Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into auth-fetch-exception

changelog.d/3987.fix

@@ -0,0 +1 @@
+Remove checking ImageMagick's commands for Pleroma.Upload.Filter.AnalyzeMetadata

changelog.d/account-rendering-auth-check.fix

@@ -0,0 +1 @@
+Fix authentication check on account rendering when bio is defined

changelog.d/add-outbox.fix

@@ -0,0 +1 @@
+ap userview: add outbox field.

changelog.d/akkoma-xml-remote-entities.security

@@ -1 +0,0 @@
-Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem

changelog.d/anonymous-exception-else.fix

@@ -0,0 +1 @@
+Fix #strip_report_status_data

changelog.d/authorize-interaction.add

@@ -0,0 +1 @@
+Support /authorize-interaction route used by Mastodon

changelog.d/backups-follows.add

@@ -0,0 +1 @@
+Include following/followers in backups

changelog.d/bad_inbox_request.change

@@ -0,0 +1 @@
+Invalid activities delivered to the inbox will be rejected with a 400 Bad Request

changelog.d/bandit.change

@@ -0,0 +1 @@
+Support Bandit as an alternative to Cowboy for the HTTP server. 

changelog.d/blurhash.change

@@ -0,0 +1 @@
+Replace eblurhash with rinpatch_blurhash. This also removes a dependency on ImageMagick.

changelog.d/bookmark-folders.add

@@ -0,0 +1 @@
+Allow to group bookmarks in folders

changelog.d/bugfix-ccworks.fix

@@ -0,0 +1 @@
+Fix federation with Convergence AP Bridge

changelog.d/card-endpoint.remove

@@ -0,0 +1 @@
+Mastodon API: Remove deprecated GET /api/v1/statuses/:id/card endpoint https://github.com/mastodon/mastodon/pull/11213

changelog.d/card-image-description.add

@@ -0,0 +1 @@
+Include image description in status media cards

changelog.d/chat-attachment-empty-array.fix

@@ -0,0 +1 @@
+ChatMessage: Tolerate attachment field set to an empty array

changelog.d/check-attachment-attribution.security

@@ -1 +0,0 @@
-CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID

changelog.d/config-stat-symlink.fix

@@ -0,0 +1 @@
+- Config: Check the permissions of the linked file instead of the symlink

changelog.d/content-length.fix

@@ -0,0 +1 @@
+MediaProxy was setting the content-length header which is not permitted by RFC9112§6.2 when we are chunking the reply as it conflicts with the existence of the transfer-encoding header.

changelog.d/deprecations.skip

@@ -0,0 +1 @@
+

changelog.d/emoji-download-paginate.fix

@@ -0,0 +1 @@
+When downloading remote emojis packs, account for pagination

changelog.d/emoji-pack-sanitization.security

@@ -1 +0,0 @@
-Emoji pack loader sanitizes pack names

changelog.d/emoji-use-v1.fix

@@ -0,0 +1 @@
+Make remote emoji packs API use specifically the V1 URL. Akkoma does not understand it without V1, and it works either way with normal pleroma, so no reason to not do this

changelog.d/familiar-followers.add

@@ -0,0 +1 @@
+Implement `/api/v1/accounts/familiar_followers`

changelog.d/favicon.add

@@ -0,0 +1 @@
+Add support for configuring favicon, embed favicon and PWA manifest in server-generated meta

changelog.d/federator-modules.remove

@@ -0,0 +1 @@
+Removed support for multiple federator modules as we only support ActivityPub

changelog.d/fep-2c59.add

@@ -0,0 +1 @@
+Implement FEP-2c59, add "webfinger" to user actor

changelog.d/ffmpeg-limiter.add

@@ -0,0 +1 @@
+Framegrabs with ffmpeg will execute with a 5 second timeout and cache the URLs of failures with a TTL of 15 minutes to prevent excessive retries.

changelog.d/finch_redirects.fix

@@ -0,0 +1 @@
+Following HTTP Redirects when the HTTP Adapter is Finch

changelog.d/force-mention-mrf.add

@@ -0,0 +1 @@
+Add ForceMention MRF

changelog.d/framegrabs.fix

@@ -0,0 +1 @@
+Video framegrabs were not working correctly after the change to use Exile to execute ffmpeg

changelog.d/frontend-management.add

@@ -0,0 +1 @@
+[docs] add frontends management documentation

changelog.d/group-actor.add

@@ -0,0 +1 @@
+Implement group actors

changelog.d/gun_pool.fix

@@ -0,0 +1 @@
+Fix logic error in Gun connection pooling which prevented retries even when the worker was launched with retry = true

changelog.d/gun_pool2.fix

@@ -0,0 +1 @@
+Connection pool errors when publishing an activity is a soft-error that will be retried shortly.

