From f0b525ccd8e9093aef2eee320267340f3f23213b Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 10 Mar 2025 15:27:43 +0100 Subject: [PATCH 1/8] Fix Stoplight errors when using `REDIS_NAMESPACE` (#34126) --- lib/redis/namespace_extensions.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/redis/namespace_extensions.rb b/lib/redis/namespace_extensions.rb index 9af59c296e..2be738b04d 100644 --- a/lib/redis/namespace_extensions.rb +++ b/lib/redis/namespace_extensions.rb @@ -5,6 +5,10 @@ class Redis def exists?(...) call_with_namespace('exists?', ...) end + + def with + yield self + end end end From d2962a525636ae20a425b7813f240319cf494538 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 11 Mar 2025 09:41:25 +0100 Subject: [PATCH 2/8] chore(deps): update dependency rack to v2.2.13 [security] (#34135) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7c92629114..a51775b48a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -597,7 +597,7 @@ GEM activesupport (>= 3.0.0) raabro (1.4.0) racc (1.8.1) - rack (2.2.11) + rack (2.2.13) rack-attack (6.7.0) rack (>= 1.0, < 4) rack-cors (2.0.2) From f045fba749e5c05a8a37f29c6c4e9e71129c4fd4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 09:38:44 +0100 Subject: [PATCH 3/8] Update dependency omniauth-saml to v2.2.3 [SECURITY] (#34156) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a51775b48a..dbb677cf8a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -444,9 +444,9 @@ GEM omniauth-rails_csrf_protection (1.0.2) actionpack (>= 4.2) omniauth (~> 2.0) - omniauth-saml (2.2.1) + omniauth-saml (2.2.3) omniauth (~> 2.1) - ruby-saml (~> 1.17) + ruby-saml (~> 1.18) omniauth_openid_connect (0.6.1) omniauth (>= 1.9, < 3) openid_connect (~> 1.1) @@ -745,7 +745,7 @@ GEM rubocop-rspec (~> 3, >= 3.0.1) ruby-prof (1.7.1) ruby-progressbar (1.13.0) - ruby-saml (1.17.0) + ruby-saml (1.18.0) nokogiri (>= 1.13.10) rexml ruby-vips (2.2.3) From 8445fa183d931da9e4e7940d74128d81629af577 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 13 Mar 2025 15:27:20 +0100 Subject: [PATCH 4/8] Bump version to v4.3.6 (#34167) --- CHANGELOG.md | 59 +++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 6 ++--- lib/mastodon/version.rb | 4 +-- 3 files changed, 64 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ef6a87ebb9..c7b0f64146 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,65 @@ All notable changes to this project will be documented in this file. +## [4.3.6] - 2025-03-13 + +### Security + +- Update dependency `omniauth-saml` +- Update dependency `rack` + +### Fixed + +- Fix Stoplight errors when using `REDIS_NAMESPACE` (#34126 by @ClearlyClaire) + +## [4.3.5] - 2025-03-10 + +### Changed + +- Change hashtag suggestion to prefer personal history capitalization (#34070 by @ClearlyClaire) + +### Fixed + +- Fix processing errors for some HEIF images from iOS 18 (#34086 by @renchap) +- Fix streaming server not filtering unknown-language posts from public timelines (#33774 by @ClearlyClaire) +- Fix preview cards under Content Warnings not being shown in detailed statuses (#34068 by @ClearlyClaire) +- Fix username and display name being hidden on narrow screens in moderation interface (#33064 by @ClearlyClaire) + +## [4.3.4] - 2025-02-27 + +### Security + +- Update dependencies +- Change HTML sanitization to remove unusable and unused `embed` tag (#34021 by @ClearlyClaire, [GHSA-mq2m-hr29-8gqf](https://github.com/mastodon/mastodon/security/advisories/GHSA-mq2m-hr29-8gqf)) +- Fix rate-limit on sign-up email verification ([GHSA-v39f-c9jj-8w7h](https://github.com/mastodon/mastodon/security/advisories/GHSA-v39f-c9jj-8w7h)) +- Fix improper disclosure of domain blocks to unverified users ([GHSA-94h4-fj37-c825](https://github.com/mastodon/mastodon/security/advisories/GHSA-94h4-fj37-c825)) + +### Changed + +- Change preview cards to be shown when Content Warnings are expanded (#33827 by @ClearlyClaire) +- Change warnings against changing encryption secrets to be even more noticeable (#33631 by @ClearlyClaire) +- Change `mastodon:setup` to prevent overwriting already-configured servers (#33603, #33616, and #33684 by @ClearlyClaire and @mjankowski) +- Change notifications from moderators to not be filtered (#32974 and #33654 by @ClearlyClaire and @mjankowski) + +### Fixed + +- Fix `GET /api/v2/notifications/:id` and `POST /api/v2/notifications/:id/dismiss` for ungrouped notifications (#33990 by @ClearlyClaire) +- Fix issue with some versions of libvips on some systems (#33853 by @kleisauke) +- Fix handling of duplicate mentions in incoming status `Update` (#33911 by @ClearlyClaire) +- Fix inefficiencies in timeline generation (#33839 and #33842 by @ClearlyClaire) +- Fix emoji rewrite adding unnecessary curft to the DOM for most emoji (#33818 by @ClearlyClaire) +- Fix `tootctl feeds build` not building list timelines (#33783 by @ClearlyClaire) +- Fix flaky test in `/api/v2/notifications` tests (#33773 by @ClearlyClaire) +- Fix incorrect signature after HTTP redirect (#33757 and #33769 by @ClearlyClaire) +- Fix polls not being validated on edition (#33755 by @ClearlyClaire) +- Fix media preview height in compose form when 3 or more images are attached (#33571 by @ClearlyClaire) +- Fix preview card sizing in “Author attribution” in profile settings (#33482 by @ClearlyClaire) +- Fix processing of incoming notifications for unfilterable types (#33429 by @ClearlyClaire) +- Fix featured tags for remote accounts not being kept up to date (#33372, #33406, and #33425 by @ClearlyClaire and @mjankowski) +- Fix notification polling showing a loading bar in web UI (#32960 by @Gargron) +- Fix accounts table long display name (#29316 by @WebCoder49) +- Fix exclusive lists interfering with notifications (#28162 by @ShadowJonathan) + ## [4.3.3] - 2025-01-16 ### Security diff --git a/docker-compose.yml b/docker-compose.yml index 7281ef595c..56c734318e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -59,7 +59,7 @@ services: web: # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes build: . - image: kmyblue:17.2 + image: kmyblue:17.3 restart: always env_file: .env.production command: bundle exec puma -C config/puma.rb @@ -83,7 +83,7 @@ services: build: dockerfile: ./streaming/Dockerfile context: . - image: kmyblue-streaming:17.2 + image: kmyblue-streaming:17.3 restart: always env_file: .env.production command: node ./streaming/index.js @@ -101,7 +101,7 @@ services: sidekiq: build: . - image: kmyblue:17.2 + image: kmyblue:17.3 restart: always env_file: .env.production command: bundle exec sidekiq diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb index dd6571b5c9..d523a1ef84 100644 --- a/lib/mastodon/version.rb +++ b/lib/mastodon/version.rb @@ -13,7 +13,7 @@ module Mastodon end def kmyblue_minor - 2 + 3 end def kmyblue_flag @@ -35,7 +35,7 @@ module Mastodon end def default_prerelease - 'alpha.2' + 'alpha.4' end def prerelease From 8bd585a0facbafdfe554ff03009133fd57254a6b Mon Sep 17 00:00:00 2001 From: KMY Date: Fri, 14 Mar 2025 08:28:19 +0900 Subject: [PATCH 5/8] Fix bundler-audit --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index dbb677cf8a..c11a970bc2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -845,7 +845,7 @@ GEM unf_ext unf_ext (0.0.9.1) unicode-display_width (2.6.0) - uri (1.0.2) + uri (1.0.3) useragent (0.16.11) validate_email (0.1.6) activemodel (>= 3.0) From 4dd07dfa1651c61abee2b27785c8cbaa882a1fda Mon Sep 17 00:00:00 2001 From: KMY Date: Fri, 14 Mar 2025 09:15:46 +0900 Subject: [PATCH 6/8] Fix test --- spec/system/report_interface_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/system/report_interface_spec.rb b/spec/system/report_interface_spec.rb index 6a90aa5bc6..1c61774594 100644 --- a/spec/system/report_interface_spec.rb +++ b/spec/system/report_interface_spec.rb @@ -18,6 +18,7 @@ RSpec.describe 'report interface', :attachment_processing, :js, :streaming do before do as_a_logged_in_admin visit admin_report_path(report) + page.driver.browser.manage.window.resize_to(1600, 1050) end it 'displays the report interface, including the javascript bits' do From 4c49ac2a074467e657e417e35e45e1cfee8942e5 Mon Sep 17 00:00:00 2001 From: KMY Date: Fri, 14 Mar 2025 09:32:35 +0900 Subject: [PATCH 7/8] Test --- lib/redis/namespace_extensions.rb | 4 ---- spec/system/report_interface_spec.rb | 1 - 2 files changed, 5 deletions(-) diff --git a/lib/redis/namespace_extensions.rb b/lib/redis/namespace_extensions.rb index 2be738b04d..9af59c296e 100644 --- a/lib/redis/namespace_extensions.rb +++ b/lib/redis/namespace_extensions.rb @@ -5,10 +5,6 @@ class Redis def exists?(...) call_with_namespace('exists?', ...) end - - def with - yield self - end end end diff --git a/spec/system/report_interface_spec.rb b/spec/system/report_interface_spec.rb index 1c61774594..6a90aa5bc6 100644 --- a/spec/system/report_interface_spec.rb +++ b/spec/system/report_interface_spec.rb @@ -18,7 +18,6 @@ RSpec.describe 'report interface', :attachment_processing, :js, :streaming do before do as_a_logged_in_admin visit admin_report_path(report) - page.driver.browser.manage.window.resize_to(1600, 1050) end it 'displays the report interface, including the javascript bits' do From 4a5bf16e73f43fd67d3b8e297b909389e426da17 Mon Sep 17 00:00:00 2001 From: KMY Date: Fri, 14 Mar 2025 09:37:59 +0900 Subject: [PATCH 8/8] Test --- lib/redis/namespace_extensions.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/redis/namespace_extensions.rb b/lib/redis/namespace_extensions.rb index 9af59c296e..2be738b04d 100644 --- a/lib/redis/namespace_extensions.rb +++ b/lib/redis/namespace_extensions.rb @@ -5,6 +5,10 @@ class Redis def exists?(...) call_with_namespace('exists?', ...) end + + def with + yield self + end end end