Merge remote-tracking branch 'origin/develop' into webfinger-fix

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>

changelog.d/3126.fix

@@ -1 +0,0 @@
-MediaProxy responses now return a sandbox CSP header

changelog.d/3801.fix

@@ -1 +0,0 @@
-Filter context activities using Visibility.visible_for_user?

changelog.d/3848.add

@@ -1 +0,0 @@
-Add OAuth scope descriptions

changelog.d/3872.remove

@@ -1 +0,0 @@
-remove BBS/SSH feature, replaced by an external bridge.

changelog.d/3873.fix

@@ -1 +0,0 @@
-UploadedMedia: Add missing disposition_type to Content-Disposition

changelog.d/3874.remove

@@ -1 +0,0 @@
-Remove a few unused indexes.

changelog.d/3879.fix

@@ -1 +0,0 @@
-fix not being able to fetch flash file from remote instance

changelog.d/3880.remove

@@ -1 +0,0 @@
-Cleanup OStatus-era user upgrades and ap_enabled indicator

changelog.d/3882.add

@@ -1 +0,0 @@
-Allow lang attribute in status text

changelog.d/3883.fix

@@ -1 +0,0 @@
-Fix abnormal behaviour when refetching a poll

changelog.d/3884.fix

@@ -1 +0,0 @@
-Allow non-HTTP(s) URIs in "url" fields for compatibility with "FEP-fffd: Proxy Objects"

changelog.d/3885.fix

@@ -1 +0,0 @@
-Fix opengraph and twitter card meta tags

changelog.d/3888.fix

@@ -1 +0,0 @@
-ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts

changelog.d/3891.fix

@@ -1 +0,0 @@
-OEmbed HTML tags are now filtered

changelog.d/3897.add

@@ -1 +0,0 @@
-OnlyMedia Upload Filter

changelog.d/3900.change

@@ -0,0 +1 @@
+Update to Phoenix 1.7

changelog.d/3901.security

@@ -1 +0,0 @@
-Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes.

changelog.d/3987.fix

@@ -0,0 +1 @@
+Remove checking ImageMagick's commands for Pleroma.Upload.Filter.AnalyzeMetadata

changelog.d/add-outbox.fix

@@ -0,0 +1 @@
+ap userview: add outbox field.

changelog.d/akkoma-xml-remote-entities.security

@@ -1 +0,0 @@
-Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem

changelog.d/anonymous-exception-else.fix

@@ -0,0 +1 @@
+Fix #strip_report_status_data

changelog.d/attachment-type-check.fix

@@ -1 +0,0 @@
-Restrict attachments to only uploaded files only

changelog.d/authorize-interaction.add

@@ -0,0 +1 @@
+Support /authorize-interaction route used by Mastodon

changelog.d/bad_inbox_request.change

@@ -0,0 +1 @@
+Invalid activities delivered to the inbox will be rejected with a 400 Bad Request

changelog.d/blurhash.change

@@ -0,0 +1 @@
+Replace eblurhash with rinpatch_blurhash. This also removes a dependency on ImageMagick.

changelog.d/check-attachment-attribution.security

@@ -1 +0,0 @@
-CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID

changelog.d/delete-status-of-banned-user.fix

@@ -1 +0,0 @@
-Fix error 404 when deleting status of a banned user

changelog.d/deprecate-scrobbles.remove

@@ -1 +0,0 @@
-Deprecate Pleroma's audio scrobbling

changelog.d/deprecations.skip

@@ -0,0 +1 @@
+

changelog.d/digest_emails.fix

@@ -0,0 +1 @@
+Fix the processing of email digest jobs.

