Commit graph

12933 commits

Author SHA1 Message Date
rinpatch
1172844ed1 Merge branch 'release/2.2.0' into 'stable'
Release/2.2.0

See merge request pleroma/secteam/pleroma!19
2020-11-12 12:34:48 +00:00
rinpatch
6ca709816f Fix object spoofing vulnerability in attachments
Validate the content-type of the response when fetching an object,
according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects.

content-type headers had to be added to many mocks in order to support
this, some of this was done with a regex. While I did go over the
resulting files to check I didn't modify anything unrelated, there is a
 possibility I missed something.

Closes pleroma#1948
2020-11-12 15:25:33 +03:00
Haelwenn
99bc175f02 Merge branch 'title-injection-change' into 'develop'
Title injection change

See merge request pleroma/pleroma!3132
2020-11-12 08:50:26 +00:00
feld
ccec59047b Merge branch 'feature/ingest-blurhash' into 'develop'
Ingest blurhash for attachments if they were federated

Closes #2294

See merge request pleroma/pleroma!3133
2020-11-11 22:37:16 +00:00
Mark Felder
966663c3f8 Fix tests for other attachment types 2020-11-11 16:17:35 -06:00
rinpatch
b4c6b262d6 pleroma-fe bundle: update to 8e87e3d88bef3691b625c0a25407aa08bdf983ad 2020-11-11 23:28:15 +03:00
rinpatch
99edfba3da Polish the changelog a bit and specify release date 2020-11-11 23:12:52 +03:00
Mark Felder
2156de2fee Ingest blurhash field during transmogrification 2020-11-11 13:39:02 -06:00
Mark Felder
2254e5e595 Render blurhashes in Mastodon API 2020-11-11 12:51:13 -06:00
Mark Felder
6fd72e9e85 Ingest blurhash for attachments if they were federated 2020-11-11 12:27:51 -06:00
Egor Kislitsyn
81145ecdf5
Fix markdown 2020-11-11 20:42:05 +04:00
Egor Kislitsyn
d26a449396
Change endpoint path 2020-11-11 20:39:57 +04:00
lain
b0e4e0cf2a Changelog: Add info about title injection 2020-11-11 17:19:09 +01:00
lain
25bd64b03a Bundled FE: Remove title tag 2020-11-11 17:17:41 +01:00
feld
911fc3c523 Merge branch 'mrf-config-descriptions' into 'develop'
little changes for MRF config descriptions

See merge request pleroma/pleroma!3131
2020-11-11 16:15:57 +00:00
Egor Kislitsyn
435bf1f945
Remove FrontendInstallerWorker 2020-11-11 20:12:35 +04:00
lain
631def2df2 RedirectController: Don't replace title, but inject into the meta 2020-11-11 17:10:59 +01:00
Egor Kislitsyn
08cbd655d1
Merge branch 'develop' into frontend-admin-api 2020-11-11 19:53:40 +04:00
Alexander Strizhakov
8da9f919f8
little changes for MRF config descriptions
- log level reduction, if policy doesn't implement config_description method
- docs in dev.md
2020-11-11 18:49:15 +03:00
Egor Kislitsyn
af3f00292c
Fix formatting 2020-11-11 19:12:46 +04:00
Egor Kislitsyn
0118ccb53c
Add local visibility 2020-11-11 18:54:01 +04:00
feld
3cd7ea693f Merge branch 'feature/2222-config-descriptions-for-custom-modules' into 'develop'
Config descriptions for custom MRF policies

