Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix “Authorized applications” inefficiently and incorrectly getting last use date #25060

Merged
merged 1 commit into from
May 22, 2023

Conversation

ClearlyClaire
Copy link
Contributor

Fixes #20477

Thanks @renchap for writing the more efficient query.

Copy link
Member

@renchap renchap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@ClearlyClaire ClearlyClaire added to backport PR needed to be backported bug Something isn't working performance Runtime performance labels May 22, 2023
@ClearlyClaire ClearlyClaire merged commit e13d2ed into mastodon:main May 22, 2023
ClearlyClaire added a commit to ClearlyClaire/mastodon that referenced this pull request Jun 21, 2023
ClearlyClaire added a commit to ClearlyClaire/mastodon that referenced this pull request Jun 21, 2023
ClearlyClaire added a commit to ClearlyClaire/mastodon that referenced this pull request Jun 21, 2023
This was referenced Jun 21, 2023
IsabelaY pushed a commit to IsabelaY/mastodon that referenced this pull request Jul 6, 2023
F-Finene pushed a commit to F-Finene/mastodon that referenced this pull request Jul 7, 2023
skerit pushed a commit to 11ways/mastodon that referenced this pull request Jul 7, 2023
@ClearlyClaire ClearlyClaire removed the to backport PR needed to be backported label Jul 18, 2023
nrdufour added a commit to nrdufour/home-ops that referenced this pull request Aug 1, 2023
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/mastodon/mastodon](https://github.com/mastodon/mastodon) | patch | `v4.1.2` -> `v4.1.6` |

---

### Release Notes

<details>
<summary>mastodon/mastodon (ghcr.io/mastodon/mastodon)</summary>

### [`v4.1.6`](https://github.com/mastodon/mastodon/releases/tag/v4.1.6)

[Compare Source](mastodon/mastodon@v4.1.5...v4.1.6)

<h1><picture>
  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
</picture></h1>

> ⚠️ We recently released critical security updates, so if you are still using 4.1.2 or below, 4.0.4 or below, or 3.5.8 or below, please update as soon as possible (see the release notes for [v4.1.4](https://github.com/mastodon/mastodon/releases/tag/v4.1.4)).

#### Upgrade overview

ℹ️ Requires streaming API restart

For more information, scroll down to the upgrade instructions section.

#### Changelog

##### Fixed

-   Fix memory leak in streaming server ([ThisIsMissEm](mastodon/mastodon#26228))
-   Fix wrong filters sometimes applying in streaming ([ClearlyClaire](mastodon/mastodon#26159), [ThisIsMissEm](mastodon/mastodon#26213), [renchap](mastodon/mastodon#26233))
-   Fix incorrect connect timeout in outgoing requests ([ClearlyClaire](mastodon/mastodon#26116))

#### Upgrade notes

To get the code for v4.1.6, use `git fetch && git checkout v4.1.6`.

> As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: `docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump`

##### Dependencies

External dependencies have not changed compared to v4.1.5, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

-   Ruby: 2.7 to 3.0
-   PostgreSQL: 9.5 or newer
-   Elasticsearch (optional, for full-text search): 7.x
-   Redis: 4 or newer
-   Node: >= 14, < 18
-   ImageMagick: 6.9.7-7 or newer

> If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it [on this page](mastodon/mastodon#25776).

##### Update steps

The following instructions are for updating from 4.1.5.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

**Non-Docker only:**

1.  Install dependencies: `bundle install` and `yarn install`

**Both Docker and non-Docker:**

1.  Restart all Mastodon processes

### [`v4.1.5`](https://github.com/mastodon/mastodon/releases/tag/v4.1.5)

[Compare Source](mastodon/mastodon@v4.1.4...v4.1.5)

<h1><picture>
  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
</picture></h1>

> ⚠️ We recently released critical security updates, so if you are still using 4.1.2 or below, 4.0.4 or below, or 3.5.8 or below, please update as soon as possible (see the release notes for [v4.1.4](https://github.com/mastodon/mastodon/releases/tag/v4.1.4)).

#### Changelog

##### Added

-   Add check preventing Sidekiq workers from running with Makara configured ([ClearlyClaire](mastodon/mastodon#25850))

##### Changed

-   Change request timeout handling to use a longer deadline ([ClearlyClaire](mastodon/mastodon#26055))

##### Fixed

-   Fix moderation interface for remote instances with a .zip TLD ([ClearlyClaire](mastodon/mastodon#25885))
-   Fix remote accounts being possibly persisted to database with incomplete protocol values ([ClearlyClaire](mastodon/mastodon#25886))
-   Fix trending publishers table not rendering correctly on narrow screens ([vmstan](mastodon/mastodon#25945))

##### Security

-   Fix CSP headers being unintentionally wide ([ClearlyClaire](mastodon/mastodon#26105))

#### Upgrade notes

To get the code for v4.1.5, use `git fetch && git checkout v4.1.5`.

> As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: `docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump`

##### Dependencies

External dependencies have not changed compared to v4.1.4, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

-   Ruby: 2.7 to 3.0
-   PostgreSQL: 9.5 or newer
-   Elasticsearch (optional, for full-text search): 7.x
-   Redis: 4 or newer
-   Node: >= 14, < 18
-   ImageMagick: 6.9.7-7 or newer

> If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it [on this page](mastodon/mastodon#25776).

##### Update steps

The following instructions are for updating from 4.1.4.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

**Non-Docker only:**

1.  Install dependencies: `bundle install` and `yarn install`

**Both Docker and non-Docker:**

1.  Restart all Mastodon processes

### [`v4.1.4`](https://github.com/mastodon/mastodon/releases/tag/v4.1.4)

[Compare Source](mastodon/mastodon@v4.1.3...v4.1.4)

<h1><picture>
  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
</picture></h1>

> This release addresses a few issues that were missed in the last security update and includes changelogs for both updates.
>
> ⚠️ It is a follow-up to the important 4.1.3 security release fixing multiple **critical security issues** (CVE-2023-36460, CVE-2023-36459).
>
> Corresponding security releases are available for the [4.0.x branch](https://github.com/mastodon/mastodon/releases/tag/v4.0.6) and the [3.5.x branch](https://github.com/mastodon/mastodon/releases/tag/v3.5.10).
> If you are using nightly builds, **do not use this release** but update to `nightly-2023-07-07-v4.1.4` or newer instead. If you are on the `main` branch, update to the latest commit.

#### Upgrade overview

This release contains upgrade notes that deviate from the norm:

ℹ️ Requires streaming API restart
ℹ️ There are suggested reverse proxy configuration changes
:warning: The minimal supported ImageMagick version has been bumped to 6.9.7-7

For more information, scroll down to the upgrade instructions section.

#### Changelog (v4.1.4)

##### Fixed

-   Fix branding:generate_app_icons failing because of disallowed ICO coder ([ClearlyClaire](mastodon/mastodon#25794))
-   Fix crash in admin interface when viewing a remote user with verified links ([ClearlyClaire](mastodon/mastodon#25796))
-   Fix processing of media files with unusual names ([ClearlyClaire](mastodon/mastodon#25788))

#### Changelog (v4.1.3)

##### Added

-   Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` ([ClearlyClaire](mastodon/mastodon#23600))

##### Changed

-   Change OpenGraph-based embeds to allow fullscreen ([ClearlyClaire](mastodon/mastodon#25058))
-   Change AccessTokensVacuum to also delete expired tokens ([ClearlyClaire](mastodon/mastodon#24868))
-   Change profile updates to be sent to recently-mentioned servers ([ClearlyClaire](mastodon/mastodon#24852))
-   Change automatic post deletion thresholds and load detection ([ClearlyClaire](mastodon/mastodon#24614))
-   Change `/api/v1/statuses/:id/history` to always return at least one item ([ClearlyClaire](mastodon/mastodon#25510))
-   Change auto-linking to allow carets in URL query params ([renchap](mastodon/mastodon#25216))

##### Removed

-   Remove invalid `X-Frame-Options: ALLOWALL` ([ClearlyClaire](mastodon/mastodon#25070))

##### Fixed

-   Fix wrong view being displayed when a webhook fails validation ([ClearlyClaire](mastodon/mastodon#25464))
-   Fix soft-deleted post cleanup scheduler overwhelming the streaming server ([ThisIsMissEm](mastodon/mastodon#25519))
-   Fix incorrect pagination headers in `/api/v2/admin/accounts` ([danielmbrasil](mastodon/mastodon#25477))
-   Fix multiple inefficiencies in automatic post cleanup worker ([ClearlyClaire](mastodon/mastodon#24607), [ClearlyClaire](mastodon/mastodon#24785), [ClearlyClaire](mastodon/mastodon#24840))
-   Fix performance of streaming by parsing message JSON once ([ThisIsMissEm](mastodon/mastodon#25278), [ThisIsMissEm](mastodon/mastodon#25361))
-   Fix CSP headers when `S3_ALIAS_HOST` includes a path component ([ClearlyClaire](mastodon/mastodon#25273))
-   Fix `tootctl accounts approve --number N` not aproving N earliest registrations ([danielmbrasil](mastodon/mastodon#24605))
-   Fix reports not being closed when performing batch suspensions ([ClearlyClaire](mastodon/mastodon#24988))
-   Fix being able to vote on your own polls ([ClearlyClaire](mastodon/mastodon#25015))
-   Fix race condition when reblogging a status ([ClearlyClaire](mastodon/mastodon#25016))
-   Fix “Authorized applications” inefficiently and incorrectly getting last use date ([ClearlyClaire](mastodon/mastodon#25060))
-   Fix “Authorized applications” crashing when listing apps with certain admin API scopes ([ClearlyClaire](mastodon/mastodon#25713))
-   Fix multiple N+1s in ConversationsController ([ClearlyClaire](mastodon/mastodon#25134), [ClearlyClaire](mastodon/mastodon#25399), [ClearlyClaire](mastodon/mastodon#25499))
-   Fix user archive takeouts when using OpenStack Swift ([ClearlyClaire](mastodon/mastodon#24431))
-   Fix searching for remote content by URL not working under certain conditions ([ClearlyClaire](mastodon/mastodon#25637))
-   Fix inefficiencies in indexing content for search ([VyrCossont](mastodon/mastodon#24285), [VyrCossont](mastodon/mastodon#24342))

##### Security

-   Add finer permission requirements for managing webhooks ([ClearlyClaire](mastodon/mastodon#25463))
-   Update dependencies
-   Add hardening headers for user-uploaded files ([ClearlyClaire](mastodon/mastodon#25756))
-   Fix verified links possibly hiding important parts of the URL (CVE-2023-36462)
-   Fix timeout handling of outbound HTTP requests (CVE-2023-36461)
-   Fix arbitrary file creation through media processing (CVE-2023-36460)
-   Fix possible XSS in preview cards (CVE-2023-36459)

#### Upgrade notes

To get the code for v4.1.4, use `git fetch && git checkout v4.1.4`.

> As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db\_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

##### Dependencies

Apart from ImageMagick, external dependencies have not changed compared to v4.1.2, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

-   Ruby: 2.7 to 3.0
-   PostgreSQL: 9.5 or newer
-   Elasticsearch (optional, for full-text search): 7.x
-   Redis: 4 or newer
-   Node: >= 14, < 18
-   ImageMagick: 6.9.7-7 or newer

If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more informations and ways to fix it [on this page](mastodon/mastodon#25776).

##### Update steps

The following instructions are for updating from 4.1.2.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

**Non-Docker only:**

1.  Install dependencies: `bundle install` and `yarn install`

**Both Docker and non-Docker:**

ℹ️ The recommended configuration for reverse proxies has been updated. Unlike updating Mastodon itself, this is not urgent, but hardening. The change is about setting `Content-Security-Policy: default-src 'none'; form-action 'none'` and `X-Content-Type-Options: nosniff` on assets. Check `dist/nginx.conf` for more information, and [the documentation](https://docs.joinmastodon.org/admin/optional/object-storage-proxy/) if you are proxying external object storage.

1.  Restart all Mastodon processes

### [`v4.1.3`](https://github.com/mastodon/mastodon/releases/tag/v4.1.3)

[Compare Source](mastodon/mastodon@v4.1.2...v4.1.3)

<h1><picture>
  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
</picture></h1>

> ⚠️ This release is an important security release fixing multiple **critical security issues** (CVE-2023-36460, CVE-2023-36459).
>
> Corresponding security releases are available for the [4.0.x branch](https://github.com/mastodon/mastodon/releases/tag/v4.0.5) and the [3.5.x branch](https://github.com/mastodon/mastodon/releases/tag/v3.5.9).
> If you are using nightly builds, **do not use this release** but update to `nightly-2023-07-06-security` or newer instead. If you are on the `main` branch, update to the latest commit.

#### Upgrade overview

This release contains upgrade notes that deviate from the norm:

ℹ️ Requires streaming API restart
ℹ️ There are suggested reverse proxy configuration changes
:warning: The minimal supported ImageMagick version has been bumped to 6.9.7-7

For more information, scroll down to the upgrade instructions section.

#### Changelog

##### Added

-   Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` ([ClearlyClaire](mastodon/mastodon#23600))

##### Changed

-   Change OpenGraph-based embeds to allow fullscreen ([ClearlyClaire](mastodon/mastodon#25058))
-   Change AccessTokensVacuum to also delete expired tokens ([ClearlyClaire](mastodon/mastodon#24868))
-   Change profile updates to be sent to recently-mentioned servers ([ClearlyClaire](mastodon/mastodon#24852))
-   Change automatic post deletion thresholds and load detection ([ClearlyClaire](mastodon/mastodon#24614))
-   Change `/api/v1/statuses/:id/history` to always return at least one item ([ClearlyClaire](mastodon/mastodon#25510))
-   Change auto-linking to allow carets in URL query params ([renchap](mastodon/mastodon#25216))

##### Removed

-   Remove invalid `X-Frame-Options: ALLOWALL` ([ClearlyClaire](mastodon/mastodon#25070))

##### Fixed

-   Fix wrong view being displayed when a webhook fails validation ([ClearlyClaire](mastodon/mastodon#25464))
-   Fix soft-deleted post cleanup scheduler overwhelming the streaming server ([ThisIsMissEm](mastodon/mastodon#25519))
-   Fix incorrect pagination headers in `/api/v2/admin/accounts` ([danielmbrasil](mastodon/mastodon#25477))
-   Fix multiple inefficiencies in automatic post cleanup worker ([ClearlyClaire](mastodon/mastodon#24607), [ClearlyClaire](mastodon/mastodon#24785), [ClearlyClaire](mastodon/mastodon#24840))
-   Fix performance of streaming by parsing message JSON once ([ThisIsMissEm](mastodon/mastodon#25278), [ThisIsMissEm](mastodon/mastodon#25361))
-   Fix CSP headers when `S3_ALIAS_HOST` includes a path component ([ClearlyClaire](mastodon/mastodon#25273))
-   Fix `tootctl accounts approve --number N` not aproving N earliest registrations ([danielmbrasil](mastodon/mastodon#24605))
-   Fix reports not being closed when performing batch suspensions ([ClearlyClaire](mastodon/mastodon#24988))
-   Fix being able to vote on your own polls ([ClearlyClaire](mastodon/mastodon#25015))
-   Fix race condition when reblogging a status ([ClearlyClaire](mastodon/mastodon#25016))
-   Fix “Authorized applications” inefficiently and incorrectly getting last use date ([ClearlyClaire](mastodon/mastodon#25060))
-   Fix “Authorized applications” crashing when listing apps with certain admin API scopes ([ClearlyClaire](mastodon/mastodon#25713))
-   Fix multiple N+1s in ConversationsController ([ClearlyClaire](mastodon/mastodon#25134), [ClearlyClaire](mastodon/mastodon#25399), [ClearlyClaire](mastodon/mastodon#25499))
-   Fix user archive takeouts when using OpenStack Swift ([ClearlyClaire](mastodon/mastodon#24431))
-   Fix searching for remote content by URL not working under certain conditions ([ClearlyClaire](mastodon/mastodon#25637))
-   Fix inefficiencies in indexing content for search ([VyrCossont](mastodon/mastodon#24285), [VyrCossont](mastodon/mastodon#24342))

##### Security

-   Add finer permission requirements for managing webhooks ([ClearlyClaire](mastodon/mastodon#25463))
-   Update dependencies
-   Add hardening headers for user-uploaded files ([ClearlyClaire](mastodon/mastodon#25756))
-   Fix verified links possibly hiding important parts of the URL (CVE-2023-36462)
-   Fix timeout handling of outbound HTTP requests (CVE-2023-36461)
-   Fix arbitrary file creation through media processing (CVE-2023-36460)
-   Fix possible XSS in preview cards (CVE-2023-36459)

#### Upgrade notes

To get the code for v4.1.3, use `git fetch && git checkout v4.1.3`.

> As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db\_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

##### Dependencies

Apart from ImageMagick, external dependencies have not changed compared to v4.1.2, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

-   Ruby: 2.7 to 3.0
-   PostgreSQL: 9.5 or newer
-   Elasticsearch (optional, for full-text search): 7.x
-   Redis: 4 or newer
-   Node: >= 14, < 18
-   ImageMagick: 6.9.7-7 or newer

If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more informations and ways to fix it [on this page](mastodon/mastodon#25776).

##### Update steps

The following instructions are for updating from 4.1.2.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

**Non-Docker only:**

1.  Install dependencies: `bundle install` and `yarn install`

**Both Docker and non-Docker:**

ℹ️ The recommended configuration for reverse proxies has been updated. Unlike updating Mastodon itself, this is not urgent, but hardening. The change is about setting `Content-Security-Policy: default-src 'none'; form-action 'none'` and `X-Content-Type-Options: nosniff` on assets. Check `dist/nginx.conf` for more information, and [the documentation](https://docs.joinmastodon.org/admin/optional/object-storage-proxy/) if you are proxying external object storage.

1.  Restart all Mastodon processes

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yMy4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Reviewed-on: https://git.home/nrdufour/home-ops/pulls/17
Co-authored-by: Renovate <[email protected]>
Co-committed-by: Renovate <[email protected]>
chasedream1129 added a commit to monado-ren/mastodon that referenced this pull request Aug 12, 2024
commit e9123ad691727ffec3672ff3912ef56e67c930ef
Author: Claire <[email protected]>
Date:   Thu Feb 15 12:02:24 2024 +0100

    Bump version to v3.5.19

commit c397c1a9e3090a0e879c15cafd48d5f1414b6836
Author: Claire <[email protected]>
Date:   Fri Feb 16 11:56:12 2024 +0100

    Merge pull request from GHSA-jhrq-qvrm-qr36

    * Fix insufficient Content-Type checking of fetched ActivityStreams objects

    * Allow JSON-LD documents with multiple profiles

commit d509b6b3420d303728b13832d79b05d602dba4e2
Author: Claire <[email protected]>
Date:   Wed Feb 14 22:49:45 2024 +0100

    Fix user creation failure handling in OmniAuth paths (#29207)

    Co-authored-by: Matt Jankowski <[email protected]>

commit 44c265e4c7983e17bf7713db91938d95efd33046
Author: Claire <[email protected]>
Date:   Wed Feb 14 13:35:56 2024 +0100

    Bump version to v3.5.18

commit 4a57e44809e33a8050c0062a244c351ab0871c71
Author: Claire <[email protected]>
Date:   Wed Feb 14 15:16:07 2024 +0100

    Merge pull request from GHSA-vm39-j3vx-pch3

    * Prevent different identities from a same SSO provider from accessing a same account

    * Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

    * Rename methods to avoid confusion between OAuth and OmniAuth

commit 47c6079d8da3810889f70166950a29af2c2f1333
Author: Claire <[email protected]>
Date:   Wed Feb 14 15:15:34 2024 +0100

    Merge pull request from GHSA-7w3c-p9j8-mq3x

    * Ensure destruction of OAuth Applications notifies streaming

    Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

    * Ensure password resets revoke access to Streaming API

    * Improve performance of deleting OAuth tokens

    ---------

    Co-authored-by: Emelia Smith <[email protected]>

commit 69205dff9a252f42f9a75bf5a247b1376f312895
Author: Claire <[email protected]>
Date:   Wed Feb 14 13:12:13 2024 +0100

    Add `sidekiq_unique_jobs:delete_all_locks` task and disable `sidekiq-unique-jobs` UI by default (#29199)

commit d187195f2ccaeab8786e62cf2ef3a499c1b54b7f
Author: Emelia Smith <[email protected]>
Date:   Tue Feb 13 19:11:47 2024 +0100

    Disable administrative doorkeeper routes (#29187)

commit 3387868dd9841cfffdae875d3296cf0aae36dc2b
Author: blah <blah@blah>
Date:   Wed Feb 14 10:58:36 2024 +0000

    Update dependency sidekiq-unique-jobs to 7.1.33

commit 3ba6ed76ea07d2856f988689e62a76882e5c9d4d
Author: blah <blah@blah>
Date:   Wed Feb 14 10:51:59 2024 +0000

    Update dependency nokogiri to 1.16.2

commit b1ed009c65802b70c9b780f3c7c3a866cba72478
Author: Claire <[email protected]>
Date:   Thu Feb 1 15:56:46 2024 +0100

    Merge pull request from GHSA-3fjr-858r-92rw

    * Fix insufficient origin validation

    * Bump version to v3.5.17

commit 35f21191ee9fa3a99af6c207d2fb42484d58f196
Author: Claire <[email protected]>
Date:   Mon Nov 27 15:00:52 2023 +0100

    Bump version to v3.5.16

commit 2ffce0d5f7e43138fd19a1c1b7a31b0177ae00a3
Author: Claire <[email protected]>
Date:   Fri Oct 20 10:45:46 2023 +0200

    Fix processing LDSigned activities from actors with unknown public keys (#27474)

commit 688defd60d9a31d7a4f9052985119a88d810e436
Author: Claire <[email protected]>
Date:   Fri Nov 24 10:31:28 2023 +0100

    Change GIF max matrix size error to explicitly mention GIF files (#27927)

commit d9b05f6860a574d81d1fd9fc47ca3adabf0d70cc
Author: Jonathan de Jong <[email protected]>
Date:   Fri Oct 27 16:55:00 2023 +0200

    Have `Follow` activities bypass availability (#27586)

    Co-authored-by: Claire <[email protected]>

commit f3fd8d869596da809448d5d0105e122e8ba3db22
Author: Claire <[email protected]>
Date:   Mon Nov 27 14:25:54 2023 +0100

    Clamp dates when serializing to Elasticsearch API (#28081)

commit 49693fe42f4528db4b41a2c346391016e9fe954a
Author: Claire <[email protected]>
Date:   Mon Nov 6 10:28:14 2023 +0100

    Fix incoming status creation date not being restricted to standard ISO8601 (#27655)

commit 16262f815d7d120bd73ffb71740ffaea3771683b
Author: Claire <[email protected]>
Date:   Mon Oct 30 23:32:25 2023 +0100

    Fix posts from force-sensitized accounts being able to trend (#27620)

commit d4e0a12b27aa01012c50ac7f0d4ba26085258990
Author: Claire <[email protected]>
Date:   Mon Oct 23 14:27:07 2023 +0200

    Change Content-Security-Policy to be tighter on media paths (#26889)

commit db59d8486bd12f7d32dd9785cbf2daf9115d0e16
Author: Claire <[email protected]>
Date:   Mon Oct 9 14:03:10 2023 +0200

    Bump version to v3.5.15

commit 7fb3ee0bc67cd7078fa7558483121dbe08202d8a
Author: Matt Jankowski <[email protected]>
Date:   Tue Oct 3 11:01:45 2023 -0400

    Dont match mention in url query string (#25656)

    Co-authored-by: Claire <[email protected]>

commit 9bd027823d91fe8cc9d3c63b19c649296e626e0d
Author: David Aaron <[email protected]>
Date:   Tue Oct 3 02:48:57 2023 -0700

    Change min age of backup policy from 1 week to 6 days (#27200)

commit 57d4d460503fa9ad01670533296a84c7c3f49ff3
Author: Jakob Gillich <[email protected]>
Date:   Tue Oct 3 10:47:50 2023 +0200

    Fix importer returning negative row estimates (#27258)

commit c91116f7800fe622750c93ea7d51d5d72e143ed3
Author: Claire <[email protected]>
Date:   Thu Sep 28 13:41:24 2023 +0200

    Fix filtering audit log for entries about disabling 2FA (#27186)

commit f45b5f5006f59d895da158e65cecead37d9a5b38
Author: Essem <[email protected]>
Date:   Mon Sep 25 12:21:07 2023 -0500

    Properly remove tIME chunk from PNG uploads (#27111)

commit 47441e51f3749894ac5699abffdd1cc190c0256e
Author: Claire <[email protected]>
Date:   Fri Oct 6 12:58:16 2023 +0200

    Fix crash when filtering for “dormant” relationships (#27306)

commit af02650322aad7468bfa7363f8232b0ae7151e6f
Author: Claire <[email protected]>
Date:   Mon Sep 25 15:06:43 2023 +0200

    Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116)

commit 75346a71f7f4f0a3deb2841c19e6105a06f98f1e
Author: Claire <[email protected]>
Date:   Tue Sep 19 12:49:15 2023 +0200

    Bump version to v3.5.14

commit 49af3e26dc3a433922d78ae01be50549f29d1949
Author: Claire <[email protected]>
Date:   Wed Sep 6 16:40:19 2023 +0200

    Fix moderator rights inconsistencies (#26729)

commit 412c3e13ecae1bc9a6fd204b6e4018c5c4c2e6ba
Author: Claire <[email protected]>
Date:   Wed Sep 6 12:17:51 2023 +0200