changelog.d/disable-xml-entity-resolution.security

@@ -1 +0,0 @@
-Disable XML entity resolution completely to fix a dos vulnerability

changelog.d/dockerfile-config-perms.fix

@@ -1 +0,0 @@
-- Fix config ownership in dockerfile to pass restriction test

changelog.d/docs-max-elixir-erlang.change

@@ -0,0 +1 @@
+- Document maximum supported version of Erlang & Elixir

changelog.d/emoji-pack-sanitization.security

@@ -1 +0,0 @@
-Emoji pack loader sanitizes pack names

changelog.d/emoji-policy.add

@@ -1 +0,0 @@
-Implement MRF policy to reject or delist according to emojis

changelog.d/favicon.add

@@ -0,0 +1 @@
+Add support for configuring favicon, embed favicon and PWA manifest in server-generated meta

changelog.d/featured-collection-shouldnt-break-user-fetch.fix

@@ -1 +0,0 @@
-Fix user fetch completely broken if featured collection is not in a supported form

changelog.d/federation_status-access.change

@@ -0,0 +1 @@
+- Make `/api/v1/pleroma/federation_status` publicly available

changelog.d/fix-object-test.fix

@@ -1 +0,0 @@
-Correctly handle the situation when a poll has both "anyOf" and "oneOf" but one of them being empty

changelog.d/frontend-management.add

@@ -0,0 +1 @@
+[docs] add frontends management documentation

changelog.d/handle-report-from-deactivated-user.fix

@@ -1 +0,0 @@
-Fix handling report from a deactivated user

changelog.d/healthcheck-disabled-error.fix

@@ -0,0 +1 @@
+TwitterAPI: Return proper error when healthcheck is disabled

changelog.d/instance-v2.add

@@ -0,0 +1 @@
+Implement /api/v2/instance route

changelog.d/last_status_at.change

@@ -0,0 +1 @@
+- Change AccountView `last_status_at` from a datetime to a date (as done in Mastodon 3.1.0)

changelog.d/meilisearch.add

@@ -0,0 +1 @@
+Add meilisearch, make search engines pluggable

changelog.d/migration-fix.skip

@@ -0,0 +1 @@
+

changelog.d/no_new_privs.add

@@ -1 +0,0 @@
-(hardening) Add no_new_privs=yes to OpenRC service files

changelog.d/opengraph-rich-media-proxy.add

@@ -0,0 +1 @@
+Add media proxy to opengraph rich media cards

changelog.d/optimistic-inbox.change

@@ -0,0 +1 @@
+Optimistic Inbox reduces the processing overhead of incoming activities without instantly verifiable signatures.

changelog.d/otp_perms.security

@@ -1 +0,0 @@
-- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories

changelog.d/prevent-bypassing-authorized-fetch-mode.fix

@@ -1 +0,0 @@
-Prevent using the .json format to bypass authorized fetch mode

changelog.d/prioritize-direct-recipients.add

@@ -0,0 +1 @@
+- Prioritize mentioned recipients (i.e., those that are not just followers) when federating.

changelog.d/promex.change

@@ -0,0 +1 @@
+Change the prometheus library to PromEx.

changelog.d/punycode-mention.fix

@@ -1 +0,0 @@
-Fix mentioning punycode domains when using Markdown

changelog.d/quote.add

@@ -1 +0,0 @@
-Implement quotes

changelog.d/reachability.change

@@ -0,0 +1 @@
+Reduce the reachability timestamp update to a single upsert query

changelog.d/scrobble-url.add

@@ -0,0 +1 @@
+Adds the capability to add a URL to a scrobble (optional field)

changelog.d/scrubbers-html4-GtS.add

@@ -0,0 +1 @@
+- scrubbers/default: Add more formatting elements from HTML4 / GoToSocial (acronym, bdo, big, cite, dfn, ins, kbd, q, samp, s, tt, var, wbr)

changelog.d/system-cflags.fix

@@ -0,0 +1 @@
+- Fix eblurhash and elixir-captcha not using system cflags

changelog.d/unified-streaming.add

@@ -1 +0,0 @@
-Add unified streaming endpoint

changelog.d/update-credentials-limit-error.fix

@@ -1 +0,0 @@
-Show more informative errors when profile exceeds char limits

changelog.d/vips.change

@@ -0,0 +1 @@
+Change mediaproxy previews to use vips to generate thumbnails instead of ImageMagick

changelog.d/web_push.fix

@@ -0,0 +1 @@
+Fix web push notifications not successfully delivering