merge 3.4.6 #4
Merged
merge 3.4.6 #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ahox
commented
Feb 3, 2022
ahox
commented
- Fix some old migration scripts (Fix some old migration scripts mastodon/mastodon#17394)
- Fix edge case in migration helpers that caused crash because of PostgreSQL quirks (Fix edge case in migration helpers that caused crash because of PostgreSQL quirk mastodon/mastodon#17398)
- Save bundle config as local (Save bundle config as local on docker build mastodon/mastodon#17188)
- Bump ruby-saml from 1.11.0 to 1.13.0 (Fix Ruby 3.0 dependencies mastodon/mastodon#16723)
- Build container image by GitHub Actions (Build container image by GitHub Actions mastodon/mastodon#16973)
- Change workflow to push to Docker Hub (Change workflow to push to Docker Hub mastodon/mastodon#16980)
- Add manual GitHub Actions runs (Add manual GitHub Actions runs mastodon/mastodon#17000)
- Fix followers synchronization mechanism not working when URI has empty path (Fix followers synchronization mechanism not working when URI has empty path mastodon/mastodon#16510)
- Add more advanced migration tests (Add more advanced migration tests mastodon/mastodon#17393)
- Bump version to 3.4.5
- Fix spurious errors when receiving an Add activity for a private post (Fix spurious errors when receiving an Add activity for a private post mastodon/mastodon#17425)
- Fix error-prone SQL queries (Fix error-prone SQL queries mastodon/mastodon#15828)
- Compact JSON-LD signed incoming activities
- Fix compacted JSON-LD possibly causing compatibility issues on forwarding
- Fix insufficient sanitization of report comments
- Fix response_to_recipient? CTE
- Change mastodon:webpush:generate_vapid_key task to not require functional env (Change mastodon:webpush:generate_vapid_key task to not require functional env mastodon/mastodon#17338)
- disable legacy XSS filtering (disable legacy XSS filtering mastodon/mastodon#17289)
- Bump version to 3.4.6
- Fix insufficient sanitization of report comments (Fix insufficient sanitization of report comments mastodon/mastodon#17430)
* Fix some old migration scripts * Fix edge case in two-step migration from older releases
Some bundle options are saved as global user config and not project local. Specially, `deployment` must be saved as local config to be run on copied environment
* Build container image by GitHub Actions * Trigger docker build only pushed to main branch * Tweak tagging imgae - "edge" is the main branch - "latest" is the tagged latest release
…y path (mastodon#16510) * Fix followers synchronization mechanism not working when URI has empty path To my knowledge, there is no current implementation on the fediverse that can use bare domains (e.g., actor is at https://example.org instead of something like https://example.org/actor) that also plans to support the followers synchronization mechanism. However, Mastodon's current implementation would exclude such accounts from followers list. Also adds tests and rename them to reflect the proper method names. * Move url prefix regexp to its own constant
- populate the database with some data when testing migrations - try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
* Fix error-prone SQL queries in Account search While this code seems to not present an actual vulnerability, one could easily be introduced by mistake due to how the query is built. This PR parameterises the `to_tsquery` input to make the query more robust. * Harden code for Status#tagged_with_all and Status#tagged_with_none Those two scopes aren't used in a way that could be vulnerable to an SQL injection, but keeping them unchanged might be a hazard. * Remove unneeded spaces surrounding tsquery term * Please CodeClimate * Move advanced_search_for SQL template to its own function This avoids one level of indentation while making clearer that the SQL template isn't build from all the dynamic parameters of advanced_search_for. * Add tests covering tagged_with, tagged_with_all and tagged_with_none * Rewrite tagged_with_none to avoid multiple joins and make it more robust * Remove obsolete brakeman warnings * Revert "Remove unneeded spaces surrounding tsquery term" The two queries are not strictly equivalent. This reverts commit 86f16c5.
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.