pleroma

hj/pleroma

Author	SHA1	Message	Date
lain	b90ac6b9c7	Merge branch 'develop' into host-verification	2026-05-14 06:01:31 +00:00
Lain Soykaf	c92d233233	Use upstream remote_ip package	2026-05-13 20:04:12 +04:00
Lain Soykaf	9e16332d9d	Update majic to 1.2.0	2026-05-13 18:39:40 +04:00
Phantasm	4810d2536e	ActivityPubController: Use valid signatures in Host header test	2026-05-13 12:16:27 +02:00
lain	47ca427497	Merge pull request 'Better user search' (#7793 ) from gitlab-mr-iid-4416 into develop Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7793	2026-05-13 09:53:52 +00:00
lain	ffff2098f0	Merge pull request 'Signatures: Only true is true.' (#7892 ) from bump/http-signatures-0.1.3 into develop Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7892	2026-05-13 06:09:06 +00:00
Lain Soykaf	68e4bb53a2	Merge branch 'develop' into fix/reject-third-party-reports	2026-05-13 08:49:20 +04:00
nicole mikołajczyk	4d3aea1fce	Handle reports with just actor ap id as the object Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>	2026-05-13 00:56:56 +02:00
Phantasm	2b3ac2d7fe	lint	2026-05-13 00:44:33 +02:00
Phantasm	95eef879d7	ActivityPubController: add mismatched host test	2026-05-13 00:40:53 +02:00
Phantasm	c19bdf3814	SignatureRetryWorker: add mismatched host test, fix tests	2026-05-13 00:33:09 +02:00
Phantasm	6f415cf3fc	EnsureHostMatchesPlug: Remove match against default scheme port Checking against the default port of the Endpoint URL scheme is redundant as normal instances will have the combination https/443 by default created by pleroma.instance gen, Tor-only instances should have combination http/80 and local testing instances httt/XXXX. The default scheme port doesn't add anything usefull in these configs.	2026-05-12 23:31:55 +02:00
Lain Soykaf	0cf865f025	Reject third-party remote reports	2026-05-12 23:50:30 +04:00
Phantasm	35b5447f3f	EnsureHostMatchesPlug: Add more tests	2026-05-12 17:02:28 +02:00
Phantasm	90e390e45b	fix tests	2026-05-12 16:50:35 +02:00
Phantasm	d6d0ce7260	EnsureHostMatchesPlug: Add tests	2026-05-12 16:50:35 +02:00
Lain Soykaf	71afba4825	Signature: Treat HTTP signature errors as invalid	2026-05-12 08:52:42 +04:00
Lain Soykaf	592be493c8	Use published Pleroma MFM parser package	2026-05-11 19:13:01 +04:00
Lain Soykaf	6b86e31e5d	Add backend MFM support	2026-05-11 14:53:06 +04:00
Lain Soykaf	727e9e7749	Fix votersCount inflation in multiple-choice polls increase_vote_count/3 was incrementing votersCount on every vote activity, causing inflation when a single voter picks multiple options. Now only increments when the actor is a new unique voter, and preserves existing votersCount otherwise. Also adds is_integer guard to voters_count/1 to handle nil safely, and adds tests for the voters_count clause ordering and edge cases.	2026-05-06 11:33:34 +04:00
Lain Soykaf	621d86a31d	Validate WebFinger nicknames against actors	2026-05-03 18:02:59 +04:00
Lain Soykaf	6ae02d71bd	Align inbox controller tests with signer mapping	2026-05-03 10:33:42 +04:00
Lain Soykaf	00dd1b5103	Add failed-signature retry regression tests	2026-05-03 10:19:33 +04:00
Lain Soykaf	4acd8c4e72	Log failed-signature retry rejections	2026-05-02 21:08:04 +04:00
Lain Soykaf	a1f7413832	Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into update-spoofing	2026-05-02 16:10:33 +04:00
Lain Soykaf	3dbc570471	Woodpecker CI: Publish update-compatible OTP releases	2026-05-02 11:57:04 +04:00
Lain Soykaf	4337e0eb1b	Fail closed on unresolved signed payloads Reject unknown remote Update targets and invalidate signed payloads when their signer identity cannot be mapped, avoiding crashes and fail-open signature state.	2026-05-01 12:33:26 +04:00
Lain Soykaf	7756f491d5	Split failed-signature inbox retries Route failed-signature ActivityPub inbox retries through a dedicated worker so legacy and malformed retry jobs fail closed before processing.	2026-05-01 08:43:42 +04:00
