From 73ecc4de6e63301f30092feaf26d0878520ccc09 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Sep 2023 16:26:51 +0200 Subject: [PATCH 1/5] New Crowdin Translations (automated) (#26978) Co-authored-by: GitHub Actions --- app/javascript/mastodon/locales/bn.json | 47 +++++++++++++++---------- app/javascript/mastodon/locales/sq.json | 2 ++ config/locales/doorkeeper.sq.yml | 2 ++ config/locales/sq.yml | 10 ++++++ 4 files changed, 42 insertions(+), 19 deletions(-) diff --git a/app/javascript/mastodon/locales/bn.json b/app/javascript/mastodon/locales/bn.json index 5d8d02fa4cc220..4b055f53a410f4 100644 --- a/app/javascript/mastodon/locales/bn.json +++ b/app/javascript/mastodon/locales/bn.json @@ -4,11 +4,11 @@ "about.disclaimer": "ম্যাস্টোডন একটি ফ্রি, ওপেন সোর্স সফটওয়্যার এবং ম্যাস্টোডন জিজিএমবিএইচ এর একটি ট্রেডমার্ক।", "about.domain_blocks.no_reason_available": "কারণ দর্শানো যাচ্ছে না", "about.domain_blocks.preamble": "ম্যাস্টোডন সাধারণত আপনাকে ফেদিভার্স এ অন্য কোনও সার্ভারের ব্যবহারকারীদের থেকে সামগ্রী দেখতে এবং তাদের সাথে আলাপচারিতা করার সুযোগ দেয়। এই ব্যতিক্রম যে এই বিশেষ সার্ভারে তৈরি করা হয়েছে।", - "about.domain_blocks.silenced.explanation": "আপনি সাধারণত এই সার্ভার থেকে প্রোফাইল এবং বিষয়বস্তু দেখতে পারবেন না, যদি না আপনি স্পষ্টভাবে এটি দেখেন বা অনুসরণ করে এটি নির্বাচন করেন৷", + "about.domain_blocks.silenced.explanation": "আপনি সাধারণত এই সার্ভার থেকে প্রোফাইল এবং বিষয়বস্তু দেখতে পারবেন না, যদি না আপনি নিজে থেকেই এটাকে ফলো না করেন.", "about.domain_blocks.silenced.title": "সীমিত", "about.domain_blocks.suspended.explanation": "এই সার্ভার থেকে কোনও ডেটা প্রক্রিয়াজাতকরণ, সংরক্ষণ বা আদান-প্রদান করা হবে না, তাই এই সার্ভার ব্যবহারকারীদের সাথে কোনও মিথস্ক্রিয়া বা যোগাযোগকে অসম্ভব করে তুলেছে।", "about.domain_blocks.suspended.title": "সাসপেন্ড করা হয়েছে", - "about.not_available": "এই তথ্য এই সার্ভারে উপলব্ধ করা হয়নি।", + "about.not_available": "এই তথ্য এই সার্ভারে উন্মুক্ত করা হয়নি.", "about.powered_by": "{mastodon} দ্বারা তৈরি বিকেন্দ্রীভূত সামাজিক মিডিয়া।", "about.rules": "সার্ভারের নিয়মাবলী", "account.account_note_header": "বিজ্ঞপ্তি", @@ -16,45 +16,45 @@ "account.badges.bot": "বট", "account.badges.group": "দল", "account.block": "@{name} কে ব্লক করো", - "account.block_domain": "{domain} থেকে সব লুকাও", - "account.block_short": "অবরোধ", + "account.block_domain": "{domain} কে ব্লক করুন", + "account.block_short": "ব্লক", "account.blocked": "অবরুদ্ধ", "account.browse_more_on_origin_server": "মূল প্রোফাইলটিতে আরও ব্রাউজ করুন", "account.cancel_follow_request": "অনুসরণ অনুরোধ প্রত্যাহার করুন", "account.direct": "গোপনে মেনশন করুন @{name}", "account.disable_notifications": "আমাকে জানানো বন্ধ করো যখন @{name} পোস্ট করবে", - "account.domain_blocked": "ডোমেন গোপন করুন", - "account.edit_profile": "প্রোফাইল পরিবর্তন করুন", + "account.domain_blocked": "ডোমেইন ব্লক করা", + "account.edit_profile": "প্রোফাইল সম্পাদনা করুন", "account.enable_notifications": "আমাকে জানাবে যখন @{name} পোস্ট করবে", - "account.endorse": "নিজের পাতায় দেখান", + "account.endorse": "প্রোফাইলে ফিচার করুন", "account.featured_tags.last_status_at": "{date} এ সর্বশেষ পোস্ট", "account.featured_tags.last_status_never": "কোনো পোস্ট নেই", - "account.featured_tags.title": "{name}-এর বৈশিষ্ট্যযুক্ত হ্যাশট্যাগগুলি৷", + "account.featured_tags.title": "{name} এর ফিচার করা Hashtag সমূহ", "account.follow": "অনুসরণ", "account.followers": "অনুসরণকারী", - "account.followers.empty": "এই ব্যক্তিকে এখনো কেউ অনুসরণ করে না।", + "account.followers.empty": "এই ব্যক্তিকে এখনো কেউ অনুসরণ করে না.", "account.followers_counter": "{count, plural,one {{counter} জন অনুসরণকারী } other {{counter} জন অনুসরণকারী}}", "account.following": "অনুসরণ করা হচ্ছে", "account.following_counter": "{count, plural,one {{counter} জনকে অনুসরণ} other {{counter} জনকে অনুসরণ}}", - "account.follows.empty": "এই সদস্য কাওকে এখনো অনুসরণ করেন না.", - "account.follows_you": "তোমাকে অনুসরণ করে", + "account.follows.empty": "এই সদস্য কাউকে এখনো ফলো করেন না.", + "account.follows_you": "আপনাকে ফলো করে", "account.go_to_profile": "প্রোফাইলে যান", "account.hide_reblogs": "@{name}'র সমর্থনগুলি লুকিয়ে ফেলুন", - "account.in_memoriam": "স্মৃতিসৌধে।", + "account.in_memoriam": "স্মৃতিতে.", "account.joined_short": "যোগ দিয়েছেন", "account.languages": "সাবস্ক্রাইব করা ভাষা পরিবর্তন করুন", "account.link_verified_on": "এই লিংকের মালিকানা চেক করা হয়েছে {date} তারিখে", - "account.locked_info": "এই নিবন্ধনের গোপনীয়তার ক্ষেত্র তালা দেওয়া আছে। নিবন্ধনকারী অনুসরণ করার অনুমতি যাদেরকে দেবেন, শুধু তারাই অনুসরণ করতে পারবেন।", + "account.locked_info": "এই একাউন্ট লক করা। উনি যাদেরকে ফলো করার অনুমতি যাদেরকে দেবেন, শুধু তারাই ফলো করতে পারবেন.", "account.media": "মিডিয়া", - "account.mention": "@{name} কে উল্লেখ করুন", + "account.mention": "@{name} কে মেনশন করুন", "account.moved_to": "{name} নির্দেশ করেছে যে তাদের নতুন অ্যাকাউন্ট এখন হলো:", "account.mute": "@{name} কে নিঃশব্দ করুন", - "account.mute_notifications_short": "বিজ্ঞপ্তি নিংশব্দ", - "account.mute_short": "নিঃশব্দ", - "account.muted": "নিঃশব্দ", - "account.no_bio": "কোনো বর্ণনা দেওয়া হয়নি।", + "account.mute_notifications_short": "নোটিফিকেশন মিউট করুন", + "account.mute_short": "মিউট করুন", + "account.muted": "মিউট করা", + "account.no_bio": "কোনো বর্ণনা দেওয়া হয়নি.", "account.open_original_page": "মূল পৃষ্ঠা খুলুন", - "account.posts": "টুট", + "account.posts": "পোষ্টসমূহ", "account.posts_with_replies": "টুট এবং মতামত", "account.report": "@{name} কে রিপোর্ট করুন", "account.requested": "অনুমতির অপেক্ষা। অনুসরণ করার