Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into nginx-config-update

.gitlab-ci.yml

@@ -1,8 +1,8 @@
-image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.14.5-otp-25
+image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.15.8-otp-26
 
 variables: &global_variables
   # Only used for the release
-  ELIXIR_VER: 1.14.5
+  ELIXIR_VER: 1.17.3
   POSTGRES_DB: pleroma_test
   POSTGRES_USER: postgres
   POSTGRES_PASSWORD: postgres
@@ -14,9 +14,16 @@ variables: &global_variables
 workflow:
   rules:
     - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == "develop"
+    - if: $CI_COMMIT_BRANCH == "stable"
+    - if: $CI_PIPELINE_SOURCE == "web"
+    - if: $CI_COMMIT_TAG
     - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
       when: never
-    - if: $CI_COMMIT_BRANCH
+
+# Default artifacts configuration
+.default_artifacts: &default_artifacts
+  expire_in: 30 days
 
 cache: &global_cache_policy
   key: $CI_JOB_IMAGE-$CI_COMMIT_SHORT_SHA
@@ -55,6 +62,7 @@ check-changelog:
   before_script: ''
   after_script: ''
   cache: {}
+  artifacts: *default_artifacts
   script:
     - apk add git
     - sh ./tools/check-changelog
@@ -70,8 +78,9 @@ check-changelog:
 .using-ci-base:
   tags:
     - amd64
+  artifacts: *default_artifacts
 
-build-1.14.5-otp-25:
+build-1.15.8-otp-26:
   extends:
   - .build_changes_policy
   - .using-ci-base
@@ -79,12 +88,12 @@ build-1.14.5-otp-25:
   script:
   - mix compile --force
 
-build-1.17.1-otp-26:
+build-1.18.3-otp-27:
   extends:
   - .build_changes_policy
   - .using-ci-base
   stage: build
-  image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.17.1-otp-26
+  image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.18.3-otp-27
   script:
   - mix compile --force
 
@@ -100,8 +109,12 @@ spec-build:
   artifacts:
     paths:
     - spec.json
+    reports:
+      dotenv: build.env
+    expire_in: 42 years
   script:
   - mix pleroma.openapi_spec spec.json
+  - echo "SPEC_BUILD_JOB_ID=$CI_JOB_ID" >> build.env
 
 benchmark:
   extends:
@@ -119,7 +132,7 @@ benchmark:
     - mix ecto.migrate
     - mix pleroma.load_testing
 
-unit-testing-1.14.5-otp-25:
+unit-testing-1.15.8-otp-26:
   extends:
   - .build_changes_policy
   - .using-ci-base
@@ -131,29 +144,47 @@ unit-testing-1.14.5-otp-25:
   - name: postgres:13-alpine
     alias: postgres
     command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
+  before_script: &testing_before_script
+    - echo $MIX_ENV
+    - rm -rf _build/*/lib/pleroma
+    # Create a non-root user for running tests
+    - useradd -m -s /bin/bash testuser
+    # Install dependencies as root first
+    - mix deps.get
+    # Set proper ownership for everything
+    - chown -R testuser:testuser .
+    - chown -R testuser:testuser /root/.mix || true
+    - chown -R testuser:testuser /root/.hex || true
+    # Create user-specific directories
+    - su testuser -c "HOME=/home/testuser mix local.hex --force"
+    - su testuser -c "HOME=/home/testuser mix local.rebar --force"
   script: &testing_script
-    - mix ecto.create
-    - mix ecto.migrate
-    - mix pleroma.test_runner --cover --preload-modules
+    # Run tests as non-root user
+    - su testuser -c "HOME=/home/testuser mix ecto.create"
+    - su testuser -c "HOME=/home/testuser mix ecto.migrate"
+    - su testuser -c "HOME=/home/testuser mix pleroma.test_runner --cover --preload-modules"
   coverage: '/^Line total: ([^ ]*%)$/'
   artifacts:
+    expire_in: 30 days
     reports:
       coverage_report:
         coverage_format: cobertura
         path: coverage.xml
 
