From 54581d43e75499530b188ba4964b4ac65d1c6980 Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 31 Jan 2022 21:27:40 +0100 Subject: [PATCH 1/4] Bump version to 3.4.5 (#17402) --- CHANGELOG.md | 29 +++++++++++++++++++++++++++++ lib/mastodon/version.rb | 2 +- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0c6c5315d..9deff5a0d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,35 @@ Changelog All notable changes to this project will be documented in this file. +## [3.4.5] - 2022-01-31 +### Added +- Add more advanced migration tests ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17393)) +- Add github workflow to build Docker images ([unasuke](https://github.com/mastodon/mastodon/pull/16973), [Gargron](https://github.com/mastodon/mastodon/pull/16980), [Gargron](https://github.com/mastodon/mastodon/pull/17000)) + +### Fixed +- Fix some old migrations failing when skipping releases ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17394)) +- Fix migrations script failing in certain edge cases ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17398)) +- Fix Docker build ([tribela](https://github.com/mastodon/mastodon/pull/17188)) +- Fix Ruby 3.0 dependencies ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/16723)) +- Fix followers synchronization mechanism ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/16510)) + +## [3.4.4] - 2021-11-26 +### Fixed + +- Fix error when suspending user with an already blocked canonical email ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17036)) +- Fix overflow of long profile fields in admin UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17010)) +- Fix confusing error when WebFinger request returns empty document ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/16986)) +- Fix upload of remote media with OpenStack Swift sometimes failing ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/16998)) +- Fix logout link not working in Safari ([noellabo](https://github.com/mastodon/mastodon/pull/16574)) +- Fix “open” link of media modal not closing modal in web UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/16524)) +- Fix replying from modal in web UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/16516)) +- Fix `mastodon:setup` command crashing in some circumstances ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/16976)) + +### Security + +- Fix filtering DMs from non-followed users ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17042)) +- Fix handling of recursive toots in WebUI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17041)) + ## [3.4.3] - 2021-11-06 ### Fixed diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb index 37f08ad930..1ba45aeca3 100644 --- a/lib/mastodon/version.rb +++ b/lib/mastodon/version.rb @@ -13,7 +13,7 @@ module Mastodon end def patch - 3 + 5 end def flags From 4d6d4b43c6186a13e67b92eaf70fe1b70ea24a09 Mon Sep 17 00:00:00 2001 From: Rohan Sharma Date: Tue, 1 Feb 2022 22:04:48 +0530 Subject: [PATCH 2/4] Fixed prototype pollution bug and only allow trusted origin (#17420) --- public/embed.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/embed.js b/public/embed.js index dac5074537..d597fd33c7 100644 --- a/public/embed.js +++ b/public/embed.js @@ -15,7 +15,7 @@ window.addEventListener('message', function(e) { var data = e.data || {}; - if (data.type !== 'setHeight' || !iframes[data.id]) { + if (data.type !== 'setHeight' || !iframes[data.id] || window.location.origin !== e.origin || data.id.toString() === '__proto__') { return; } From 987d88ea56cd293456471f0262b5510613fe883e Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 1 Feb 2022 20:57:39 +0100 Subject: [PATCH 3/4] Fix requiring an extra restart after recent post-deployment migrations (#17422) Follow-up to #16409 --- app/models/user.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/models/user.rb b/app/models/user.rb index c2bc5b5901..bec94a1c88 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -45,6 +45,8 @@ class User < ApplicationRecord self.ignored_columns = %w( remember_created_at remember_token + current_sign_in_ip + last_sign_in_ip ) include Settings::Extend From d0d15bf49c52c8329e3333397a9fc5d22341673a Mon Sep 17 00:00:00 2001 From: Alexandra Catalina Date: Tue, 1 Feb 2022 11:57:50 -0800 Subject: [PATCH 4/4] Update tootsuite/mastodon Docker tag to v3.4.5 (#17417) Co-authored-by: Renovate Bot --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index bbe55410e6..caac3eba09 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -8,7 +8,7 @@ image: # built from the most recent commit # # tag: latest - tag: v3.4.4 + tag: v3.4.5 # use `Always` when using `latest` tag pullPolicy: IfNotPresent