( #16221 )  
							
							... 
							
							
							
							* added OpenID Connect as an SSO option
* minor fixes
* added comments, removed an option that shouldn't be set
* fixed Gemfile.lock
* added newline to end of Gemfile.lock
* removed tab from Gemfile.lock
* remove chomp
* codeclimate changes and small name change to make function's purpose clearer
* codeclimate fix
* added SSO buttons to /about page
* minor refactor
* minor style change
* removed spurious change
* removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth
* minor changes 
							
						 
						
							2022-03-09 12:07:35 +01:00  
				
					
						
							
							
								 
						
							
								b5329e0035 
								
							 
						 
						
							
							
								
								Spelling ( #17705 )  
							
							... 
							
							
							
							* spelling: account
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: affiliated
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: appearance
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: autosuggest
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: cacheable
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: component
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: conversations
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: domain.example
Clarify what's distinct and use RFC friendly domain space.
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: environment
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: exceeds
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: functional
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: inefficiency
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: not
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: notifications
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: occurring
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: position
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: progress
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: promotable
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: reblogging
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: repetitive
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: resolve
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: saturated
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: similar
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: strategies
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: targeting
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: thumbnails
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: unauthorized
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: unsensitizes
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: validations
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: various
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com> 
							
						 
						
							2022-03-06 22:51:40 +01:00  
				
					
						
							
							
								 
						
							
								73f5e4a1d9 
								
							 
						 
						
							
							
								
								Fix various typos ( #17621 )  
							
							... 
							
							
							
							Found via `codespell -q 3 -S ./CHANGELOG.md,./AUTHORS.md,./config/locales,./app/javascript/mastodon/locales -L ba,keypair,medias,ro` 
							
						 
						
							2022-02-22 20:14:17 +01:00  
				
					
						
							
							
								 
						
							
								8603a07504 
								
							 
						 
						
							
							
								
								Fix error when trying to register ( #17600 )  
							
							
							
						 
						
							2022-02-21 14:55:38 +01:00  
				
					
						
							
							
								 
						
							
								f9e7f2e409 
								
							 
						 
						
							
							
								
								Avoid return within block ( #17590 )  
							
							... 
							
							
							
							This prevents the error: LocalJumpError (unexpected return) 
							
						 
						
							2022-02-18 20:21:21 +01:00  
				
					
						
							
							
								 
						
							
								1de2e3f980 
								
							 
						 
						
							
							
								
								Throttle IPv6 signup for subnet ( #17588 )  
							
							
							
						 
						
							2022-02-18 13:51:51 +01:00  
				
					
						
							
							
								 
						
							
								cfa583fa71 
								
							 
						 
						
							
							
								
								Remove support for OAUTH_REDIRECT_AT_SIGN_IN ( #17287 )  
							
							... 
							
							
							
							Fixes  #15959 
Introduced in #6540 , OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.
However, it did not prevent the log-in form on /about introduced by #10232  from
appearing, and completely broke with the introduction of #15228 .
As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being. 
						
							2022-01-23 15:50:41 +01:00