-unit-testing-1.17.1-otp-26:
+unit-testing-1.18.3-otp-27:
   extends:
   - .build_changes_policy
   - .using-ci-base
   stage: test
-  image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.17.1-otp-26
+  image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.18.3-otp-27
   cache: *testing_cache_policy
   services: *testing_services
+  before_script: *testing_before_script
   script: *testing_script
 
 formatting-1.15:
   extends: .build_changes_policy
+  artifacts: *default_artifacts
   image: &formatting_elixir elixir:1.15-alpine
   stage: lint
   cache: *testing_cache_policy
@@ -168,6 +199,7 @@ formatting-1.15:
 
 cycles-1.15:
   extends: .build_changes_policy
+  artifacts: *default_artifacts
   image: *formatting_elixir
   stage: lint
   cache: {}
@@ -191,7 +223,7 @@ dialyzer:
   - .using-ci-base
   stage: lint
   allow_failure: true
-  when: manual 
+  when: manual
   cache: *testing_cache_policy
   tags:
     - feld
@@ -200,15 +232,13 @@ dialyzer:
 
 docs-deploy:
   stage: deploy
-  cache: *testing_cache_policy
-  image: alpine:latest
+  trigger:
+    project: pleroma/docs
+    branch: master
+    strategy: depend
   only:
   - stable@pleroma/pleroma
   - develop@pleroma/pleroma
-  before_script:
-  - apk add curl
-  script:
-  - curl --fail-with-body -X POST -F"token=$CI_JOB_TOKEN" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" https://git.pleroma.social/api/v4/projects/673/trigger/pipeline
 review_app:
   image: alpine:3.9
   stage: deploy
@@ -224,6 +254,7 @@ review_app:
   except:
     - master
     - develop
+  artifacts: *default_artifacts
   script:
     - echo "$CI_ENVIRONMENT_SLUG"
     - mkdir -p ~/.ssh
@@ -240,21 +271,19 @@ review_app:
 
 spec-deploy:
   stage: deploy
-  artifacts:
-    paths:
-    - spec.json
+  trigger:
+    project: pleroma/api-docs
+    branch: master
+    strategy: depend
   only:
     - develop@pleroma/pleroma
-  image: alpine:latest
-  before_script:
-    - apk add curl
-  script:
-    - curl --fail-with-body -X POST -F"token=$CI_JOB_TOKEN" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" -F"variables[JOB_REF]=$CI_JOB_ID" https://git.pleroma.social/api/v4/projects/1130/trigger/pipeline
-
+  variables:
+    SPEC_BUILD_JOB_ID: $SPEC_BUILD_JOB_ID
 
 stop_review_app:
   image: alpine:3.9
   stage: deploy
+  artifacts: *default_artifacts
   before_script:
     - apk update && apk add openssh-client git
   when: manual
@@ -272,7 +301,8 @@ stop_review_app:
 
 amd64:
   stage: release
-  image: elixir:$ELIXIR_VER
+  image: 
+    name: hexpm/elixir-amd64:1.17.3-erlang-27.3.4.2-ubuntu-noble-20250716
   only: &release-only
   - stable@pleroma/pleroma
   - develop@pleroma/pleroma
@@ -297,8 +327,9 @@ amd64:
   variables: &release-variables
     MIX_ENV: prod
     VIX_COMPILATION_MODE: PLATFORM_PROVIDED_LIBVIPS
+    DEBIAN_FRONTEND: noninteractive
   before_script: &before-release
-  - apt-get update && apt-get install -y cmake libmagic-dev libvips-dev erlang-dev
+  - apt-get update && apt-get install -y cmake libmagic-dev libvips-dev erlang-dev git build-essential
   - echo "import Config" > config/prod.secret.exs
   - mix local.hex --force
   - mix local.rebar --force
@@ -313,7 +344,8 @@ amd64-musl:
   stage: release
   artifacts: *release-artifacts
   only: *release-only
-  image: elixir:$ELIXIR_VER-alpine
+  image: 
+    name: hexpm/elixir-amd64:1.17.3-erlang-27.3.4.2-alpine-3.22.1
   tags:
     - amd64
   cache: *release-cache
@@ -327,6 +359,7 @@ amd64-musl:
 