Closes #2222

See merge request pleroma/pleroma!3128
2020-11-11 13:48:03 +00:00
Alexander Strizhakov
8d218ebaf5
Moving some background jobs into simple tasks
- fetching activity data
- attachment prefetching
- using limiter to prevent overload
2020-11-11 13:39:49 +03:00
Alexander Strizhakov
e58ea7f99c changes after rebase 2020-11-11 11:42:52 +03:00
Alexander Strizhakov
f97f24b067
making credo happy and test fix 2020-11-11 10:48:03 +03:00
Alexander Strizhakov
efc27f6464
fix for adminFE
- revert UserAllowPolicy description
- MRF descriptions order
2020-11-11 10:10:57 +03:00
feld
7681b4c5cd Apply 1 suggestion(s) to 1 file(s) 2020-11-10 16:44:23 +00:00
feld
776067a9a3 Apply 1 suggestion(s) to 1 file(s) 2020-11-10 16:44:17 +00:00
feld
952a8c213e Apply 1 suggestion(s) to 1 file(s) 2020-11-10 16:44:08 +00:00
feld
2933658446 Apply 1 suggestion(s) to 1 file(s) 2020-11-10 16:44:00 +00:00
Alexander Strizhakov
485697d96c
config descriptions for custom MRF policies 2020-11-10 19:20:14 +03:00
lain
88f6b61a5e Merge branch '2260-wrong-report-link' into 'develop'
Resolve "Wrong user link in Report email"

Closes #2260

See merge request pleroma/pleroma!3121
2020-11-10 11:04:19 +00:00
lain
d77fd6b3d0 Merge branch 'fix/html-title-load' into 'develop'
Fix title on load of Pleroma HTML, fixes #2281

Closes #2281

See merge request pleroma/pleroma!3125
2020-11-10 10:05:15 +00:00
lain
4a3d1e78f6 Merge branch 'fix/2291-atom-feed-escape' into 'develop'
Escaping in xml templates

Closes #2291

See merge request pleroma/pleroma!3126
2020-11-10 09:34:13 +00:00
Alexander Strizhakov
0c68b9ac13
escaping summary and other fields in xml templates 2020-11-10 10:46:57 +03:00
Haelwenn
db07b538a5 Merge branch 'remove/release-env' into 'develop'
Remove release_env

See merge request pleroma/pleroma!3124
2020-11-09 09:14:41 +00:00
Sean King
e4a21084f0 Fix title on load of Pleroma HTML 2020-11-08 16:16:20 -07:00
lain
abf2ec2bbe Update optimizing_beam.md 2020-11-08 09:45:35 +00:00
rinpatch
cc45c69fff Remove release_env
While taking a final look at instance.gen before releasing I noticed
that the release_env task outputs messages in broken english. Upon
further inspection it seems to have even more severe issues which, in
my opinion, warrant it's at least temporary removal:
- We do not explain what it actually does, anywhere. Neither the task
 docs nor instance.gen, nor installation instructions.
- It does not respect FHS on OTP releases (uses /opt/pleroma/config even
 though we store the config in /etc/pleroma/config.exs).
- It doesn't work on OTP releases, which is the main reason it exists.
Neither systemd nor openrc service files for OTP include it.
- It is not mentioned in install guides other than the ones for Debian
and OTP releases.
2020-11-08 11:56:09 +03:00
Mark Felder
a9c1f83fd8 Markdown, you're drunk 2020-11-06 13:16:22 -06:00
Mark Felder
4999549191 Make it clearer the settings go into the vm.args file 2020-11-06 13:15:21 -06:00
Mark Felder
620f1d7237 More grammar fixes 2020-11-06 13:12:13 -06:00
Mark Felder
da1862e1d3 Less confusing I hope 2020-11-06 13:04:13 -06:00
Mark Felder
9e90e49ad2 Grammar 2020-11-06 13:02:07 -06:00
Mark Felder
60fe4a8393 First draft of tips for optimizing BEAM 2020-11-06 13:00:31 -06:00
Haelwenn (lanodan) Monnier
e010bb292b
NoteHandlingTest: Poison → Jason 2020-11-06 14:04:03 +01:00
Haelwenn (lanodan) Monnier
fa1f5d4442
Move TransmogrifierTest for Note to NoteHandlingTest 2020-11-06 08:57:16 +01:00
rinpatch
6166ecdbc8 CHANGELOG.md: Add an entry for the spoofing fix 2020-11-05 16:33:51 +03:00
rinpatch
5116859f0e Merge branch 'fix/object-attachment-spoof' into 'develop'
Fix object spoofing vulnerability in attachments

See merge request pleroma/secteam/pleroma!18
2020-11-05 16:32:54 +03:00
Haelwenn
4d693b5e54 Merge branch '2236-no-name' into 'develop'
Resolve "Account cannot be fetched by some instances"

Closes #2236

See merge request pleroma/pleroma!3101
2020-11-05 16:32:50 +03:00