aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-06-03Test that own edits are streamedTusooa Zhu
2022-06-03Stream out editsTusooa Zhu
2022-06-02Fix long report notes giving errors on creationTusooa Zhu
2022-06-01Inject history when object is refetchedTusooa Zhu
2022-06-01Strip internal fields in formerRepresentationTusooa Zhu
2022-05-31Implement mastodon api for editing statusTusooa Zhu
2022-05-31Add tlsv1.3 to suggestionsPierre-Louis Bonicoli
2022-05-31hackney adapter helper & reverse proxy client: enable TLSv1.3Pierre-Louis Bonicoli
The list of TLS versions was added by 8bd2b6eb138ace3408a03c78ecc339fc35b19f10 when hackney version was pinned to 1.15.2. Later hackney version was upgraded (166455c88441b22455d996ed528ed4804514a3c0) but the list of TLS versions wasn't removed. From the hackney point of view, this list has been replaced by the OTP defaults since 0.16.0 (734694ea4e24f267864c459a2f050e943adc6694). It looks like the same issue already occurred before: 0cb7b0ea8477bdd7af2e5e9071843be5b8623dff. A way to test this issue (where example.com is an ActivityPub site which uses TLSv1.3 only): $ PLEROMA_CONFIG_PATH=/path/to/config.exs pleroma start_iex Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe] Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe] Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help) iex(pleroma@127.0.0.1)2> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/") {:error, {:tls_alert, {:protocol_version, 'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}} With this patch, the output is the expected one: iex(pleroma@127.0.0.1)3> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/") {:error, {:ok, %{ "@context" => [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1", %{ "Emoji" => "toot:Emoji", "Hashtag" => "as:Hashtag", "atomUri" => "ostatus:atomUri", "conversation" => "ostatus:conversation", "featured" => "toot:featured", "focalPoint" => %{"@container" => "@list", "@id" => "toot:focalPoint"}, "inReplyToAtomUri" => "ostatus:inReplyToAtomUri", "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers", "movedTo" => "as:movedTo", "ostatus" => "http://ostatus.org#", "sensitive" => "as:sensitive", "toot" => "http://joinmastodon.org/ns#" } ], "endpoints" => %{"sharedInbox" => "https://example.com/inbox"}, "followers" => "https://example.com/@/Nick/followers", "following" => nil, "icon" => %{ "type" => "Image", "url" => "https://example.com/static/media/[...].png" }, "id" => "https://example.com/@/Nick/", "inbox" => "https://example.com/@/Nick/inbox", "liked" => nil, "name" => "Nick", "outbox" => "https://example.com/@/Nick/outbox", "preferredUsername" => "Nick", "publicKey" => %{ "id" => "https://example.com/@/Nick/#main-key", "owner" => "https://example.com/@/Nick/", "publicKeyPem" => "[...] }, "summary" => "", "type" => "Person", "url" => "https://example.com/@/Nick/" }} A way to test the reverse proxy bits of this issue (where example.com allows TLSv1.3 only): iex(pleroma@127.0.0.1)1> Pleroma.ReverseProxy.Client.Hackney.request("GET", "https://example.com", [], []) {:error, {:tls_alert, {:protocol_version, 'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}
2022-05-30Implement viewing sourceTusooa Zhu
2022-05-29Implement mastodon api for showing edit historyTusooa Zhu
2022-05-29Allow updating pollsTusooa Zhu
2022-05-29Record edit history for Note and Question UpdatesTusooa Zhu
2022-05-29Handle Note and Question UpdatesTusooa Zhu
2022-05-29Allow Updates by every actor on the same originTusooa Zhu
2022-05-22Merge branch 'lewdthewides-develop-patch-48691' into 'develop'Haelwenn
Instruct users to run 'git pull' as the pleroma user See merge request pleroma/pleroma!3667