 arm:
   stage: release
+  allow_failure: true
   artifacts: *release-artifacts
   only: *release-only
   tags:
@@ -355,7 +388,8 @@ arm64:
   only: *release-only
   tags:
     - arm
-  image: arm64v8/elixir:$ELIXIR_VER
+  image: 
+    name: hexpm/elixir-arm64:1.17.3-erlang-27.3.4.2-ubuntu-noble-20250716
   cache: *release-cache
   variables: *release-variables
   before_script: *before-release
@@ -367,7 +401,8 @@ arm64-musl:
   only: *release-only
   tags:
     - arm
-  image: arm64v8/elixir:$ELIXIR_VER-alpine
+  image: 
+    name: hexpm/elixir-arm64:1.17.3-erlang-27.3.4.2-alpine-3.22.1
   cache: *release-cache
   variables: *release-variables
   before_script: *before-release-musl

CHANGELOG.md

@@ -4,6 +4,121 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## 2.9.1
+
+### Security
+- Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content.
+- Fix content-type spoofing vulnerability that could allow users to upload ActivityPub objects as attachments
+- Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls.
+- Limit emoji shortcodes to alphanumeric, dash, or underscore characters to prevent potential abuse.
+- Block attempts to fetch activities from the local instance to prevent spoofing.
+- Sanitize Content-Type headers in media proxy to prevent serving malicious ActivityPub content through proxied media.
+- Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks.
+
+### Changed
+- Include `pl-fe` in available frontends
+
+### Fixed
+- Remove trailing ` from end of line 75 which caused issues copy-pasting
+
+## 2.9.0
+
+### Security
+- Require HTTP signatures (if enabled) for routes used by both C2S and S2S AP API
+- Fix several spoofing vectors
+
+### Changed
+- Performance: Use 301 (permanent) redirect instead of 302 (temporary) when redirecting small images in media proxy. This allows browsers to cache the redirect response. 
+
+### Added
+- Include "published" in actor view
+- Link to exported outbox/followers/following collections in backup actor.json
+- Hashtag following
+- Allow to specify post language
+
+### Fixed
+- Verify a local Update sent through AP C2S so users can only update their own objects
+- Fix Mastodon incoming edits with inlined "likes"
+- Allow incoming "Listen" activities
+- Fix missing check for domain presence in rich media ignore_host configuration
+- Fix Rich Media parsing of TwitterCards/OpenGraph to adhere to the spec and always choose the first image if multiple are provided.
+- Fix OpenGraph/TwitterCard meta tag ordering for posts with multiple attachments
+- Fix blurhash generation crashes
+
+### Removed
+- Retire MRFs DNSRBL, FODirectReply, and QuietReply
+
+## 2.8.0
+
+### Changed
+- Metadata: Do not include .atom feed links for remote accounts
+- Bumped `fast_html` to v2.3.0, which notably allows to use system-installed lexbor with passing `WITH_SYSTEM_LEXBOR=1` environment variable at build-time
+- Dedupe upload filter now uses a three-level sharding directory structure
+- Deprecate `/api/v1/pleroma/accounts/:id/subscribe`/`unsubscribe`
+- Restrict incoming activities from unknown actors to a subset that does not imply a previous relationship and early rejection of unrecognized activity types.
+- Elixir 1.14 and Erlang/OTP 23 is now the minimum supported release
+- Support `id` param in `GET /api/v1/statuses`
+- LDAP authentication has been refactored to operate as a GenServer process which will maintain an active connection to the LDAP server.
+- Fix 'Setting a marker should mark notifications as read'
+- Adjust more Oban workers to enforce unique job constraints.
+- Oban updated to 2.18.3