    Fix crash when encountering invalid URL (#26814)

commit 31c5e63a58923b9d227d90b48994ed48491dd52e
Author: Claire <[email protected]>
Date:   Thu Aug 17 16:11:48 2023 +0200

    Fix cached posts including stale stats (#26409)

commit e8eeb746ac2d2ec635d46c9c07b73a56b4f2c77c
Author: Nicolai Søborg <[email protected]>
Date:   Fri Aug 18 08:32:47 2023 +0200

    Fix `frame_rate` for videos where `ffprobe` reports 0/0 (#26500)

commit 0158c31c02b62f39add6f41f1584bf23a8dda047
Author: yufushiro <[email protected]>
Date:   Wed Aug 23 15:44:56 2023 +0900

    Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608)

    Co-authored-by: Claire <[email protected]>

commit 9deb1781269fd817c930d38f916672bec3d566a8
Author: Claire <[email protected]>
Date:   Tue Sep 19 16:53:58 2023 +0200

    Merge pull request from GHSA-v3xf-c9qf-j667

commit 8e6fe192258fab9df50cfa7c4c0f6c22a756868e
Author: Claire <[email protected]>
Date:   Mon Sep 18 08:31:53 2023 +0200

    Change Dockerfile to upgrade packages when building (#26931)

    Co-authored-by: Renaud Chaput <[email protected]>

commit 4eb709ea7ea6b5bc1fcdbe1762dd3b7efcc07f6e
Author: Claire <[email protected]>
Date:   Wed Sep 6 09:18:28 2023 +0200

    Update actions for stable-3.5 (#26804)

    Co-authored-by: Renaud Chaput <[email protected]>

commit 86a31fc0196f876f6671a883198fcc460bcd60c5
Author: Claire <[email protected]>
Date:   Tue Sep 5 17:46:39 2023 +0200

    Fix Dockerfile installing incompatible npm version (#26803)

commit 16e47e1aae55c0ead7207030ad8a554c18ff1250
Author: Claire <[email protected]>
Date:   Tue Sep 5 15:30:24 2023 +0200

    Bump version to v3.5.13

commit dcffd6b3d76a5e9d420119d0730724d56f7fe968
Author: Emelia Smith <[email protected]>
Date:   Mon May 22 13:15:21 2023 +0200

    Allow reports with long comments from remote instances, but truncate (#25028)

commit 8de0f7e198b25741cd6cb849095520b88fab088d
Author: Daniel M Brasil <[email protected]>
Date:   Thu Aug 31 08:53:24 2023 -0300

    Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled (#26237)

commit e37551421ee30ccd9e6a36e2ad4c88ddf5a1b3d8
Author: Claire <[email protected]>
Date:   Wed Aug 9 09:39:36 2023 +0200

    Fix blocking subdomains of an already-blocked domain (#26392)

commit 2e0eab9d18f1473654542f96ff9172cab0e8661e
Author: Claire <[email protected]>
Date:   Wed Aug 30 17:36:16 2023 +0200

    Change text extraction in `PlainTextFormatter` to be faster (#26727)

commit ce75c175cdf12bdfdf8b84271b52989abe54cb50
Author: Claire <[email protected]>
Date:   Thu Aug 31 19:54:17 2023 +0200

    Backport container build changes to the stable-3.5 branch (#26742)

    Co-authored-by: Renaud Chaput <[email protected]>

commit a3d31ffc1ead2abe98a8b722b406a7574a14a915
Author: Claire <[email protected]>
Date:   Fri Jul 28 10:07:57 2023 +0200

    Bump version to v3.5.12

commit 50f4af28b0f1fde03e1a57583bccc1387d6f08bf
Author: Emelia Smith <[email protected]>
Date:   Fri Jul 28 12:06:29 2023 +0200

    Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228)

commit e655b35d7e4ebf9c5a2ab6cb4bf4e950785cfee0
Author: Claire <[email protected]>
Date:   Sat Jul 22 20:42:31 2023 +0200

    Fix incorrect connect timeout in outgoing requests (#26116)

commit 80c00f4aa57fd21679fade777310422e55274c65
Author: Claire <[email protected]>
Date:   Fri Jul 21 14:33:34 2023 +0200

    Bump version to v3.5.11

commit 1a0192537d11fb8932735c33f904e8fc4263356b
Author: Claire <[email protected]>
Date:   Fri Jul 21 14:18:04 2023 +0200

    Add check preventing Sidekiq workers from running with Makara configured (#25850)

    Co-authored-by: Eugen Rochko <[email protected]>

commit 668cd00e130c152ed05b19f7d7f663d33790d9ac
Author: Claire <[email protected]>
Date:   Fri Jul 21 14:14:10 2023 +0200

    Fix testsuite failure introduced in last release

commit 0bd52de49263af22d2fed02e9cec84fbeb3d6f9b
Author: Claire <[email protected]>
Date:   Fri Jul 21 13:34:15 2023 +0200

    Fix CSP headers being unintendedly wide (#26105)

commit ced65ffbb48a37ca46c278156bc0987378bf0a8a
Author: Claire <[email protected]>
Date:   Tue Jul 18 20:51:20 2023 +0200

    Change request timeout handling to use a longer deadline (#26055)

commit 6398fc0b66fad30112de9b4ea026436c4ebc9b32
Author: Claire <[email protected]>
Date:   Mon Jul 10 18:42:10 2023 +0200

    Fix moderation interface for remote instances with a .zip TLD (#25885)

commit 7709bbba65cb07158a74292542a2a6bf0b8452bb
Author: Claire <[email protected]>
Date:   Mon Jul 10 18:42:19 2023 +0200

    Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886)

commit 4f6d121b248dcc6b80a9d2597fb7b6ac73a50cf4
Author: Michael Stanclift <[email protected]>
Date:   Thu Jul 13 04:12:51 2023 -0500

    Fix trending publishers table not rendering correctly on narrow screens (#25945)

commit 687421ebbe3a8245c2fd2b7fe9bf8c325e9f3bb2
Author: Claire <[email protected]>
Date:   Fri Jul 7 18:56:11 2023 +0200

    Bump version to v3.5.10

commit 517c4a8a7a96bd2f16e369fa794575c30be370c8
Author: Claire <[email protected]>
Date:   Fri Jul 7 13:35:22 2023 +0200

    Fix processing of media files with unusual names (#25788)

commit dca0d8427e42e9a498b2c88b85660fef19d8fd1a
Author: Claire <[email protected]>
Date:   Fri Jul 7 18:10:17 2023 +0200

    Fix crash in admin interface when viewing a remote user with verified links (#25796)

commit b10c974ba1952c545acff505bfd36feb0c60b000
Author: Claire <[email protected]>
Date:   Wed Jun 21 10:38:16 2023 +0200

    Bump version to v3.5.9

commit ca4b23bf0d936f09f0bf60ab1055f6c2f0373dd9
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:06:49 2023 +0200

    Merge pull request from GHSA-55j9-c3mp-6fcq

commit 32e5a9f053d4d59cd7cd782a889055295554a697
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:06:24 2023 +0200

    Merge pull request from GHSA-9pxv-6qvf-pjwc

    * Fix timeout handling of outbound HTTP requests

    * Use CLOCK_MONOTONIC instead of Time.now

commit 987f9099947fdcd71e79d4908cdc4373eca92a85
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:05:05 2023 +0200

    Merge pull request from GHSA-9928-3cp5-93fm

    * Fix attachments getting processed despite failing content-type validation

    * Add a restrictive ImageMagick security policy tailored for Mastodon

    * Fix misdetection of MP3 files with large cover art

    * Reject unprocessable audio/video files instead of keeping them unchanged

commit c02fa93c578d6578f39de689752c02dd92f3b079
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:03:33 2023 +0200

    Merge pull request from GHSA-ccm4-vgcc-73hp

    * Tighten allowed HTML in oEmbed-based preview cards

    * Sanitize preview cards at render time

    * Add `sandbox` attribute to preview card iframes

commit c30901134654b759d06b8e5b16bf7f9608f199fc
Author: Claire <[email protected]>
Date:   Wed Jun 21 14:18:04 2023 +0200

    Add hardened headers to user-uploaded files

commit 6b538225af099276a6113b40f3763b8cde6284fd
Author: Claire <[email protected]>
Date:   Wed Jun 28 14:27:12 2023 +0200

    Update rack, rails, nokogiri, omniauth, sanitize and doorkeeper gems

commit 3c72c7b34e7cd5904bf0070d95201a2bd0fe7e54
Author: Renaud Chaput <[email protected]>
Date:   Thu Jun 1 12:14:49 2023 +0200

    Allow carets in URL search params (#25216)

commit 07f60ffcbbbaf661347cd3cd7098f20d3a3730f7
Author: Vyr Cossont <[email protected]>
Date:   Fri Mar 31 23:28:35 2023 -0700

    Fix Redis client and type errors introduced in #24285 (#24342)

commit c1467453f6e67e108308b4cba531eb013caed319
Author: Vyr Cossont <[email protected]>
Date:   Fri Mar 31 05:38:47 2023 -0700

    IndexingScheduler: fetch and import in batches (#24285)

    Co-authored-by: Claire <[email protected]>

commit 00e65a77df600330c4ae694616fb185e15b8835f
Author: Emelia Smith <[email protected]>
Date:   Tue Jun 20 18:04:35 2023 +0200

    Prevent UserCleanupScheduler from overwhelming streaming (#25519)

commit f9521bc2b54dff1c616ef271024426776e9434e2
Author: Daniel M Brasil <[email protected]>
Date:   Mon Jun 19 03:53:05 2023 -0300

    Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477)

commit e4bff6cd76d8e615bd2d2ed0ba8250d5d2438c0f
Author: Emelia Smith <[email protected]>
Date:   Sat Jun 10 18:24:37 2023 +0200

    Fix logging of messages that are binary before closing their connection (#25361)

commit 6f819c7071ed5fc810e4e5f0063f76185a41f4a0
Author: Emelia Smith <[email protected]>
Date:   Fri Jun 9 19:29:16 2023 +0200

    Fix performance of streaming by parsing message JSON once (#25278)

commit 4aa1c4e2ad1969376cb95336a7a86cacbe547c18
Author: Claire <[email protected]>
Date:   Mon Jun 5 17:35:05 2023 +0200

    Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273)

commit 176ae71fd42fb4990c3a8660c3e710cd31b3686e
Author: Daniel M Brasil <[email protected]>
Date:   Sun Apr 30 01:50:58 2023 -0300

    Fix  `tootctl accounts approve --number N` not aproving N earliest registrations (#24605)

commit feac95333fbfc8ef54bd96a273f9454bc25a3ca8
Author: Claire <[email protected]>
Date:   Fri May 12 13:13:04 2023 +0200

    Change profile updates to be sent to recently-mentioned servers (#24852)

commit bb1e7e112e5e929388417e22828d3eb235151d20
Author: Claire <[email protected]>
Date:   Wed May 17 00:08:42 2023 +0200

    Fix being able to vote on your own polls (#25015)

commit e233060ea5d0cf7e5baf247e34a38119bc4bf903
Author: Claire <[email protected]>
Date:   Wed May 17 00:09:21 2023 +0200

    Fix race condition when reblogging a status (#25016)

commit 3faebae2d1a5f72bf93167b1fbb279406bb738de
Author: Claire <[email protected]>
Date:   Mon May 22 12:25:56 2023 +0200

    Change OpenGraph-based embeds to allow fullscreen (#25058)

commit 95f59da1578272efee84f06375d6e77944a4d5b0
Author: Claire <[email protected]>
Date:   Mon May 22 14:03:38 2023 +0200

    Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060)

commit 6f94b4ae19144e6fbf625e47b821c1aacf391722
Author: Claire <[email protected]>
Date:   Tue May 23 14:27:17 2023 +0200

    Remove invalid X-Frame-Options: ALLOWALL (#25070)

commit 283184b390bdd9b8200fd2dac0c1abd2def25fca
Author: Claire <[email protected]>
Date:   Tue May 23 15:00:36 2023 +0200

    Change Identity to not destroy associated User on destroy (#25098)

commit d54980ef2df2704c0a1698ce3de19eb4e3916be1
Author: Claire <[email protected]>
Date:   Tue Jun 20 18:32:26 2023 +0200

    Fix /api/v1/conversations sometimes returning empty accounts (#25499)

commit 08579976e02c582f4465e63b03e38e4b8886705f
Author: Claire <[email protected]>
Date:   Wed Jun 14 08:54:52 2023 +0200

    Fix ArgumentError when loading newer Private Mentions (#25399)

commit ff3f40a675c1dcbf17e121b0d09ce65ea441d8a5
Author: Claire <[email protected]>
Date:   Thu Jun 1 02:41:51 2023 +0200

    Fix multiple N+1s in ConversationsController (#25134)

commit 0dce749192b1d7a1513bdf45b7eafa6181bac3b9
Author: Claire <[email protected]>
Date:   Wed Apr 5 19:31:49 2023 +0200

    Fix user archive takeouts when using OpenStack Swift (#24431)

commit 1bd831b9a9d288566ca38045f6410c771946634b
Author: Claire <[email protected]>
Date:   Mon Mar 27 17:50:34 2023 +0200

    Bump version to v3.5.8

commit 55144262d054a52b76baa9d077e235e5c61fac37
Author: Claire <[email protected]>
Date:   Mon Apr 3 15:47:04 2023 +0200

    Fix unescaped user input in LDAP query (#24379)

    Fix CVE-2023-28853

commit 40438675f8ddf0a6e30af4edef63286f8026f2b5
Author: Claire <[email protected]>
Date:   Mon Apr 3 15:05:39 2023 +0200

    Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327)

commit 0f4c908b64c34d94936dad1cfa4b2e2d225285cc
Author: Claire <[email protected]>
Date:   Fri Mar 31 21:42:28 2023 +0200

    Fix invalid/expired invites being processed on sign-up (#24337)

commit 3eb5b47768ec8387d3a0ec9ffd27ff777be18407
Author: Sai <[email protected]>
Date:   Fri Mar 31 15:42:59 2023 +0100

    Upgrade Ruby to 3.0.6 (#24332)

commit 520e9cc765b9b8263270f9e311b8beefd6b322f9
Author: Robert R George <[email protected]>
Date:   Wed Mar 29 00:58:27 2023 -0700

    Wrap db:setup with Chewy.strategy(:mastodon) (#24302)

commit d25493e26295d27af34441a5f120226f2c17eda9
Author: Claire <[email protected]>
Date:   Mon Mar 27 17:07:37 2023 +0200

    Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200)

commit 3d67a9329ef9859559d8c9143227c493088a620a
Author: Claire <[email protected]>
Date:   Mon Mar 20 20:02:58 2023 +0100

    Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled (#24182)

commit 547634dfa64a59012f37b60a6dd830bc4be76be4
Author: Claire <[email protected]>
Date:   Thu Mar 16 22:39:45 2023 +0100

    Bump version to v3.5.7

commit f90daf58dbc09a492b65a281d2cf5b5c4f5055b6
Author: Claire <[email protected]>
Date:   Thu Mar 16 22:47:01 2023 +0100

    Add warning for object storage misconfiguration (#24137)

commit a42b48ea4e66f3081dc6c21c06ed98db94116c02
Author: Eugen Rochko <[email protected]>
Date:   Thu Mar 16 22:46:52 2023 +0100

    Change user backups to use expiring URLs for download when possible (#24136)

commit 251dd0b72b2ca6aafe6676c6dbcc81260b2c1355
Author: Claire <[email protected]>
Date:   Thu Mar 16 13:41:55 2023 +0100

    Update changelog

commit 18840cbc6ef4fd8e9c48b0053a9f9b68978f4ffc
Author: Nick Schonning <[email protected]>
Date:   Wed Mar 15 11:43:44 2023 -0400

    Skip pushing containers on forks (#24106)

commit 727126255a043aec46d20cc07962771376b6d82b
Author: Renaud Chaput <[email protected]>
Date:   Wed Mar 15 16:41:13 2023 +0100

    Use Github Container Registry as the official container image source (#24113)

commit 98d654b8bb59de4d412007b1864d1376394652c7
Author: Nick Schonning <[email protected]>
Date:   Tue Mar 14 22:43:49 2023 -0400

    Skip Docker CI Login/Push on forks (#23564)

commit 25c517144c294b4d3a3b85c6358aff15f8d4ed6e
Author: Renaud Chaput <[email protected]>
Date:   Tue Mar 14 20:27:43 2023 +0100

    Push Docker images to Github Container Registry as well (#24101)

commit f036546c220fef1fccfdf816cfce1533262fb3af
Author: Claire <[email protected]>
Date:   Wed Mar 15 04:15:20 2023 +0100

    Fix misleading error code when receiving invalid WebAuthn credentials (#23568)

commit 9256d653a5677fa726f0a93d0d5428d79c6020a7
Author: Claire <[email protected]>
Date:   Wed Mar 15 04:14:47 2023 +0100

    Fix incorrect post links in strikes when the account is remote (#23611)

commit d0c0808ad4ede98873e753df1543f33b0349f4be
Author: Jeremy Kescher <[email protected]>
Date:   Mon Nov 7 02:40:17 2022 +0000

    Add null check on application in dispute viewer (#19851)

commit cb622b23b1465dfde7731a1f9bc82dd3fe51a561
Author: Claire <[email protected]>
Date:   Wed Mar 15 04:01:49 2023 +0100

    Fix dashboard crash on ElasticSearch server error (#23751)

commit fe866f8afb89e07e2fa72aaddccd6388f9ed4183
Author: Claire <[email protected]>
Date:   Tue Mar 14 10:34:16 2023 +0100

    Update changelog

commit a1e765991e416cdd5fb1ededa1ab0245c5062882
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:44:46 2023 +0100

    Add mail headers to avoid auto-replies (#23597)

commit 76b9f4271291e0700680f182e94326f27f95390f
Author: Claire <[email protected]>
Date:   Tue Feb 21 09:23:39 2023 +0100

    Add `lang` tag to native language names in language picker (#23749)

commit 708e590117c68c3c851c4eb7287cfa03c68a0ac0
Author: Claire <[email protected]>
Date:   Sun Mar 12 23:47:55 2023 +0100

    Fix sidekiq jobs not triggering Elasticsearch index updates (#24046)

commit a717aa929cf6c60239266f45671862802e9f29ed
Author: Rodion Borisov <[email protected]>
Date:   Thu Mar 9 16:35:44 2023 +0300

    Center the text itself in upload area (#24029)

commit bbb7c54367b8a284f5fcef8e910b50005e8ad197
Author: Claire <[email protected]>
Date:   Mon Mar 6 17:44:55 2023 +0100

    Fix `/api/v1/streaming` sub-paths not being redirected (#23988)

commit 282596a66e68e2ca5d7bef90c39fc50fe770d63a
Author: Eugen Rochko <[email protected]>
Date:   Sun Mar 5 01:52:42 2023 +0100

    Fix pgBouncer resetting application name on every transaction (#23958)

commit e6f6fe6106709b2efd342e7ce7339f08c5fa0682
Author: Claire <[email protected]>
Date:   Fri Mar 3 21:13:55 2023 +0100

    Fix original account being unfollowed on migration before the follow request could be sent (#21957)

commit 86b1adf7d74b07b0fd99e923de59b8d7b44485df
Author: Claire <[email protected]>
Date:   Mon Mar 6 16:00:08 2023 +0100

    Fix unconfirmed accounts being registered as active users (#23803)

commit 4beeec4e50169ef8c370e0a9793a2d303c5eb403
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:36:18 2023 +0100

    Fix server error when failing to follow back followers from `/relationships` (#23787)

commit 3c44ba04112a5136ad56385868f30347fce392b4
Author: Claire <[email protected]>
Date:   Wed Feb 22 11:53:13 2023 +0100

    Fix inefficiency when searching accounts per username in admin interface (#23801)

commit 339d4fa61cf6a8e04a4b40b17dfb036adb9e5f86
Author: Dean Bassett <[email protected]>
Date:   Mon Feb 13 05:54:08 2023 -0800

    Fix case-sensitive check for previously used hashtags (#23526)

commit 62f0eab635da5ae94c9add6eb62b8f251409e77f
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:25:15 2023 +0100

    Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805)

commit 8c8d578e3884214dd4c8252f8f6fddb2e785aab8
Author: Claire <[email protected]>
Date:   Fri Feb 10 22:18:15 2023 +0100

    Bump version to 3.5.6 (#23493)

commit a8a3e86216a569cf8c0c48ff1b0c48069bc9a1e2
Author: Claire <[email protected]>
Date:   Fri Feb 10 22:16:47 2023 +0100

    Fix unbounded recursion in post discovery (#23507)

    * Add a limit to how many posts can get fetched as a result of a single request

    * Add tests

    * Always pass `request_id` when processing `Announce` activities

    ---------

    Co-authored-by: nametoolong <[email protected]>

commit be1caad9338157773ca91f7aee89d440347cf49b
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:02:09 2023 +0100

    Fix REST API serializer for Account not including `moved` when the moved account has itself moved (#22483) (#23492)

    Instead of cutting immediately, cut after one recursion.

commit 84a40824adb477f4956f49c64a0746f4f7048a3a
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:02:01 2023 +0100

    Fix sanitizer parsing link text as HTML when stripping unsupported links (#22558) (#23491)

commit 533bf92d21b9ca2dfe64dff597980bb4fb6578c4
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:01:53 2023 +0100

    Don't delivery a reply to domains which are blocked by author (#22117) (#23490)

    Co-authored-by: Jeong Arm <[email protected]>

commit 6a2b48190c62ddf2d4f1278972f6897ed9da83e8
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:01:45 2023 +0100

    Log admin approve and reject account (#22088) (#23488)

    * Log admin approve and reject account

    * Add unit tests for approve and reject logging

    Co-authored-by: Francis Murillo <[email protected]>

commit 6cbc5899905b47af82833f19882c4b57b0b4c34b
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:01:38 2023 +0100

    Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note (#23318) (#23487)

    * Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note

    * Add tests

commit a2bfb16cb82ad0549f4e7431cc0228dc5189108e
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:01:21 2023 +0100

    Fix crash when marking statuses as sensitive while some statuses are deleted (#22134) (#23486)

    * Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments

    * Fix crash when marking statuses as sensitive while some statuses are deleted

    Fixes #21910

    * Fix multiple strikes being created for a single report when selecting “Mark as sensitive”

    * Add tests

commit cfc0507010108a2e862a07ab7e9707beb972b2db
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:57:31 2023 +0100

    Fix attachments of edited statuses not being fetched (#21565) (#23485)

    * Fix attachments of edited statuses not being fetched

    * Fix tests

commit eade64097c48eb24d78d42ddd47c6cabb6df7d5f
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:57:24 2023 +0100

    Clear voter count when poll is reset (#21700) (#23484)

    When a poll is edited, we reset the poll and remove all previous
    votes. However, prior to this commit, the voter count on the poll
    was not reset. This leads to incorrect percentages being shown in
    poll results.

    Fixes #21696

    Co-authored-by: afontenot <[email protected]>

commit 1f0be21317295e1f3a47ace6454d5afcc502d077
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:57:14 2023 +0100

    Fix some performance issues with /admin/instances (#21907) (#23483)

    /admin/instances?availability=failing remains wholly unefficient

commit 0ca877f08478c0acb6958a893fb7384c64b4c57c
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:57:06 2023 +0100

    Fix possible race conditions when suspending/unsuspending accounts (#22363) (#23482)

    * Fix possible race conditions when suspending/unsuspending accounts

    * Fix tests

    Tests were assuming SuspensionWorker and UnsuspensionWorker would do the
    suspending/unsuspending themselves, but this has changed.

commit cc233af129a8f183487dbd4a9562c0533b4e5513
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:56:58 2023 +0100

    Fix suspension worker crashing on S3-compatible setups without ACL support (#22487) (#23481)

commit 83f1c6460aaa7ca6f8dc11fc03a6befa71c374c3
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:56:49 2023 +0100

    Fix changing domain block severity not undoing individual account effects (#22135) (#23480)

    * Fix changing domain block severity not undoing individual account effects

    Fixes #22133

    * Add tests

commit e26dd2ea8f2e911448578f5bc7a00ea877e3b668
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:56:37 2023 +0100

    Add `form-action` CSP directive (#23478)

    * Add form-action CSP directive (#20781)

    * Fix OAuth flow being broken by recent CSP change (#20958)

    * Fix form-action CSP directive for external login (#20962)

commit da5d81c90dd6199d9f615ee48b579178284cf8f2
Author: Claire <[email protected]>
Date:   Thu Feb 9 18:34:19 2023 +0100

    Fix CircleCI issues caused by Node and OpenSSL versions (#23489)

    Co-authored-by: mhkhung <[email protected]>

commit ee66f5790f6bee17ba5d6876021ba8ffd1ef222b
Author: Claire <[email protected]>
Date:   Thu Dec 15 19:21:17 2022 +0100

    Fix unbounded recursion in account discovery (v3.5 backport) (#22026)

    * Fix trying to fetch posts from other users when fetching featured posts

    * Rate-limit discovery of new subdomains

    * Put a limit on recursively discovering new accounts

commit 696f7b360882e71ff45b6ddafc8eea17184a0f31
Author: Claire <[email protected]>
Date:   Mon Nov 14 22:26:24 2022 +0100

    Bump version to 3.5.5

commit b22e1476ca667e1ab83ab26a93203c3f253540af
Author: Claire <[email protected]>
Date:   Mon Nov 14 22:14:55 2022 +0100

    Fix nodes order being sometimes mangled when rewriting emoji (#20677)

    * Fix front-end emoji tests

    * Fix nodes order being sometimes mangled when rewriting emoji

commit 105ab8242582c6df02e3693f4620793add5c84f6
Author: Claire <[email protected]>
Date:   Mon Nov 14 11:23:10 2022 +0100

    Bump version to 3.5.4

commit 2dd8f977e84b67ed073a932accd2fbf4d2f38f3a
Author: Claire <[email protected]>
Date:   Wed Nov 9 14:21:57 2022 +0100

    Fix emoji substitution not applying only to text nodes in backend code

    Signed-off-by: Claire <[email protected]>

commit 2db06e1d089404844b632b3a2164c4bd3af24424
Author: Claire <[email protected]>
Date:   Wed Nov 9 14:16:02 2022 +0100

    Fix emoji substitution not applying only to text nodes in Web UI

    Signed-off-by: Claire <[email protected]>

commit 063579373e401fdac72b856971ecc01b06065365
Author: Eugen Rochko <[email protected]>
Date:   Wed Oct 26 14:58:52 2022 +0200

    Fix rate limiting for paths with formats

commit 1659788de4aa12f78108defb7294a1a23fa363bf
Author: Pierre Bourdon <[email protected]>
Date:   Fri Nov 11 07:45:16 2022 +0100

    blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388)

    The Blurhash library used by Mastodon requires an input encoded as 24
    bits raw RGB data. The conversion to raw RGB using Imagemagick did not
    previously specify the desired bit depth. In some situations, this leads
    Imagemagick to output in a pixel format using less bpp than expected.
    This then manifested as segfaults of the Sidekiq process due to
    out-of-bounds read, or potentially a (highly noisy) memory infoleak.

