Releases: diaspora/diaspora
Releases · diaspora/diaspora
diaspora* 0.7.18.2
This release addresses possible security issues when processing images uploaded by users that is affecting some system configurations.
This fix was heavily inspired by Mastodon's fix for GHSA-9928-3cp5-93fm, and while diaspora*s attack surface is significantly smaller and some operating systems do ship a restrictive ImageMagick policy, this release makes sure that everyone is safe.
Thank you Cure53 for finding this issue, thank you Mozilla for paying Cure53 to look into it, and thanks for Mastodon for fixing it.
diaspora* 0.7.18.1
Bug fixes
- Update binstubs to fix diaspora* being unable to start when multiple bundler versions were available #8392
diaspora* 0.7.18.0
Refactor
- Fix order-dependent jasmine test failures and switch to random order #8333
- Get rid of some uses of "execute_script" in feature specs #8331
- Fix deprecation warnings for sidekiq 7.0 #8359
- Remove entypo-rails dependency to prepare for rails 6 #8361
- Remove compass-rails dependency which is not supported anymore #8362
- Switch to sassc-rails which speeds up
assets:precompile
a lot #8362 - Remove markerb dependency which doesn't exist anymore #8365
- Upgrade to rails 6.1 #8366
- Update the suggested Ruby version to 2.7. If you run into trouble during the update and you followed our installation guides, run
rvm install 2.7
. #8366 - Upgrade to bundler 2 #8366
- Stop checking
/.well-known/host-meta
, check for/.well-known/nodeinfo
instead #8377 - Handle NodeInfo timeouts gracefully #8380
Bug fixes
- Fix that no mails were sent after photo export #8365
- Fix people with quotes in the name causing issues with mail sender #8365
Features
diaspora* 0.7.17.0
Security
- Bump Rails to 5.2.7 to address CVE-2022-22577 and CVE-2022-27777 #8350
- Do not allow the user to mass assign their own password and 2fa settings alongside other parameters. Reported by Breno Vitório (@brenu) - thank you! #8351
Bug fixes
- Don't suggest to retry exports on failure #8343
diaspora* 0.7.16.0
Security
- Update rails to fix CVE-2022-23633 #8336
Refactor
- Cache local posts/comments count for statistics #8241
- Fix html-syntax in some handlebars templates #8251
- Remove
chat_enabled
flag from archive export #8265 - Change thumbnails in image slideshow to squares #8275
- Replace uglifier with terser for JS compression #8268
Bug fixes
- Ensure the log folder exists #8287
- Limit name length in header #8313
- Fix fallback avatar in hovercards #8316
- Use old person private key for export if relayable author migrated away #8310
Features
- Add tags to tumblr posts #8244
- Add blocks to the archive export #8263
- Allow points and dashes in the username #8266
- Add support for footnotes in markdown #8277
- Send
AccountMigration
if receiving message to a migrated account #8288 - Add podmin mail address to the footer #8242
- Add username to password-reset mail #8037
- Resend account migration and deletion for closed recipients #8309
- Add sharing status to hovercards #8317
- Migrate photo URLs and cleanup old uploaded photos #8314
diaspora* 0.7.15.0
Refactor
- Replaced some
http://
links in the UI with theirhttps://
counterparts #8207 - Testing: Replaced phantomjs with headless Chrome/Chromium #8234
Bug fixes
- Update comment counter when deleting a comment in the Single Post View #7938
- Link diaspora only poduptime list #8174
- Delete a user's invitation code during account deletion #8202
- Bump mimemagic #8231
- Removed support for defunct Uni Heidelberg OSM tile server, Mapbox is now required if you want to show maps #8215
- Render only two fractional digits in the posts per user/day admin statistics #8227
- Make aspect dropdowns scrollable #8213
- Fix
Photo#ownserhip_of_status_message
validation #8214
Features
- Support and recommend TOML as configuration format #8132
diaspora* 0.7.14.0
Refactor
- Update the suggested Ruby version to 2.6. If you run into trouble during the update and you followed our installation guides, run
rvm install 2.6
. #7929
Bug fixes
diaspora* 0.7.13.0
Security
- Fixes USN-4274-1, a potential Denial-of-Service vulnerability in Nokogiri. #8108
Refactor
- Set better example values for unicorn stdout/stderr log settings #8058
- Replace dependency on rails-assets.org with custom gems cache at gems.diasporafoundation.org #8087
Bug fixes
- Fix error while trying to fetch some sites with invalid OpenGraph data #8049
- Don't show sign up link on mobile when registrations are disabled #8060
Features
- Add cronjob to cleanup pending photos which were never posted #8041