+- Publisher behavior improvement when snoozing Oban jobs due to Gun connection pool contention.
+- Poll results refreshing is handled asynchronously and will not attempt to keep fetching updates to a closed poll.
+- Tuning for release builds to lower CPU usage.
+- Rich Media preview fetching will skip making an HTTP HEAD request to check a URL for allowed content type and length if the Tesla adapter is Gun or Finch
+- Fix nonexisting user will not generate metadata for search engine opt-out
+- Update Oban to 2.18
+- Worker configuration is no longer available. This only affects custom max_retries values for a couple Oban queues.
+
+### Added
+- Add metadata provider for ActivityPub alternate links
+- Added support for argon2 passwords and their conversion for migration from Akkoma fork to upstream.
+- Respect :restrict_unauthenticated for hashtag rss/atom feeds
+- LDAP configuration now permits overriding the CA root certificate file for TLS validation.
+- LDAP now supports users changing their passwords
+- Include list id in StatusView
+- Added MRF.FODirectReply which changes replies to followers-only posts to be direct.
+- Add `id_filter` to MRF to filter URLs and their domain prior to fetching
+- Added MRF.QuietReply which prevents replies to public posts from being published to the timelines
+- Add `group_key` to notifications
+- Allow providing avatar/header descriptions
+- Added RemoteReportPolicy from Rebased for handling bogus federated reports
+- scrubbers/default: Allow "mention hashtag" classes used by Mastodon
+- Added dependencies for Swoosh's Mua mail adapter
+- Include session scopes in TokenView
+
+### Fixed
+- Verify a local Update sent through AP C2S so users can only update their own objects
+- Fixed malformed follow requests that cause them to appear stuck pending due to the recipient being unable to process them.
+- Fix incoming Block activities being rejected
+- STARTTLS certificate and hostname verification for LDAP authentication
+- LDAPS connections (implicit TLS) are now supported.
+- Fix /api/v2/media returning the wrong status code (202) for media processed synchronously
+- Miscellaneous fixes for Meilisearch support
+- Fix pleroma_ctl mix task calls sometimes not being found
+- Add a rate limiter to the OAuth App creation endpoint and ensure registered apps are assigned to users.
+- ReceiverWorker will cancel processing jobs instead of retrying if the user cannot be fetched due to 403, 404, or 410 errors or if the account is disabled locally.
+- Address case where instance reachability status couldn't be updated
+- Remote Fetcher Worker recognizes more permanent failure errors
+- StreamerView: Do not leak follows count if hidden
+- Imports of blocks, mutes, and follows would retry repeatedly due to incorrect error handling and all work executed in a single job
+- Make vapid_config return empty array, fixing preloading for instances without push notifications configured
+
+### Removed
+- Remove stub for /api/v1/accounts/:id/identity_proofs (deprecated by Mastodon 3.5.0)
+
+## 2.7.1
+
+### Changed
+- Accept `application/activity+json` for requests to `/.well-known/nodeinfo`
+
+### Fixed
+- Truncate remote user fields, avoids them getting rejected
+- Improve the `FollowValidator` to successfully incoming activities with an errant `cc` field.
+- Resolved edge case where the API can report you are following a user but the relationship is not fully established.
+- The Swoosh email adapter for Mailgun was missing a new dependency on `:multipart`
+- Fix Mastodon WebSocket authentication
+
 ## 2.7.0
 