    Fixes #19235.

commit 47eaf85f02e280db8c24cfc4f9bc5a34e99da49e
Author: Claire <[email protected]>
Date:   Mon Jul 4 11:08:30 2022 +0200

    Fix crash when a remote Flag activity mentions a private post (#18760)

    * Add tests

    * Fix crash when a remote Flag activity mentions a private post

commit fbcbf7898f000d9d1a21d52e8a8d3ed4602aa7db
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 23:26:15 2022 +0200

    Bump version to 3.5.3 (#18530)

commit 0a1992430db7a859b3b7faa3d9ce4f07734b5fd8
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 23:02:42 2022 +0200

    Fix errors when rendering RSS feeds (#18531)

commit 52f4e834f293c9fdbf5805639d022ac4e3856b75
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:14:47 2022 +0200

    Fix concurrent unfollowing decrementing follower count more than once (#18527)

commit 8a9acbe604667215c9589154d72b3f313755c210
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:08:12 2022 +0200

    Fix being able to appeal a strike unlimited times (#18529)

    Peculiarity of the `has_one` association is that the convenience
    creation method deletes the previous association even if the new
    one is invalid

commit c4d2c39a75eccdbc60c3540c259e1e7ea5881ac6
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:08:02 2022 +0200

    Fix being able to report otherwise inaccessible statuses (#18528)

commit 1ff4877945e18820f3e518a1cfbac243da65e1a5
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:06:10 2022 +0200

    Fix empty votes arbitrarily increasing voters count in polls (#18526)

commit 976cd6413e9b2a1531a2ad17945342deaeec538c
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:04:16 2022 +0200

    Fix moderator leak in undo_mark_statuses_as_sensitive (#18525)

    Signed-off-by: Eugen Rochko <[email protected]>

    Co-authored-by: 40826d <[email protected]>

commit 9f81b9f29a14093cefcdbf09058ace089cd8e06b
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:04:05 2022 +0200

    Fix suspended users being able to access APIs that don't require a user (#18524)

commit 96129c2f10a82520648f6ae04e585cf797403617
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:03:54 2022 +0200

    Fix confirmation redirect to app without `Location` header (#18523)

commit 3e0e7a1cfb617837ccada330afc13ed804c3c47b
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 20:32:48 2022 +0200

    Fix follower and other counters being able to go negative (#18517)

commit 702b709d9a8df2ed65c54d32d585a4cf5fe13de1
Author: Yamagishi Kazutoshi <[email protected]>
Date:   Fri May 27 03:29:28 2022 +0900

    Add ES6 compatibility to browserslist (#18519)

commit d8abc0018f59ed63fb6c5fae2f6081c141a4b978
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 18:43:14 2022 +0200

    Remove 3.3.x from supported versions in security policy (#18516)

commit 088dc0ec5a383006952c0b15508af882a4c1109c
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 18:05:47 2022 +0200

    Fix regression in `tootctl search deploy` caused by unloaded attribute (#18514)

commit a4fa9e23fc1ddb42452bb8f051a31894796c8002
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 17:55:05 2022 +0200

    Change "dangerous" to "sensitive" in privacy policy and web UI (#18515)

    Fix #18470

commit 440eb71310e41d668f00980b73358edd5f8df043
Author: Claire <[email protected]>
Date:   Thu May 26 15:50:33 2022 +0200

    Change unapproved and unconfirmed account to not be accessible in the REST API (#17530)

    * Change unapproved and unconfirmed account to not be accessible in the REST API

    * Change Account#searchable? to reject unconfirmed and unapproved users

    * Disable search for unapproved and unconfirmed users in Account.search_for

    * Disable search for unapproved and unconfirmed users in Account.advanced_search_for

    * Remove unconfirmed and unapproved accounts from Account.searchable scope

    * Prevent mentions to unapproved/unconfirmed accounts

    * Fix some old tests for Account.advanced_search_for

    * Add some Account.advanced_search_for tests for existing behaviors

    * Add some tests for Account.search_for

    * Add Account.advanced_search_for tests unconfirmed and unapproved accounts

    * Add Account.searchable tests

    * Fix Account.without_unapproved scope potentially messing with previously-applied scopes

    * Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup

    This is so that the API can still be used to check whether an username is free
    to use.

commit 86f4dba47ef26aa8690354948c49009c3fd49960
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 09:16:19 2022 +0900

    Bump @babel/preset-env from 7.17.12 to 7.18.2 (#18512)

    Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.12 to 7.18.2.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-preset-env)

    ---
    updated-dependencies:
    - dependency-name: "@babel/preset-env"
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 77823333bb38a12705af486fa9b69cbd646dbd79
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 09:06:44 2022 +0900

    Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.2 (#18511)

    Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.2.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-plugin-transform-runtime)

    ---
    updated-dependencies:
    - dependency-name: "@babel/plugin-transform-runtime"
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit ddddd4c043bd722b7e01a0595cd5f7a606fde281
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 08:41:07 2022 +0900

    Bump immutable from 4.0.0 to 4.1.0 (#18502)

    Bumps [immutable](https://github.com/immutable-js/immutable-js) from 4.0.0 to 4.1.0.
    - [Release notes](https://github.com/immutable-js/immutable-js/releases)
    - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0)

    ---
    updated-dependencies:
    - dependency-name: immutable
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 01db33165757042f3d95a6e372a9652b0223c5c2
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 08:06:55 2022 +0900

    Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.0 (#18489)

    Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.0.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-plugin-transform-runtime)

    ---
    updated-dependencies:
    - dependency-name: "@babel/plugin-transform-runtime"
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 2bc5e41b8384b1c62832be2abead47670d169dfa
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 08:06:29 2022 +0900

    Bump @babel/runtime from 7.17.9 to 7.18.0 (#18494)

    Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.17.9 to 7.18.0.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-runtime)

    ---
    updated-dependencies:
    - dependency-name: "@babel/runtime"
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 4d48d83b0088f9e039691435407bd3d6e92e6f63
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 08:05:53 2022 +0900

    Bump @babel/core from 7.17.12 to 7.18.0 (#18490)

    Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.17.12 to 7.18.0.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-core)

    ---
    updated-dependencies:
    - dependency-name: "@babel/core"
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 25dda3061e4308a5005d3a2fef373acffc510a66
Author: Claire <[email protected]>
Date:   Thu May 26 00:20:30 2022 +0200

    Fix unnecessary query on status creation (#17901)

commit 96f29ce91ad622a0127bc3c3bf2dc503062ed0dc
Author: Eugen Rochko <[email protected]>
Date:   Tue May 24 16:33:18 2022 +0200

    New Crowdin updates (#18458)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations doorkeeper.en.yml (Ido)

    * New translations devise.en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations doorkeeper.en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations doorkeeper.en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations doorkeeper.en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.json (Esperanto)

    * New translations en.yml (Esperanto)

    * New translations en.json (Esperanto)

    * New translations doorkeeper.en.yml (Esperanto)

    * New translations en.json (Esperanto)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations en.json (Ido)

    * New translations doorkeeper.en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.json (Armenian)

    * New translations en.json (Armenian)

    * New translations en.json (Armenian)

    * New translations en.json (Scottish Gaelic)

    * New translations en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.yml (Russian)

    * New translations en.json (Estonian)

    * New translations en.json (Estonian)

    * New translations en.json (Estonian)

    * New translations en.json (Estonian)

    * New translations en.yml (Estonian)

    * New translations en.json (Estonian)

    * New translations en.json (Estonian)

    * New translations en.yml (Estonian)

    * New translations en.json (Estonian)

    * New translations en.yml (Estonian)

    * New translations en.json (Estonian)

    * New translations en.json (Estonian)

    * New translations en.yml (Russian)

    * New translations en.yml (Russian)

    * New translations simple_form.en.yml (Russian)

    * New translations en.yml (Russian)

    * New translations simple_form.en.yml (Russian)

    * New translations en.json (Sorani (Kurdish))

    * New translations en.json (Sorani (Kurdish))

    * New translations en.json (Sorani (Kurdish))

    * New translations activerecord.en.yml (Sorani (Kurdish))

    * New translations doorkeeper.en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * New translations doorkeeper.en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * Run `yarn manage:translations`

    * Run `bundle exec i18n-tasks normalize`

    Co-authored-by: Yamagishi Kazutoshi <[email protected]>

commit e5997a195602624efdb366e9f09ffa377e859580
Author: Claire <[email protected]>
Date:   Mon May 23 20:38:29 2022 +0200

    Fix warning an account outside of a report closing all reports for that account (#18387)

    * Fix warning an account outside of a report closing all reports for that account

    * Make it clear what actions solve other reports

    * Revert "Make it clear what actions solve other reports"

    This reverts commit ad006de821f72e75480701298d13f0945b509059.

commit a9b64b24d6c076cb96a66307c07d4f0158dc07da
Author: Eugen Rochko <[email protected]>
Date:   Sun May 22 22:16:43 2022 +0200

    Change algorithm of `tootctl search deploy` to improve performance (#18463)

commit 54bb659ad14fda8d3427752d2c99716420997d6e
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Sat May 21 15:43:36 2022 +0900

    Bump sidekiq from 6.4.1 to 6.4.2 (#18091)

    Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.4.1 to 6.4.2.
    - [Release notes](https://github.com/mperham/sidekiq/releases)
    - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md)
    - [Commits](https://github.com/mperham/sidekiq/compare/v6.4.1...v6.4.2)

    ---
    updated-dependencies:
    - dependency-name: sidekiq
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit dfb9e6dab1b119c907dece5555408c9b98ec8f2c
Author: Yamagishi Kazutoshi <[email protected]>
Date:   Fri May 20 11:39:05 2022 +0900

    Disable transpile to older iOS versions (#18462)

commit e925b06721057f83f2e3e8e7bdb21f39318b90a2
Author: Yamagishi Kazutoshi <[email protected]>
Date:   Fri May 20 02:26:19 2022 +0900

    Fix languages dropdown on light theme (#18460)

commit 9a0fa28993568cb3f106f0ea6457b0ff0f9a132e
Author: Eugen Rochko <[email protected]>
Date:   Thu May 19 12:58:16 2022 +0200

    New Crowdin updates (#18419)

    * New translations en.json (German)

    * New translations en.json (Welsh)

    * New translations en.json (Japanese)

    * New translations en.json (Korean)

    * New translations en.json (Turkish)

    * New translations en.json (Chinese Simplified)

    * New translations en.json (Vietnamese)

    * New translations en.json (Portuguese, Brazilian)

    * New translations en.json (Asturian)

    * New translations en.json (Irish)

    * New translations en.json (Arabic)

    * New translations en.json (Scottish Gaelic)

    * New translations en.json (Galician)

    * New translations en.json (Czech)

    * New translations en.json (Slovak)

    * New translations en.json (Icelandic)

    * New translations en.json (Sorani (Kurdish))

    * New translations en.json (English, United Kingdom)

    * New translations en.json (Norwegian)

    * New translations en.json (Romanian)

    * New translations en.json (French)

    * New translations en.json (Spanish)

    * New translations en.json (Afrikaans)

    * New translations en.json (Bulgarian)

    * New translations en.json (Persian)

    * New translations en.json (Tamil)

    * New translations en.json (Malayalam)

    * New translations en.json (Silesian)

    * New translations en.json (Taigi)

    * New translations en.json (Ido)

    * New translations en.json (Kabyle)

    * New translations en.json (Sanskrit)

    * New translations en.json (Sardinian)

    * New translations en.json (Corsican)

    * New translations en.json (Kurmanji (Kurdish))

    * New translations en.json (Serbian (Latin))

    * New translations en.json (Occitan)

    * New translations en.json (Kannada)

    * New translations en.json (Cornish)

    * New translations en.json (Sinhala)

    * New translations en.json (Breton)

    * New translations en.json (Tatar)

    * New translations en.json (Spanish, Argentina)

    * New translations en.json (Kazakh)

    * New translations en.json (Spanish, Mexico)

    * New translations en.json (Bengali)

    * New translations en.json (Marathi)

    * New translations en.json (Thai)

    * New translations en.json (Croatian)

    * New translations en.json (Norwegian Nynorsk)

    * New translations en.json (Estonian)

    * New translations en.json (Chinese Traditional, Hong Kong)

    * New translations en.json (Latvian)

    * New translations en.json (Hindi)

    * New translations en.json (Malay)

    * New translations en.json (Telugu)

    * New translations en.json (Esperanto)

    * New translations en.json (Uyghur)

    * New translations en.json (Standard Moroccan Tamazight)

    * New translations en.yml (Icelandic)

    * New translations en.json (German)

    * New translations en.json (Turkish)

    * New translations en.json (Icelandic)

    * New translations en.json (Greek)

    * New translations en.json (Chinese Traditional)

    * New translations en.json (Catalan)

    * New translations en.json (Latvian)

    * New translations en.json (Czech)

    * New translations en.json (Indonesian)

    * New translations en.json (Korean)

    * New translations en.json (Russian)

    * New translations en.json (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (German)

    * New translations en.json (Spanish, Argentina)

    * New translations en.json (Spanish, Argentina)

    * New translations en.json (Danish)

    * New translations en.json (Chinese Simplified)

    * New translations en.json (Afrikaans)

    * New translations en.json (Ukrainian)

    * New translations en.json (Portuguese)

    * New translations en.yml (Italian)

    * New translations en.json (Italian)

    * New translations en.yml (Italian)

    * New translations en.json (Catalan)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (French)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Arabic)

    * New translations en.yml (Arabic)

    * New translations en.yml (Hungarian)

    * New translations en.json (Hungarian)

    * New translations en.yml (Galician)

    * New translations en.json (Galician)

    * New translations en.yml (Scottish Gaelic)

    * New translations en.yml (Ido)

    * New translations en.json (Scottish Gaelic)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Catalan)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Korean)

    * New translations en.json (Polish)

    * New translations en.yml (Ido)

    * New translations en.json (Czech)

    * New translations en.json (Hungarian)

    * New translations en.json (Spanish, Argentina)

    * New translations en.json (Ido)

    * New translations en.json (Russian)

    * New translations en.json (Latvian)

    * New translations en.yml (Russian)

    * New translations en.json (Russian)

    * New translations devise.en.yml (Russian)

    * New translations en.yml (Ido)

    * New translations en.json (Icelandic)

    * New translations en.json (Portuguese)

    * New translations en.yml (Ido)

    * New translations en.json (Catalan)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * Run `yarn manage:translations`

    * New translations en.json (Chinese Simplified)

    * New translations en.yml (Slovenian)

    * New translations en.json (Slovenian)

    * New translations en.json (Vietnamese)

    * New translations en.json (Chinese Traditional)

    * New translations en.json (Chinese Simplified)

    * New translations en.json (Spanish)

    * New translations en.json (Greek)

    * New translations en.json (Thai)

    * New translations en.json (Turkish)

    * New translations en.json (Turkish)

    * New translations en.json (Italian)

    * New translations en.json (Kurmanji (Kurdish))

    * New translations en.yml (Japanese)

    * New translations en.json (Japanese)

    * New translations en.json (Afrikaans)

    * New translations en.yml (Basque)

    * New translations en.yml (German)

    * New translations en.json (German)

    * New translations en.yml (Esperanto)

    * New translations en.json (German)

    * New translations en.yml (Esperanto)

    * New translations en.yml (Esperanto)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Chinese Simplified)

    * New translations en.json (German)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Korean)

    * New translations en.yml (Galician)

    * New translations en.json (Galician)

    * New translations devise.en.yml (Galician)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Russian)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Chinese Simplified)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Kurmanji (Kurdish))

    * New translations en.yml (Ido)

    * New translations en.json (Kurmanji (Kurdish))

    * New translations en.yml (German)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Korean)

    * New translations en.json (Korean)

    * New translations simple_form.en.yml (Korean)

    * New translations en.yml (Korean)

    * New translations en.json (Ukrainian)

    * New translations en.yml (Arabic)

    * New translations en.json (Arabic)

    * New translations en.json (Arabic)

    * New translations en.json (Arabic)

    * New translations en.json (Arabic)

    * New translations en.json (Thai)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Russian)

    * New translations en.json (Portuguese, Brazilian)

    * New translations en.yml (Chinese Simplified)

    * New translations en.json (Chinese Simplified)

    * New translations simple_form.en.yml (Chinese Simplified)

    * New translations devise.en.yml (Chinese Simplified)

    * New translations en.yml (Ido)

    * New translations en.json (French)

    * New translations en.json (Indonesian)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Vietnamese)

    * New translations en.json (Esperanto)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations doorkeeper.en.yml (Portuguese, Brazilian)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * Run `yarn manage:translations`

    * Run `bundle exec i18n-tasks normalize`

    Co-authored-by: Yamagishi Kazutoshi <[email protected]>

commit 679b7158e3cd3881e8cbaf2d2c0c97725b3b5fd9
Author: Eugen Rochko <[email protected]>
Date:   Wed May 18 23:29:14 2022 +0200

    Change search indexing to use batches to minimize resource usage (#18451)

commit ded5a0254a4d29a7384ef766a1e92467fe4ebd2b
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 19 03:33:13 2022 +0900

    Bump yargs from 17.4.1 to 17.5.1 (#18437)

    Bumps [yargs](https://github.com/yargs/yargs) from 17.4.1 to 17.5.1.
    - [Release notes](https://github.com/yargs/yargs/releases)
    - [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/yargs/yargs/compare/v17.4.1...v17.5.1)

    ---
    updated-dependencies:
    - dependency-name: yargs
      dependency-type: direct:development
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit ffc2971466417aafe778eddcb1510ea934cef973
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 19 03:30:31 2022 +0900

    Bump dotenv from 16.0.0 to 16.0.1 (#18438)

    Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.0.0 to 16.0.1.
    - [Release notes](https://github.com/motdotla/dotenv/releases)
    - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/motdotla/dotenv/compare/v16.0.0...v16.0.1)

    ---
    updated-dependencies:
    - dependency-name: dotenv
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit a918a76bfbdd300e3ef549307706bdfa630f824b
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 19 03:29:53 2022 +0900

    Bump glob from 8.0.1 to 8.0.3 (#18440)

    Bumps [glob](https://github.com/isaacs/node-glob) from 8.0.1 to 8.0.3.
    - [Release notes](https://github.com/isaacs/node-glob/releases)
    - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
    - [Commits](https://github.com/isaacs/node-glob/compare/v8.0.1...v8.0.3)

    ---
    updated-dependencies:
    - dependency-name: glob
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 6b4e2d5ce686140797dd207b1ba932a86665262f
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 19 03:27:55 2022 +0900

    Bump rubocop from 1.28.2 to 1.29.1 (#18433)

    Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.28.2 to 1.29.1.
    - [Release notes](https://github.com/rubocop/rubocop/releases)
    - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/rubocop/rubocop/compare/v1.28.2...v1.29.1)

    ---
    updated-dependencies:
    - dependency-name: rubocop
      dependency-type: direct:development
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 6048eeed045693be63ad34dc97e98f7b2e519a70
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 19 03:27:02 2022 +0900

    Bump faker from 2.20.0 to 2.21.0 (#18434)

    Bumps [faker](https://github.com/faker-ruby/faker) from 2.20.0 to 2.21.0.
    - [Release notes](https://github.com/faker-ruby/faker/releases)
    - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/faker-ruby/faker/compare/v2.20.0...v2.21.0)

    ---
    updated-dependencies:
    - dependency-name: faker
      dependency-type: direct:development
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 1a880533acb1a8b6ee11db357d8cb8864f0e05e3
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed May 18 21:25:23 2022 +0900

    Bump @babel/preset-env from 7.17.10 to 7.17.12 (#18443)

    Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.10 to 7.17.12.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.17.12/packages/babel-preset-env)

    ---
    updated-dependencies:
    - dependency-name: "@babel/preset-env"
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Yamagishi Kazutoshi <[email protected]>

commit d842f645d11e99521d1c27a13ce53f97de357d52
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed May 18 21:16:16 2022 +0900

    Bump @babel/plugin-proposal-decorators from 7.17.9 to 7.17.12 (#18442)

    Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.17.9 to 7.…
chasedream1129 added a commit to monado-ren/mastodon that referenced this pull request Aug 12, 2024
commit e9123ad691727ffec3672ff3912ef56e67c930ef
Author: Claire <[email protected]>
Date:   Thu Feb 15 12:02:24 2024 +0100

    Bump version to v3.5.19

commit c397c1a9e3090a0e879c15cafd48d5f1414b6836
Author: Claire <[email protected]>
Date:   Fri Feb 16 11:56:12 2024 +0100

    Merge pull request from GHSA-jhrq-qvrm-qr36

    * Fix insufficient Content-Type checking of fetched ActivityStreams objects

    * Allow JSON-LD documents with multiple profiles

commit d509b6b3420d303728b13832d79b05d602dba4e2
Author: Claire <[email protected]>
Date:   Wed Feb 14 22:49:45 2024 +0100

    Fix user creation failure handling in OmniAuth paths (#29207)

    Co-authored-by: Matt Jankowski <[email protected]>

commit 44c265e4c7983e17bf7713db91938d95efd33046
Author: Claire <[email protected]>
Date:   Wed Feb 14 13:35:56 2024 +0100

    Bump version to v3.5.18

commit 4a57e44809e33a8050c0062a244c351ab0871c71
Author: Claire <[email protected]>
Date:   Wed Feb 14 15:16:07 2024 +0100

    Merge pull request from GHSA-vm39-j3vx-pch3

    * Prevent different identities from a same SSO provider from accessing a same account

    * Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

    * Rename methods to avoid confusion between OAuth and OmniAuth

commit 47c6079d8da3810889f70166950a29af2c2f1333
Author: Claire <[email protected]>
Date:   Wed Feb 14 15:15:34 2024 +0100

    Merge pull request from GHSA-7w3c-p9j8-mq3x

    * Ensure destruction of OAuth Applications notifies streaming

    Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

    * Ensure password resets revoke access to Streaming API

    * Improve performance of deleting OAuth tokens

    ---------

    Co-authored-by: Emelia Smith <[email protected]>

commit 69205dff9a252f42f9a75bf5a247b1376f312895
Author: Claire <[email protected]>
Date:   Wed Feb 14 13:12:13 2024 +0100

    Add `sidekiq_unique_jobs:delete_all_locks` task and disable `sidekiq-unique-jobs` UI by default (#29199)

commit d187195f2ccaeab8786e62cf2ef3a499c1b54b7f
Author: Emelia Smith <[email protected]>
Date:   Tue Feb 13 19:11:47 2024 +0100

    Disable administrative doorkeeper routes (#29187)

commit 3387868dd9841cfffdae875d3296cf0aae36dc2b
Author: blah <blah@blah>
Date:   Wed Feb 14 10:58:36 2024 +0000

    Update dependency sidekiq-unique-jobs to 7.1.33

commit 3ba6ed76ea07d2856f988689e62a76882e5c9d4d
Author: blah <blah@blah>
Date:   Wed Feb 14 10:51:59 2024 +0000

    Update dependency nokogiri to 1.16.2

commit b1ed009c65802b70c9b780f3c7c3a866cba72478
Author: Claire <[email protected]>
Date:   Thu Feb 1 15:56:46 2024 +0100

    Merge pull request from GHSA-3fjr-858r-92rw

    * Fix insufficient origin validation

    * Bump version to v3.5.17

commit 35f21191ee9fa3a99af6c207d2fb42484d58f196
Author: Claire <[email protected]>
Date:   Mon Nov 27 15:00:52 2023 +0100

    Bump version to v3.5.16

commit 2ffce0d5f7e43138fd19a1c1b7a31b0177ae00a3
Author: Claire <[email protected]>
Date:   Fri Oct 20 10:45:46 2023 +0200

    Fix processing LDSigned activities from actors with unknown public keys (#27474)

commit 688defd60d9a31d7a4f9052985119a88d810e436
Author: Claire <[email protected]>
Date:   Fri Nov 24 10:31:28 2023 +0100

    Change GIF max matrix size error to explicitly mention GIF files (#27927)

commit d9b05f6860a574d81d1fd9fc47ca3adabf0d70cc
Author: Jonathan de Jong <[email protected]>
Date:   Fri Oct 27 16:55:00 2023 +0200

