v4.1.3 #17

Merged

asonix merged 42 commits from asonix/changes into asonix/downstream 2023-07-06 14:31:00 +00:00

Conversation 0 Commits 42 Files changed 68 +874 -215

asonix commented 2023-07-06 14:30:10 +00:00

Owner

Copy link

Upgrade notes

To get the code for v4.1.3, use git fetch && git checkout v4.1.3.

As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

Dependencies

External dependencies have not changed compared to v4.1.2, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

• Ruby: 2.7 to 3.0
• PostgreSQL: 9.5 or newer
• Elasticsearch (optional, for full-text search): 7.x
• Redis: 4 or newer
• Node: >= 14, < 18

Update steps

The following instructions are for updating from 4.1.2.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

Non-Docker only:

1. Install dependencies: bundle install and yarn install

Both Docker and non-Docker:

ℹ️ The recommended configuration for reverse proxies has been updated. Unlike updating Mastodon itself, this is not urgent, but hardening. The change is about setting Content-Security-Policy: default-src 'none'; form-action 'none' and X-Content-Type-Options: nosniff on assets. Check dist/nginx.conf for more information, and the documentation if you are proxying external object storage.

1. Restart all Mastodon processes

## Upgrade notes To get the code for v4.1.3, use `git fetch && git checkout v4.1.3`. > As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: `docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump` ### Dependencies External dependencies have not changed compared to v4.1.2, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is: - Ruby: 2.7 to 3.0 - PostgreSQL: 9.5 or newer - Elasticsearch (optional, for full-text search): 7.x - Redis: 4 or newer - Node: >= 14, < 18 ### Update steps The following instructions are for updating from 4.1.2. If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations. #### Non-Docker only: 1. Install dependencies: `bundle install` and `yarn install` #### Both Docker and non-Docker: ℹ️ The recommended configuration for reverse proxies has been updated. Unlike updating Mastodon itself, this is not urgent, but hardening. The change is about setting `Content-Security-Policy: default-src 'none'; form-action 'none'` and `X-Content-Type-Options: nosniff` on assets. Check `dist/nginx.conf` for more information, and [the documentation](https://docs.joinmastodon.org/admin/optional/object-storage-proxy/) if you are proxying external object storage. 1. Restart all Mastodon processes

asonix added 42 commits 2023-07-06 14:30:13 +00:00

bc8592627b Fix user archive takeouts when using OpenStack Swift (#24431)

3e1724e972 Fix multiple N+1s in ConversationsController (#25134)

036ac5b5c9 Fix ArgumentError when loading newer Private Mentions (#25399)

4c6c790f80 Fix /api/v1/conversations sometimes returning empty accounts (#25499)

b1ac3562df Change Identity to not destroy associated User on destroy (#25098)

72d96bf17a Remove invalid X-Frame-Options: ALLOWALL (#25070)

b3cbcd7447 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060)

f962e83856 Change OpenGraph-based embeds to allow fullscreen (#25058)

1301af60e0 Fix race condition when reblogging a status (#25016)

cca464bce3 Fix being able to vote on your own polls (#25015)

7e58779300 Fix reports not being closed when performing batch suspensions (#24988)

99c2bbbec9 Change profile updates to be sent to recently-mentioned servers (#24852)

210ff36860 Change AccessTokensVacuum to also delete expired tokens (#24868)

2779bce9a2 Add fallback redirection when getting a webfinger query LOCAL_DOMAIN@LOCAL_DOMAIN (#23600) ...

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

bd7cbeeadf Fix tootctl accounts approve --number N not aproving N earliest registrations (#24605)

a197fc094f Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273)

e78ee582f7 Fix performance of streaming by parsing message JSON once (#25278)

23e7b4d28d Fix logging of messages that are binary before closing their connection (#25361)

0e139e3c4d Change automatic post deletion thresholds and load detection (#24614)

d9e45f2fa9 Fix AccountsStatusesCleanupScheduler not spreading deletes across accounts correctly (#24607)

7012bf6ed3 Improve automatic post cleanup worker performances (#24785)

7bd34f8b23 Fix infinite loop in AccountsStatusesCleanupScheduler (#24840)

fd1ffd72eb Fix incorrect pagination headers in /api/v2/admin/accounts (#25477)

3ef53958b2 Prevent UserCleanupScheduler from overwhelming streaming (#25519)

8acbfc6ab1 Fix wrong view being displayed when a webhook fails validation (#25464)

e65e3a6d14 Add finer permission requirements for managing webhooks (#25463)

f8930a67a0 Change /api/v1/statuses/:id/history to always return at least one item (#25510)

79f5b8f156 Fix ResolveURLService not resolving local URLs for remote content (#25637)

6f484fbbd2 IndexingScheduler: fetch and import in batches (#24285) ...

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

652ff76462 Fix Redis client and type errors introduced in #24285 (#24342)

8eb1bb8ba6 Allow carets in URL search params (#25216)

a3d69a2c5d Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713)

fac2c9eb7d Update rack, rails, nokogiri and doorkeeper gems

9b6c0cac7d Add hardened headers to user-uploaded files (#25756)

c4f2609f7a

Merge pull request from GHSA-ccm4-vgcc-73hp ...

* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes

0aa0b71f2c

Merge pull request from GHSA-9928-3cp5-93fm ...

* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged

e75ad1de0f

Merge pull request from GHSA-9pxv-6qvf-pjwc ...

* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now

32ebeed59b

Merge pull request from GHSA-55j9-c3mp-6fcq

0d5781ca76 Bump version to v4.1.3

6f7ecd8ef7 Merge branch 'asonix/changes' into v4.1.3-branch

f08af7a803 Update lion, dog, squeak locales for 4.1.3

5b0ef3d072 Merge pull request 'v4.1.3-branch' (#15) from v4.1.3-branch into asonix/changes ...

Reviewed-on: #15

asonix merged commit 122808125c into asonix/downstream 2023-07-06 14:31:00 +00:00

asonix referenced this pull request from a commit 2023-07-06 14:31:01 +00:00

Merge pull request 'v4.1.3' (#17) from asonix/changes into asonix/downstream

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: asonix/mastodon#17

No description provided.