 ### Security

Dockerfile

@@ -1,10 +1,10 @@
 # https://hub.docker.com/r/hexpm/elixir/tags
 ARG ELIXIR_IMG=hexpm/elixir
-ARG ELIXIR_VER=1.14.5
-ARG ERLANG_VER=25.3.2.14
+ARG ELIXIR_VER=1.17.3
+ARG ERLANG_VER=26.2.5.6
 ARG ALPINE_VER=3.17.9
 
-FROM ${ELIXIR_IMG}:${ELIXIR_VER}-erlang-${ERLANG_VER}-alpine-${ALPINE_VER} as build
+FROM ${ELIXIR_IMG}:${ELIXIR_VER}-erlang-${ERLANG_VER}-alpine-${ALPINE_VER} AS build
 
 COPY . .
 
@@ -15,6 +15,7 @@ RUN apk add git gcc g++ musl-dev make cmake file-dev vips-dev &&\
 	echo "import Config" > config/prod.secret.exs &&\
 	mix local.hex --force &&\
 	mix local.rebar --force &&\
+  mix deps.clean --all &&\
 	mix deps.get --only prod &&\
 	mkdir release &&\
 	mix release --path release

changelog.d/activity_type_index.change

@@ -0,0 +1 @@
+Add new activity actor/type index. Greatly speeds up retrieval of rare types (like "Listen")

changelog.d/admin-api-docs-fix.skip

@@ -0,0 +1 @@
+Fix 'Create a user' description in admin api docs

changelog.d/admin-self-revocation.security

@@ -0,0 +1 @@
+Admin API: Fixed self-revocation vulnerability where admins could accidentally revoke their own admin status via the single-user permission endpoint

changelog.d/argon2-passwords.add

@@ -1 +0,0 @@
-Added support for argon2 passwords and their conversion for migration from Akkoma fork to upstream.

changelog.d/assign-app-user-oom.fix

@@ -0,0 +1 @@
+Fix AssignAppUser migration OOM

changelog.d/authorized_fetch.fix

@@ -0,0 +1 @@
+Fix fetching public keys with authorized fetch enabled

changelog.d/blocked-muted-swagger.change

@@ -0,0 +1 @@
+Use separate schemas for muted/blocked accounts lists

changelog.d/bugfix-truncate-remote-user-fields.fix

@@ -1 +0,0 @@
-Truncate remote user fields, avoids them getting rejected

changelog.d/bump-captcha-posix-make.fix

@@ -0,0 +1 @@
+- Fix building "captcha" library with OpenBSD make

changelog.d/changelog-checker.skip

@@ -0,0 +1 @@
+Fix CI changelog checker

changelog.d/db-restore-docs.change

@@ -0,0 +1 @@
+Docs: Restore DB schema before data to avoid long restore times

changelog.d/deactivated-404-inbox.change

@@ -0,0 +1 @@
+Return 404 with a better error message instead of 400 when receiving an activity for a deactivated user

changelog.d/deepl-json.fix

@@ -0,0 +1 @@
+Use JSON for DeepL API requests

changelog.d/delete-instance.change

@@ -0,0 +1 @@
+Deleting an instance queues individual jobs for each user that needs to be deleted from the server.

changelog.d/deprecate-subscribe.change

@@ -1 +0,0 @@
-Deprecate `/api/v1/pleroma/accounts/:id/subscribe`/`unsubscribe`

changelog.d/description.skip

@@ -0,0 +1 @@
+Use :list_behaviour_implementations for LanguageDetector and Translation providers

changelog.d/dislike-activity.add

@@ -0,0 +1 @@
+Support Dislike activity, as sent by Mitra and Friendica, by changing it into a thumbs-down EmojiReact

changelog.d/dockerfile-versions.change

@@ -0,0 +1 @@
+Update Dockerfile to use Elixir 1.17.3, Erlang 26.2.5.6, and Alpine 3.17.9 to match CI release builds

changelog.d/docs-rum-otp-vacuum.change

@@ -0,0 +1 @@
+Docs RUM index: Add OTP install command, update index size expectation and recommend VACUUM FULL

changelog.d/docs.skip

@@ -0,0 +1 @@
+Update *Differences in Mastodon API responses from vanilla Mastodon*

changelog.d/drop-unwanted.change

@@ -1 +0,0 @@
-Restrict incoming activities from unknown actors to a subset that does not imply a previous relationship and early rejection of unrecognized activity types.

changelog.d/elixir-1-18.fix

@@ -0,0 +1 @@
+Elixir 1.18: Fixed warnings and new deprecations

changelog.d/elixir.change

@@ -1 +0,0 @@
-Elixir 1.14 and Erlang/OTP 23 is now the minimum supported release

changelog.d/emoji-pack-upload-zip.add

@@ -0,0 +1 @@
+Added a way to upload new packs from a URL or ZIP file via Admin API

changelog.d/emoji_likes.add

@@ -0,0 +1 @@
+Support Mitra-style emoji likes.

