Merge branch 'develop' into 'public-polls'

# Conflicts:
#   docs/development/API/differences_in_mastoapi_responses.md

changelog.d/3126.fix

@@ -1 +0,0 @@
-MediaProxy responses now return a sandbox CSP header

changelog.d/3801.fix

@@ -1 +0,0 @@
-Filter context activities using Visibility.visible_for_user?

changelog.d/3848.add

@@ -1 +0,0 @@
-Add OAuth scope descriptions

changelog.d/3872.remove

@@ -1 +0,0 @@
-remove BBS/SSH feature, replaced by an external bridge.

changelog.d/3873.fix

@@ -1 +0,0 @@
-UploadedMedia: Add missing disposition_type to Content-Disposition

changelog.d/3874.remove

@@ -1 +0,0 @@
-Remove a few unused indexes.

changelog.d/3879.fix

@@ -1 +0,0 @@
-fix not being able to fetch flash file from remote instance

changelog.d/3880.remove

@@ -1 +0,0 @@
-Cleanup OStatus-era user upgrades and ap_enabled indicator

changelog.d/3882.add

@@ -1 +0,0 @@
-Allow lang attribute in status text

changelog.d/3883.fix

@@ -1 +0,0 @@
-Fix abnormal behaviour when refetching a poll

changelog.d/3884.fix

@@ -1 +0,0 @@
-Allow non-HTTP(s) URIs in "url" fields for compatibility with "FEP-fffd: Proxy Objects"

changelog.d/3885.fix

@@ -1 +0,0 @@
-Fix opengraph and twitter card meta tags

changelog.d/3888.fix

@@ -1 +0,0 @@
-ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts

changelog.d/3891.fix

@@ -1 +0,0 @@
-OEmbed HTML tags are now filtered

changelog.d/3897.add

@@ -1 +0,0 @@
-OnlyMedia Upload Filter

changelog.d/3900.change

@@ -0,0 +1 @@
+Update to Phoenix 1.7

changelog.d/3901.security

@@ -1 +0,0 @@
-Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes.

changelog.d/3987.fix

@@ -0,0 +1 @@
+Remove checking ImageMagick's commands for Pleroma.Upload.Filter.AnalyzeMetadata

changelog.d/account-rendering-auth-check.fix

@@ -0,0 +1 @@
+Fix authentication check on account rendering when bio is defined

changelog.d/add-outbox.fix

@@ -0,0 +1 @@
+ap userview: add outbox field.

changelog.d/akkoma-xml-remote-entities.security

@@ -1 +0,0 @@
-Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem

changelog.d/anonymous-exception-else.fix

@@ -0,0 +1 @@
+Fix #strip_report_status_data

changelog.d/attachment-type-check.fix

@@ -1 +0,0 @@
-Restrict attachments to only uploaded files only

changelog.d/authorize-interaction.add

@@ -0,0 +1 @@
+Support /authorize-interaction route used by Mastodon

changelog.d/bad_inbox_request.change

@@ -0,0 +1 @@
+Invalid activities delivered to the inbox will be rejected with a 400 Bad Request

changelog.d/blurhash.change

@@ -0,0 +1 @@
+Replace eblurhash with rinpatch_blurhash. This also removes a dependency on ImageMagick.

changelog.d/chat-attachment-empty-array.fix

@@ -0,0 +1 @@
+ChatMessage: Tolerate attachment field set to an empty array

changelog.d/check-attachment-attribution.security

@@ -1 +0,0 @@
-CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID

changelog.d/delete-status-of-banned-user.fix

@@ -1 +0,0 @@
-Fix error 404 when deleting status of a banned user

changelog.d/deprecate-scrobbles.remove

@@ -1 +0,0 @@
-Deprecate Pleroma's audio scrobbling

changelog.d/deprecations.skip

@@ -0,0 +1 @@
+

changelog.d/digest_emails.fix

@@ -0,0 +1 @@
+Fix the processing of email digest jobs.

changelog.d/disable-xml-entity-resolution.security

@@ -1 +0,0 @@
-Disable XML entity resolution completely to fix a dos vulnerability

changelog.d/dockerfile-config-perms.fix

@@ -1 +0,0 @@
-- Fix config ownership in dockerfile to pass restriction test

changelog.d/docs-max-elixir-erlang.change

@@ -0,0 +1 @@
+- Document maximum supported version of Erlang & Elixir

changelog.d/emoji-download-paginate.fix

@@ -0,0 +1 @@
+When downloading remote emojis packs, account for pagination

changelog.d/emoji-pack-sanitization.security

@@ -1 +0,0 @@
-Emoji pack loader sanitizes pack names

changelog.d/emoji-policy.add

@@ -1 +0,0 @@
-Implement MRF policy to reject or delist according to emojis

changelog.d/emoji-use-v1.fix

@@ -0,0 +1 @@
+Make remote emoji packs API use specifically the V1 URL. Akkoma does not understand it without V1, and it works either way with normal pleroma, so no reason to not do this

changelog.d/favicon.add

@@ -0,0 +1 @@
+Add support for configuring favicon, embed favicon and PWA manifest in server-generated meta

changelog.d/featured-collection-shouldnt-break-user-fetch.fix

@@ -1 +0,0 @@
-Fix user fetch completely broken if featured collection is not in a supported form

