Commit Graph

16156 Commits

Author SHA1 Message Date
Haelwenn (lanodan) Monnier
e149ee6e22
Mergeback of security release 2.6.2 2024-02-20 09:34:11 +01:00
Haelwenn (lanodan) Monnier
be075a4336
Security release 2.6.2 2024-02-20 09:16:36 +01:00
Haelwenn (lanodan) Monnier
ac977bdb1c
StealEmojiPolicy: Sanitize shortcodes
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3245
2024-02-20 09:14:02 +01:00
Haelwenn (lanodan) Monnier
7d624c4750
StealEmojiPolicy: Sanitize shortcodes
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3245
2024-02-20 09:09:54 +01:00
feld
0b9bc4a0d0 Merge branch 'memleak' into 'develop'
Force more frequent full_sweep GC runs on the Websocket processes

See merge request pleroma/pleroma!4060
2024-02-17 16:21:55 +00:00
Mark Felder
7e99d0619d Force more frequent full_sweep GC runs on the Websocket processes
Websocket processes seem to be the primary culprit for Binary memory allocation bloat.
2024-02-17 09:53:52 -05:00
Haelwenn
a145d909b5 Merge branch 'weblate' into 'develop'
Translations update from Pleroma Weblate

See merge request pleroma/pleroma!4070
2024-02-16 18:28:55 +00:00
SyoBoN
2c9fed9b73 Translated using Weblate (Japanese)
Currently translated at 63.1% (60 of 95 strings)

Translation: Pleroma/Pleroma Backend (domain errors)
Translate-URL: https://translate.pleroma.social/projects/pleroma/pleroma-backend-domain-errors/ja/
2024-02-16 17:54:01 +00:00
feld
0fbec6b532 Merge branch 'deps-changelog-revert' into 'develop'
Revert "Support a new changelog entry type: deps"

See merge request pleroma/pleroma!4071
2024-02-16 17:53:52 +00:00
Mark Felder
1951d56ed9 Revert "Add support for a "deps" changelog type and document deps changes since 2.6.1 release"
This reverts commit 2a4fa4c408.
2024-02-16 12:53:18 -05:00
Mark Felder
c9cd449bba Revert "Support a new changelog entry type: deps"
This reverts commit 4648997a10.
2024-02-16 12:52:56 -05:00
feld
03834454d9 Merge branch 'tesla' into 'develop'
Update Tesla, document some deps changes

See merge request pleroma/pleroma!4069
2024-02-15 15:27:34 +00:00
Mark Felder
2a4fa4c408 Add support for a "deps" changelog type and document deps changes since 2.6.1 release 2024-02-15 10:27:13 -05:00
Mark Felder
772f8d08cf Tesla changelog 2024-02-15 10:24:32 -05:00
Mark Felder
4648997a10 Support a new changelog entry type: deps 2024-02-15 10:24:31 -05:00
feld
b91317b9bf Merge branch 'bandit' into 'develop'
Support Bandit as a Phoenix HTTP adapter

See merge request pleroma/pleroma!4068
2024-02-15 15:23:41 +00:00
Mark Felder
202721e80c Remove Cowboy-specific HTTP options
These were only used in dev and served no specific purpose. The equivalent settings for Bandit are under a key called :http1_options and the default values are set to 10_000.
2024-02-15 09:55:03 -05:00
Mark Felder
0c5bec0493 Support Bandit as an alternate HTTP backend to Cowboy. This is currently considered experimental, but may improve performance and resource usage. 2024-02-15 09:54:52 -05:00
feld
4dd8a1a1ca Merge branch 'websocket-refactor' into 'develop'
Websocket refactor to use Phoenix.Socket.Transport

See merge request pleroma/pleroma!4064
2024-02-15 14:36:54 +00:00
lain
d3208d2250 Merge branch 'oauth-nickname' into 'develop'
Use User.full_nickname/1 in oauth html template

See merge request pleroma/pleroma!4054
2024-02-15 09:35:39 +00:00
lain
f2f455f283 Merge branch 'frontend-caching' into 'develop'
FrontendStatic should have reasonable caching

See merge request pleroma/pleroma!3685
2024-02-15 09:23:47 +00:00
Haelwenn
f28dcc9cb7 Merge branch 'config-stat-symlink' into 'develop'
Config: Check the permissions of the linked file instead of the symlink

See merge request pleroma/pleroma!4061
2024-02-15 01:48:03 +00:00
Haelwenn
d19642d7eb Merge branch 'bugfix-ccworks' into 'develop'
Bugfix for ccworks AP bridge

Closes #3234

See merge request pleroma/pleroma!4043
2024-02-15 01:30:22 +00:00
feld
802c618885 Merge branch 'atom-leaks' into 'develop'
Fix minor atom leaks