changelog.d/endorsement-state.fix

@@ -0,0 +1 @@
+Fix endorsement state display in relationship view

changelog.d/endorsements-api.change

@@ -0,0 +1 @@
+Support new Mastodon API for endorsed accounts

changelog.d/expiring-blocks.add

@@ -0,0 +1 @@
+Add `duration` to the block endpoint, which makes block expire

changelog.d/expose-markup-configuration.add

@@ -0,0 +1 @@
+Expose markup configuration in InstanceView

changelog.d/fediindex.change

@@ -0,0 +1 @@
+Allow FediIndex crawler bot by default

changelog.d/filter-user-capabilities.add

@@ -0,0 +1 @@
+Allow filtering users with `accepts_chat_messages` capability

changelog.d/fix-lists-bcc.fix

@@ -0,0 +1 @@
+Fix publisher when publishing to a list of users

changelog.d/fix-report-empty-fields.fix

@@ -0,0 +1 @@
+Fix reports being rejected when the activity had an empty CC or TO field (instead of not having them at all)

changelog.d/follow-request.fix

@@ -1 +0,0 @@
-Fixed malformed follow requests that cause them to appear stuck pending due to the recipient being unable to process them.

changelog.d/follow-validator.fix

@@ -1 +0,0 @@
-Improve the FollowValidator to successfully incoming activities with an errant cc field.

changelog.d/following-state.fix

@@ -1 +0,0 @@
-Resolved edge case where the API can report you are following a user but the relationship is not fully established.

changelog.d/freebsd-rc.fix

@@ -0,0 +1 @@
+Set PATH in the FreeBSD rc script to avoid failures starting the service

changelog.d/get-statuses-param.change

@@ -1 +0,0 @@
-Support `id` param in `GET /api/v1/statuses`

changelog.d/gin-search.fix

@@ -0,0 +1 @@
+Improved performance of status search queries using the default GIN index

changelog.d/gun.change

@@ -0,0 +1 @@
+Update Cowboy, Gun, and Plug family of dependencies

changelog.d/hashtag-search.change

@@ -0,0 +1 @@
+Hashtag searches return real results based on words in your query

changelog.d/identity-proofs.remove

@@ -1 +0,0 @@
-Remove stub for /api/v1/accounts/:id/identity_proofs (deprecated by Mastodon 3.5.0)

changelog.d/instance-view-timeline-access.add

@@ -0,0 +1 @@
+Add `timelines_access` to InstanceView

changelog.d/language-detection.add

@@ -0,0 +1 @@
+Implement language detection with fastText

changelog.d/ldap-ca.add

@@ -1 +0,0 @@
-LDAP configuration now permits overriding the CA root certificate file for TLS validation.

changelog.d/ldap-refactor.change

@@ -1 +0,0 @@
-LDAP authentication has been refactored to operate as a GenServer process which will maintain an active connection to the LDAP server.

changelog.d/ldap-tls.fix

@@ -1 +0,0 @@
-STARTTLS certificate and hostname verification for LDAP authentication

changelog.d/ldaps.fix

@@ -1 +0,0 @@
-LDAPS connections (implicit TLS) are now supported.

changelog.d/list-id-visibility.add

@@ -1 +0,0 @@
-Include list id in StatusView

changelog.d/local-nickname-regex.fix

@@ -0,0 +1 @@
+Use end-of-string in regex for local `get_by_nickname`

changelog.d/lookup-restrict-unauthenticated.fix

@@ -0,0 +1 @@
+Respect restrict_unauthenticated in /api/v1/accounts/lookup 

changelog.d/mailgun.fix

@@ -1 +0,0 @@
-The Swoosh email adapter for Mailgun was missing a new dependency on :multipart

changelog.d/mastodon-quote-id-api.change

@@ -0,0 +1 @@
+Support `quoted_status_id` parameter in post creation request

changelog.d/mastodon-quotes-updates.change

@@ -0,0 +1 @@
+Use Mastodon-compatible route for quotes list and param for quotes count

changelog.d/moderation-log-unknown-actions.fix

@@ -0,0 +1 @@
+Fix ModerationLog FunctionClauseError for unknown actions

changelog.d/mrf-fodirectreply.add

@@ -1 +0,0 @@
-Added MRF.FODirectReply which changes replies to followers-only posts to be direct.