    Have `Follow` activities bypass availability (#27586)

    Co-authored-by: Claire <[email protected]>

commit f3fd8d869596da809448d5d0105e122e8ba3db22
Author: Claire <[email protected]>
Date:   Mon Nov 27 14:25:54 2023 +0100

    Clamp dates when serializing to Elasticsearch API (#28081)

commit 49693fe42f4528db4b41a2c346391016e9fe954a
Author: Claire <[email protected]>
Date:   Mon Nov 6 10:28:14 2023 +0100

    Fix incoming status creation date not being restricted to standard ISO8601 (#27655)

commit 16262f815d7d120bd73ffb71740ffaea3771683b
Author: Claire <[email protected]>
Date:   Mon Oct 30 23:32:25 2023 +0100

    Fix posts from force-sensitized accounts being able to trend (#27620)

commit d4e0a12b27aa01012c50ac7f0d4ba26085258990
Author: Claire <[email protected]>
Date:   Mon Oct 23 14:27:07 2023 +0200

    Change Content-Security-Policy to be tighter on media paths (#26889)

commit db59d8486bd12f7d32dd9785cbf2daf9115d0e16
Author: Claire <[email protected]>
Date:   Mon Oct 9 14:03:10 2023 +0200

    Bump version to v3.5.15

commit 7fb3ee0bc67cd7078fa7558483121dbe08202d8a
Author: Matt Jankowski <[email protected]>
Date:   Tue Oct 3 11:01:45 2023 -0400

    Dont match mention in url query string (#25656)

    Co-authored-by: Claire <[email protected]>

commit 9bd027823d91fe8cc9d3c63b19c649296e626e0d
Author: David Aaron <[email protected]>
Date:   Tue Oct 3 02:48:57 2023 -0700

    Change min age of backup policy from 1 week to 6 days (#27200)

commit 57d4d460503fa9ad01670533296a84c7c3f49ff3
Author: Jakob Gillich <[email protected]>
Date:   Tue Oct 3 10:47:50 2023 +0200

    Fix importer returning negative row estimates (#27258)

commit c91116f7800fe622750c93ea7d51d5d72e143ed3
Author: Claire <[email protected]>
Date:   Thu Sep 28 13:41:24 2023 +0200

    Fix filtering audit log for entries about disabling 2FA (#27186)

commit f45b5f5006f59d895da158e65cecead37d9a5b38
Author: Essem <[email protected]>
Date:   Mon Sep 25 12:21:07 2023 -0500

    Properly remove tIME chunk from PNG uploads (#27111)

commit 47441e51f3749894ac5699abffdd1cc190c0256e
Author: Claire <[email protected]>
Date:   Fri Oct 6 12:58:16 2023 +0200

    Fix crash when filtering for “dormant” relationships (#27306)

commit af02650322aad7468bfa7363f8232b0ae7151e6f
Author: Claire <[email protected]>
Date:   Mon Sep 25 15:06:43 2023 +0200

    Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116)

commit 75346a71f7f4f0a3deb2841c19e6105a06f98f1e
Author: Claire <[email protected]>
Date:   Tue Sep 19 12:49:15 2023 +0200

    Bump version to v3.5.14

commit 49af3e26dc3a433922d78ae01be50549f29d1949
Author: Claire <[email protected]>
Date:   Wed Sep 6 16:40:19 2023 +0200

    Fix moderator rights inconsistencies (#26729)

commit 412c3e13ecae1bc9a6fd204b6e4018c5c4c2e6ba
Author: Claire <[email protected]>
Date:   Wed Sep 6 12:17:51 2023 +0200

    Fix crash when encountering invalid URL (#26814)

commit 31c5e63a58923b9d227d90b48994ed48491dd52e
Author: Claire <[email protected]>
Date:   Thu Aug 17 16:11:48 2023 +0200

    Fix cached posts including stale stats (#26409)

commit e8eeb746ac2d2ec635d46c9c07b73a56b4f2c77c
Author: Nicolai Søborg <[email protected]>
Date:   Fri Aug 18 08:32:47 2023 +0200

    Fix `frame_rate` for videos where `ffprobe` reports 0/0 (#26500)

commit 0158c31c02b62f39add6f41f1584bf23a8dda047
Author: yufushiro <[email protected]>
Date:   Wed Aug 23 15:44:56 2023 +0900

    Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608)

    Co-authored-by: Claire <[email protected]>

commit 9deb1781269fd817c930d38f916672bec3d566a8
Author: Claire <[email protected]>
Date:   Tue Sep 19 16:53:58 2023 +0200

    Merge pull request from GHSA-v3xf-c9qf-j667

commit 8e6fe192258fab9df50cfa7c4c0f6c22a756868e
Author: Claire <[email protected]>
Date:   Mon Sep 18 08:31:53 2023 +0200

    Change Dockerfile to upgrade packages when building (#26931)

    Co-authored-by: Renaud Chaput <[email protected]>

commit 4eb709ea7ea6b5bc1fcdbe1762dd3b7efcc07f6e
Author: Claire <[email protected]>
Date:   Wed Sep 6 09:18:28 2023 +0200

    Update actions for stable-3.5 (#26804)

    Co-authored-by: Renaud Chaput <[email protected]>

commit 86a31fc0196f876f6671a883198fcc460bcd60c5
Author: Claire <[email protected]>
Date:   Tue Sep 5 17:46:39 2023 +0200

    Fix Dockerfile installing incompatible npm version (#26803)

commit 16e47e1aae55c0ead7207030ad8a554c18ff1250
Author: Claire <[email protected]>
Date:   Tue Sep 5 15:30:24 2023 +0200

    Bump version to v3.5.13

commit dcffd6b3d76a5e9d420119d0730724d56f7fe968
Author: Emelia Smith <[email protected]>
Date:   Mon May 22 13:15:21 2023 +0200

    Allow reports with long comments from remote instances, but truncate (#25028)

commit 8de0f7e198b25741cd6cb849095520b88fab088d
Author: Daniel M Brasil <[email protected]>
Date:   Thu Aug 31 08:53:24 2023 -0300

    Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled (#26237)

commit e37551421ee30ccd9e6a36e2ad4c88ddf5a1b3d8
Author: Claire <[email protected]>
Date:   Wed Aug 9 09:39:36 2023 +0200

    Fix blocking subdomains of an already-blocked domain (#26392)

commit 2e0eab9d18f1473654542f96ff9172cab0e8661e
Author: Claire <[email protected]>
Date:   Wed Aug 30 17:36:16 2023 +0200

    Change text extraction in `PlainTextFormatter` to be faster (#26727)

commit ce75c175cdf12bdfdf8b84271b52989abe54cb50
Author: Claire <[email protected]>
Date:   Thu Aug 31 19:54:17 2023 +0200

    Backport container build changes to the stable-3.5 branch (#26742)

    Co-authored-by: Renaud Chaput <[email protected]>

commit a3d31ffc1ead2abe98a8b722b406a7574a14a915
Author: Claire <[email protected]>
Date:   Fri Jul 28 10:07:57 2023 +0200

    Bump version to v3.5.12

commit 50f4af28b0f1fde03e1a57583bccc1387d6f08bf
Author: Emelia Smith <[email protected]>
Date:   Fri Jul 28 12:06:29 2023 +0200

    Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228)

commit e655b35d7e4ebf9c5a2ab6cb4bf4e950785cfee0
Author: Claire <[email protected]>
Date:   Sat Jul 22 20:42:31 2023 +0200

    Fix incorrect connect timeout in outgoing requests (#26116)

commit 80c00f4aa57fd21679fade777310422e55274c65
Author: Claire <[email protected]>
Date:   Fri Jul 21 14:33:34 2023 +0200

    Bump version to v3.5.11

commit 1a0192537d11fb8932735c33f904e8fc4263356b
Author: Claire <[email protected]>
Date:   Fri Jul 21 14:18:04 2023 +0200

    Add check preventing Sidekiq workers from running with Makara configured (#25850)

    Co-authored-by: Eugen Rochko <[email protected]>

commit 668cd00e130c152ed05b19f7d7f663d33790d9ac
Author: Claire <[email protected]>
Date:   Fri Jul 21 14:14:10 2023 +0200

    Fix testsuite failure introduced in last release

commit 0bd52de49263af22d2fed02e9cec84fbeb3d6f9b
Author: Claire <[email protected]>
Date:   Fri Jul 21 13:34:15 2023 +0200

    Fix CSP headers being unintendedly wide (#26105)

commit ced65ffbb48a37ca46c278156bc0987378bf0a8a
Author: Claire <[email protected]>
Date:   Tue Jul 18 20:51:20 2023 +0200

    Change request timeout handling to use a longer deadline (#26055)

commit 6398fc0b66fad30112de9b4ea026436c4ebc9b32
Author: Claire <[email protected]>
Date:   Mon Jul 10 18:42:10 2023 +0200

    Fix moderation interface for remote instances with a .zip TLD (#25885)

commit 7709bbba65cb07158a74292542a2a6bf0b8452bb
Author: Claire <[email protected]>
Date:   Mon Jul 10 18:42:19 2023 +0200

    Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886)

commit 4f6d121b248dcc6b80a9d2597fb7b6ac73a50cf4
Author: Michael Stanclift <[email protected]>
Date:   Thu Jul 13 04:12:51 2023 -0500

    Fix trending publishers table not rendering correctly on narrow screens (#25945)

commit 687421ebbe3a8245c2fd2b7fe9bf8c325e9f3bb2
Author: Claire <[email protected]>
Date:   Fri Jul 7 18:56:11 2023 +0200

    Bump version to v3.5.10

commit 517c4a8a7a96bd2f16e369fa794575c30be370c8
Author: Claire <[email protected]>
Date:   Fri Jul 7 13:35:22 2023 +0200

    Fix processing of media files with unusual names (#25788)

commit dca0d8427e42e9a498b2c88b85660fef19d8fd1a
Author: Claire <[email protected]>
Date:   Fri Jul 7 18:10:17 2023 +0200

    Fix crash in admin interface when viewing a remote user with verified links (#25796)

commit b10c974ba1952c545acff505bfd36feb0c60b000
Author: Claire <[email protected]>
Date:   Wed Jun 21 10:38:16 2023 +0200

    Bump version to v3.5.9

commit ca4b23bf0d936f09f0bf60ab1055f6c2f0373dd9
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:06:49 2023 +0200

    Merge pull request from GHSA-55j9-c3mp-6fcq

commit 32e5a9f053d4d59cd7cd782a889055295554a697
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:06:24 2023 +0200

    Merge pull request from GHSA-9pxv-6qvf-pjwc

    * Fix timeout handling of outbound HTTP requests

    * Use CLOCK_MONOTONIC instead of Time.now

commit 987f9099947fdcd71e79d4908cdc4373eca92a85
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:05:05 2023 +0200

    Merge pull request from GHSA-9928-3cp5-93fm

    * Fix attachments getting processed despite failing content-type validation

    * Add a restrictive ImageMagick security policy tailored for Mastodon

    * Fix misdetection of MP3 files with large cover art

    * Reject unprocessable audio/video files instead of keeping them unchanged

commit c02fa93c578d6578f39de689752c02dd92f3b079
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:03:33 2023 +0200

    Merge pull request from GHSA-ccm4-vgcc-73hp

    * Tighten allowed HTML in oEmbed-based preview cards

    * Sanitize preview cards at render time

    * Add `sandbox` attribute to preview card iframes

commit c30901134654b759d06b8e5b16bf7f9608f199fc
Author: Claire <[email protected]>
Date:   Wed Jun 21 14:18:04 2023 +0200

    Add hardened headers to user-uploaded files

commit 6b538225af099276a6113b40f3763b8cde6284fd
Author: Claire <[email protected]>
Date:   Wed Jun 28 14:27:12 2023 +0200

    Update rack, rails, nokogiri, omniauth, sanitize and doorkeeper gems

commit 3c72c7b34e7cd5904bf0070d95201a2bd0fe7e54
Author: Renaud Chaput <[email protected]>
Date:   Thu Jun 1 12:14:49 2023 +0200

    Allow carets in URL search params (#25216)

commit 07f60ffcbbbaf661347cd3cd7098f20d3a3730f7
Author: Vyr Cossont <[email protected]>
Date:   Fri Mar 31 23:28:35 2023 -0700

    Fix Redis client and type errors introduced in #24285 (#24342)

commit c1467453f6e67e108308b4cba531eb013caed319
Author: Vyr Cossont <[email protected]>
Date:   Fri Mar 31 05:38:47 2023 -0700

    IndexingScheduler: fetch and import in batches (#24285)

    Co-authored-by: Claire <[email protected]>

commit 00e65a77df600330c4ae694616fb185e15b8835f
Author: Emelia Smith <[email protected]>
Date:   Tue Jun 20 18:04:35 2023 +0200

    Prevent UserCleanupScheduler from overwhelming streaming (#25519)

commit f9521bc2b54dff1c616ef271024426776e9434e2
Author: Daniel M Brasil <[email protected]>
Date:   Mon Jun 19 03:53:05 2023 -0300

    Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477)

commit e4bff6cd76d8e615bd2d2ed0ba8250d5d2438c0f
Author: Emelia Smith <[email protected]>
Date:   Sat Jun 10 18:24:37 2023 +0200

    Fix logging of messages that are binary before closing their connection (#25361)

commit 6f819c7071ed5fc810e4e5f0063f76185a41f4a0
Author: Emelia Smith <[email protected]>
Date:   Fri Jun 9 19:29:16 2023 +0200

    Fix performance of streaming by parsing message JSON once (#25278)

commit 4aa1c4e2ad1969376cb95336a7a86cacbe547c18
Author: Claire <[email protected]>
Date:   Mon Jun 5 17:35:05 2023 +0200

    Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273)

commit 176ae71fd42fb4990c3a8660c3e710cd31b3686e
Author: Daniel M Brasil <[email protected]>
Date:   Sun Apr 30 01:50:58 2023 -0300

    Fix  `tootctl accounts approve --number N` not aproving N earliest registrations (#24605)

commit feac95333fbfc8ef54bd96a273f9454bc25a3ca8
Author: Claire <[email protected]>
Date:   Fri May 12 13:13:04 2023 +0200

    Change profile updates to be sent to recently-mentioned servers (#24852)

commit bb1e7e112e5e929388417e22828d3eb235151d20
Author: Claire <[email protected]>
Date:   Wed May 17 00:08:42 2023 +0200

    Fix being able to vote on your own polls (#25015)

commit e233060ea5d0cf7e5baf247e34a38119bc4bf903
Author: Claire <[email protected]>
Date:   Wed May 17 00:09:21 2023 +0200

    Fix race condition when reblogging a status (#25016)

commit 3faebae2d1a5f72bf93167b1fbb279406bb738de
Author: Claire <[email protected]>
Date:   Mon May 22 12:25:56 2023 +0200

    Change OpenGraph-based embeds to allow fullscreen (#25058)

commit 95f59da1578272efee84f06375d6e77944a4d5b0
Author: Claire <[email protected]>
Date:   Mon May 22 14:03:38 2023 +0200

    Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060)

commit 6f94b4ae19144e6fbf625e47b821c1aacf391722
Author: Claire <[email protected]>
Date:   Tue May 23 14:27:17 2023 +0200

    Remove invalid X-Frame-Options: ALLOWALL (#25070)

commit 283184b390bdd9b8200fd2dac0c1abd2def25fca
Author: Claire <[email protected]>
Date:   Tue May 23 15:00:36 2023 +0200

    Change Identity to not destroy associated User on destroy (#25098)

commit d54980ef2df2704c0a1698ce3de19eb4e3916be1
Author: Claire <[email protected]>
Date:   Tue Jun 20 18:32:26 2023 +0200

    Fix /api/v1/conversations sometimes returning empty accounts (#25499)

commit 08579976e02c582f4465e63b03e38e4b8886705f
Author: Claire <[email protected]>
Date:   Wed Jun 14 08:54:52 2023 +0200

    Fix ArgumentError when loading newer Private Mentions (#25399)

commit ff3f40a675c1dcbf17e121b0d09ce65ea441d8a5
Author: Claire <[email protected]>
Date:   Thu Jun 1 02:41:51 2023 +0200

    Fix multiple N+1s in ConversationsController (#25134)

commit 0dce749192b1d7a1513bdf45b7eafa6181bac3b9
Author: Claire <[email protected]>
Date:   Wed Apr 5 19:31:49 2023 +0200

    Fix user archive takeouts when using OpenStack Swift (#24431)

commit 1bd831b9a9d288566ca38045f6410c771946634b
Author: Claire <[email protected]>
Date:   Mon Mar 27 17:50:34 2023 +0200

    Bump version to v3.5.8

commit 55144262d054a52b76baa9d077e235e5c61fac37
Author: Claire <[email protected]>
Date:   Mon Apr 3 15:47:04 2023 +0200

    Fix unescaped user input in LDAP query (#24379)

    Fix CVE-2023-28853

commit 40438675f8ddf0a6e30af4edef63286f8026f2b5
Author: Claire <[email protected]>
Date:   Mon Apr 3 15:05:39 2023 +0200

    Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327)

commit 0f4c908b64c34d94936dad1cfa4b2e2d225285cc
Author: Claire <[email protected]>
Date:   Fri Mar 31 21:42:28 2023 +0200

    Fix invalid/expired invites being processed on sign-up (#24337)

commit 3eb5b47768ec8387d3a0ec9ffd27ff777be18407
Author: Sai <[email protected]>
Date:   Fri Mar 31 15:42:59 2023 +0100

    Upgrade Ruby to 3.0.6 (#24332)

commit 520e9cc765b9b8263270f9e311b8beefd6b322f9
Author: Robert R George <[email protected]>
Date:   Wed Mar 29 00:58:27 2023 -0700

    Wrap db:setup with Chewy.strategy(:mastodon) (#24302)

commit d25493e26295d27af34441a5f120226f2c17eda9
Author: Claire <[email protected]>
Date:   Mon Mar 27 17:07:37 2023 +0200

    Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200)

commit 3d67a9329ef9859559d8c9143227c493088a620a
Author: Claire <[email protected]>
Date:   Mon Mar 20 20:02:58 2023 +0100

    Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled (#24182)

commit 547634dfa64a59012f37b60a6dd830bc4be76be4
Author: Claire <[email protected]>
Date:   Thu Mar 16 22:39:45 2023 +0100

    Bump version to v3.5.7

commit f90daf58dbc09a492b65a281d2cf5b5c4f5055b6
Author: Claire <[email protected]>
Date:   Thu Mar 16 22:47:01 2023 +0100

    Add warning for object storage misconfiguration (#24137)

commit a42b48ea4e66f3081dc6c21c06ed98db94116c02
Author: Eugen Rochko <[email protected]>
Date:   Thu Mar 16 22:46:52 2023 +0100

    Change user backups to use expiring URLs for download when possible (#24136)

commit 251dd0b72b2ca6aafe6676c6dbcc81260b2c1355
Author: Claire <[email protected]>
Date:   Thu Mar 16 13:41:55 2023 +0100

    Update changelog

commit 18840cbc6ef4fd8e9c48b0053a9f9b68978f4ffc
Author: Nick Schonning <[email protected]>
Date:   Wed Mar 15 11:43:44 2023 -0400

    Skip pushing containers on forks (#24106)

commit 727126255a043aec46d20cc07962771376b6d82b
Author: Renaud Chaput <[email protected]>
Date:   Wed Mar 15 16:41:13 2023 +0100

    Use Github Container Registry as the official container image source (#24113)

commit 98d654b8bb59de4d412007b1864d1376394652c7
Author: Nick Schonning <[email protected]>
Date:   Tue Mar 14 22:43:49 2023 -0400

    Skip Docker CI Login/Push on forks (#23564)

commit 25c517144c294b4d3a3b85c6358aff15f8d4ed6e
Author: Renaud Chaput <[email protected]>
Date:   Tue Mar 14 20:27:43 2023 +0100

    Push Docker images to Github Container Registry as well (#24101)

commit f036546c220fef1fccfdf816cfce1533262fb3af
Author: Claire <[email protected]>
Date:   Wed Mar 15 04:15:20 2023 +0100

    Fix misleading error code when receiving invalid WebAuthn credentials (#23568)

commit 9256d653a5677fa726f0a93d0d5428d79c6020a7
Author: Claire <[email protected]>
Date:   Wed Mar 15 04:14:47 2023 +0100

    Fix incorrect post links in strikes when the account is remote (#23611)

commit d0c0808ad4ede98873e753df1543f33b0349f4be
Author: Jeremy Kescher <[email protected]>
Date:   Mon Nov 7 02:40:17 2022 +0000

    Add null check on application in dispute viewer (#19851)

commit cb622b23b1465dfde7731a1f9bc82dd3fe51a561
Author: Claire <[email protected]>
Date:   Wed Mar 15 04:01:49 2023 +0100

    Fix dashboard crash on ElasticSearch server error (#23751)

commit fe866f8afb89e07e2fa72aaddccd6388f9ed4183
Author: Claire <[email protected]>
Date:   Tue Mar 14 10:34:16 2023 +0100

    Update changelog

commit a1e765991e416cdd5fb1ededa1ab0245c5062882
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:44:46 2023 +0100

    Add mail headers to avoid auto-replies (#23597)

commit 76b9f4271291e0700680f182e94326f27f95390f
Author: Claire <[email protected]>
Date:   Tue Feb 21 09:23:39 2023 +0100

    Add `lang` tag to native language names in language picker (#23749)

commit 708e590117c68c3c851c4eb7287cfa03c68a0ac0
Author: Claire <[email protected]>
Date:   Sun Mar 12 23:47:55 2023 +0100

    Fix sidekiq jobs not triggering Elasticsearch index updates (#24046)

commit a717aa929cf6c60239266f45671862802e9f29ed
Author: Rodion Borisov <[email protected]>
Date:   Thu Mar 9 16:35:44 2023 +0300

    Center the text itself in upload area (#24029)

commit bbb7c54367b8a284f5fcef8e910b50005e8ad197
Author: Claire <[email protected]>
Date:   Mon Mar 6 17:44:55 2023 +0100

    Fix `/api/v1/streaming` sub-paths not being redirected (#23988)

commit 282596a66e68e2ca5d7bef90c39fc50fe770d63a
Author: Eugen Rochko <[email protected]>
Date:   Sun Mar 5 01:52:42 2023 +0100

    Fix pgBouncer resetting application name on every transaction (#23958)

commit e6f6fe6106709b2efd342e7ce7339f08c5fa0682
Author: Claire <[email protected]>
Date:   Fri Mar 3 21:13:55 2023 +0100

    Fix original account being unfollowed on migration before the follow request could be sent (#21957)

commit 86b1adf7d74b07b0fd99e923de59b8d7b44485df
Author: Claire <[email protected]>
Date:   Mon Mar 6 16:00:08 2023 +0100

    Fix unconfirmed accounts being registered as active users (#23803)

commit 4beeec4e50169ef8c370e0a9793a2d303c5eb403
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:36:18 2023 +0100

    Fix server error when failing to follow back followers from `/relationships` (#23787)

commit 3c44ba04112a5136ad56385868f30347fce392b4
Author: Claire <[email protected]>
Date:   Wed Feb 22 11:53:13 2023 +0100

    Fix inefficiency when searching accounts per username in admin interface (#23801)

commit 339d4fa61cf6a8e04a4b40b17dfb036adb9e5f86
Author: Dean Bassett <[email protected]>
Date:   Mon Feb 13 05:54:08 2023 -0800

    Fix case-sensitive check for previously used hashtags (#23526)

commit 62f0eab635da5ae94c9add6eb62b8f251409e77f
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:25:15 2023 +0100

    Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805)

commit 8c8d578e3884214dd4c8252f8f6fddb2e785aab8
Author: Claire <[email protected]>
Date:   Fri Feb 10 22:18:15 2023 +0100

    Bump version to 3.5.6 (#23493)

commit a8a3e86216a569cf8c0c48ff1b0c48069bc9a1e2
Author: Claire <[email protected]>
Date:   Fri Feb 10 22:16:47 2023 +0100

    Fix unbounded recursion in post discovery (#23507)

    * Add a limit to how many posts can get fetched as a result of a single request

    * Add tests

    * Always pass `request_id` when processing `Announce` activities

    ---------

    Co-authored-by: nametoolong <[email protected]>

commit be1caad9338157773ca91f7aee89d440347cf49b
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:02:09 2023 +0100

    Fix REST API serializer for Account not including `moved` when the moved account has itself moved (#22483) (#23492)

    Instead of cutting immediately, cut after one recursion.

commit 84a40824adb477f4956f49c64a0746f4f7048a3a
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:02:01 2023 +0100

    Fix sanitizer parsing link text as HTML when stripping unsupported links (#22558) (#23491)

commit 533bf92d21b9ca2dfe64dff597980bb4fb6578c4
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:01:53 2023 +0100

    Don't delivery a reply to domains which are blocked by author (#22117) (#23490)

    Co-authored-by: Jeong Arm <[email protected]>

commit 6a2b48190c62ddf2d4f1278972f6897ed9da83e8
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:01:45 2023 +0100

    Log admin approve and reject account (#22088) (#23488)

    * Log admin approve and reject account

    * Add unit tests for approve and reject logging

    Co-authored-by: Francis Murillo <[email protected]>

commit 6cbc5899905b47af82833f19882c4b57b0b4c34b
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:01:38 2023 +0100

    Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note (#23318) (#23487)

    * Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note

    * Add tests

commit a2bfb16cb82ad0549f4e7431cc0228dc5189108e
Author: Claire <[email protected]>
Date:   Thu Feb 9 21:01:21 2023 +0100

    Fix crash when marking statuses as sensitive while some statuses are deleted (#22134) (#23486)

    * Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments

    * Fix crash when marking statuses as sensitive while some statuses are deleted

    Fixes #21910

    * Fix multiple strikes being created for a single report when selecting “Mark as sensitive”

    * Add tests

commit cfc0507010108a2e862a07ab7e9707beb972b2db
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:57:31 2023 +0100

    Fix attachments of edited statuses not being fetched (#21565) (#23485)

    * Fix attachments of edited statuses not being fetched

    * Fix tests

commit eade64097c48eb24d78d42ddd47c6cabb6df7d5f
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:57:24 2023 +0100

    Clear voter count when poll is reset (#21700) (#23484)

    When a poll is edited, we reset the poll and remove all previous
    votes. However, prior to this commit, the voter count on the poll
    was not reset. This leads to incorrect percentages being shown in
    poll results.