অনুরোধ বাতিল করতে এখানে ক্লিক করুন", @@ -76,6 +76,9 @@ "admin.dashboard.retention.average": "গড়", "admin.dashboard.retention.cohort": "সাইন আপের মাস", "admin.dashboard.retention.cohort_size": "নতুন ব্যবহারকারী", + "admin.impact_report.instance_accounts": "যেসব একাউন্ট এর প্রোফাইল এটি ডিলিট করবে", + "admin.impact_report.instance_followers": "যেসব ফলোয়ারদের আমাদের ইউজাররা হারাবে", + "admin.impact_report.instance_follows": "যেসব ফলোয়ারদের তাদের ইউজার হারাবে", "alert.rate_limited.message": "{retry_time, time, medium} -এর পরে আবার প্রচেষ্টা করুন।", "alert.rate_limited.title": "হার সীমিত", "alert.unexpected.message": "সমস্যা অপ্রত্যাশিত.", @@ -131,7 +134,9 @@ "community.column_settings.remote_only": "শুধুমাত্র দূরবর্তী", "compose.language.change": "ভাষা পরিবর্তন করুন", "compose.language.search": "ভাষা অনুসন্ধান করুন...", + "compose.published.body": "পোষ্ট publish করা হয়েছে.", "compose.published.open": "দেখো", + "compose.saved.body": "পোস্ট সংরক্ষণ করা হয়েছে.", "compose_form.direct_message_warning_learn_more": "আরো জানুন", "compose_form.encryption_warning": "Posts on Mastodon are not end-to-end encrypted. Do not share any dangerous information over Mastodon.", "compose_form.hashtag_warning": "এই পোস্টটি কোনো হ্যাশট্যাগের বিষয় নয় কারণ এটি সর্বজনীনভাবে উপলব্ধ নয়। শুধুমাত্র জনসাধারণের কাছে পোস্ট করা বার্তাই হ্যাশট্যাগ দ্বারা অনুসন্ধান করা যেতে পারে।", @@ -165,9 +170,11 @@ "confirmations.delete_list.confirm": "মুছে ফেলুন", "confirmations.delete_list.message": "আপনি কি নিশ্চিত যে আপনি এই তালিকাটি স্থায়িভাবে মুছে ফেলতে চান ?", "confirmations.discard_edit_media.confirm": "বাতিল করো", + "confirmations.discard_edit_media.message": "মিডিয়া Description বা Preview তে আপনার আপনার অসংরক্ষিত পরিবর্তন আছে, সেগুলো বাতিল করবেন?", "confirmations.domain_block.confirm": "এই ডোমেন থেকে সব লুকান", "confirmations.domain_block.message": "আপনি কি সত্যিই সত্যই নিশ্চিত যে আপনি পুরো {domain}'টি ব্লক করতে চান? বেশিরভাগ ক্ষেত্রে কয়েকটি লক্ষ্যযুক্ত ব্লক বা নীরবতা যথেষ্ট এবং পছন্দসই। আপনি কোনও পাবলিক টাইমলাইন বা আপনার বিজ্ঞপ্তিগুলিতে সেই ডোমেন থেকে সামগ্রী দেখতে পাবেন না। সেই ডোমেন থেকে আপনার অনুসরণকারীদের সরানো হবে।", "confirmations.edit.confirm": "সম্পাদন", + "confirmations.edit.message": "এখন সম্পাদনা করলে আপনি যে মেসেজ লিখছেন তা overwrite করবে, চালিয়ে যেতে চান?", "confirmations.logout.confirm": "প্রস্থান", "confirmations.logout.message": "আপনি লগ আউট করতে চান?", "confirmations.mute.confirm": "সরিয়ে ফেলুন", @@ -187,6 +194,8 @@ "directory.local": "শুধু {domain} থেকে", "directory.new_arrivals": "নতুন আগত", "directory.recently_active": "সম্প্রতি সক্রিয়", + "disabled_account_banner.account_settings": "একাউন্ট সেটিংস", + "disabled_account_banner.text": "আপনার একাউন্ট {disabledAccount} বর্তমানে বন্ধ করা.", "dismissable_banner.dismiss": "সরাও", "dismissable_banner.explore_links": "These news stories are being talked about by people on this and other servers of the decentralized network right now.", "dismissable_banner.explore_tags": "These hashtags are gaining traction among people on this and other servers of the decentralized network right now.", diff --git a/app/javascript/mastodon/locales/sq.json b/app/javascript/mastodon/locales/sq.json index b8401805dd02d1..2e908fdc5ba5ca 100644 --- a/app/javascript/mastodon/locales/sq.json +++ b/app/javascript/mastodon/locales/sq.json @@ -341,6 +341,7 @@ "keyboard_shortcuts.direct": "që të hapni shtyllën e përmendjeve private", "keyboard_shortcuts.down": "Për zbritje poshtë nëpër listë", "keyboard_shortcuts.enter": "Për hapje postimi", + "keyboard_shortcuts.favourite": "I vini shenjë postimit si të parapëlqyer", "keyboard_shortcuts.favourites": "Hapni listë të parapëlqyerish", "keyboard_shortcuts.federated": "Për hapje rrjedhe kohore të të federuarave", "keyboard_shortcuts.heading": "Shkurtore tastiere", @@ -629,6 +630,7 @@ "status.edited": "Përpunuar më {date}", "status.edited_x_times": "Përpunuar {count, plural, one {{count} herë} other {{count} herë}}", "status.embed": "Trupëzim", + "status.favourite": "I vini shenjë si të parapëlqyer", "status.filter": "Filtroje këtë postim", "status.filtered": "I filtruar", "status.hide": "Fshihe postimin", diff --git a/config/locales/doorkeeper.sq.yml b/config/locales/doorkeeper.sq.yml index af6d6977da5f2b..308a5429a6da88 100644 --- a/config/locales/doorkeeper.sq.yml +++ b/config/locales/doorkeeper.sq.yml @@ -127,6 +127,7 @@ sq: bookmarks: Faqerojtës conversations: Biseda crypto: Fshehtëzim skaj-më-skaj + favourites: Të parapëlqyer filters: Filtra follow: Ndjekje, Heshtime dhe Bllokime follows: Ndjekje @@ -183,6 +184,7 @@ sq: write:blocks: të bllokojë llogari dhe përkatësi write:bookmarks: të faqeruajë gjendje write:conversations: heshtoni dhe fshini biseda + write:favourites: postime të parapëlqyer write:filters: të krijojë filtra write:follows: të ndjekë persona write:lists: të krijojë lista diff --git a/config/locales/sq.yml b/config/locales/sq.yml index c7990812c8ccd4..6cdfa268dbb27e 100644 --- a/config/locales/sq.yml +++ b/config/locales/sq.yml @@ -829,10 +829,18 @@ sq: system_checks: database_schema_check: message_html: Ka migrime bazash të dhënash pezull. Ju lutemi, kryejini, për të qenë të sigurt se aplikacioni sillet siç priteet + elasticsearch_health_red: + message_html: Grupi juaj i instancave Elasticsearch s’është i shëndetshëm (gjendje e verdhë), s’mund të përdoren veçoritë e kërkimit + elasticsearch_health_yellow: + message_html: Grupi juaj i instancave Elasticsearch s’është i shëndetshëm (gjendje e verdhë), mund të doni të hetoni shkakun + elasticsearch_index_mismatch: + message_html: Përshoqërimet e treguesit të Elasticsearch-it janë të vjetruara. Ju lutemi, xhironi tootctl search deploy --only=%{value} elasticsearch_preset: action: Shihni documentimin + message_html: Grupi i instancave tuaja Elasticsearch ka më shumë se një nyjë, por Mastodon-i s’është formësuar t’i përdorë ato. elasticsearch_preset_single_node: action: Shihni documentimin + message_html: Grupi i instancave tuaja Elasticsearch ka vetëm një nyjë, ES_PRESET i duhet dhënë vlera single_node_cluster. elasticsearch_reset_chewy: message_html: Treguesi juaj i sistemit Elasticsearch është i vjetruar, për shkak të një ndryshimi rregullimesh. Për ta përditësuar, ju lutemi, xhironi tootctl search deploy --reset-chewy. elasticsearch_running_check: @@ -1375,6 +1383,7 @@ sq: confirmation_html: Jeni i sigurt se doni të shpajtoheni prej marrjes së %{type} për Mastodon në %{domain} te email-i juaj në %{email}? Mundeni përherë të ripajtoheni, që prej rregullimeve tuaja për njoftime me email. emails: notification_emails: + favourite: email-e njoftimesh për të parapëlqyer follow: email-e njoftimi ndjekjesh follow_request: email-e kërkesash për ndjekje mention: email-e njoftimi përmendjesh @@ -1461,6 +1470,7 @@ sq: update: subject: "%{name} përpunoi një postim" notifications: + administration_emails: Njoftime email për përgjegjësin email_events: Akte për njoftim me email email_events_hint: 'Përzgjidhni akte për të cilët doni të merrni njoftime:' other_settings: Rregullimet të tjera njoftimesh From 94893cf24fc95b32cc7a756262acbe008c20a9d2 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 19 Sep 2023 16:52:52 +0200 Subject: [PATCH 2/5] Merge pull request from GHSA-hcqf-fw2r-52g4 * Revert "Fix request URL normalisation for bare domain and 8-bit characters (#26285)" This reverts commit 8891d8945d837f0da16a3a5aa2dc9783e39b0acd. * Revert "Do not normalize URL before fetching it (#26219)" This reverts commit fd284311e79854d6bc2901a9d9363ba9e7e00513. --- app/lib/request.rb | 23 +-- .../concerns/signature_verification_spec.rb | 33 +--- spec/lib/request_spec.rb | 150 +----------------- 3 files changed, 4 insertions(+), 202 deletions(-) diff --git a/app/lib/request.rb b/app/lib/request.rb index fa0e3472f67821..5f128af734c1e9 100644 --- a/app/lib/request.rb +++ b/app/lib/request.rb @@ -68,26 +68,13 @@ class Request # about 15s in total TIMEOUT = { connect_timeout: 5, read_timeout: 10, write_timeout: 10, read_deadline: 30 }.freeze - # Workaround for overly-eager decoding of percent-encoded characters in Addressable::URI#normalized_path - # https://github.com/sporkmonger/addressable/issues/366 - URI_NORMALIZER = lambda do |uri| - uri = HTTP::URI.parse(uri) - - HTTP::URI.new( - scheme: uri.normalized_scheme, - authority: uri.normalized_authority, - path: Addressable::URI.normalize_path(encode_non_ascii(uri.path)).presence || '/', - query: encode_non_ascii(uri.query) - ) - end - include RoutingHelper def initialize(verb, url, **options) raise ArgumentError if url.blank? @verb = verb - @url = URI_NORMALIZER.call(url) + @url = Addressable::URI.parse(url).normalize @http_client = options.delete(:http_client) @allow_local = options.delete(:allow_local) @options = options.merge(socket_class: use_proxy? || @allow_local ? ProxySocket : Socket) @@ -151,14 +138,8 @@ def valid_url?(url) %w(http https).include?(parsed_url.scheme) && parsed_url.host.present? end - NON_ASCII_PATTERN = /[^\x00-\x7F]+/ - - def encode_non_ascii(str) - str&.gsub(NON_ASCII_PATTERN) { |substr| CGI.escape(substr.encode(Encoding::UTF_8)) } - end - def http_client - HTTP.use(:auto_inflate).use(normalize_uri: { normalizer: URI_NORMALIZER }).follow(max_hops: 3) + HTTP.use(:auto_inflate).follow(max_hops: 3) end end diff --git a/spec/controllers/concerns/signature_verification_spec.rb b/spec/controllers/concerns/signature_verification_spec.rb index f8e44845d7b702..650cd21eaf5e8f 100644 --- a/spec/controllers/concerns/signature_verification_spec.rb +++ b/spec/controllers/concerns/signature_verification_spec.rb @@ -129,37 +129,6 @@ def signature_required end end - context 'with non-normalized URL' do - before do - get :success - - fake_request = Request.new(:get, 'http://test.host/subdir/../success') - fake_request.on_behalf_of(author) - - request.headers.merge!(fake_request.headers) - - allow(controller).to receive(:actor_refresh_key!).and_return(author) - end - - describe '#build_signed_string' do - it 'includes the normalized request path' do - expect(controller.send(:build_signed_string)).to start_with "(request-target): get /success\n" - end - end - - describe '#signed_request?' do - it 'returns true' do - expect(controller.signed_request?).to be true - end - end - - describe '#signed_request_actor' do - it 'returns an account' do - expect(controller.signed_request_account).to eq author - end - end - end - context 'with request with unparsable Date header' do before do get :success @@ -233,7 +202,7 @@ def signature_required request.headers.merge!