Lain Soykaf	bd45704dba	Clarify cross-domain spoofing regressions	2026-04-30 17:21:40 +04:00
Lain Soykaf	9c540995b4	Use Mox in spoofing regression tests	2026-04-30 15:36:55 +04:00
Lain Soykaf	80e72b79f5	Add spoofing regression tests	2026-04-30 14:31:06 +04:00
Phantasm	42683e79df	ReceiverWorker: Check that signature matches actor	2026-04-30 01:37:34 +02:00
Phantasm	da28a4c441	ReceiverWorker: Add cancels on actor does not match signature test	2026-04-30 01:37:33 +02:00
Phantasm	cb2271978e	UpdateValidator: fix tests	2026-04-30 00:17:59 +02:00
Phantasm	eb69576154	fix test after embed route got added back	2026-03-31 16:23:21 +02:00
Phantasm	c8baad165b	lint: fix warnings throughout codebase	2026-03-31 16:23:11 +02:00
feld	9db47790bb	Merge pull request 'reverse_proxy,endpoint,uploaded_media: add immutable cache-control flag' (#7835 ) from Yonle/pleroma:develop into develop Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7835	2026-03-26 21:28:50 +00:00
nicole mikołajczyk	9e22baa66a	Merge pull request 'Federate `votersCount` correctly' (#7858 ) from mkljczk/pleroma:poll-voters-count into develop Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7858	2026-03-26 11:55:36 +00:00
nicole mikołajczyk	5aa3c8a06e	Federate `votersCount` correctly Signed-off-by: nicole mikołajczyk <git@mkljczk.pl> Assisted-by: your mother Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>	2026-03-26 12:42:59 +01:00
feld	1d819195b6	Merge pull request 'Search: filter indexable activities before inserting Oban jobs' (#7538 ) from gitlab-mr-iid-4161 into develop Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7538	2026-03-25 20:38:15 +00:00
Mark Felder	711b33d81c	Fix CommonAPI.favorite/2 arg order	2026-03-25 13:32:25 -07:00
Mark Felder	7cc9ba6f06	Merge remote-tracking branch 'origin/develop' into gitlab-mr-iid-4161	2026-03-25 13:31:07 -07:00
feld	63c9c7ea92	Merge pull request 'Harden rate limiter to deal with configuration issues' (#7795 ) from gitlab-mr-iid-4418 into develop Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7795	2026-03-25 19:55:08 +00:00
feld	d1bd24ba64	Merge pull request 'ReverseProxy: Follow redirects recursively until redirect_limit' (#7812 ) from gitlab-mr-iid-4435 into develop Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7812	2026-03-25 19:53:47 +00:00
feld	eabfb2bd47	Merge pull request 'Fix LiveDashboard redirect not working when user added a path segment' (#7830 ) from live-dashboard-fix-redirect into develop Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7830	2026-03-25 19:49:40 +00:00
feld	876913d2af	Merge pull request 'Fix error codes for missing static files' (#7850 ) from shibao/pleroma:static-fix into develop Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7850 Reviewed-by: Phantasm <phnt@noreply.git.pleroma.social>	2026-03-25 19:49:05 +00:00
Phantasm	645211812e	Elixir 1.19 MRFTest: Replace matchable_regexes with regexes_match! func	2026-03-25 11:15:45 -07:00
Phantasm	ee55764501	lint	2026-03-25 11:14:42 -07:00
Phantasm	a9ad6297b7	Elixir 1.19: Fix Mastodon StatusControllerTest DateTime difference	2026-03-25 11:14:38 -07:00
Phantasm	6a3b5b3218	Elixir 1.19: Fix MRFTest regex tests It is no longer possible to match regexes. Instead at least match that the sources of the regexes (regexes themselves) are the same. Notice the +1 Reference number below. 2) test subdomain_match/2 wildcard domains with one subdomain (Pleroma.Web.ActivityPub.MRFTest) test/pleroma/web/activity_pub/mrf_test.exs:36 Assertion with == failed code: assert regexes == [~r/^(.\.)unsafe.tld$/i] left: [%Regex{opts: [:caseless], re_pattern: {:re_pattern, 1, 0, 0, #Reference<0.378940835.3277193222.129648>}, source: "^(.\\.)unsafe.tld$"}] right: [%Regex{opts: [:caseless], re_pattern: {:re_pattern, 1, 0, 0, #Reference<0.378940835.3277193222.129649>}, source: "^(.\\.)unsafe.tld$"}] stacktrace: test/pleroma/web/activity_pub/mrf_test.exs:39: (test)	2026-03-25 11:14:33 -07:00

1 2 3 4 5 ...

6,787 commits