    Fixes #21696

    Co-authored-by: afontenot <[email protected]>

commit 1f0be21317295e1f3a47ace6454d5afcc502d077
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:57:14 2023 +0100

    Fix some performance issues with /admin/instances (#21907) (#23483)

    /admin/instances?availability=failing remains wholly unefficient

commit 0ca877f08478c0acb6958a893fb7384c64b4c57c
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:57:06 2023 +0100

    Fix possible race conditions when suspending/unsuspending accounts (#22363) (#23482)

    * Fix possible race conditions when suspending/unsuspending accounts

    * Fix tests

    Tests were assuming SuspensionWorker and UnsuspensionWorker would do the
    suspending/unsuspending themselves, but this has changed.

commit cc233af129a8f183487dbd4a9562c0533b4e5513
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:56:58 2023 +0100

    Fix suspension worker crashing on S3-compatible setups without ACL support (#22487) (#23481)

commit 83f1c6460aaa7ca6f8dc11fc03a6befa71c374c3
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:56:49 2023 +0100

    Fix changing domain block severity not undoing individual account effects (#22135) (#23480)

    * Fix changing domain block severity not undoing individual account effects

    Fixes #22133

    * Add tests

commit e26dd2ea8f2e911448578f5bc7a00ea877e3b668
Author: Claire <[email protected]>
Date:   Thu Feb 9 20:56:37 2023 +0100

    Add `form-action` CSP directive (#23478)

    * Add form-action CSP directive (#20781)

    * Fix OAuth flow being broken by recent CSP change (#20958)

    * Fix form-action CSP directive for external login (#20962)

commit da5d81c90dd6199d9f615ee48b579178284cf8f2
Author: Claire <[email protected]>
Date:   Thu Feb 9 18:34:19 2023 +0100

    Fix CircleCI issues caused by Node and OpenSSL versions (#23489)

    Co-authored-by: mhkhung <[email protected]>

commit ee66f5790f6bee17ba5d6876021ba8ffd1ef222b
Author: Claire <[email protected]>
Date:   Thu Dec 15 19:21:17 2022 +0100

    Fix unbounded recursion in account discovery (v3.5 backport) (#22026)

    * Fix trying to fetch posts from other users when fetching featured posts

    * Rate-limit discovery of new subdomains

    * Put a limit on recursively discovering new accounts

commit 696f7b360882e71ff45b6ddafc8eea17184a0f31
Author: Claire <[email protected]>
Date:   Mon Nov 14 22:26:24 2022 +0100

    Bump version to 3.5.5

commit b22e1476ca667e1ab83ab26a93203c3f253540af
Author: Claire <[email protected]>
Date:   Mon Nov 14 22:14:55 2022 +0100

    Fix nodes order being sometimes mangled when rewriting emoji (#20677)

    * Fix front-end emoji tests

    * Fix nodes order being sometimes mangled when rewriting emoji

commit 105ab8242582c6df02e3693f4620793add5c84f6
Author: Claire <[email protected]>
Date:   Mon Nov 14 11:23:10 2022 +0100

    Bump version to 3.5.4

commit 2dd8f977e84b67ed073a932accd2fbf4d2f38f3a
Author: Claire <[email protected]>
Date:   Wed Nov 9 14:21:57 2022 +0100

    Fix emoji substitution not applying only to text nodes in backend code

    Signed-off-by: Claire <[email protected]>

commit 2db06e1d089404844b632b3a2164c4bd3af24424
Author: Claire <[email protected]>
Date:   Wed Nov 9 14:16:02 2022 +0100

    Fix emoji substitution not applying only to text nodes in Web UI

    Signed-off-by: Claire <[email protected]>

commit 063579373e401fdac72b856971ecc01b06065365
Author: Eugen Rochko <[email protected]>
Date:   Wed Oct 26 14:58:52 2022 +0200

    Fix rate limiting for paths with formats

commit 1659788de4aa12f78108defb7294a1a23fa363bf
Author: Pierre Bourdon <[email protected]>
Date:   Fri Nov 11 07:45:16 2022 +0100

    blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388)

    The Blurhash library used by Mastodon requires an input encoded as 24
    bits raw RGB data. The conversion to raw RGB using Imagemagick did not
    previously specify the desired bit depth. In some situations, this leads
    Imagemagick to output in a pixel format using less bpp than expected.
    This then manifested as segfaults of the Sidekiq process due to
    out-of-bounds read, or potentially a (highly noisy) memory infoleak.

    Fixes #19235.

commit 47eaf85f02e280db8c24cfc4f9bc5a34e99da49e
Author: Claire <[email protected]>
Date:   Mon Jul 4 11:08:30 2022 +0200

    Fix crash when a remote Flag activity mentions a private post (#18760)

    * Add tests

    * Fix crash when a remote Flag activity mentions a private post

commit fbcbf7898f000d9d1a21d52e8a8d3ed4602aa7db
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 23:26:15 2022 +0200

    Bump version to 3.5.3 (#18530)

commit 0a1992430db7a859b3b7faa3d9ce4f07734b5fd8
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 23:02:42 2022 +0200

    Fix errors when rendering RSS feeds (#18531)

commit 52f4e834f293c9fdbf5805639d022ac4e3856b75
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:14:47 2022 +0200

    Fix concurrent unfollowing decrementing follower count more than once (#18527)

commit 8a9acbe604667215c9589154d72b3f313755c210
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:08:12 2022 +0200

    Fix being able to appeal a strike unlimited times (#18529)

    Peculiarity of the `has_one` association is that the convenience
    creation method deletes the previous association even if the new
    one is invalid

commit c4d2c39a75eccdbc60c3540c259e1e7ea5881ac6
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:08:02 2022 +0200

    Fix being able to report otherwise inaccessible statuses (#18528)

commit 1ff4877945e18820f3e518a1cfbac243da65e1a5
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:06:10 2022 +0200

    Fix empty votes arbitrarily increasing voters count in polls (#18526)

commit 976cd6413e9b2a1531a2ad17945342deaeec538c
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:04:16 2022 +0200

    Fix moderator leak in undo_mark_statuses_as_sensitive (#18525)

    Signed-off-by: Eugen Rochko <[email protected]>

    Co-authored-by: 40826d <[email protected]>

commit 9f81b9f29a14093cefcdbf09058ace089cd8e06b
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:04:05 2022 +0200

    Fix suspended users being able to access APIs that don't require a user (#18524)

commit 96129c2f10a82520648f6ae04e585cf797403617
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 22:03:54 2022 +0200

    Fix confirmation redirect to app without `Location` header (#18523)

commit 3e0e7a1cfb617837ccada330afc13ed804c3c47b
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 20:32:48 2022 +0200

    Fix follower and other counters being able to go negative (#18517)

commit 702b709d9a8df2ed65c54d32d585a4cf5fe13de1
Author: Yamagishi Kazutoshi <[email protected]>
Date:   Fri May 27 03:29:28 2022 +0900

    Add ES6 compatibility to browserslist (#18519)

commit d8abc0018f59ed63fb6c5fae2f6081c141a4b978
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 18:43:14 2022 +0200

    Remove 3.3.x from supported versions in security policy (#18516)

commit 088dc0ec5a383006952c0b15508af882a4c1109c
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 18:05:47 2022 +0200

    Fix regression in `tootctl search deploy` caused by unloaded attribute (#18514)

commit a4fa9e23fc1ddb42452bb8f051a31894796c8002
Author: Eugen Rochko <[email protected]>
Date:   Thu May 26 17:55:05 2022 +0200

    Change "dangerous" to "sensitive" in privacy policy and web UI (#18515)

    Fix #18470

commit 440eb71310e41d668f00980b73358edd5f8df043
Author: Claire <[email protected]>
Date:   Thu May 26 15:50:33 2022 +0200

    Change unapproved and unconfirmed account to not be accessible in the REST API (#17530)

    * Change unapproved and unconfirmed account to not be accessible in the REST API

    * Change Account#searchable? to reject unconfirmed and unapproved users

    * Disable search for unapproved and unconfirmed users in Account.search_for

    * Disable search for unapproved and unconfirmed users in Account.advanced_search_for

    * Remove unconfirmed and unapproved accounts from Account.searchable scope

    * Prevent mentions to unapproved/unconfirmed accounts

    * Fix some old tests for Account.advanced_search_for

    * Add some Account.advanced_search_for tests for existing behaviors

    * Add some tests for Account.search_for

    * Add Account.advanced_search_for tests unconfirmed and unapproved accounts

    * Add Account.searchable tests

    * Fix Account.without_unapproved scope potentially messing with previously-applied scopes

    * Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup

    This is so that the API can still be used to check whether an username is free
    to use.

commit 86f4dba47ef26aa8690354948c49009c3fd49960
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 09:16:19 2022 +0900

    Bump @babel/preset-env from 7.17.12 to 7.18.2 (#18512)

    Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.12 to 7.18.2.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-preset-env)

    ---
    updated-dependencies:
    - dependency-name: "@babel/preset-env"
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 77823333bb38a12705af486fa9b69cbd646dbd79
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 09:06:44 2022 +0900

    Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.2 (#18511)

    Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.2.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-plugin-transform-runtime)

    ---
    updated-dependencies:
    - dependency-name: "@babel/plugin-transform-runtime"
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit ddddd4c043bd722b7e01a0595cd5f7a606fde281
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 08:41:07 2022 +0900

    Bump immutable from 4.0.0 to 4.1.0 (#18502)

    Bumps [immutable](https://github.com/immutable-js/immutable-js) from 4.0.0 to 4.1.0.
    - [Release notes](https://github.com/immutable-js/immutable-js/releases)
    - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0)

    ---
    updated-dependencies:
    - dependency-name: immutable
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 01db33165757042f3d95a6e372a9652b0223c5c2
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 08:06:55 2022 +0900

    Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.0 (#18489)

    Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.0.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-plugin-transform-runtime)

    ---
    updated-dependencies:
    - dependency-name: "@babel/plugin-transform-runtime"
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 2bc5e41b8384b1c62832be2abead47670d169dfa
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 08:06:29 2022 +0900

    Bump @babel/runtime from 7.17.9 to 7.18.0 (#18494)

    Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.17.9 to 7.18.0.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-runtime)

    ---
    updated-dependencies:
    - dependency-name: "@babel/runtime"
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 4d48d83b0088f9e039691435407bd3d6e92e6f63
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 26 08:05:53 2022 +0900

    Bump @babel/core from 7.17.12 to 7.18.0 (#18490)

    Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.17.12 to 7.18.0.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-core)

    ---
    updated-dependencies:
    - dependency-name: "@babel/core"
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 25dda3061e4308a5005d3a2fef373acffc510a66
Author: Claire <[email protected]>
Date:   Thu May 26 00:20:30 2022 +0200

    Fix unnecessary query on status creation (#17901)

commit 96f29ce91ad622a0127bc3c3bf2dc503062ed0dc
Author: Eugen Rochko <[email protected]>
Date:   Tue May 24 16:33:18 2022 +0200

    New Crowdin updates (#18458)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations doorkeeper.en.yml (Ido)

    * New translations devise.en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations doorkeeper.en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations doorkeeper.en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations doorkeeper.en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.json (Esperanto)

    * New translations en.yml (Esperanto)

    * New translations en.json (Esperanto)

    * New translations doorkeeper.en.yml (Esperanto)

    * New translations en.json (Esperanto)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations en.json (Ido)

    * New translations doorkeeper.en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.json (Armenian)

    * New translations en.json (Armenian)

    * New translations en.json (Armenian)

    * New translations en.json (Scottish Gaelic)

    * New translations en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations simple_form.en.yml (Ido)

    * New translations en.yml (Russian)

    * New translations en.json (Estonian)

    * New translations en.json (Estonian)

    * New translations en.json (Estonian)

    * New translations en.json (Estonian)

    * New translations en.yml (Estonian)

    * New translations en.json (Estonian)

    * New translations en.json (Estonian)

    * New translations en.yml (Estonian)

    * New translations en.json (Estonian)

    * New translations en.yml (Estonian)

    * New translations en.json (Estonian)

    * New translations en.json (Estonian)

    * New translations en.yml (Russian)

    * New translations en.yml (Russian)

    * New translations simple_form.en.yml (Russian)

    * New translations en.yml (Russian)

    * New translations simple_form.en.yml (Russian)

    * New translations en.json (Sorani (Kurdish))

    * New translations en.json (Sorani (Kurdish))

    * New translations en.json (Sorani (Kurdish))

    * New translations activerecord.en.yml (Sorani (Kurdish))

    * New translations doorkeeper.en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * New translations doorkeeper.en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * New translations en.yml (Sorani (Kurdish))

    * Run `yarn manage:translations`

    * Run `bundle exec i18n-tasks normalize`

    Co-authored-by: Yamagishi Kazutoshi <[email protected]>

commit e5997a195602624efdb366e9f09ffa377e859580
Author: Claire <[email protected]>
Date:   Mon May 23 20:38:29 2022 +0200

    Fix warning an account outside of a report closing all reports for that account (#18387)

    * Fix warning an account outside of a report closing all reports for that account

    * Make it clear what actions solve other reports

    * Revert "Make it clear what actions solve other reports"

    This reverts commit ad006de821f72e75480701298d13f0945b509059.

commit a9b64b24d6c076cb96a66307c07d4f0158dc07da
Author: Eugen Rochko <[email protected]>
Date:   Sun May 22 22:16:43 2022 +0200

    Change algorithm of `tootctl search deploy` to improve performance (#18463)

commit 54bb659ad14fda8d3427752d2c99716420997d6e
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Sat May 21 15:43:36 2022 +0900

    Bump sidekiq from 6.4.1 to 6.4.2 (#18091)

    Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.4.1 to 6.4.2.
    - [Release notes](https://github.com/mperham/sidekiq/releases)
    - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md)
    - [Commits](https://github.com/mperham/sidekiq/compare/v6.4.1...v6.4.2)

    ---
    updated-dependencies:
    - dependency-name: sidekiq
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit dfb9e6dab1b119c907dece5555408c9b98ec8f2c
Author: Yamagishi Kazutoshi <[email protected]>
Date:   Fri May 20 11:39:05 2022 +0900

    Disable transpile to older iOS versions (#18462)

commit e925b06721057f83f2e3e8e7bdb21f39318b90a2
Author: Yamagishi Kazutoshi <[email protected]>
Date:   Fri May 20 02:26:19 2022 +0900

    Fix languages dropdown on light theme (#18460)

commit 9a0fa28993568cb3f106f0ea6457b0ff0f9a132e
Author: Eugen Rochko <[email protected]>
Date:   Thu May 19 12:58:16 2022 +0200

    New Crowdin updates (#18419)

    * New translations en.json (German)

    * New translations en.json (Welsh)

    * New translations en.json (Japanese)

    * New translations en.json (Korean)

    * New translations en.json (Turkish)

    * New translations en.json (Chinese Simplified)

    * New translations en.json (Vietnamese)

    * New translations en.json (Portuguese, Brazilian)

    * New translations en.json (Asturian)

    * New translations en.json (Irish)

    * New translations en.json (Arabic)

    * New translations en.json (Scottish Gaelic)

    * New translations en.json (Galician)

    * New translations en.json (Czech)

    * New translations en.json (Slovak)

    * New translations en.json (Icelandic)

    * New translations en.json (Sorani (Kurdish))

    * New translations en.json (English, United Kingdom)

    * New translations en.json (Norwegian)

    * New translations en.json (Romanian)

    * New translations en.json (French)

    * New translations en.json (Spanish)

    * New translations en.json (Afrikaans)

    * New translations en.json (Bulgarian)

    * New translations en.json (Persian)

    * New translations en.json (Tamil)

    * New translations en.json (Malayalam)

    * New translations en.json (Silesian)

    * New translations en.json (Taigi)

    * New translations en.json (Ido)

    * New translations en.json (Kabyle)

    * New translations en.json (Sanskrit)

    * New translations en.json (Sardinian)

    * New translations en.json (Corsican)

    * New translations en.json (Kurmanji (Kurdish))

    * New translations en.json (Serbian (Latin))

    * New translations en.json (Occitan)

    * New translations en.json (Kannada)

    * New translations en.json (Cornish)

    * New translations en.json (Sinhala)

    * New translations en.json (Breton)

    * New translations en.json (Tatar)

    * New translations en.json (Spanish, Argentina)

    * New translations en.json (Kazakh)

    * New translations en.json (Spanish, Mexico)

    * New translations en.json (Bengali)

    * New translations en.json (Marathi)

    * New translations en.json (Thai)

    * New translations en.json (Croatian)

    * New translations en.json (Norwegian Nynorsk)

    * New translations en.json (Estonian)

    * New translations en.json (Chinese Traditional, Hong Kong)

    * New translations en.json (Latvian)

    * New translations en.json (Hindi)

    * New translations en.json (Malay)

    * New translations en.json (Telugu)

    * New translations en.json (Esperanto)

    * New translations en.json (Uyghur)

    * New translations en.json (Standard Moroccan Tamazight)

    * New translations en.yml (Icelandic)

    * New translations en.json (German)

    * New translations en.json (Turkish)

    * New translations en.json (Icelandic)

    * New translations en.json (Greek)

    * New translations en.json (Chinese Traditional)

    * New translations en.json (Catalan)

    * New translations en.json (Latvian)

    * New translations en.json (Czech)

    * New translations en.json (Indonesian)

    * New translations en.json (Korean)

    * New translations en.json (Russian)

    * New translations en.json (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (German)

    * New translations en.json (Spanish, Argentina)

    * New translations en.json (Spanish, Argentina)

    * New translations en.json (Danish)

    * New translations en.json (Chinese Simplified)

    * New translations en.json (Afrikaans)

    * New translations en.json (Ukrainian)

    * New translations en.json (Portuguese)

    * New translations en.yml (Italian)

    * New translations en.json (Italian)

    * New translations en.yml (Italian)

    * New translations en.json (Catalan)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (French)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Arabic)

    * New translations en.yml (Arabic)

    * New translations en.yml (Hungarian)

    * New translations en.json (Hungarian)

    * New translations en.yml (Galician)

    * New translations en.json (Galician)

    * New translations en.yml (Scottish Gaelic)

    * New translations en.yml (Ido)

    * New translations en.json (Scottish Gaelic)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Catalan)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Korean)

    * New translations en.json (Polish)

    * New translations en.yml (Ido)

    * New translations en.json (Czech)

    * New translations en.json (Hungarian)

    * New translations en.json (Spanish, Argentina)

    * New translations en.json (Ido)

    * New translations en.json (Russian)

    * New translations en.json (Latvian)

    * New translations en.yml (Russian)

    * New translations en.json (Russian)

    * New translations devise.en.yml (Russian)

    * New translations en.yml (Ido)

    * New translations en.json (Icelandic)

    * New translations en.json (Portuguese)

    * New translations en.yml (Ido)

    * New translations en.json (Catalan)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * Run `yarn manage:translations`

    * New translations en.json (Chinese Simplified)

    * New translations en.yml (Slovenian)

    * New translations en.json (Slovenian)

    * New translations en.json (Vietnamese)

    * New translations en.json (Chinese Traditional)

    * New translations en.json (Chinese Simplified)

    * New translations en.json (Spanish)

    * New translations en.json (Greek)

    * New translations en.json (Thai)

    * New translations en.json (Turkish)

    * New translations en.json (Turkish)

    * New translations en.json (Italian)

    * New translations en.json (Kurmanji (Kurdish))

    * New translations en.yml (Japanese)

    * New translations en.json (Japanese)

    * New translations en.json (Afrikaans)

    * New translations en.yml (Basque)

    * New translations en.yml (German)

    * New translations en.json (German)

    * New translations en.yml (Esperanto)

    * New translations en.json (German)

    * New translations en.yml (Esperanto)

    * New translations en.yml (Esperanto)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Chinese Simplified)

    * New translations en.json (German)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Korean)

    * New translations en.yml (Galician)

    * New translations en.json (Galician)

    * New translations devise.en.yml (Galician)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Russian)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Chinese Simplified)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.json (Kurmanji (Kurdish))

    * New translations en.yml (Ido)

    * New translations en.json (Kurmanji (Kurdish))

    * New translations en.yml (German)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Korean)

    * New translations en.json (Korean)

    * New translations simple_form.en.yml (Korean)

    * New translations en.yml (Korean)

    * New translations en.json (Ukrainian)

    * New translations en.yml (Arabic)

    * New translations en.json (Arabic)

    * New translations en.json (Arabic)

    * New translations en.json (Arabic)

    * New translations en.json (Arabic)

    * New translations en.json (Thai)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Russian)

    * New translations en.json (Portuguese, Brazilian)

    * New translations en.yml (Chinese Simplified)

    * New translations en.json (Chinese Simplified)

    * New translations simple_form.en.yml (Chinese Simplified)

    * New translations devise.en.yml (Chinese Simplified)

    * New translations en.yml (Ido)

    * New translations en.json (French)

    * New translations en.json (Indonesian)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Vietnamese)

    * New translations en.json (Esperanto)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations doorkeeper.en.yml (Portuguese, Brazilian)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * New translations en.yml (Ido)

    * Run `yarn manage:translations`

    * Run `bundle exec i18n-tasks normalize`

    Co-authored-by: Yamagishi Kazutoshi <[email protected]>

commit 679b7158e3cd3881e8cbaf2d2c0c97725b3b5fd9
Author: Eugen Rochko <[email protected]>
Date:   Wed May 18 23:29:14 2022 +0200

    Change search indexing to use batches to minimize resource usage (#18451)

commit ded5a0254a4d29a7384ef766a1e92467fe4ebd2b
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 19 03:33:13 2022 +0900

    Bump yargs from 17.4.1 to 17.5.1 (#18437)

    Bumps [yargs](https://github.com/yargs/yargs) from 17.4.1 to 17.5.1.
    - [Release notes](https://github.com/yargs/yargs/releases)
    - [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/yargs/yargs/compare/v17.4.1...v17.5.1)

    ---
    updated-dependencies:
    - dependency-name: yargs
      dependency-type: direct:development
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit ffc2971466417aafe778eddcb1510ea934cef973
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 19 03:30:31 2022 +0900

    Bump dotenv from 16.0.0 to 16.0.1 (#18438)

    Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.0.0 to 16.0.1.
    - [Release notes](https://github.com/motdotla/dotenv/releases)
    - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/motdotla/dotenv/compare/v16.0.0...v16.0.1)

    ---
    updated-dependencies:
    - dependency-name: dotenv
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit a918a76bfbdd300e3ef549307706bdfa630f824b
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 19 03:29:53 2022 +0900

    Bump glob from 8.0.1 to 8.0.3 (#18440)

    Bumps [glob](https://github.com/isaacs/node-glob) from 8.0.1 to 8.0.3.
    - [Release notes](https://github.com/isaacs/node-glob/releases)
    - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
    - [Commits](https://github.com/isaacs/node-glob/compare/v8.0.1...v8.0.3)

    ---
    updated-dependencies:
    - dependency-name: glob
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 6b4e2d5ce686140797dd207b1ba932a86665262f
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 19 03:27:55 2022 +0900

    Bump rubocop from 1.28.2 to 1.29.1 (#18433)

    Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.28.2 to 1.29.1.
    - [Release notes](https://github.com/rubocop/rubocop/releases)
    - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/rubocop/rubocop/compare/v1.28.2...v1.29.1)

    ---
    updated-dependencies:
    - dependency-name: rubocop
      dependency-type: direct:development
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 6048eeed045693be63ad34dc97e98f7b2e519a70
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 19 03:27:02 2022 +0900

    Bump faker from 2.20.0 to 2.21.0 (#18434)

    Bumps [faker](https://github.com/faker-ruby/faker) from 2.20.0 to 2.21.0.
    - [Release notes](https://github.com/faker-ruby/faker/releases)
    - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/faker-ruby/faker/compare/v2.20.0...v2.21.0)

    ---
    updated-dependencies:
    - dependency-name: faker
      dependency-type: direct:development
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 1a880533acb1a8b6ee11db357d8cb8864f0e05e3
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed May 18 21:25:23 2022 +0900

    Bump @babel/preset-env from 7.17.10 to 7.17.12 (#18443)

    Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.10 to 7.17.12.
    - [Release notes](https://github.com/babel/babel/releases)
    - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/babel/babel/commits/v7.17.12/packages/babel-preset-env)

    ---
    updated-dependencies:
    - dependency-name: "@babel/preset-env"
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Yamagishi Kazutoshi <[email protected]>

commit d842f645d11e99521d1c27a13ce53f97de357d52
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed May 18 21:16:16 2022 +0900

    Bump @babel/plugin-proposal-decorators from 7.17.9 to 7.17.12 (#18442)

    Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.17.9 to 7.…
robin-maki added a commit to byulmaru/mastodon that referenced this pull request Oct 8, 2024
commit 32251e2a7fd71c03e0457d366575ef87550d39c7
Merge: 7c2133fe3 f9a929ed5
Author: robin* <[email protected]>
Date:   Mon Aug 19 20:43:29 2024 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit 7c2133fe349528b1cceaf02ab234827b8cc24c15
Merge: 7161689f8 a02ff33f0
Author: robin* <[email protected]>
Date:   Sun Aug 18 23:33:58 2024 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit 7161689f827cacdf503a43e2dab02601595f8a7e
Merge: 1152bc9c5 a5b4a2b7e
Author: robin* <[email protected]>
Date:   Fri Jul 5 00:13:42 2024 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit 1152bc9c5c394545b8ec35b8350a933f8e98030d
Merge: a6ccf550a c93aacafd
Author: robin* <[email protected]>
Date:   Fri May 31 12:28:06 2024 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit a6ccf550a35435dbd166e81a3e8960a8f25216a9
Merge: f4f298cca bdb6650eb
Author: robin* <[email protected]>
Date:   Sat Feb 24 12:40:12 2024 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit f4f298ccacab425937f80ab4100c55b26475aa4e
Merge: 6d11218ff c5d56de98
Author: robin* <[email protected]>
Date:   Sat Feb 17 00:16:43 2024 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit 6d11218ffa03b1e2fd815b5511f0a59b0fa3e8a0
Merge: 95edac06b a6641f828
Author: robin* <[email protected]>
Date:   Fri Feb 2 10:45:01 2024 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit 95edac06bf6d60f50b5fecfe32b8c9fa691cc78d
Merge: 20e0dd831 4633bb8ce
Author: robin* <[email protected]>
Date:   Thu Jan 25 11:22:17 2024 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit 20e0dd831a39b151d8876e3340a84079dbdbacda
Merge: 0dabd54f8 90371a4fc
Author: robin* <[email protected]>
Date:   Thu Dec 7 00:37:55 2023 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit 0dabd54f8a4f1d5967ec5b407ce7a4cb4252c9cb
Merge: 665c97bcc 74dd32511
Author: robin* <[email protected]>
Date:   Thu Oct 12 12:00:27 2023 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit 665c97bcc12f553bc89b31fc29e99df8b1d037b4
Author: robin* <[email protected]>
Date:   Thu Oct 12 12:00:22 2023 +0900

    사용하지 않는 action 제거

commit 4acb399d7e8da8fc6c6220daaa301d3f1d252d0a
Author: robin* <[email protected]>
Date:   Fri Sep 29 00:10:48 2023 +0900

    bird-ui update

commit b2e0451777d5286b20bfdff2db36aeccdef4ed03
Author: robin* <[email protected]>
Date:   Sun Sep 24 15:47:01 2023 +0900

    es 형태소 토크나이저 관련 수정

commit 5cbbddefe43be20b4e8f1f74e7bcb0a2e59bb22e
Author: robin* <[email protected]>
Date:   Sun Sep 24 13:25:05 2023 +0900

    오류수정

commit 8156ebf3fb3ff355ffdc53ed73ecc289a6c7c971
Merge: a653ba531 4fcc026f0
Author: robin* <[email protected]>
Date:   Fri Sep 22 14:25:06 2023 +0900

    Merge remote-tracking branch 'mastodon/stable-4.2'

commit a653ba53127d5f6e1267238c4dc4e42b4c7172ae
Author: robin* <[email protected]>
Date:   Thu Sep 21 10:49:32 2023 +0900

    오류 일으키는 bui light 임시 삭제

commit 5d841d74a97ca3aa120deaf3be39388b54605e6b
Merge: 95be9c7ef e4c0aaf62
Author: robin* <[email protected]>
Date:   Thu Sep 21 00:33:23 2023 +0900

    Merge remote-tracking branch 'mastodon/stable-4.1'

commit e4c0aaf6264907de2efd46924946d2281d80e3d4
Author: Claire <[email protected]>
Date:   Wed Sep 20 17:25:05 2023 +0200

    Bump version to v4.1.9 (#26997)

commit 95be9c7ef42734fe53c62da2d8197c486dbc2372
Author: Jiyu Park <[email protected]>
Date:   Thu Sep 21 00:04:21 2023 +0900

    태그 raw로 생성

commit 239c15a6141636ff2f65b69cca84b9243b800607
Author: Jiyu Park <[email protected]>
Date:   Thu Sep 21 00:01:01 2023 +0900

    나빌드시켜줘...

commit 5d93c5f0196b556c1faf18fe6cc7ad38ae6e0fc2
Author: Claire <[email protected]>
Date:   Wed Sep 20 15:59:57 2023 +0200

    Fix post translation erroring out (v4.1.x) (#26990)

commit af0ee129082bc9c57ec0606dc1899ec13d2dfffb
Author: Claire <[email protected]>
Date:   Wed Sep 20 12:54:08 2023 +0200

    Disable ruby linting for 4.1.x branch (#26993)

commit 46bd58f74d11591a0180319285b0c79b2212ef69
Author: Claire <[email protected]>
Date:   Tue Sep 19 12:11:33 2023 +0200

    Bump version to v4.1.8

commit d6c0ae995c45fe5e5e0a8acfc10dff04a774fa75
Author: Claire <[email protected]>
Date:   Fri Sep 15 19:54:32 2023 +0200

    Fix post edits not being forwarded as expected (#26936)

commit 5fd89e53d2039cf3062fcae3b25fcbdfa7da0333
Author: Claire <[email protected]>
Date:   Wed Sep 6 16:40:19 2023 +0200

    Fix moderator rights inconsistencies (#26729)

commit 5caade9fb0754fa13ae11f86145cd0ca1dcb830b
Author: Claire <[email protected]>
Date:   Wed Sep 6 12:17:51 2023 +0200

    Fix crash when encountering invalid URL (#26814)

commit 34959eccd2094500539bbad5c5f03a3723debc18
Author: Claire <[email protected]>
Date:   Thu Aug 17 16:11:48 2023 +0200

    Fix cached posts including stale stats (#26409)

commit 21bf42bca14907284cb03ad3ba1be47124d66866
Author: Nicolai Søborg <[email protected]>
Date:   Fri Aug 18 08:32:47 2023 +0200

    Fix `frame_rate` for videos where `ffprobe` reports 0/0 (#26500)

commit 780283788515bb13007f4574fb6d9f8c82281da2
Author: yufushiro <[email protected]>
Date:   Wed Aug 23 15:44:56 2023 +0900

    Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608)

    Co-authored-by: Claire <[email protected]>

commit 48ee3ae13de9125beaee726ac737a770a5160961
Author: Claire <[email protected]>
Date:   Tue Sep 19 16:53:58 2023 +0200

    Merge pull request from GHSA-v3xf-c9qf-j667

commit 5f9511c389041570d21c383ce07dd2786df9cc2d
Author: Claire <[email protected]>
Date:   Tue Sep 19 16:53:21 2023 +0200

    Merge pull request from GHSA-2693-xr3m-jhqr

commit 38a5d92f3814b071803c046144d94643a3ecb934
Author: Claire <[email protected]>
Date:   Mon Sep 18 08:32:04 2023 +0200

    Change Dockerfile to upgrade packages when building (#26929)

    Co-authored-by: Renaud Chaput <[email protected]>

commit 43cdb0e1feb4e8b50c7cdaa44f96f5ca08ad87c4
Author: robin* <[email protected]>
Date:   Wed Sep 13 09:50:07 2023 +0900

    임시방편으로 네이티브 안함

commit ed1abc94a5fa91e85f5ce54d20523dd917476898
Author: robin* <[email protected]>
Date:   Wed Sep 13 09:40:41 2023 +0900

    SSL 안 써도 되나?

commit 0fe6019f580367f8ea86aa5cf7069c8769c1a950
Author: robin* <[email protected]>
Date:   Wed Sep 13 09:35:15 2023 +0900

    마스터에 푸시만 해도 빌드 시작되도록 수정

commit 03e64438a6e25d91579b96dcb6599c04f0c7d8bf
Merge: 1298c7b2c 7f7e06897
Author: robin* <[email protected]>
Date:   Wed Sep 13 09:32:59 2023 +0900

    Merge remote-tracking branch 'mastodon/stable-4.1'

commit 7f7e068975315b094a67b49d52241480e6b5db76
Author: Claire <[email protected]>
Date:   Wed Sep 6 12:19:02 2023 +0200

    Update actions for stable-4.1 (#26815)

    Co-authored-by: Renaud Chaput <[email protected]>

commit 5f88a2d70bee2a48b43bb34f0fde780ae9749162
Author: Claire <[email protected]>
Date:   Tue Sep 5 14:50:09 2023 +0200

    Bump version to v4.1.7

commit cf80d54cbae952705af250a9764c6e25e77cc3c7
Author: Emelia Smith <[email protected]>
Date:   Mon May 22 13:15:21 2023 +0200

    Allow reports with long comments from remote instances, but truncate (#25028)

commit ea7fa048f374b31956211b87e265800e83574476
Author: Daniel M Brasil <[email protected]>
Date:   Thu Aug 31 08:53:24 2023 -0300

    Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled (#26237)

commit 6339806f05cbbe630639df69421394119433896a
Author: Claire <[email protected]>
Date:   Wed Aug 9 09:39:36 2023 +0200

    Fix blocking subdomains of an already-blocked domain (#26392)

commit 86afbf25d01349bd2fe0ee98f1d60890ef71b7b9
Author: Claire <[email protected]>
Date:   Wed Aug 30 17:36:16 2023 +0200

    Change text extraction in `PlainTextFormatter` to be faster (#26727)

commit 1ad64b5557f8980b8ec54ac09cd79ac51223a2ea
Author: Claire <[email protected]>
Date:   Thu Aug 31 19:54:10 2023 +0200

    Backport container build changes to the stable-4.1 branch (#26738)

    Co-authored-by: Renaud Chaput <[email protected]>

commit 1298c7b2c885e89a7b437238d2b763aec367b022
Author: robin* <[email protected]>
Date:   Mon Aug 14 02:06:42 2023 +0900

    테마 재적용(임시)

commit c92aa039a0b213b201670c3061b2e724b0f2e444
Author: robin* <[email protected]>
Date:   Fri Aug 4 00:04:01 2023 +0900

    Bird-UI 커스텀 재적용

commit d5b5f558944341797ea3c0879cd5baba9531c1d1
Merge: 568bf624a ac7d40b56
Author: robin* <[email protected]>
Date:   Wed Aug 2 23:46:29 2023 +0900

    Bird-UI 테마 커스텀 업데이트

commit ac7d40b561101084baf4688167d155600eefe9dc
Author: Claire <[email protected]>
Date:   Thu Jul 27 17:08:09 2023 +0200

    Bump version to v4.1.6

commit 2fc6117d1b5643c0de908706d22702a35388a2a4
Author: Renaud Chaput <[email protected]>
Date:   Fri Jul 28 19:11:58 2023 +0200

    Fix missing return values in streaming (#26233)

commit 2eb1a5b7b6d8b6a0b9426e7ee5a1fd04519dd7e2
Author: Emelia Smith <[email protected]>
Date:   Fri Jul 28 12:06:29 2023 +0200

    Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228)

commit 6c321bb5e1543c78dbd0fa8e4962e95e544e1f63
Author: Claire <[email protected]>
Date:   Sat Jul 22 20:42:31 2023 +0200

    Fix incorrect connect timeout in outgoing requests (#26116)

commit da230600acda1d1a151eab4caa3d536ce828a097
Author: Emelia Smith <[email protected]>
Date:   Thu Jul 27 15:38:18 2023 +0200

    Refactor streaming's filtering logic & improve documentation (#26213)

commit 1792be342a3cfad7bdfa54311b3962a8051962bb
Author: Claire <[email protected]>
Date:   Thu Jul 27 15:12:10 2023 +0200

    Fix wrong filters sometimes applying in streaming (#26159)

commit 568bf624a973a8e9b779b0c4e9d9d27410a46808
Merge: c33aad3f3 370b8f0b8
Author: robin* <[email protected]>
Date:   Mon Jul 31 16:13:32 2023 +0900

    마스토돈 4.1.6 사전 업데이트

commit 370b8f0b811988375e87207574eff5f293afbfcc
Author: Claire <[email protected]>
Date:   Thu Jul 27 17:08:09 2023 +0200

    Bump version to v4.1.6

commit b7bf343b26f7857683b5102b1aacf74d8f6d3d6b
Author: Renaud Chaput <[email protected]>
Date:   Fri Jul 28 19:11:58 2023 +0200

    Fix missing return values in streaming (#26233)

commit caf1c87ecd4c08a99a9311212cee64d8c64c5a68
Author: Emelia Smith <[email protected]>
Date:   Fri Jul 28 12:06:29 2023 +0200

    Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228)

commit eace7f9fcff78ab002dfd30c3973523a015b4303
Author: Claire <[email protected]>
Date:   Sat Jul 22 20:42:31 2023 +0200

    Fix incorrect connect timeout in outgoing requests (#26116)

commit 2461ffbff9b080e02626c92008fe01319722a807
Author: Emelia Smith <[email protected]>
Date:   Thu Jul 27 15:38:18 2023 +0200

    Refactor streaming's filtering logic & improve documentation (#26213)

commit b5791487b1548410e83c3b61e8ef05d5aa60dce8
Author: Claire <[email protected]>
Date:   Thu Jul 27 15:12:10 2023 +0200

    Fix wrong filters sometimes applying in streaming (#26159)

commit c33aad3f324c22a5725bd2cacaf056519fccbd29
Author: robin* <[email protected]>
Date:   Sat Jul 22 13:43:01 2023 +0900

    Bird UI 1.6.4 업데이트

commit c6b220d22c21c264e30debce76154cca2d662803
Merge: 7f3ec8557 ebf4f034c
Author: robin* <[email protected]>
Date:   Fri Jul 21 23:30:28 2023 +0900

    Merge remote-tracking branch 'mastodon/stable-4.1'

commit ebf4f034c2e3841fde2d0109667c036fb352f3a8
Author: Claire <[email protected]>
Date:   Fri Jul 21 14:30:46 2023 +0200

    Bump version to v4.1.5

commit 889102013fd687113cec75fe252b5328707e8cc1
Author: Claire <[email protected]>
Date:   Fri Jul 21 13:34:15 2023 +0200

    Fix CSP headers being unintendedly wide (#26105)

commit d94a2c8aca731b4986e20401ae8ce5255e041b80
Author: Claire <[email protected]>
Date:   Tue Jul 18 20:51:20 2023 +0200

    Change request timeout handling to use a longer deadline (#26055)

commit efd066670d67676d5f5e73a75c268a2bd09c59c7
Author: Claire <[email protected]>
Date:   Mon Jul 10 18:42:10 2023 +0200

    Fix moderation interface for remote instances with a .zip TLD (#25885)

commit 13ec425b721c959415921046d7a24ed8c9994cee
Author: Claire <[email protected]>
Date:   Mon Jul 10 18:42:19 2023 +0200

    Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886)

commit 7a99f0744d7c69a69b7552e31f6bb3914a6a03e8
Author: Michael Stanclift <[email protected]>
Date:   Thu Jul 13 04:12:51 2023 -0500

    Fix trending publishers table not rendering correctly on narrow screens (#25945)

commit 69c8f26946a5cdeff09ca8fe410bc11be78c158c
Author: Claire <[email protected]>
Date:   Fri Jul 21 14:18:04 2023 +0200

    Add check preventing Sidekiq workers from running with Makara configured (#25850)

    Co-authored-by: Eugen Rochko <[email protected]>

commit 7f3ec8557aa4c429da97bede501fc062df21bb6a
Author: robin* <[email protected]>
Date:   Tue Jul 11 14:57:11 2023 +0900

    bird-ui 1.6.3 업데이트

commit a1971bebaa4807be32adfe23ecc0683e2ab2280e
Author: robin* <[email protected]>
Date:   Tue Jul 11 14:56:50 2023 +0900

    오류 발생하는 테마 임시 주석처리

commit 3add2e5fe05334a64ee6f5bfce1b664b8db60200
Author: robin* <[email protected]>
Date:   Sun Jul 9 22:51:40 2023 +0900

    bird-ui 테마 로케일 추가

commit 7a7ed3c6b76ba2e1051c5c7c053c705b73355846
Author: robin* <[email protected]>
Date:   Sat Jul 8 23:19:24 2023 +0900

    css import 파일명 오류 수정

commit d10324aef5b45f02332a6ce5744c8dd18c12b098
Author: robin* <[email protected]>
Date:   Sat Jul 8 20:49:15 2023 +0900

    bird-ui 밝음/고대비 테마 추가

commit 7bfe9a7fb85bd6f65074690fc66d2155b513dacf
Merge: 44c5f1348 3f5af768c
Author: robin* <[email protected]>
Date:   Sat Jul 8 07:53:34 2023 +0900

    Merge remote-tracking branch 'mastodon/stable-4.1'

commit 3f5af768c8f1401f77d14ad5b6aeccdb7e02a9f0
Author: Claire <[email protected]>
Date:   Fri Jul 7 18:21:10 2023 +0200

    Bump version to v4.1.4

commit cb8ab46302ad783869078ab4a26de04c09417a09
Author: Claire <[email protected]>
Date:   Fri Jul 7 18:22:50 2023 +0200

    Update dependencies

commit 53b979d5c73f0b28b161581ec3e824d89f66633c
Author: Claire <[email protected]>
Date:   Fri Jul 7 13:35:22 2023 +0200

    Fix processing of media files with unusual names (#25788)

commit f2bbac3f9fb37f6f870f25362e140d647d60caf5
Author: Claire <[email protected]>
Date:   Fri Jul 7 18:10:17 2023 +0200

    Fix crash in admin interface when viewing a remote user with verified links (#25796)

commit 015ed99612241b8dbf2810db478b1485f4c31031
Author: Claire <[email protected]>
Date:   Fri Jul 7 18:10:00 2023 +0200

    Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794)

commit cf58535193708d9a4bd584266423168cda75f415
Author: nemobis <[email protected]>
Date:   Fri Jul 7 15:15:54 2023 +0300

    Fix typo in CHANGELOG.md (#25764)

commit 44c5f134874af9b4e852624ccce7d3fc2a9819fd
Author: robin* <[email protected]>
Date:   Thu Jul 6 22:21:48 2023 +0900

    Update bird-ui to 1.5.9

commit 37c0362dee36d748d79fb16f3eec6ed49f4dc733
Merge: d58e39c5c 0d5781ca7
Author: robin* <[email protected]>
Date:   Thu Jul 6 22:21:22 2023 +0900

    Merge remote-tracking branch 'mastodon/stable-4.1'

commit 0d5781ca7609590a6d5340bb685bb1804056bb46
Author: Claire <[email protected]>
Date:   Wed Jun 21 09:13:30 2023 +0200

    Bump version to v4.1.3

commit 32ebeed59ba424732130073474fe03699efe07fc
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:06:50 2023 +0200

    Merge pull request from GHSA-55j9-c3mp-6fcq

commit e75ad1de0f95f38b45748cafb1212560fe7587f5
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:06:24 2023 +0200

    Merge pull request from GHSA-9pxv-6qvf-pjwc

    * Fix timeout handling of outbound HTTP requests

    * Use CLOCK_MONOTONIC instead of Time.now

commit 0aa0b71f2cae9e35cff613b13d05ee3aeaf9f944
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:05:05 2023 +0200

    Merge pull request from GHSA-9928-3cp5-93fm

    * Fix attachments getting processed despite failing content-type validation

    * Add a restrictive ImageMagick security policy tailored for Mastodon

    * Fix misdetection of MP3 files with large cover art

    * Reject unprocessable audio/video files instead of keeping them unchanged

commit c4f2609f7a604daef1648e164ef8181d858bd058
Author: Claire <[email protected]>
Date:   Thu Jul 6 15:03:33 2023 +0200

    Merge pull request from GHSA-ccm4-vgcc-73hp

    * Tighten allowed HTML in oEmbed-based preview cards

    * Sanitize preview cards at render time

    * Add `sandbox` attribute to preview card iframes

commit 9b6c0cac7d435905bdbea6e3b0cbb47da9490270
Author: Claire <[email protected]>
Date:   Thu Jul 6 14:31:37 2023 +0200

    Add hardened headers to user-uploaded files (#25756)

commit fac2c9eb7d904e44244e20a8e1e8f6feb3b9db5b
Author: Claire <[email protected]>
Date:   Wed Jun 28 12:47:00 2023 +0200

    Update rack, rails, nokogiri and doorkeeper gems

commit a3d69a2c5d3fcc0df61929684fe31567860e7f2e
Author: Claire <[email protected]>
Date:   Tue Jul 4 18:58:23 2023 +0200

    Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713)

commit 8eb1bb8ba697bce5b72027a0a5263db29fa5e34b
Author: Renaud Chaput <[email protected]>
Date:   Thu Jun 1 12:14:49 2023 +0200

    Allow carets in URL search params (#25216)

commit 652ff76462f33f90e257e331009f89c41d600409
Author: Vyr Cossont <[email protected]>
Date:   Fri Mar 31 23:28:35 2023 -0700

    Fix Redis client and type errors introduced in #24285 (#24342)

commit 6f484fbbd280294bd8e43b5a9d0e54d6e34604b9
Author: Vyr Cossont <[email protected]>
Date:   Fri Mar 31 05:38:47 2023 -0700

    IndexingScheduler: fetch and import in batches (#24285)

    Co-authored-by: Claire <[email protected]>

commit 79f5b8f156f65c25ada4712f8415c8d5f1f6dde7
Author: Claire <[email protected]>
Date:   Thu Jun 29 14:48:54 2023 +0200

    Fix ResolveURLService not resolving local URLs for remote content (#25637)

commit f8930a67a05f9adcaef5bc3f6e874d86f3228415
Author: Claire <[email protected]>
Date:   Thu Jun 22 14:56:14 2023 +0200

    Change /api/v1/statuses/:id/history to always return at least one item (#25510)

commit e65e3a6d14174378b8bf58f5997cde3de40c3ca7
Author: Claire <[email protected]>
Date:   Thu Jun 22 14:52:25 2023 +0200

    Add finer permission requirements for managing webhooks (#25463)

commit 8acbfc6ab1b1a1f026fd85208089b9f31255aba6
Author: Claire <[email protected]>
Date:   Tue Jun 20 18:15:35 2023 +0200

    Fix wrong view being displayed when a webhook fails validation (#25464)

commit 3ef53958b27da2edd1f1eba27ef2316fef64099f
Author: Emelia Smith <[email protected]>
Date:   Tue Jun 20 18:04:35 2023 +0200

    Prevent UserCleanupScheduler from overwhelming streaming (#25519)

commit fd1ffd72ebec4c435b5e4406c1eafa80da69b317
Author: Daniel M Brasil <[email protected]>
Date:   Mon Jun 19 03:53:05 2023 -0300

    Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477)

commit 7bd34f8b23f26fc4ebd10bcc3f2e0bae7cdd6520
Author: Claire <[email protected]>
Date:   Thu May 4 10:13:00 2023 +0200

    Fix infinite loop in AccountsStatusesCleanupScheduler (#24840)

commit 7012bf6ed3188148e91870d83c446c529d46907d
Author: Claire <[email protected]>
Date:   Wed May 3 10:31:40 2023 +0200

    Improve automatic post cleanup worker performances (#24785)

commit d9e45f2fa94449fe367a92b34f12775a0c85a8ee
Author: Claire <[email protected]>
Date:   Sun Apr 23 22:25:40 2023 +0200

    Fix AccountsStatusesCleanupScheduler not spreading deletes across accounts correctly (#24607)

commit 0e139e3c4d8faa94fe0357d235f84a3f4c2abb50
Author: Claire <[email protected]>
Date:   Fri Apr 21 18:14:19 2023 +0200

    Change automatic post deletion thresholds and load detection (#24614)

commit 23e7b4d28dc94ef927f6db4e5832a45e333b252e
Author: Emelia Smith <[email protected]>
Date:   Sat Jun 10 18:24:37 2023 +0200

    Fix logging of messages that are binary before closing their connection (#25361)

commit e78ee582f7b845c16cdcada44c96ed7053f07ff1
Author: Emelia Smith <[email protected]>
Date:   Fri Jun 9 19:29:16 2023 +0200

    Fix performance of streaming by parsing message JSON once (#25278)

commit a197fc094f9f55379d34a46bb530a7ce97d530b6
Author: Claire <[email protected]>
Date:   Mon Jun 5 17:35:05 2023 +0200

    Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273)

commit bd7cbeeadfbb7d087c71cd6e0a016d44ca39a786
Author: Daniel M Brasil <[email protected]>
Date:   Sun Apr 30 01:50:58 2023 -0300

    Fix  `tootctl accounts approve --number N` not aproving N earliest registrations (#24605)

commit 2779bce9a22f556b6c7a2e39eab82ab7438ac240
Author: Claire <[email protected]>
Date:   Tue May 2 17:42:42 2023 +0200

    Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` (#23600)

    Co-authored-by: Eugen Rochko <[email protected]>

commit 210ff368605c6752dcd8740b088570f393d322cf
Author: Claire <[email protected]>
Date:   Thu May 11 04:40:03 2023 +0200

    Change AccessTokensVacuum to also delete expired tokens (#24868)

commit 99c2bbbec9bb004fd54d4f0920c1109e960ebb04
Author: Claire <[email protected]>
Date:   Fri May 12 13:13:04 2023 +0200

    Change profile updates to be sent to recently-mentioned servers (#24852)

commit 7e587793004c0558d5131ff8eff359a77617a206
Author: Claire <[email protected]>
Date:   Tue May 16 14:56:49 2023 +0200