(fake_request.headers) - stub_request(:get, 'http://localhost:5000/actor').to_raise(Mastodon::HostValidationError) + stub_request(:get, 'http://localhost:5000/actor#main-key').to_raise(Mastodon::HostValidationError) end describe '#signed_request?' do diff --git a/spec/lib/request_spec.rb b/spec/lib/request_spec.rb index 8ccfcacef24bf3..f0861376b99da8 100644 --- a/spec/lib/request_spec.rb +++ b/spec/lib/request_spec.rb @@ -4,9 +4,7 @@ require 'securerandom' describe Request do - subject { described_class.new(:get, url) } - - let(:url) { 'http://example.com' } + subject { described_class.new(:get, 'http://example.com') } describe '#headers' do it 'returns user agent' do @@ -94,152 +92,6 @@ expect { subject.perform }.to raise_error Mastodon::ValidationError end end - - context 'with bare domain URL' do - let(:url) { 'http://example.com' } - - before do - stub_request(:get, 'http://example.com') - end - - it 'normalizes path' do - subject.perform do |response| - expect(response.request.uri.path).to eq '/' - end - end - - it 'normalizes path used for request signing' do - subject.perform - - headers = subject.instance_variable_get(:@headers) - expect(headers[Request::REQUEST_TARGET]).to eq 'get /' - end - - it 'normalizes path used in request line' do - subject.perform do |response| - expect(response.request.headline).to eq 'GET / HTTP/1.1' - end - end - end - - context 'with unnormalized URL' do - let(:url) { 'HTTP://EXAMPLE.com:80/foo%41%3A?bar=%41%3A#baz' } - - before do - stub_request(:get, 'http://example.com/foo%41%3A?bar=%41%3A') - end - - it 'normalizes scheme' do - subject.perform do |response| - expect(response.request.uri.scheme).to eq 'http' - end - end - - it 'normalizes host' do - subject.perform do |response| - expect(response.request.uri.authority).to eq 'example.com' - end - end - - it 'does not modify path' do - subject.perform do |response| - expect(response.request.uri.path).to eq '/foo%41%3A' - end - end - - it 'does not modify query string' do - subject.perform do |response| - expect(response.request.uri.query).to eq 'bar=%41%3A' - end - end - - it 'does not modify path used for request signing' do - subject.perform - - headers = subject.instance_variable_get(:@headers) - expect(headers[Request::REQUEST_TARGET]).to eq 'get /foo%41%3A' - end - - it 'does not modify path used in request line' do - subject.perform do |response| - expect(response.request.headline).to eq 'GET /foo%41%3A?bar=%41%3A HTTP/1.1' - end - end - - it 'strips fragment' do - subject.perform do |response| - expect(response.request.uri.fragment).to be_nil - end - end - end - - context 'with non-ASCII URL' do - let(:url) { 'http://éxample.com:81/föo?bär=1' } - - before do - stub_request(:get, 'http://xn--xample-9ua.com:81/f%C3%B6o?b%C3%A4r=1') - end - - it 'IDN-encodes host' do - subject.perform do |response| - expect(response.request.uri.authority).to eq 'xn--xample-9ua.com:81' - end - end - - it 'IDN-encodes host in Host header' do - subject.perform do |response| - expect(response.request.headers['Host']).to eq 'xn--xample-9ua.com' - end - end - - it 'percent-escapes path used for request signing' do - subject.perform - - headers = subject.instance_variable_get(:@headers) - expect(headers[Request::REQUEST_TARGET]).to eq 'get /f%C3%B6o' - end - - it 'normalizes path used in request line' do - subject.perform do |response| - expect(response.request.headline).to eq 'GET /f%C3%B6o?b%C3%A4r=1 HTTP/1.1' - end - end - end - - context 'with redirecting URL' do - let(:url) { 'http://example.com/foo' } - - before do - stub_request(:get, 'http://example.com/foo').to_return(status: 302, headers: { 'Location' => 'HTTPS://EXAMPLE.net/Bar' }) - stub_request(:get, 'https://example.net/Bar').to_return(body: 'Lorem ipsum') - end - - it 'resolves redirect' do - subject.perform do |response| - expect(response.body.to_s).to eq 'Lorem ipsum' - end - - expect(a_request(:get, 'https://example.net/Bar')).to have_been_made - end - - it 'normalizes destination scheme' do - subject.perform do |response| - expect(response.request.uri.scheme).to eq 'https' - end - end - - it 'normalizes destination host' do - subject.perform do |response| - expect(response.request.uri.authority).to eq 'example.net' - end - end - - it 'does modify path' do - subject.perform do |response| - expect(response.request.uri.path).to eq '/Bar' - end - end - end end describe "response's body_with_limit method" do From ff32475f5f4a84ebf9619e7eef5bf8b4c075d0e2 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 19 Sep 2023 16:53:21 +0200 Subject: [PATCH 3/5] Merge pull request from GHSA-2693-xr3m-jhqr --- app/services/translate_status_service.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/services/translate_status_service.rb b/app/services/translate_status_service.rb index c2b40433ed6f12..9ad146ae7d3da8 100644 --- a/app/services/translate_status_service.rb +++ b/app/services/translate_status_service.rb @@ -75,7 +75,9 @@ def build_status_translation(translations) case source when :content - status_translation.content = unwrap_emoji_shortcodes(translation.text).to_html + node = unwrap_emoji_shortcodes(translation.text) + Sanitize.node!(node, Sanitize::Config::MASTODON_STRICT) + status_translation.content = node.to_html when :spoiler_text status_translation.spoiler_text = unwrap_emoji_shortcodes(translation.text).content when Poll::Option From eeab3560fc0516070b3fb97e089b15ecab1938c8 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 19 Sep 2023 16:53:58 +0200 Subject: [PATCH 4/5] Merge pull request from GHSA-v3xf-c9qf-j667 --- app/lib/tag_manager.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/lib/tag_manager.rb b/app/lib/tag_manager.rb index f1b61ff4fd6a12..c1bd2973ed12bf 100644 --- a/app/lib/tag_manager.rb +++ b/app/lib/tag_manager.rb @@ -7,18 +7,18 @@ class TagManager include RoutingHelper def web_domain?