2022-05-22BBS: add repeat functionalityduponin
2022-05-22BBS: show post ID when postedduponin
2022-05-22BBS: add post favourite featureduponin
2022-05-21Apply Hélène suggestionsHélène
2022-05-21BBS: mark notification as readduponin
2022-05-21BBS: show notifactionsduponin
2022-05-21BBS: put a new line for each HTML break in an activityduponin
Otherwise it would just put each line on the first one, which is not really readable
2022-05-19Merge branch 'fix/mrf-steal-emoji-regex' into 'develop'lain
StealEmojiPolicy: fix String rejected_shortcodes See merge request pleroma/pleroma!3673
2022-05-19decode HTML to be human readable in BBSduponin
2022-05-19add thread show in BBS frontendduponin
2022-05-18StealEmojiPolicy: fix String rejected_shortcodesHélène
* rejected_shortcodes is defined as a list of strings in the configuration description. As such, database-based configuration was led to handle those settings as strings, and not as the actually expected type, Regex. * This caused each message passing through this MRF, if a rejected shortcode was set and the emoji did not exist already on the instance, to fail federating, as an exception was raised, swiftly caught and mostly silenced. * This commit fixes the issue by introducing new behavior: strings are now handled as perfect matches for an emoji shortcode (meaning that if the emoji-to-be-pulled's shortcode is in the blacklist, it will be rejected), while still supporting Regex types as before.
2022-05-18fix Ctrl-c catch on SSH BBSduponin
2022-05-18add missing extra application to start the SSH BBSduponin
2022-05-12Instruct users to run 'git pull' as the pleroma userlewdthewides
2022-05-09Make lint happyTusooa Zhu
Ref: fix-local-public
2022-05-09Test local-only in ap c2s outboxTusooa Zhu
Ref: fix-local-public
2022-05-09Allow authenticated users to access local-only posts in MastoAPITusooa Zhu
Ref: fix-local-public
2022-05-08Merge branch 'improve_anti_followbot_policy' into 'develop'Haelwenn
Also use actor_type to determine if an account is a bot in antiFollowbotPolicy Closes #2561 See merge request pleroma/pleroma!3498
2022-05-08Also use actor_type to determine if an account is a bot in antiFollowbotPolicyIlja
2022-05-07Allow users to create backups without providing email addressTusooa Zhu
Ref: backup-without-email
2022-05-06Add index hotspotsPete
squash
2022-05-06Prevent remote access of local-only posts via /objectsTusooa Zhu
Ref: fix-local-public
2022-05-06LintTusooa Zhu
Ref: fix-local-public
2022-05-06Make local-only statuses searchableTusooa Zhu
Ref: fix-local-public
2022-05-06Test that anonymous users cannot see local-only postsTusooa Zhu
Ref: fix-local-public
2022-05-06Show local-only statuses in public timeline for authenticated usersTusooa Zhu
Ref: fix-local-public
2022-05-06Merge branch 'security/2.4.3-develop' into 'develop'Haelwenn
Merge back 2.4.3 See merge request pleroma/pleroma!3663
2022-05-06mix: Bump to 2.4.52 for 2.4.3 mergebackHaelwenn (lanodan) Monnier
2022-05-06Skip cache when /objects or /activities is authenticatedTusooa Zhu
Ref: fix-local-public
2022-05-06Allow to skip cache in Cache plugTusooa Zhu
Ref: fix-local-public
2022-05-06update sweet_xml [Security]Ilja
2022-05-06Merge branch 'security/2.4.3' into 'stable'v2.4.3Haelwenn
Release: 2.4.3 See merge request pleroma/pleroma!3662
2022-05-06Release 2.4.3Haelwenn (lanodan) Monnier
2022-05-06Skip cache when /objects or /activities is authenticatedTusooa Zhu
Ref: fix-local-public
2022-05-06Allow to skip cache in Cache plugTusooa Zhu
Ref: fix-local-public
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-22 19:16:31 +0000