    Fix reports not being closed when performing batch suspensions (#24988)

commit cca464bce3c2ac43e2759d6a0ab0c977b4098d90
Author: Claire <[email protected]>
Date:   Wed May 17 00:08:42 2023 +0200

    Fix being able to vote on your own polls (#25015)

commit 1301af60e042fb9db39172977fb3a5d720ca7a31
Author: Claire <[email protected]>
Date:   Wed May 17 00:09:21 2023 +0200

    Fix race condition when reblogging a status (#25016)

commit f962e838567143640036c9a4f01e161e2a88941b
Author: Claire <[email protected]>
Date:   Mon May 22 12:25:56 2023 +0200

    Change OpenGraph-based embeds to allow fullscreen (#25058)

commit b3cbcd744719cd3a8a65f6dbefbc0f3912827a55
Author: Claire <[email protected]>
Date:   Mon May 22 14:03:38 2023 +0200

    Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060)

commit 72d96bf17a6c44344f5896b2b26d751315650f0e
Author: Claire <[email protected]>
Date:   Tue May 23 14:27:17 2023 +0200

    Remove invalid X-Frame-Options: ALLOWALL (#25070)

commit b1ac3562dff4c2e21a51bacf7cf963e3203097b8
Author: Claire <[email protected]>
Date:   Tue May 23 15:00:36 2023 +0200

    Change Identity to not destroy associated User on destroy (#25098)

commit 4c6c790f80f598d80e4fce44c06309a17dfd65e6
Author: Claire <[email protected]>
Date:   Tue Jun 20 18:32:26 2023 +0200

    Fix /api/v1/conversations sometimes returning empty accounts (#25499)

commit 036ac5b5c9597f8a2042a102439f14eaa9474f6c
Author: Claire <[email protected]>
Date:   Wed Jun 14 08:54:52 2023 +0200

    Fix ArgumentError when loading newer Private Mentions (#25399)

commit 3e1724e97282a2725778eccdf46d7756773d2771
Author: Claire <[email protected]>
Date:   Thu Jun 1 02:41:51 2023 +0200

    Fix multiple N+1s in ConversationsController (#25134)

commit bc8592627bc7effa94c12d17bd8ee7e0b6ff52be
Author: Claire <[email protected]>
Date:   Wed Apr 5 19:31:49 2023 +0200

    Fix user archive takeouts when using OpenStack Swift (#24431)

commit d58e39c5c051bd685a19890b640b13cc7ce8d45b
Author: robin* <[email protected]>
Date:   Mon Jul 3 21:59:05 2023 +0900

    리모트 해시태그는 트렌딩에 반영되지 않도록 수정

commit ef2e93e091a27f036b4fbce47434487ea773930a
Author: robin* <[email protected]>
Date:   Mon Jun 26 01:20:06 2023 +0900

    에러 이미지 레니로 변경

commit cb7f56c60682ac4cbab32eaf75036a78eb2b5b86
Author: robin* <[email protected]>
Date:   Sun May 21 12:49:37 2023 +0900

    안드로이드 테마 색상 변경

commit 71bc462e781661fa3afc212b9a08532e8919ce6a
Author: robin* <[email protected]>
Date:   Sun May 21 12:30:52 2023 +0900

    bird-ui 경로 수정

commit 19ad35b2aeae0387756f066674e6bc093bcf081b
Author: robin* <[email protected]>
Date:   Sun May 21 10:56:56 2023 +0900

    bird-ui 1.5.6 업데이트

commit 3cfc11929131ac6cdac6bd0c21ec764fbaecd2b1
Author: robin* <[email protected]>
Date:   Sun May 21 10:56:33 2023 +0900

    서버 로고 레니로 재적용

commit 5c0ddf2b02d589430c1bba02e2facd59ebf232a5
Author: robin* <[email protected]>
Date:   Wed May 17 00:05:35 2023 +0900

    Change SVG Icon

commit 5657cfc3b1a8354fd720b1700a81a28f226e0860
Author: robin* <[email protected]>
Date:   Sun Apr 30 21:09:02 2023 +0900

    Add bird ui in config/themes.yml

commit f59b0366f42569d313c6fde98b0b576b0ce10b06
Author: robin* <[email protected]>
Date:   Sun Apr 30 21:08:45 2023 +0900

    Update bird-ui version to 1.5.2

commit 7ac33f3897efaaca0dc628e10c6923a1d4c959dd
Author: robin* <[email protected]>
Date:   Sat Apr 22 00:56:34 2023 +0900

    style: lint

commit 52c9a20083680d7f0308d3af240b884da09d0d56
Author: robin* <[email protected]>
Date:   Sat Apr 22 00:02:31 2023 +0900

    수정: 서브모듈도 체크아웃하도록

commit 1fcf07443ee13aa03f39b25a91ed6e25411b3d16
Author: robin* <[email protected]>
Date:   Thu Apr 20 20:49:29 2023 +0900

    bird-ui 1.4.7 추가

commit 88b1cd0ac75e8b8b404d56eed6195e02dd3ba15f
Merge: 327736d93 4b9e4f639
Author: robin* <[email protected]>
Date:   Tue Apr 4 22:18:30 2023 +0900

    Merge tag 'v4.1.2'

commit 4b9e4f6398760cc04f9fde2c659f30ffea216e12
Author: Claire <[email protected]>
Date:   Mon Mar 27 17:43:24 2023 +0200

    Bump version to v4.1.2

commit b9f271364e8be91e822fc621c0d99cdd66a7acf1
Author: Claire <[email protected]>
Date:   Mon Apr 3 15:47:04 2023 +0200

    Fix unescaped user input in LDAP query (#24379)

    Fix CVE-2023-28853

commit 4eaa6d58b2679b27b2fb6f9a3a41101ee65db63c
Author: Claire <[email protected]>
Date:   Mon Apr 3 15:05:39 2023 +0200

    Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327)

commit 51572ac615208197ceced4c81192aa0dfd47e923
Author: Claire <[email protected]>
Date:   Fri Mar 31 21:42:28 2023 +0200

    Fix invalid/expired invites being processed on sign-up (#24337)

commit 01617534fac1f7f9c5646556d7b78baef6c1dfb0
Author: Sai <[email protected]>
Date:   Fri Mar 31 16:11:22 2023 +0100

    Update Ruby to 3.0.6 (#24334)

commit af6eb37c704e4114157fdc04e54f682a9de0e8d9
Author: Robert R George <[email protected]>
Date:   Wed Mar 29 00:58:27 2023 -0700

    Wrap db:setup with Chewy.strategy(:mastodon) (#24302)

commit 590df443f11c21ad0bad49dd0d4dfb6560e75930
Author: Eugen Rochko <[email protected]>
Date:   Sat Feb 11 04:02:07 2023 +0100

    Bump blurhash from 0.1.6 to 0.1.7 (#23517)

commit ae64c5b7eca37be65f87b2ea82c92d9732b641dd
Author: Claire <[email protected]>
Date:   Mon Mar 27 17:07:37 2023 +0200

    Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200)

commit 3c82c4e7806e1c95964738027d7e907e8557116b
Author: Claire <[email protected]>
Date:   Mon Mar 20 20:02:58 2023 +0100

    Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled (#24182)

commit 327736d93e8201de8f8c3f7c385bd4740a213bb0
Author: robin* <[email protected]>
Date:   Fri Mar 17 17:51:50 2023 +0900

    fix: workflow branch가 잘못되어 있음

commit 1343cfa9dd6711afc8834c5bd8167300e9f3ad24
Merge: 7e7ace527 ab85f59c3
Author: robin* <[email protected]>
Date:   Fri Mar 17 17:46:47 2023 +0900

    Merge tag 'v4.1.1'

commit ab85f59c30ff523cb2a6551ca1f36779c2fa81f3
Author: Claire <[email protected]>
Date:   Thu Mar 16 22:33:41 2023 +0100

    Bump version to v4.1.1

commit 6a7b91a038d78c525c7c74596306e25aa0d2e44e
Author: Claire <[email protected]>
Date:   Thu Mar 16 22:47:01 2023 +0100

    Add warning for object storage misconfiguration (#24137)

commit 6db76875fdeff4f112db0f5b9077ffeaece71ad6
Author: Eugen Rochko <[email protected]>
Date:   Thu Mar 16 22:46:52 2023 +0100

    Change user backups to use expiring URLs for download when possible (#24136)

commit 19def1a1f1d5171ba5408ba90fb20dc0de0ae33f
Author: Claire <[email protected]>
Date:   Thu Mar 16 22:03:22 2023 +0100

    Update changelog

commit 0e58e7f5d88d3d9873bde799e892bcbbc747dad4
Author: Claire <[email protected]>
Date:   Thu Mar 16 11:51:36 2023 +0100

    Update changelog

commit 8c4ea7d715e60a8e78dff6446aac8026e2ed0774
Author: Claire <[email protected]>
Date:   Wed Mar 15 04:15:20 2023 +0100

    Fix misleading error code when receiving invalid WebAuthn credentials (#23568)

commit cc65f32714543bc7431c9bd739bc531a7ad7a1a8
Author: Claire <[email protected]>
Date:   Wed Mar 15 04:14:47 2023 +0100

    Fix incorrect post links in strikes when the account is remote (#23611)

commit 036306450141291101843b9d5f580305f847ad4b
Author: Claire <[email protected]>
Date:   Wed Mar 15 04:01:49 2023 +0100

    Fix dashboard crash on ElasticSearch server error (#23751)

commit 46d6cb0f36616b879d52bf6cca61226b7ee1d17b
Author: Nick Schonning <[email protected]>
Date:   Wed Mar 15 11:43:44 2023 -0400

    Skip pushing containers on forks (#24106)

commit 4213907aaf9ff62bbed1539e49d33f9a3b3b9a36
Author: Renaud Chaput <[email protected]>
Date:   Wed Mar 15 16:41:13 2023 +0100

    Use Github Container Registry as the official container image source (#24113)

commit 0891a8d4b0c7490e2306884ece6799afe0e1c849
Author: Nick Schonning <[email protected]>
Date:   Tue Mar 14 22:43:49 2023 -0400

    Skip Docker CI Login/Push on forks (#23564)

commit 0529fb0866563df05b348fdc8dd823243768c137
Author: Renaud Chaput <[email protected]>
Date:   Tue Mar 14 20:27:43 2023 +0100

    Push Docker images to Github Container Registry as well (#24101)

commit 59a2fe32ff1055f0ae33d3dc7efda877dd0c0440
Author: Eugen Rochko <[email protected]>
Date:   Thu Mar 16 02:55:54 2023 +0100

    Add cache headers to static files served through Rails (#24120)

commit 5cc39a3810f71ee9845af1102416512009b1ede9
Author: Eugen Rochko <[email protected]>
Date:   Thu Mar 16 02:55:13 2023 +0100

    Add `SENDFILE_HEADER` environment variable (#24123)

commit 4e02c7dc2c4ec744d2d075b4c0bdfca45373dc61
Author: CSDUMMI <[email protected]>
Date:   Tue Mar 14 14:47:57 2023 +0100

     Support the PROXY protocol through the PROXY_PROTO_V1 env variable (#24064)

commit fe7752f4b8515cd096255aa41735e6774b9d2d74
Author: Claire <[email protected]>
Date:   Mon Mar 13 18:50:33 2023 +0100

    Update changelog

commit 6962d117b73d190c386d2d083d2d876c9b304dd5
Author: Claire <[email protected]>
Date:   Fri Mar 3 21:08:22 2023 +0100

    Change `ActivityPub::DeliveryWorker` retries to be spread out more (#21956)

commit 2a37dc7967ed7f57143852805a1a2e28c5f3ff4e
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:37:22 2023 +0100

    Change unintended SMTP read timeout from 5 seconds to 20 seconds (#23750)

commit a54bd84690a3db9e857c87e6a7120c528e0e69ff
Author: Terry Garcia <[email protected]>
Date:   Fri Mar 3 13:37:49 2023 -0600

    Switched bookmark and favourites around (#23701)

commit 68af19c328622ad5960014d4318483ef43d2656d
Author: Claire <[email protected]>
Date:   Thu Feb 23 16:52:40 2023 +0100

    Change auto-deletion throttling constants to better scale with server size (#23320)

commit a133570b26a646867d211556c98e37e50b4c84d1
Author: Tim Lucas <[email protected]>
Date:   Thu Feb 23 22:58:42 2023 +1100

    Increase contrast of upload progress background (#23836)

commit 9972eb41ae04fa60d410c65eb70591b6442dfecc
Author: PauloVilarinho <[email protected]>
Date:   Mon Mar 6 13:33:09 2023 -0300

    add modal message when editing toot (#23936)

    Co-authored-by: PauloVilarinho <[email protected]>

commit 78c7c79d789231036aaffffe15dfce19a2eaa575
Author: 9p4 <[email protected]>
Date:   Wed Mar 8 11:06:53 2023 -0500

    Add refreshing many accounts at once with "tootctl accounts refresh" (#23304)

commit cec59417d736a7725ab8effdc69c15c428b0f25a
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:44:46 2023 +0100

    Add mail headers to avoid auto-replies (#23597)

commit 9377c4a87c69bf2dcb9797a6c07d8ce377a32dae
Author: Claire <[email protected]>
Date:   Tue Feb 21 09:23:39 2023 +0100

    Add `lang` tag to native language names in language picker (#23749)

commit 40ae8d5e03167fa3d0f4c2a901285b2243d8a80b
Author: Thijs Kinkhorst <[email protected]>
Date:   Tue Feb 14 19:05:57 2023 +0100

    Fix paths with url-encoded @ to redirect to the correct path (#23593)

commit 3f2e31800ed9c74fc1b7bc4b475542f0256fefbd
Author: Christian Schmidt <[email protected]>
Date:   Wed Mar 8 19:56:41 2023 +0100

    Unescape HTML entities (#24019)

commit 92a26638eb08c9ae0de64c0d161a0f5933d3832d
Author: Christian Schmidt <[email protected]>
Date:   Mon Mar 6 15:37:19 2023 +0100

    Do not strip tags from `Setting.site_short_description` (#23975)

commit 479b66637b2383184e724c6ba59217a320109691
Author: Claire <[email protected]>
Date:   Sun Mar 12 23:47:55 2023 +0100

    Fix sidekiq jobs not triggering Elasticsearch index updates (#24046)

commit 14bcd1428977e41321569113d87fc901e7c102b7
Author: Rodion Borisov <[email protected]>
Date:   Thu Mar 9 16:35:44 2023 +0300

    Center the text itself in upload area (#24029)

commit 4bfbeb8139413c494314ed8e6fa6c03656fb2a5a
Author: Claire <[email protected]>
Date:   Mon Mar 6 17:44:55 2023 +0100

    Fix `/api/v1/streaming` sub-paths not being redirected (#23988)

commit 2fed61a477b372a72841194001282e2bf07bf70e
Author: Eugen Rochko <[email protected]>
Date:   Sun Mar 5 01:52:42 2023 +0100

    Fix pgBouncer resetting application name on every transaction (#23958)

commit 37a28ba2034b37c2550c59f1befca9a29520f46c
Author: Christian Schmidt <[email protected]>
Date:   Sat Mar 4 23:18:19 2023 +0100

    Do not leave Mastodon when clicking “Back” (#23953)

commit 4cec3ad9b887e21875b4db4f4411589726e3ba86
Author: Claire <[email protected]>
Date:   Fri Mar 3 21:13:55 2023 +0100

    Fix original account being unfollowed on migration before the follow request could be sent (#21957)

commit 675c24a34ed8e8600aa750ae957aba9e5d4fc19e
Author: Claire <[email protected]>
Date:   Mon Mar 6 16:00:08 2023 +0100

    Fix unconfirmed accounts being registered as active users (#23803)

commit f5f17e897b600b015b21f0b9ebe9e912c5be36d5
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:45:12 2023 +0100

    Fix tootctl accounts migrate error due to typo (#23567)

commit 63532d9883b56cbe8adf2b145c49fb2d84277930
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:44:02 2023 +0100

    Fix error when displaying post history of a trendable post in the admin interface (#23574)

commit aff3f850deec47efb69489f40d44eab13765161b
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:36:18 2023 +0100

    Fix server error when failing to follow back followers from `/relationships` (#23787)

commit b52746e64b5e150f05b6e55e7e9546f408719118
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:25:36 2023 +0100

    Fix duplicate “Publish” button on mobile (#23804)

commit 69564db4473398fbb4362bbe05b760285d9c69e3
Author: Claire <[email protected]>
Date:   Wed Feb 22 11:53:13 2023 +0100

    Fix inefficiency when searching accounts per username in admin interface (#23801)

commit 00208b23b18d048c5f6d5e5c37954e13bdcc83ff
Author: Botao Wang <[email protected]>
Date:   Tue Feb 21 18:06:13 2023 +0900

    Fix sidebar cut-off on small screens in admin UI (#23764)

commit 900790184aeeedbc8a53bcb28fe36fbe973aeb56
Author: Claire <[email protected]>
Date:   Sun Feb 19 07:11:18 2023 +0100

    Fix focus point of already-attached media not saving after edit (#23566)

commit 11d66630252c53f2b75278919ee8160be672edb1
Author: Dean Bassett <[email protected]>
Date:   Mon Feb 13 05:54:08 2023 -0800

    Fix case-sensitive check for previously used hashtags (#23526)

commit ea1d55a64eba0fc56f2531495fa08cfc422f19b7
Author: emilweth <[email protected]>
Date:   Sat Feb 11 03:00:44 2023 +0100

    fix metrics format (#23520)

commit ac7665193cfaa743bb42178b8537ae815e6ca455
Author: emilweth <[email protected]>
Date:   Sat Feb 11 02:15:07 2023 +0100

    dot is not allowed (#23519)

commit 0dc342df81197c84adf530646ba04da436cb08a7
Author: Claire <[email protected]>
Date:   Fri Mar 3 20:25:15 2023 +0100

    Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805)

commit 7e7ace52776d9ee5a0feb3858e7fa44deaba6624
Author: robin* <[email protected]>
Date:   Sat Feb 11 11:02:22 2023 +0900

    Delete dependabot.yml

commit 0c8abdc465b4d6783312957313d2fe26c0ab3c40
Author: robin* <[email protected]>
Date:   Sat Feb 11 10:56:40 2023 +0900

    빌드 타겟 변경

commit f634345a4fe06ce558d28f1b0215333fdb28eb22
Merge: 551bbcc31 61c5dfb92
Author: robin* <[email protected]>
Date:   Sat Feb 11 10:54:47 2023 +0900

    Merge remote-tracking branch 'tootsuite/l10n_main'

commit 551bbcc31c4568c649f149629cf322486fa6721c
Author: robin* <[email protected]>
Date:   Tue Nov 22 16:16:04 2022 +0900

    기본 프로필 이미지가 타 서버에서도 반영되도록 수정

commit 83973ad000d081da3070901c32126b50d8290f84
Author: robin* <[email protected]>
Date:   Mon Nov 21 20:36:22 2022 +0900

    기본 프로필 사진 변경

commit 94694eb0c53dd569472348b808354afdd94536fb
Author: robin* <[email protected]>
Date:   Tue Nov 15 22:37:18 2022 +0900

    우리툿도절대지켜

commit ab1ee58251cca6aa5136543bb57dcf9a199dde48
Author: robin* <[email protected]>
Date:   Tue Nov 15 22:36:23 2022 +0900

    우리뿌우절대지켜

commit 150d389fe62aaa7561ec6ab261009160018ccc66
Merge: c49849ee7 a1738f899
Author: robin* <[email protected]>
Date:   Tue Nov 15 15:13:11 2022 +0900

    Merge remote-tracking branch 'tootsuite/main'

commit c49849ee7930ecae3a7e4454edb613208a2f070d
Author: robin* <[email protected]>
Date:   Wed Nov 9 01:57:17 2022 +0900

    파비콘 추가

commit e6bcefb07dd3d1fe7452ecc95aa9b48c93a6f160
Author: robin* <[email protected]>
Date:   Wed Nov 2 14:47:08 2022 +0900

    인수 오타 수정

commit f4a81d7031e1c6fc65d57ed12ea56ea4312c0ca4
Author: robin* <[email protected]>
Date:   Wed Nov 2 14:44:06 2022 +0900

    Change docker image build platform

commit 41154aed9d933cc024df3e031dfd4b5632d97d9c
Merge: e25ea5224 73f3f3786
Author: robin* <[email protected]>
Date:   Wed Nov 2 14:16:26 2022 +0900

    Merge remote-tracking branch 'byulmaru/master'

commit e25ea5224f45bc73fc9985b876ca7f1457c0949b
Author: robin* <[email protected]>
Date:   Wed Nov 2 14:16:10 2022 +0900

    build 오타 수정

commit 73f3f37869eacbe2da5008c840278b7eb9a9b33f
Author: robin* <[email protected]>
Date:   Wed Nov 2 14:13:34 2022 +0900

    Update build-image.yml

commit 27ff94e8e74fdeb6084f589c6cade98d7e0f47bf
Author: robin* <[email protected]>
Date:   Wed Nov 2 14:11:53 2022 +0900

    GitHub 자동 빌드 시스템 구현

commit 110307f48759dde0f7db0d898c36c19f45f0f788
Author: robin* <[email protected]>
Date:   Fri Oct 28 01:29:47 2022 +0900

    nori tokenizer 적용

commit 95a908baadc7b0d2cc826260b23274ac317f7247
Merge: 71577d209 fbcbf7898
Author: robin* <[email protected]>
Date:   Sun May 29 08:23:17 2022 +0900

    Merge branch '3.5.3'

commit 71577d209982abb808b74ff89ba69e177d0caff6
Author: robin* <[email protected]>
Date:   Sun May 8 21:16:28 2022 +0900

    불필요한 pull 삭제

commit 418b9d2bd4a94272e3ed290d3c47ec657cdfc26c
Author: robin* <[email protected]>
Date:   Sun May 8 21:13:05 2022 +0900

    dep와 release 분리

commit 37809672d0706f31bd97a0e0fc9703a9f60d6916
Author: robin* <[email protected]>
Date:   Fri May 6 09:41:30 2022 +0900

    캐시 사용하게 변경

commit 0399b9b5e1897925c323b1df7d90113f92047371
Author: robin* <[email protected]>
Date:   Wed May 4 16:14:17 2022 +0900

    CI stage 나누기 테스트

commit e8246af21f9c0b985459bb6edbf7379505890b86
Merge: e9f3cf782 014065913
Author: robin* <[email protected]>
Date:   Wed May 4 09:40:29 2022 +0900

    Merge remote-tracking branch 'tootsuite/main'

commit e9f3cf78256b3315f6cfc3e10c50df6b55ce86aa
Author: robin* <[email protected]>
Date:   Wed May 4 09:40:14 2022 +0900

    yarn 타임아웃을 크게 설정

commit 24e02129bee4d25f1e8037929b0d7b6e8fee27cc
Author: robin* <[email protected]>
Date:   Sat Apr 23 10:36:57 2022 +0900

    bundle과 yarn 설치를 분리하고 yarn 타임아웃을 크게 설정

commit e8b53b838101e92b08b9a59573b2da5f863735af
Author: robin* <[email protected]>
Date:   Fri Apr 22 11:25:34 2022 +0900

    이러면 캐시 이용하나??

commit 9015eda257784255419b1de762053b7100908818
Author: robin* <[email protected]>
Date:   Wed Apr 20 07:32:47 2022 +0000

    Update .gitlab-ci.yml file

commit 750319882455850be91289ea612bfd34fb783864
Author: robin* <[email protected]>
Date:   Wed Apr 20 14:38:54 2022 +0900

    빌드 후 이미지를 푸시하도록 수정

commit ff575a026749222d40b1744d06208d171955ac75
Author: robin* <[email protected]>
Date:   Wed Apr 20 14:34:45 2022 +0900

    buildx 커맨드 오타 수정

commit 8b84bcd9dd53acc1399d8031df219325747f5672
Author: robin* <[email protected]>
Date:   Wed Apr 20 14:26:39 2022 +0900

    buildx로 arm에서 빌드

commit d229380129cce9698a7a8aa9a15211dfc73f7f2c
Merge: aba0e2780 ed5491e5d
Author: robin* <[email protected]>
Date:   Wed Apr 20 14:19:57 2022 +0900

    Merge branch '3.5.1'

commit aba0e2780b21b23e0801c48e9210514a24e45535
Author: robin* <[email protected]>
Date:   Thu Feb 10 22:41:01 2022 +0900

    머지 실수 교정

commit 69e3b702d0170dd1d107612a127216d96a5e650f
Merge: 07284eb94 3413f1c44
Author: robin* <[email protected]>
Date:   Thu Feb 10 22:33:53 2022 +0900

    Merge remote-tracking branch 'tootsuite/main'

commit 07284eb940c1182b7c5665cc0a48caa8b11094dc
Author: Eugen Rochko <[email protected]>
Date:   Thu Feb 3 14:21:38 2022 +0100

    Forward-port version bump to 3.4.6 (#17434)

commit 0a4846fc2558e8f34c3d0c20afa9ad68f517e10f
Author: Claire <[email protected]>
Date:   Thu Feb 3 14:09:04 2022 +0100

    Fix compacted JSON-LD possibly causing compatibility issues on forwarding (#17428)

commit 4ec9c9c7dfa197d2e72c164ea2844da1c0a428b2
Author: Claire <[email protected]>
Date:   Thu Feb 3 14:07:43 2022 +0100

    Fix response_to_recipient? CTE (#17427)

commit 06280c066951682b3ae7fa3950a3b2c2461794d9
Author: Claire <[email protected]>
Date:   Thu Feb 3 14:07:29 2022 +0100

    Compact JSON-LD signed incoming activities (#17426)

    Co-authored-by: Puck Meerburg <[email protected]>

commit d96954e1b4debce5d403544c42cc5451c1d9d919
Merge: f2587765d d0d15bf49
Author: robin* <[email protected]>
Date:   Wed Feb 2 15:24:26 2022 +0900

    Merge remote-tracking branch 'tootsuite/main'

commit f2587765dd99714547c73283252839c27fe0b299
Merge: 4e0be3940 fd868f8ca
Author: robin* <[email protected]>
Date:   Fri Nov 26 11:16:05 2021 +0900

    Merge remote-tracking branch 'tootsuite/stable-3.4'

commit fd868f8ca0b13afdb3f6fb9a3be063ccec7e1349
Author: Eugen Rochko <[email protected]>
Date:   Fri Nov 26 01:27:08 2021 +0100

    Bump version to 3.4.4

commit 4cd33a2c712acf038d856caaad077e34398306d2
Author: Claire <[email protected]>
Date:   Thu Nov 11 14:00:30 2021 +0100

    Fix "bundle exec rails mastodon:setup" crashing in some circumstances (#16976)

    Fix regression from #16896

commit f264cca1d20dcd1d80343d31f7c960f1579b57ad
Author: Claire <[email protected]>
Date:   Thu Nov 25 23:46:30 2021 +0100

    Fix filtering DMs from non-followed users (#17042)

commit 5e4b04de8853822a9b0c6b124d0427ac9df2327e
Author: Claire <[email protected]>
Date:   Thu Nov 25 23:46:39 2021 +0100

    Fix handling of recursive toots in WebUI (#17041)

commit 3c18311d860e829a3bbefe34f166f701242f925a
Author: Claire <[email protected]>
Date:   Wed Nov 24 17:41:03 2021 +0100

    Fix error when suspending user with an already-existing canonical email block (#17036)

    * Fix error when suspending user with an already-existing canonical email block

    Fixes #17033

    While attempting to create a `CanonicalEmailBlock` with an existing hash would
    raise an `ActiveRecord::RecordNotUnique` error, this being done within a
    transaction would cancel the whole transaction. For this reason, checking for
    uniqueness in Rails would query the database within the transaction and avoid
    invalidating the whole transaction for this reason.