See merge request pleroma/pleroma!4065
2024-02-14 23:28:00 +00:00
Mark Felder
9138754b0a Changelog 2024-02-14 18:04:39 -05:00
Mark Felder
91c83a82a0 Fix atom leak in background worker
The only permitted values are "blocks_import", "follow_import", "mutes_import" of which we already have the equivalent atoms defined.
2024-02-14 18:03:54 -05:00
Mark Felder
86e6d395d9 Fix atom leak in password digest functionality
The value here gets passesd to :crypto.pbkdf2_hmac and it expects one of these atoms: :sha | :sha224 | :sha256 | :sha384 | :sha512 so it will always exist
2024-02-14 17:54:56 -05:00
Mark Felder
6be129ead2 Websocket refactor changelog 2024-02-14 15:27:12 -05:00
Mark Felder
d0f4b2b02f Remove invalid test
It is not allowed to use the Sec-WebSocket-Protocol header for arbitrary values. This was possible due to the raw websocket handling we were doing with Cowboy, but Phoenix.Socket.Transport does not allow this as the value of this header is compared against a static list of subprotocols.

https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#socket/3-websocket-configuration

Additionally I cannot find anywhere that we depended on this behavior. Setting the Sec-WebSocket-Protocol header does not appear to be a part of PleromaFE.
2024-02-14 15:27:12 -05:00
Mark Felder
64ad451a7b Websocket refactor to use Phoenix.Socket.Transport
This will make us compatible with Cowboy and Bandit
2024-02-14 15:27:07 -05:00
feld
af9bb77cad Merge branch 'gun-logs' into 'develop'
Gun connection pool logs

See merge request pleroma/pleroma!4063
2024-02-14 18:57:11 +00:00
feld
1b2f9d4a6d Merge branch 'proxy-headers' into 'develop'
MediaProxy RFC compliance

See merge request pleroma/pleroma!4062
2024-02-14 18:56:54 +00:00
Mark Felder
9a4c8e2316 Change some Gun connection pool logs to debug level 2024-02-14 13:28:32 -05:00
Mark Felder
60ba6fd244 MediaProxy RFC compliance 2024-02-14 13:25:52 -05:00
Haelwenn (lanodan) Monnier
3b82864bcc
Config: Check the permissions of the linked file instead of the symlink↵ 2024-02-14 18:19:50 +01:00
feld
79d69ce72a Merge branch 'gitignore' into 'develop'
Update .gitignore

See merge request pleroma/pleroma!4059
2024-02-12 22:23:31 +00:00
Mark Felder
67c3acde34 Update .gitignore 2024-02-12 17:22:57 -05:00
feld
769e02d0de Merge branch 'notifications-query' into 'develop'
Fix notifications query to use the index

See merge request pleroma/pleroma!4058
2024-02-12 19:37:17 +00:00
Mark Felder
cb4d3db8c6 Changelog for notifications fix pulled in from Rebased 2024-02-12 14:14:38 -05:00
Alex Gleason
8daf19ec0f Fix notifications index 2024-02-12 14:13:11 -05:00
feld
991807080b Merge branch 'gun-fix' into 'develop'
Fix Gun connection supervisor logic error

See merge request pleroma/pleroma!4056
2024-02-09 16:48:05 +00:00
Mark Felder
0eca3e38eb Fix Gun connection supervisor logic error
This was recently changed to solve a Dialyzer error, but the replacement logic was faulty as "retry" would only be compared to :error and not have its truthiness evaluated.

The original logic was also faulty as it returned {:error, :pool_full} even retry was true. It never retried when the pool was full.
2024-02-09 10:48:40 -05:00
marcin mikołajczak
0fcdcc2300 Use User.full_nickname/1 in oauth html template
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-02-09 16:46:45 +01:00
feld
72480e7b2f Merge branch 'rich-media-tests' into 'develop'
Pleroma.Web.RichMedia.Parser: Remove test-specific codepaths

See merge request pleroma/pleroma!4053
2024-02-07 05:47:38 +00:00
Mark Felder
9f2319e50d RichMedia.Helpers: move the validate_page_url/1 function to the Parser module
This will ensure that the page validation happens in Parser.parse/1 so it can be called from anywhere and still filter invalid URLs.
2024-02-06 18:34:02 -05:00
Mark Felder
6b7b443ff9 Pleroma.Web.RichMedia.Parser: Remove test-specific codepaths
Also consolidate Tesla mocks into the HttpRequestMock module.

Tests were not exercising the real codepaths. The Rich Media Preview only works with https, but most of these tests were only mocking http.
2024-02-06 18:33:54 -05:00
feld
e957362779 Merge branch 'rich-media-cache' into 'develop'
Fix Rich Media Previews for updated activities

See merge request pleroma/pleroma!4052
2024-02-05 05:58:07 +00:00
Mark Felder
0cc038b67c Ensure URLs with IP addresses for the host do not generate previews 2024-02-05 00:09:37 -05:00
Mark Felder
579561e97b URI.authority is deprecated 2024-02-04 23:49:07 -05:00
Mark Felder
04fc4eddaa Fix Rich Media Previews for updated activities
The Rich Media Previews were not regenerated when a post was updated due to a cache invalidation issue. They are now cached by the activity id so they can be evicted with the other activity cache objects in the :scrubber_cache.
2024-02-04 23:47:04 -05:00