(domain) - domain.nil? || domain.delete('/').casecmp(Rails.configuration.x.web_domain).zero? + domain.nil? || domain.delete_suffix('/').casecmp(Rails.configuration.x.web_domain).zero? end def local_domain?(domain) - domain.nil? || domain.delete('/').casecmp(Rails.configuration.x.local_domain).zero? + domain.nil? || domain.delete_suffix('/').casecmp(Rails.configuration.x.local_domain).zero? end def normalize_domain(domain) return if domain.nil? uri = Addressable::URI.new - uri.host = domain.delete('/') + uri.host = domain.delete_suffix('/') uri.normalized_host end From f4b780ba22d0256770766185cee5f8fcc5585c95 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 19 Sep 2023 17:04:23 +0200 Subject: [PATCH 5/5] Bump version to v4.2.0-rc2 (#26974) --- CHANGELOG.md | 53 ++++++++++++++++++++++++++++------------- lib/mastodon/version.rb | 2 +- 2 files changed, 38 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37116f738dfb2a..8e285bfeb013d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ The following changelog entries focus on changes visible to users, administrator ### Added -- **Add full-text search of opted-in public posts and rework search operators** ([Gargron](https://github.com/mastodon/mastodon/pull/26485), [jsgoldstein](https://github.com/mastodon/mastodon/pull/26344), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26657), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26650), [jsgoldstein](https://github.com/mastodon/mastodon/pull/26659), [Gargron](https://github.com/mastodon/mastodon/pull/26660), [Gargron](https://github.com/mastodon/mastodon/pull/26663), [Gargron](https://github.com/mastodon/mastodon/pull/26688), [Gargron](https://github.com/mastodon/mastodon/pull/26689), [Gargron](https://github.com/mastodon/mastodon/pull/26686), [Gargron](https://github.com/mastodon/mastodon/pull/26687), [Gargron](https://github.com/mastodon/mastodon/pull/26692), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26697), [Gargron](https://github.com/mastodon/mastodon/pull/26699), [Gargron](https://github.com/mastodon/mastodon/pull/26701), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26710), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26739), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26754), [Gargron](https://github.com/mastodon/mastodon/pull/26662), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26755), [Gargron](https://github.com/mastodon/mastodon/pull/26781), [Gargron](https://github.com/mastodon/mastodon/pull/26782), [Gargron](https://github.com/mastodon/mastodon/pull/26760), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26756), [Gargron](https://github.com/mastodon/mastodon/pull/26784), [Gargron](https://github.com/mastodon/mastodon/pull/26807), [Gargron](https://github.com/mastodon/mastodon/pull/26835), [Gargron](https://github.com/mastodon/mastodon/pull/26847), [Gargron](https://github.com/mastodon/mastodon/pull/26834), [arbolitoloco1](https://github.com/mastodon/mastodon/pull/26893), [tribela](https://github.com/mastodon/mastodon/pull/26896)) +- **Add full-text search of opted-in public posts and rework search operators** ([Gargron](https://github.com/mastodon/mastodon/pull/26485), [jsgoldstein](https://github.com/mastodon/mastodon/pull/26344), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26657), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26650), [jsgoldstein](https://github.com/mastodon/mastodon/pull/26659), [Gargron](https://github.com/mastodon/mastodon/pull/26660), [Gargron](https://github.com/mastodon/mastodon/pull/26663), [Gargron](https://github.com/mastodon/mastodon/pull/26688), [Gargron](https://github.com/mastodon/mastodon/pull/26689), [Gargron](https://github.com/mastodon/mastodon/pull/26686), [Gargron](https://github.com/mastodon/mastodon/pull/26687), [Gargron](https://github.com/mastodon/mastodon/pull/26692), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26697), [Gargron](https://github.com/mastodon/mastodon/pull/26699), [Gargron](https://github.com/mastodon/mastodon/pull/26701), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26710), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26739), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26754), [Gargron](https://github.com/mastodon/mastodon/pull/26662), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26755), [Gargron](https://github.com/mastodon/mastodon/pull/26781), [Gargron](https://github.com/mastodon/mastodon/pull/26782), [Gargron](https://github.com/mastodon/mastodon/pull/26760), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26756), [Gargron](https://github.com/mastodon/mastodon/pull/26784), [Gargron](https://github.com/mastodon/mastodon/pull/26807), [Gargron](https://github.com/mastodon/mastodon/pull/26835), [Gargron](https://github.com/mastodon/mastodon/pull/26847), [Gargron](https://github.com/mastodon/mastodon/pull/26834), [arbolitoloco1](https://github.com/mastodon/mastodon/pull/26893), [tribela](https://github.com/mastodon/mastodon/pull/26896), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26927), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26959)) This introduces a new `public_statuses` Elasticsearch index for public posts by users who have opted in to their posts being searchable (`toot#indexable` flag). This also revisits the other indexes to provide more useful indexing, and adds new search operators such as `from:me`, `before:2022-11-01`, `after:2022-11-01`, `during:2022-11-01`, `language:fr`, `has:poll`, or `in:library` (for searching only in posts you have written or interacted with). Results are now ordered chronologically. @@ -17,7 +17,7 @@ The following changelog entries focus on changes visible to users, administrator That URL can be changed using the `UPDATE_CHECK_URL` environment variable, and the feature outright disabled by setting that variable to an empty string (`UPDATE_CHECK_URL=`). - **Add “Privacy and reach” tab in profile settings** ([Gargron](https://github.com/mastodon/mastodon/pull/26484), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26508)) This reorganized scattered privacy and reach settings to a single place, as well as improve their wording. -- **Add display of out-of-band hashtags in the web interface** ([Gargron](https://github.com/mastodon/mastodon/pull/26492), [arbolitoloco1](https://github.com/mastodon/mastodon/pull/26497), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26506), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26525), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26606), [Gargron](https://github.com/mastodon/mastodon/pull/26666)) +- **Add display of out-of-band hashtags in the web interface** ([Gargron](https://github.com/mastodon/mastodon/pull/26492), [arbolitoloco1](https://github.com/mastodon/mastodon/pull/26497), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26506), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26525), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26606), [Gargron](https://github.com/mastodon/mastodon/pull/26666), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26960)) - **Add role badges to the web interface** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25649), [Gargron](https://github.com/mastodon/mastodon/pull/26281)) - **Add ability to pick domains to forward reports to using the `forward_to_domains` parameter in `POST /api/v1/reports`** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25866), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26636)) The `forward_to_domains` REST API parameter is a list of strings. If it is empty or omitted, the previous behavior is maintained. @@ -39,7 +39,7 @@ The following changelog entries focus on changes visible to users, administrator - Add admin API for managing tags ([rrgeorge](https://github.com/mastodon/mastodon/pull/26872)) - Add a link to hashtag timelines from the Trending hashtags moderation interface ([gunchleoc](https://github.com/mastodon/mastodon/pull/26724)) - Add timezone to datetimes in e-mails ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26822)) -- Add `authorized_fetch` server setting in addition to env var ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25798)) +- Add `authorized_fetch` server setting in addition to env var ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25798), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26958)) - Add avatar image to webfinger responses ([tvler](https://github.com/mastodon/mastodon/pull/26558)) - Add debug logging on signature verification failure ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26637), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26812)) - Add explicit error messages when DeepL quota is exceeded ([lutoma](https://github.com/mastodon/mastodon/pull/26704)) @@ -66,7 +66,7 @@ The following changelog entries focus on changes visible to users, administrator - Add users index on `unconfirmed_email` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25672), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25702)) - Add superapp index on `oauth_applications` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25670)) - Add index to backups on `user_id` column ([mjankowski](https://github.com/mastodon/mastodon/pull/25647)) -- Add onboarding prompt when home feed too slow in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25267), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25556), [Gargron](https://github.com/mastodon/mastodon/pull/25579), [renchap](https://github.com/mastodon/mastodon/pull/25580), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25581), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25617), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25917), [Gargron](https://github.com/mastodon/mastodon/pull/26829)) +- Add onboarding prompt when home feed too slow in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25267), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25556), [Gargron](https://github.com/mastodon/mastodon/pull/25579), [renchap](https://github.com/mastodon/mastodon/pull/25580), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25581), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25617), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25917), [Gargron](https://github.com/mastodon/mastodon/pull/26829), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26935)) - Add `POST /api/v1/conversations/:id/unread` API endpoint to mark a conversation as unread ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25509)) - Add `translate="no"` to outgoing mentions and links ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25524)) - Add unsubscribe link and headers to e-mails ([Gargron](https://github.com/mastodon/mastodon/pull/25378), [c960657](https://github.com/mastodon/mastodon/pull/26085)) @@ -104,7 +104,7 @@ The following changelog entries focus on changes visible to users, administrator - Add support for streaming server to connect to postgres with self-signed certs through the `sslmode` URL parameter ([ramuuns](https://github.com/mastodon/mastodon/pull/21431)) - Add support for specifying S3 storage classes through the `S3_STORAGE_CLASS` environment variable ([hyl](https://github.com/mastodon/mastodon/pull/22480)) - Add support for incoming rich text ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23913)) -- Add support for Ruby 3.2 ([tenderlove](https://github.com/mastodon/mastodon/pull/22928), [casperisfine](https://github.com/mastodon/mastodon/pull/24142), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24202)) +- Add support for Ruby 3.2 ([tenderlove](https://github.com/mastodon/mastodon/pull/22928), [casperisfine](https://github.com/mastodon/mastodon/pull/24142), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24202), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26934)) - Add API parameter to safeguard unexpected mentions in new posts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18350)) ### Changed @@ -130,14 +130,14 @@ The following changelog entries focus on changes visible to users, administrator - Change DCT method used for JPEG encoding to float ([electroCutie](https://github.com/mastodon/mastodon/pull/26675)) - Change from `node-redis` to `ioredis` for streaming ([gmemstr](https://github.com/mastodon/mastodon/pull/26581)) - Change private statuses index to index without crutches ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26713)) -- Change video compression parameters ([Gargron](https://github.com/mastodon/mastodon/pull/26631), [Gargron](https://github.com/mastodon/mastodon/pull/26745), [Gargron](https://github.com/mastodon/mastodon/pull/26766)) +- Change video compression parameters ([Gargron](https://github.com/mastodon/mastodon/pull/26631), [Gargron](https://github.com/mastodon/mastodon/pull/26745), [Gargron](https://github.com/mastodon/mastodon/pull/26766), [Gargron](https://github.com/mastodon/mastodon/pull/26970)) - Change admin e-mail notification settings to be their own settings group ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26596)) - Change opacity of the delete icon in the search field to be more visible ([AntoninDelFabbro](https://github.com/mastodon/mastodon/pull/26449)) - Change Account Search to prioritize username over display name ([jsgoldstein](https://github.com/mastodon/mastodon/pull/26623)) - Change follow recommendation materialized view to be faster in most cases ([renchap, ClearlyClaire](https://github.com/mastodon/mastodon/pull/26545)) - Change `robots.txt` to block GPTBot ([Foritus](https://github.com/mastodon/mastodon/pull/26396)) - Change header of hashtag timelines in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26362), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26416)) -- Change streaming `/metrics` to include additional metrics ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/26299)) +- Change streaming `/metrics` to include additional metrics ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/26299), [ThisIsMissEm](https://github.com/mastodon/mastodon/pull/26945)) - Change indexing frequency from 5 minutes to 1 minute, add locks to schedulers ([Gargron](https://github.com/mastodon/mastodon/pull/26304)) - Change column link to add a better keyboard focus indicator ([teeerevor](https://github.com/mastodon/mastodon/pull/26278)) - Change poll form element colors to fit with the rest of the ui ([teeerevor](https://github.com/mastodon/mastodon/pull/26139), [teeerevor](https://github.com/mastodon/mastodon/pull/26162), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26164)) @@ -159,7 +159,6 @@ The following changelog entries focus on changes visible to users, administrator - Change wording of “Content cache retention period” setting to highlight destructive implications ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23261)) - Change autolinking to allow carets in URL search params ([renchap](https://github.com/mastodon/mastodon/pull/25216)) - Change share action from being in action bar to being in dropdown in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25105)) -- Change remote report processing to accept reports with long comments, but truncate them ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25028)) - Change sessions to be ordered from most-recent to least-recently updated ([frankieroberto](https://github.com/mastodon/mastodon/pull/25005)) - Change vacuum scheduler to also delete expired tokens and unused application records ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24868), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24871)) - Change "Sign in" to "Login" ([Gargron](https://github.com/mastodon/mastodon/pull/24942)) @@ -213,29 +212,23 @@ The following changelog entries focus on changes visible to users, administrator - **Fix being unable to load past a full page of filtered posts in Home timeline** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24930)) - **Fix log-in flow when involving both OAuth and external authentication** ([CSDUMMI](https://github.com/mastodon/mastodon/pull/24073)) - **Fix broken links in account gallery** ([c960657](https://github.com/mastodon/mastodon/pull/24218)) -- **Fix blocking subdomains of an already-blocked domain** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26392)) - **Fix migration handler not updating