changelog.d/mrf-id_filter.add

@@ -1 +0,0 @@
-Add `id_filter` to MRF to filter URLs and their domain prior to fetching

changelog.d/mrf-inlinequotes-mastodon.fix

@@ -0,0 +1 @@
+MRF InlineQuotePolicy: Don't inline quoted post URL in Mastodon quote posts

changelog.d/nodeinfo-content-type.fix

@@ -0,0 +1 @@
+Fix NodeInfo content-type

changelog.d/normalize-actor-image-hrefs.fix

@@ -0,0 +1 @@
+Add Actor images normalization from array of urls to string

changelog.d/notification-type-update.fix

@@ -0,0 +1 @@
+Add `update` to @notification_types

changelog.d/notification-view-deduplicate.skip

@@ -0,0 +1 @@
+remove duplicated code from notificationview

changelog.d/notifications-group-key.add

@@ -1 +0,0 @@
-Add `group_key` to notifications

changelog.d/notifications-marker.change

@@ -1 +0,0 @@
-Fix 'Setting a marker should mark notifications as read'

changelog.d/oauth-app-spam.fix

@@ -1 +0,0 @@
-Add a rate limiter to the OAuth App creation endpoint and ensure registered apps are assigned to users.

changelog.d/oban-lazarus.add

@@ -0,0 +1 @@
+Oban.Plugins.Lazarus to help recover stuck jobs from an unclean shutdown of Pleroma

changelog.d/oban-notifier.change

@@ -0,0 +1 @@
+Oban Notifier was changed to Oban.Notifiers.PG for performance and scalability benefits

changelog.d/oban-recevier-improvements.fix

@@ -1 +0,0 @@
-ReceiverWorker will cancel processing jobs instead of retrying if the user cannot be fetched due to 403, 404, or 410 errors or if the account is disabled locally.

changelog.d/oban-uniques.change

@@ -1 +0,0 @@
-Adjust more Oban workers to enforce unique job constraints.

changelog.d/oban-update.change

@@ -1 +0,0 @@
-Oban updated to 2.18.3

changelog.d/oban_gun_snooze.change

@@ -1 +0,0 @@
-Publisher behavior improvement when snoozing Oban jobs due to Gun connection pool contention.

changelog.d/openbsd-update-httpd-relayd.change

@@ -0,0 +1 @@
+Updated relayd/httpd config files to be on par with nginx

changelog.d/openbsd-update-rc.fix

@@ -0,0 +1 @@
+replaced depracated flags and functions, renamed service to fit other service files

changelog.d/order-favourites-reblogs.change

@@ -0,0 +1 @@
+Order favourites and reblogs list from newest to oldest

changelog.d/outgoing-follow-requests.add

@@ -0,0 +1 @@
+Add /api/v1/pleroma/outgoing_follow_requests

changelog.d/pin-chats.fix

@@ -0,0 +1 @@
+Allow to pin/unpip chats

changelog.d/plaroma.skip

@@ -0,0 +1 @@
+i don't think it's called plaroma

changelog.d/pleroma-fe-2-9-2.change

@@ -0,0 +1,2 @@
+Update Pleroma-FE to 2.9.2
+

changelog.d/postgrex.change

@@ -0,0 +1 @@
+Updated Postgrex library to 0.20.0

changelog.d/preferred-frontend.add

@@ -0,0 +1 @@
+Allow users to select preferred frontend

changelog.d/preserve-public-cc.fix

@@ -0,0 +1 @@
+Fix federation issue where Public visibility information in cc field was lost when sent to remote servers, causing posts to appear with inconsistent visibility across instances

changelog.d/profile-image-descriptions.add

@@ -1 +0,0 @@
-Allow providing avatar/header descriptions

changelog.d/publisher-reachability.fix

@@ -1 +0,0 @@
-Address case where instance reachability status couldn't be updated

changelog.d/reachability.change

@@ -0,0 +1 @@
+Improved the logic of how we determine if a server is unreachable.

changelog.d/relax-also-known-as.change

@@ -0,0 +1 @@
+Relax alsoKnownAs requirements to just URI, not necessarily HTTP(S)

changelog.d/relayd-ipv6.fix

@@ -0,0 +1 @@
+OpenBSD relayd: Fix IPv6 example

changelog.d/releases.fix

@@ -0,0 +1 @@
+Fix release builds