changelog.d/federation_status-access.change

@@ -0,0 +1 @@
+- Make `/api/v1/pleroma/federation_status` publicly available

changelog.d/federator-modules.remove

@@ -0,0 +1 @@
+Removed support for multiple federator modules as we only support ActivityPub

changelog.d/finch_redirects.fix

@@ -0,0 +1 @@
+Following HTTP Redirects when the HTTP Adapter is Finch

changelog.d/fix-object-test.fix

@@ -1 +0,0 @@
-Correctly handle the situation when a poll has both "anyOf" and "oneOf" but one of them being empty

changelog.d/frontend-management.add

@@ -0,0 +1 @@
+[docs] add frontends management documentation

changelog.d/group-actor.add

@@ -0,0 +1 @@
+Implement group actors

changelog.d/handle-report-from-deactivated-user.fix

@@ -1 +0,0 @@
-Fix handling report from a deactivated user

changelog.d/handle_object_fetch_failures.change

@@ -0,0 +1 @@
+Remote object fetch failures will prevent the object fetch job from retrying if the object request returns 401, 403, 404, 410, or exceeds the maximum thread depth.

changelog.d/healthcheck-disabled-error.fix

@@ -0,0 +1 @@
+TwitterAPI: Return proper error when healthcheck is disabled

changelog.d/instance-v2.add

@@ -0,0 +1 @@
+Implement /api/v2/instance route

changelog.d/last_status_at.change

@@ -0,0 +1 @@
+- Change AccountView `last_status_at` from a datetime to a date (as done in Mastodon 3.1.0)

changelog.d/local-webfinger.fix

@@ -0,0 +1 @@
+Use correct domain for fqn and InstanceView

changelog.d/meilisearch.add

@@ -0,0 +1 @@
+Add meilisearch, make search engines pluggable

changelog.d/migration-fix.skip

@@ -0,0 +1 @@
+

changelog.d/mrf-regex-error.fix

@@ -0,0 +1 @@
+MRF: Log sensible error for subdomains_regex

changelog.d/mrf-steal-emoji-extname.fix

@@ -0,0 +1 @@
+MRF.StealEmojiPolicy: Properly add fallback extension to filenames missing one

changelog.d/nil-content-map.fix

@@ -0,0 +1 @@
+Support objects with a null contentMap (firefish)

changelog.d/no_new_privs.add

@@ -1 +0,0 @@
-(hardening) Add no_new_privs=yes to OpenRC service files

changelog.d/opengraph-rich-media-proxy.add

@@ -0,0 +1 @@
+Add media proxy to opengraph rich media cards

changelog.d/optimistic-inbox.change

@@ -0,0 +1 @@
+Optimistic Inbox reduces the processing overhead of incoming activities without instantly verifiable signatures.

changelog.d/otp26.add

@@ -0,0 +1 @@
+Support for Erlang OTP 26

changelog.d/otp_perms.security

@@ -1 +0,0 @@
-- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories

changelog.d/prevent-bypassing-authorized-fetch-mode.fix

@@ -1 +0,0 @@
-Prevent using the .json format to bypass authorized fetch mode

changelog.d/prioritize-direct-recipients.add

@@ -0,0 +1 @@
+- Prioritize mentioned recipients (i.e., those that are not just followers) when federating.

changelog.d/promex.change

@@ -0,0 +1 @@
+Change the prometheus library to PromEx.

changelog.d/publisher_discard.change

@@ -0,0 +1 @@
+Activity publishing failures will prevent the job from retrying if the publishing request returns a 403 or 410

changelog.d/publisher_log.change

@@ -0,0 +1 @@
+Publisher errors will now emit logs indicating the inbox that was not available for delivery.

changelog.d/punycode-mention.fix

@@ -1 +0,0 @@
-Fix mentioning punycode domains when using Markdown

changelog.d/qtfaststart.fix

@@ -0,0 +1 @@
+MediaProxy Preview failures prevented when encountering certain video files

changelog.d/quote.add

@@ -1 +0,0 @@
-Implement quotes

changelog.d/reachability.change

@@ -0,0 +1 @@
+Reduce the reachability timestamp update to a single upsert query

changelog.d/scrobble-url.add

@@ -0,0 +1 @@
+Adds the capability to add a URL to a scrobble (optional field)

changelog.d/scrubbers-html4-GtS.add

@@ -0,0 +1 @@
+- scrubbers/default: Add more formatting elements from HTML4 / GoToSocial (acronym, bdo, big, cite, dfn, ins, kbd, q, samp, s, tt, var, wbr)

changelog.d/system-cflags.fix

@@ -0,0 +1 @@
+- Fix eblurhash and elixir-captcha not using system cflags

changelog.d/unified-streaming.add

@@ -1 +0,0 @@
-Add unified streaming endpoint

changelog.d/update-credentials-limit-error.fix

@@ -1 +0,0 @@
-Show more informative errors when profile exceeds char limits

changelog.d/vips.change

@@ -0,0 +1 @@
+Change mediaproxy previews to use vips to generate thumbnails instead of ImageMagick

changelog.d/web_push.fix

@@ -0,0 +1 @@
+Fix web push notifications not successfully delivering