lists** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24808)) +- Fix crash when viewing a moderation appeal and the moderator account has been deleted ([xrobau](https://github.com/mastodon/mastodon/pull/25900)) +- Fix error in Web UI when server rules cannot be fetched ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26957)) - Fix paragraph margins resulting in irregular read-more cut-off in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26828)) - Fix notification permissions being requested immediately after login ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26472)) - Fix performances of profile directory ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26840), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26842)) - Fix mute button and volume slider feeling disconnected in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26827), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26860)) - Fix “Scoped order is ignored, it's forced to be batch order.” warnings ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26793)) - Fix blocked domain appearing in account feeds ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26823)) -- Fix moderator rights inconsistencies ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26729)) -- Fix crash when encountering invalid URL ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26814)) - Fix invalid `Content-Type` header for WebP images ([c960657](https://github.com/mastodon/mastodon/pull/26773)) - Fix minor inefficiencies in `tootctl search deploy` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26721)) - Fix filter form in profiles directory overflowing instead of wrapping ([arbolitoloco1](https://github.com/mastodon/mastodon/pull/26682)) -- Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled ([danielmbrasil](https://github.com/mastodon/mastodon/pull/26237)) -- Fix inefficiencies in `PlainTextFormatter` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26727)) - Fix sign up steps progress layout in right-to-left locales ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26728)) - Fix bug with “favorited by” and “reblogged by“ view on posts only showing up to 40 items ([timothyjrogers](https://github.com/mastodon/mastodon/pull/26577), [timothyjrogers](https://github.com/mastodon/mastodon/pull/26574)) - Fix bad search type heuristic ([Gargron](https://github.com/mastodon/mastodon/pull/26673)) - Fix not being able to negate prefix clauses in search ([Gargron](https://github.com/mastodon/mastodon/pull/26672)) - Fix timeout on invalid set of exclusionary parameters in `/api/v1/timelines/public` ([danielmbrasil](https://github.com/mastodon/mastodon/pull/26239)) -- Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough ([yufushiro](https://github.com/mastodon/mastodon/pull/26608)) -- Fix uploading of video files for which `ffprobe` reports `0/0` average framerate ([NicolaiSoeborg](https://github.com/mastodon/mastodon/pull/26500)) -- Fix cached posts including stale stats ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26409)) - Fix adding column with default value taking longer on Postgres >= 11 ([Gargron](https://github.com/mastodon/mastodon/pull/26375)) - Fix light theme select option for hashtags ([teeerevor](https://github.com/mastodon/mastodon/pull/26311)) - Fix AVIF attachments ([c960657](https://github.com/mastodon/mastodon/pull/26264)) @@ -300,6 +293,34 @@ The following changelog entries focus on changes visible to users, administrator - Fix streaming API not being usable without `DATABASE_URL` ([Gargron](https://github.com/mastodon/mastodon/pull/23960)) - Fix external authentication not running onboarding code for new users ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23458)) +## [4.1.8] - 2023-09-19 + +### Fixed + +- Fix post edits not being forwarded as expected ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26936)) +- Fix moderator rights inconsistencies ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26729)) +- Fix crash when encountering invalid URL ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26814)) +- Fix cached posts including stale stats ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26409)) +- Fix uploading of video files for which `ffprobe` reports `0/0` average framerate ([NicolaiSoeborg](https://github.com/mastodon/mastodon/pull/26500)) +- Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough ([yufushiro](https://github.com/mastodon/mastodon/pull/26608)) + +### Security + +- Fix missing HTML sanitization in translation API (CVE-2023-42452) +- Fix incorrect domain name normalization (CVE-2023-42451) + +## [4.1.7] - 2023-09-05 + +### Changed + +- Change remote report processing to accept reports with long comments, but truncate them ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25028)) + +### Fixed + +- **Fix blocking subdomains of an already-blocked domain** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26392)) +- Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled ([danielmbrasil](https://github.com/mastodon/mastodon/pull/26237)) +- Fix inefficiencies in `PlainTextFormatter` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26727)) + ## [4.1.6] - 2023-07-31 ### Fixed diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb index 4ca473447660a7..bad98fe85aa998 100644 --- a/lib/mastodon/version.rb +++ b/lib/mastodon/version.rb @@ -17,7 +17,7 @@ def patch end def default_prerelease - 'rc1' + 'rc2' end def prerelease