https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/
> This release includes some bug fixes and some security fixes.
>
> - CVE-2017-17742: HTTP response splitting in WEBrick
> - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
> - CVE-2018-8777: DoS by large request in WEBrick
> - CVE-2018-8778: Buffer under-read in String#unpack
> - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
> - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
> - Multiple vulnerabilities in RubyGems
Admins can still disable the feature by adding `ES_ENABLED=false` to their environment, if they prefer not to use it. Be sure to set the variable before you deploy!
`navigator.share()` rejects Promise if user cancelled sharing, and it may
print it as an error on JavaScript console.
This patch ignores it and prints other errors on the console.
* Keep list of blocked domains
Might be overkill, but I'm trying to follow the same logic as for blocked users
* Add basic domain block UI
* Add the domain blocks UI to Getting Started
* Fix undefined URL in `fetchDomainBlocks`
* Update all known users' domain_blocking relationship instead of just one's
* Implement ability to send direct messages from the user menu
* Implement message warning users that direct messages are visible to all mentioned users
* Update locales
add <div.zoomable-image__margin/> to keep margin of the image on zooming
move setting `scrollLeft` and `scrollTop` of container from callback of
`setState` to `componentDidUpdate`
add 'hammerjs' package for touch gesture detection
rewrite `ZoomableImage` using 'hammerjs'
`Response.prototype.clone()` must be called before the response used.
This fixes an error from ServiceWorker and failing to load image when the
image is not cached.
This patch adds null item (i.e. gap) handling on below functions to avoid TypeError.
* `filterNotifications` called on user mute/block
* `deleteByStatus` called on status deletion
Comparison was downcasing only one side, therefore if previously
existing account had a non-lowercase spelling, it would be ignored
when checking for duplicates.
New rake task `mastodon:maintenance:find_duplicate_usernames` will
help find constraint violations that might have occured from the
presence of this bug.
Bump version to 2.3.3
to_s method of HTTP::Response keeps blocking while it receives the whole
content, no matter how it is big. This means it may waste time to receive
unacceptably large files. It may also consume memory and disk in the
process. This solves the inefficency by checking response length while
receiving.
* Refactoring scss
introduce scss variables for the media modal
fix css block structure corresponding to react components
fix flex layouts
remove background image of the loaded image on the media modal
* Fix typo
* Fix stack overflow on importFetchedAccounts
When the account has moved property, it should process destination
account instead of source account itself.
* Set account id instead of account object for moved property
This restores "foo has moved to" indication on account view, and
fixes `reblog` index on `accounts` object store.
* Invites: Add '1 week' as expire option
IMO a max. of 1 day is too short. Not everyone has the time and motivation to use an invite in a 24 hour period. 1 week as a max. is I think a good compromise between convenience and security.
* Invites: Add '1 week' as expire option
IMO a max. of 1 day is too short. Not everyone has the time and motivation to use an invite in a 24 hour period. 1 week as a max. is I think a good compromise between convenience and security.
* Update en.yml
HTTP connections must be explicitly closed in many cases, and letting
perform method close connections makes its callers less redundant and
prevent them from forgetting to close connections.
Usernames with dots in them do not work with routes, because the dot usually separates the desired page format (e.g. json). I don't want to mess with changing route constraints for this patch release.
Yamagishi Kazutoshi
Emelia Smith
luzi82
Marcin Mikołajczak
mayaeh
Daniel Hunsaker
unarist
ThibG
Pierre-Morgan Gate
takayamaki
Yuto Tokunaga
Akihiko Odaki
Eugen Rochko
Stephen Burgess
Yann Klis
Jeroen
Quentí