    A race condition is still possible, where multiple accounts sharing a canonical
    email would be blocked in concurrent transactions, in which only one would
    succeed, but that is way less likely to happen that the current issue, and can
    always be retried after the first failure, unlike the current situation.

    * Add tests

commit e5113a8cad23f686129ef04e908afee9ad0f6ada
Author: Claire <[email protected]>
Date:   Fri Nov 19 18:22:49 2021 +0100

    Fix overflow of long profile fields in admin view (#17010)

commit 22cd1e6ab593830dc667ef09235faed0b7547891
Author: Claire <[email protected]>
Date:   Sun Nov 14 21:55:40 2021 +0100

    Fix confusing error when webfinger request returns empty document (#16986)

    For some reason, some misconfigured servers return an empty document when
    queried over webfinger. Since an empty document does not lead to a parse
    error, the error is not caught properly and triggers uncaught exceptions
    later on.

    This PR fixes that by immediately erroring out with `Webfinger::Error` on
    getting an empty response.

commit e65ede1ac538501883f7cb68516e9bada2ef25fe
Author: Claire <[email protected]>
Date:   Tue Nov 16 21:36:28 2021 +0100

    Fix upload of remote media with OpenStack Swift sometimes failing (#16998)

    Under certain conditions, files fetched from remotes trigger an error when
    being uploaded using OpenStack Swift. This is because in some cases, the
    remote server will not return a content-length, so our ResponseWithLimitAdapter
    will hold a `nil` value for `#size`, which will lead to an invalid value
    for the Content-Length header of the Swift API call.

    This commit fixes that by taking the size from the actually-downloaded file
    size rather than the upstream-provided Content-Length header value.

commit 1bcb3daf7e4255662d6185a2fb74c2263f75060a
Author: Takeshi Umeda <[email protected]>
Date:   Fri Aug 6 19:14:13 2021 +0900

    Fix logout link not working in safari (#16574)

commit 9c610ca0a41b1a317188a94d7532e9937dda47b8
Author: Claire <[email protected]>
Date:   Sun Jul 25 01:13:46 2021 +0200

    Fix “open” link of media modal not closing modal (#16524)

commit 77d0297313ca7d0a26ec820381e93030a974c1a9
Author: Claire <[email protected]>
Date:   Sat Jul 17 17:06:52 2021 +0200

    Fix replying from modal (#16516)

    Fixes #16515

    Not using a router object somehow made `this.history` lag behind the real
    browser history whenever pushing a new history item in `replyCompose`.

    Not using the context-provided router in this case was an oversight made
    when porting glitch-soc changes in #16499.

commit 4e0be394028fe52e868d9659bdfefd97f234f91c
Merge: 5ec8d5e0a 4b6668868
Author: robin* <[email protected]>
Date:   Sat Nov 6 14:18:49 2021 +0900

    Merge remote-tracking branch 'tootsuite/stable-3.4'

commit 4b6668868e92b83c740849ddd397ca3ff5026a86
Author: Eugen Rochko <[email protected]>
Date:   Sat Nov 6 05:19:38 2021 +0100

    Bump version to 3.4.3

commit 5c47a18c8df3231aa25c6d1f140a71a7fac9cbf9
Author: Eugen Rochko <[email protected]>
Date:   Sat Nov 6 05:17:39 2021 +0100

    Fix login being broken due to inaccurately applied backport fix in 3.4.2

    See #16943

commit 8a74d851d2035cf7adbb605b7e994334152fbfc4
Author: Eugen Rochko <[email protected]>
Date:   Sat Nov 6 00:09:41 2021 +0100

    Bump version to 3.4.2

commit 76c2028859e5eef4ac4a07d5b3f4538eec933b88
Author: Claire <[email protected]>
Date:   Sat Nov 6 00:12:25 2021 +0100

    Fix AccountNote not having a maximum length (#16942)

commit 3251b8eeadbeb34fa7846b240ee48df963f16562
Author: Claire <[email protected]>
Date:   Sat Nov 6 00:13:58 2021 +0100

    Fix reviving revoked sessions and invalidating login (#16943)

    Up until now, we have used Devise's Rememberable mechanism to re-log users
    after the end of their browser sessions. This mechanism relies on a signed
    cookie containing a token. That token was stored on the user's record,
    meaning it was shared across all logged in browsers, meaning truly revoking
    a browser's ability to auto-log-in involves revoking the token itself, and
    revoking access from *all* logged-in browsers.

    We had a session mechanism that dynamically checks whether a user's session
    has been disabled, and would log out the user if so. However, this would only
    clear a session being actively used, and a new one could be respawned with
    the `remember_user_token` cookie.

    In practice, this caused two issues:
    - sessions could be revived after being closed from /auth/edit (security issue)
    - auto-log-in would be disabled for *all* browsers after logging out from one
      of them

    This PR removes the `remember_token` mechanism and treats the `_session_id`
    cookie/token as a browser-specific `remember_token`, fixing both issues.

commit f60bb0784fdf2ac67582ba4e96779acc078d9902
Author: Claire <[email protected]>
Date:   Fri Nov 5 21:14:35 2021 +0100

    Fix handling announcements with links (#16941)

    Broken since #15827

commit c3a6f7b9411a86a8fce71ef99d8801d8930bb8f0
Author: Claire <[email protected]>
Date:   Wed Jul 14 05:35:49 2021 +0200

    Fix user email address being banned on self-deletion (#16503)

    * Add tests

    * Fix user email address being banned on self-deletion

    Fixes #16498

commit 986397b3a255e5078ff4830a7d4d4687a12f4c19
Author: Claire <[email protected]>
Date:   Tue Jul 13 15:45:17 2021 +0200

    Improve modal flow and back button handling (#16499)

    * Refactor shouldUpdateScroll passing

    So far, shouldUpdateScroll has been manually passed down from the very top of
    the React component hierarchy even though it is a static function common to
    all ScrollContainer instances, so replaced that with a custom class extending
    ScrollContainer.

    * Generalize “press back to close modal” to any modal and to public pages

    * Fix boost confirmation modal closing media modal

commit c79d4711e9529ea024e0b70d3f64821bbde018d2
Author: Claire <[email protected]>
Date:   Tue Jul 13 15:46:20 2021 +0200

    Change references to tootsuite/mastodon to mastodon/mastodon (#16491)

    * Change references to tootsuite/mastodon to mastodon/mastodon

    * Remove obsolete test fixture

    * Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG

    And a few other places

commit be560337158c83d737fe4b4de3486caae718ca01
Author: Claire <[email protected]>
Date:   Wed Jul 7 21:13:08 2021 +0200

    Change number_to_human calls to always use 3-digits precision (#16469)

    Fixes #16435

commit 8815e98aa231dd68cc9ff586f045f6c5fc3f0cd0
Author: Claire <[email protected]>
Date:   Mon Jul 5 19:16:06 2021 +0200

    Fix pop-in player display when poster has long username or handle (#16468)

commit 4bc1fde1059c6d953d91f5f57146781cd5559025
Author: Claire <[email protected]>
Date:   Sat Jul 3 21:13:47 2021 +0200

    Fix anonymous access to outbox not being cached by the reverse proxy (#16458)

    * Fix anonymous access to outbox not being cached by the reverse proxy

    Up until now, anonymous access to outbox was marked as public, but with a
    0 duration for caching, which means remote proxies would only serve from cache
    when the server was completely overwhelmed.

    Changed that cache duration to one minute, so that repeated anonymous access
    to one account's outbox can be appropriately cached.

    Also added `Signature` to the `Vary` header in case a page is requested, so
    that authenticated fetches are never served from cache (which only contains
    public toots).

    * Remove Vary: Accept header from webfinger controller

    Indeed, we have stopped returning xrd, and only ever return jrd, so the
    Accept request header does not matter anymore.

    * Cache negative webfinger hits for 3 minutes

commit 34ab4111a7e32c1c0ae6055286bb94bf496295a2
Author: Claire <[email protected]>
Date:   Fri Jun 25 04:45:17 2021 +0200

    Fix WebUI crash when a toot with a playing video gets deleted (#16384)

    * Fix WebUI crash when a toot with a playing video gets deleted

    * Fix pop-up player not closing the moment a status is deleted

commit aebcb722aa9a092000448b6e143c12a74f5bb78f
Author: Claire <[email protected]>
Date:   Mon Jun 21 20:14:47 2021 +0200

    Fix serialization of followers/following counts when user hides their network (#16418)

    * Add tests

    * Fix serialization of followers/following counts when user hides their network

    Fixes #16382

    Signed-off-by: Claire <[email protected]>

commit 9a468c895be2b9970a9556e72a9162070337b87c
Author: Claire <[email protected]>
Date:   Thu Jul 15 15:56:58 2021 +0200

    Fix inefficiencies in auto-linking code (#16506)

    The auto-linking code basically rewrote the whole string escaping non-ascii
    characters in an inefficient way, and building a full character offset map
    between the unescaped and escaped texts before sending the contents to
    TwitterText's extractor.

    Instead of doing that, this commit changes the TwitterText regexps to include
    valid IRI characters in addition to valid URI characters.

commit a1e5ff04e3278edbf7f71fe504f38c83de694d3b
Author: Claire <[email protected]>
Date:   Thu Oct 14 19:59:28 2021 +0200

    Fix tootctl self-destruct not sending Delete activities for recently-suspended accounts (#16688)

    * Do not block existing users' emails on self-destruct

    That is wasteful and unintuitive

    * Do not close registrations when running tootctl self-destruct with --dry-run

    * Close registrations on self-destruct regardless of known remote accounts

    * Fix tootctl self-destruct not sending Deletes for recently-suspended accounts

    * Suspend local users even if no remote account is known

    * Do not show scary confirmation text if ran with --dry-run

commit e40d5414cce5a59083fd8ed50837186546a86ac4
Author: Claire <[email protected]>
Date:   Fri Jul 23 02:53:17 2021 +0200

    Fix crashes with Microsoft Translate on Microsoft Edge (#16525)

    Fixes #16509

    Microsoft Edge with translation enabled rewrites the DOM in ways that confuse
    react and prevent it from working properly. Wrapping the offending parts in
    a span avoids this issue.

commit 40eaa8706b81f0c7fb20dcc8668cdf2b443f5363
Author: Claire <[email protected]>
Date:   Sat Sep 4 16:44:50 2021 +0200

    Fix suspicious sign-in mail text being out of date (#16690)

    Fixes #16687

commit 4cc7efcb0856ce980352ab0566bb8b63976e56d5
Author: Claire <[email protected]>
Date:   Mon Sep 13 18:59:56 2021 +0200

    Fix some Rails frameworks being unnecessarily loaded (#16725)

    Saves about 10MiB of memory usage at boot

commit 9b34647c9b98ff751862782ea5b408d89adfcbdb
Author: Claire <[email protected]>
Date:   Wed Sep 15 18:51:16 2021 +0200

    Fix followers synchronization mechanism not working when URI has empty path (#16744)

    Follow-up to #16510, forgot the controller exposing the actual followers…

commit 6b98fd0b4f79f887234ace4115914442183a84db
Author: Eugen Rochko <[email protected]>
Date:   Fri Jul 2 12:03:15 2021 +0200

    Fix not being able to suspend accounts that already have a canonical e-mail block (#16455)

commit c7f534ab953f713c1f4be82ebb23c757f3b063fd
Author: Claire <[email protected]>
Date:   Wed Jun 30 06:13:55 2021 +0200

    Fix missing on_delete: :cascade for canonical_email_blocks foreign key (#16448)

commit d5a50e9dfb2d64ba68271a06d4323da9869d92e8
Author: Eugen Rochko <[email protected]>
Date:   Sat Jul 10 17:58:41 2021 +0200

    Add `configuration` attribute to `GET /api/v1/instance` (#16485)

    List various values like file size limits and supported mime types

commit e1cf8d4d3741f6950808e9042e078ea5891e7fe6
Author: Jeong Arm <[email protected]>
Date:   Thu Nov 4 23:49:35 2021 +0900

    Fix statuses order in account's statuses admin page (#16937)

commit f366a23a232e41c486845acc2c9d119dd825e6d0
Author: Jeong Arm <[email protected]>
Date:   Fri Oct 29 02:30:44 2021 +0900

    Skip blocked domains media on tootctl media refresh (#16914)

commit aa828aea02fcf4c6e4aab180ae28a0891e18c052
Author: Claire <[email protected]>
Date:   Mon Oct 25 16:34:15 2021 +0200

    Fix mastodon:setup to take dotenv/docker-compose differences into account (#16896)

    In order to work around https://github.com/mastodon/mastodon/issues/16895,
    add a warning to .env.production.sample, and change the mastodon:setup rake
    task to:
    - output a warning if a variable will be interpreted differently by dotenv
      and docker-compose
    - ensure the printed config is compatible with docker-compose

commit 123a88b6b5b567901f0adbda84f6b356607cff0b
Author: Claire <[email protected]>
Date:   Thu Oct 21 20:39:35 2021 +0200

    Fix some link previews being incorrectly generated from other prior links (#16885)

    * Add tests

    * Fix some link previews being incorrectly generated from different prior links

    PR #12403 added a cache to avoid redundant queries when the OEmbed endpoint can
    be guessed from the URL. This caching mechanism is not perfectly correct as
    there is no guarantee that all pages from a given domain share the same
    OEmbed provider endpoint.

    This PR prevents the FetchOEmbedService from caching OEmbed endpoint that
    cannot be generalized by replacing a fully-qualified URL from the endpoint's
    parameters, greatly reducing the number of incorrect cached generalizations.

commit e63370db191eb9ae12112789afe8e027095f9112
Author: Claire <[email protected]>
Date:   Thu Oct 14 19:59:21 2021 +0200

    Fix scheduled statuses decreasing statuses counts (#16791)

    * Add tests

    * Fix scheduled statuses decreasing statuses counts

    Fixes #16774

commit 2396c9061a6b6895dc77479c88e82c2106caae3a
Author: Claire <[email protected]>
Date:   Thu Sep 30 05:26:29 2021 +0200

    Fix webauthn secure key authentication (#16792)

    * Add tests

    * Fix webauthn secure key authentication

    Fixes #16769

commit 663b58aaaebb31de8479773b1d79db9a49322020
Author: Holger <[email protected]>
Date:   Thu Sep 9 05:33:36 2021 +0800

    use relative path for `scope` (#16714)

    Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.

commit 75441ac63de02cc5e65cd829a8448253f8c06140
Author: Claire <[email protected]>
Date:   Wed Sep 8 23:33:23 2021 +0200

    Fix addressing of remote groups' followers (#16700)

    Fixes #16699

commit 5899fe70b66fe98dac2b87e29fc08fad05a399c8
Author: Claire <[email protected]>
Date:   Wed Sep 1 22:06:40 2021 +0200

    Fix processing mentions to domains with non-ascii TLDs (#16689)

    Fixes #16602

commit 2688f18d06340ff858bd66d50ea3e0fd1c288695
Author: Claire <[email protected]>
Date:   Wed Aug 25 22:52:41 2021 +0200

    Fix authentication failures after going halfway through a sign-in attempt (#16607)

    * Add tests

    * Add security-related tests

    My first (unpublished) attempt at fixing the issues introduced (extremely
    hard-to-exploit) security vulnerabilities, addressing them in a test.

    * Fix authentication failures after going halfway through a sign-in attempt

    * Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious

commit f51c6cba1f88b68a23b86b164f08fb19e81c2497
Author: Claire <[email protected]>
Date:   Fri Aug 20 08:40:33 2021 +0200

    Fix remotely-suspended accounts' toots being merged back into timelines (#16628)

    * Fix remotely-suspended accounts' toots being merged back into timelines

    * Mark remotely-deleted accounts as remotely suspended

commit 4f852448e1b5543117ee91b0f7cc6f5c6388d6c9
Author: Claire <[email protected]>
Date:   Wed Aug 11 16:40:55 2021 +0200

    Fix crash when encountering invalid account fields (#16598)

    * Add test

    * Fix crash when encountering invalid account fields

commit c02d6c46e3b46b21370465e3637c9b95cdd008d2
Author: Takeshi Umeda <[email protected]>
Date:   Mon Aug 9 20:33:19 2021 +0900

    Fix invalid blurhash handling in Create activity (#16583)

commit 987f945930324f66f363287286f87d4ca337be5a
Author: Takeshi Umeda <[email protected]>
Date:   Sun Aug 8 22:31:02 2021 +0900

    Fix when MoveWorker cannot get locale from remote account (#16576)

commit e62f488be5d468a2a09a9f0890ef0dad9209808d
Author: Claire <[email protected]>
Date:   Wed Jun 23 23:55:47 2021 +0200

    Fix newlines in accout notes added by the Move handler (#16415)

    * Fix newlines in account notes added by the move handler

    * Make MoveWorker more robust

commit 5ec8d5e0a66cb7aba56a6c75025f093e28913304
Merge: 441c85ce8 d6486c969
Author: robin* <[email protected]>
Date:   Thu Jun 3 12:30:48 2021 +0900

    Merge remote-tracking branch 'tootsuite/main'

commit 441c85ce851a6045fa8a5c87ddb2ed5e9b2303c1
Merge: cfce8a9cc 4c7efdba4
Author: robin* <[email protected]>
Date:   Mon May 17 11:12:20 2021 +0900

    Merge remote-tracking branch 'tootsuite/main'

commit cfce8a9cc86ecf96663f4a90c8d0816986d9c9fa
Author: robin* <[email protected]>
Date:   Mon Mar 15 17:35:03 2021 +0900

    커스텀 이모지의 용량 제한 100KB로 증가

commit 54ff54987d1cc7370a1d0ff89d3fb989c4f7b57c
Author: robin* <[email protected]>
Date:   Sat Mar 13 20:58:20 2021 +0900

    display_name 길이 제한 50자로 완화(프론트)

commit 675882aada107e63cf38915a334f63d3857d7aae
Author: robin* <[email protected]>
Date:   Sat Mar 13 20:46:04 2021 +0900

    display_name 길이 제한 50자로 완화

commit 5336827da92394d362f07e12c37d9b09ae40b955
Author: robin* <[email protected]>
Date:   Sun Jan 10 20:45:17 2021 +0900

    공개설정 롤백

commit 8a5db4d6cba5a158b2adabd0fb77fa425b08098c
Merge: a6cab215f 633d17514
Author: robin* <[email protected]>
Date:   Sun Dec 27 14:49:52 2020 +0900

    Merge remote-tracking branch 'tootsuite/master'

commit a6cab215f47a7d14da851d9181ed074a7101b807
Merge: 6af1ff66e 2d5a5bac6
Author: robin* <[email protected]>
Date:   Sat Dec 19 09:54:22 2020 +0900

    Merge pull request #484 from tootsuite/stable-3.2

    Stable 3.2

commit 2d5a5bac673c5d8fec78be865c10ad6ae5a958a5
Author: Eugen Rochko <[email protected]>
Date:   Sat Dec 19 00:41:49 2020 +0100

    Bump version to 3.2.2

commit 36b9b8deaa252b458d2fa6a3c9b31cb82b8dfedb
Author: ThibG <[email protected]>
Date:   Sat Dec 19 00:26:53 2020 +0100

    Fix ResolveAccountService accepting mismatching acct: URI (#15368)

    Co-authored-by: Claire <[email protected]>

commit 406adfca275909111153dfde91626a849fed5a1f
Author: ThibG <[email protected]>
Date:   Fri Dec 18 23:31:14 2020 +0100

    Backport fixes to 3.2 (#15360)

    * Fix 2FA/sign-in token sessions being valid after password change (#14802)

    If someone tries logging in to an acc…

def set_last_used_at_by_app
@last_used_at_by_app = Doorkeeper::AccessToken
.select('DISTINCT ON (application_id) application_id, last_used_at')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I realize this is more than a year old, but bumped into this looking at something else. In this query, this line (the DISTINCT portion) doesnt actually come through in the generated sql.

I think what happens is the pluck overwrites the select line here, so the distinct portion of query gets dropped ... but then also, the final to_h essentially does what we want in terms of preparing a hash with unique keys (application IDs) each pointing to a datetime value for the view where this is used to consume.

That said, I'm not sure that the correct time gets picked. Example here...

mastodon(dev)>     @last_used_at_by_app = Doorkeeper::AccessToken
mastodon(dev)>                            .select('DISTINCT ON (application_id) application_id, last_used_at')
mastodon(dev)>                            .where(resource_owner_id: current_resource_owner.id)
mastodon(dev)>                            .where.not(last_used_at: nil)
mastodon(dev)>                            .order(application_id: :desc, last_used_at: :desc)
mastodon(dev)>                            .pluck(:application_id, :last_used_at)
mastodon(dev)>                            .to_h
mastodon(dev)> 
  Doorkeeper::AccessToken Pluck (0.2ms)  SELECT "oauth_access_tokens"."application_id", "oauth_access_tokens"."last_used_at" FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."resource_owner_id" = $1 AND "oauth_access_tokens"."last_used_at" IS NOT NULL ORDER BY "oauth_access_tokens"."application_id" DESC, "oauth_access_tokens"."last_used_at" DESC  [["resource_owner_id", 3]]
=> {3=>Sat, 09 Nov 2024 17:46:10.071951000 UTC +00:00}
mastodon(dev)>     @last_used_at_by_app = Doorkeeper::AccessToken
mastodon(dev)>                            .select('DISTINCT ON (application_id) application_id, last_used_at')
mastodon(dev)>                            .where(resource_owner_id: current_resource_owner.id)
mastodon(dev)>                            .where.not(last_used_at: nil)
mastodon(dev)>                            .order(application_id: :desc, last_used_at: :desc)
mastodon(dev)>                            .pluck(:application_id, :last_used_at)
mastodon(dev)> 
  Doorkeeper::AccessToken Pluck (0.2ms)  SELECT "oauth_access_tokens"."application_id", "oauth_access_tokens"."last_used_at" FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."resource_owner_id" = $1 AND "oauth_access_tokens"."last_used_at" IS NOT NULL ORDER BY "oauth_access_tokens"."application_id" DESC, "oauth_access_tokens"."last_used_at" DESC  [["resource_owner_id", 3]]
=> [[3, Thu, 14 Nov 2024 17:38:12.812377000 UTC +00:00], [3, Sat, 09 Nov 2024 17:46:10.071951000 UTC +00:00]]

Note how the first one (copied straight from here, including final to_h) does get us a uniquely-keyed hash, the second one (exact same, drops final to_h) shows the two values we could have chosen. Presumably we would have wanted the latter (11-14 in this example, not 11-09) value to be chosen?

If I remove the pluck line, the DISTINCT bit does run, and the one that comes back has been uniqued/ordered correctly (its the 11-14 one from my example).

Let me know if that analysis makes sense or I'm missing something here ... if it's a bug I'll take a stab at resolving.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good catch!

I guess we could remove the select and rewrite the pluck as follows:

@last_used_at_by_app = Doorkeeper::AccessToken
                           .where(resource_owner_id: current_resource_owner.id)
                           .where.not(last_used_at: nil)
                           .order(application_id: :desc, last_used_at: :desc)
                           .pluck(Arel.sql('DISTINCT ON (application_id) application_id, last_used_at'))
                           .to_h

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, thanks for confirming -- will attempt to fix, and may move this logic elsewhere in the process (it feels weird to add a controller spec or view spec for this ... maybe move to method on user or something to test)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working performance Runtime performance
Projects
None yet
Development

Successfully merging this pull request may close these issues.

"Authorized applications" in settings takes 18.6 seconds to load
3 participants