changelog.d/handle_object_fetch_failures.change

@@ -0,0 +1 @@
+Remote object fetch failures will prevent the object fetch job from retrying if the object request returns 401, 403, 404, 410, or exceeds the maximum thread depth.

changelog.d/instance-contact-account.add

@@ -0,0 +1 @@
+Add contact account to InstanceView

changelog.d/instance-rules.add

@@ -0,0 +1 @@
+Add instance rules

changelog.d/instance-v2.add

@@ -0,0 +1 @@
+Implement /api/v2/instance route

changelog.d/issue-3241.fix

@@ -0,0 +1 @@
+Handle cases when users.inbox is nil.

changelog.d/last_status_at.change

@@ -0,0 +1 @@
+- Change AccountView `last_status_at` from a datetime to a date (as done in Mastodon 3.1.0)

changelog.d/link-verification.add

@@ -0,0 +1 @@
+Verify profile link ownership with rel="me"

changelog.d/local-webfinger.fix

@@ -0,0 +1 @@
+Use correct domain for fqn and InstanceView

changelog.d/mark-read.fix

@@ -0,0 +1 @@
+The query for marking notifications as read has been simplified

changelog.d/mastodon_api_v2.add

@@ -0,0 +1 @@
+Add new parameters to /api/v2/instance: configuration[accounts][max_pinned_statuses] and configuration[statuses][characters_reserved_per_url]

changelog.d/mastodon_directory.fix

@@ -0,0 +1 @@
+Mastodon API /api/v1/directory: Fix listing directory contents when not authenticated

changelog.d/memleak.fix

@@ -0,0 +1 @@
+Fix a memory leak caused by Websocket connections that would not enter a state where a full garbage collection run could be triggered.

changelog.d/migration-fix.skip

@@ -0,0 +1 @@
+

changelog.d/missing-mrfs.add

@@ -0,0 +1 @@
+Startup detection for configured MRF modules that are missing or incorrectly defined

changelog.d/mrf-regex-error.fix

@@ -0,0 +1 @@
+MRF: Log sensible error for subdomains_regex

changelog.d/mrf-steal-emoji-extname.fix

@@ -0,0 +1 @@
+MRF.StealEmojiPolicy: Properly add fallback extension to filenames missing one

changelog.d/mrf_hashtags.fix

@@ -0,0 +1 @@
+Federated timeline removal of hashtags via MRF HashtagPolicy

changelog.d/nil-content-map.fix

@@ -0,0 +1 @@
+Support objects with a null contentMap (firefish)

changelog.d/notifications-index.fix

@@ -0,0 +1 @@
+Fix notifications query which was not using the index properly

changelog.d/notifications.fix

@@ -0,0 +1 @@
+Notifications: improve performance by filtering on users table instead of activities table

changelog.d/oauth-nickname.skip

@@ -0,0 +1 @@
+Use User.full_nickname/1 in oauth html template

changelog.d/opengraph-rich-media-proxy.add

@@ -0,0 +1 @@
+Add media proxy to opengraph rich media cards

changelog.d/optimistic-inbox.change

@@ -0,0 +1 @@
+Optimistic Inbox reduces the processing overhead of incoming activities without instantly verifiable signatures.

changelog.d/otp26.add

@@ -0,0 +1 @@
+Support for Erlang OTP 26

changelog.d/otp_perms.security

@@ -1 +0,0 @@
-- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories

changelog.d/postgres-jit.change

@@ -0,0 +1 @@
+Disable jit by default for PostgreSQL

changelog.d/prioritize-direct-recipients.add

@@ -0,0 +1 @@
+- Prioritize mentioned recipients (i.e., those that are not just followers) when federating.

changelog.d/promex.change

@@ -0,0 +1 @@
+Change the prometheus library to PromEx.

changelog.d/public-polls.add

@@ -0,0 +1 @@
+Expose nonAnonymous field from Smithereen polls

changelog.d/publisher_discard.change

@@ -0,0 +1 @@
+Activity publishing failures will prevent the job from retrying if the publishing request returns a 403 or 410

changelog.d/publisher_log.change

@@ -0,0 +1 @@
+Publisher errors will now emit logs indicating the inbox that was not available for delivery.

changelog.d/qtfaststart.fix

@@ -0,0 +1 @@
+MediaProxy Preview failures prevented when encountering certain video files

changelog.d/reachability.change

@@ -0,0 +1 @@
+Reduce the reachability timestamp update to a single upsert query

changelog.d/receiverworker-error-handling.fix

@@ -0,0 +1 @@
+ReceiverWorker: Make sure non-{:ok, _} is returned as {:error, …}