Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix performance of streaming by parsing message JSON once #25278

Merged
merged 1 commit into from Jun 9, 2023
Merged

Fix performance of streaming by parsing message JSON once #25278

merged 1 commit into from Jun 9, 2023

Conversation

ThisIsMissEm
Copy link
Contributor

Currently anytime a message is published on Redis topic, that message is parsed as JSON once per websocket subscriber to that topic, rather than once per message received off redis, this means we're repeating the work of parsing that message N times, despite the result being the same.

This is a quick performance gain that we can make with some degree of confidence to address some of the CPU and GC churn of streaming. Early performance profiling by @imsofi indicates that just parsing JSON is approximately 3.3% - 7% of the total work done by the streaming server in a given period of time for production traffic loads.

This branch is based off main, so merging will cause conflicts for #24702, but hopefully not in a way that's too painful to resolve.

@renchap renchap added the streaming Streaming server label Jun 5, 2023
@Gargron Gargron merged commit 16dd3f0 into mastodon:main Jun 9, 2023
24 checks passed
@ThisIsMissEm ThisIsMissEm mentioned this pull request Jun 10, 2023
Merged
ClearlyClaire pushed a commit to ClearlyClaire/mastodon that referenced this pull request Jun 21, 2023
@ThisIsMissEm @ClearlyClaire
Fix performance of streaming by parsing message JSON once (mastodon#2…
b2464e5 
…5278)
@ClearlyClaire ClearlyClaire mentioned this pull request Jun 21, 2023
Merged
ClearlyClaire pushed a commit to ClearlyClaire/mastodon that referenced this pull request Jun 21, 2023
@ThisIsMissEm @ClearlyClaire
Fix performance of streaming by parsing message JSON once (mastodon#2…
ae72d02 
…5278)
@ClearlyClaire ClearlyClaire mentioned this pull request Jun 21, 2023
Merged
ClearlyClaire pushed a commit to ClearlyClaire/mastodon that referenced this pull request Jun 21, 2023
@ThisIsMissEm @ClearlyClaire
Fix performance of streaming by parsing message JSON once (mastodon#2…
0de6e07 
…5278)
This was referenced Jun 21, 2023
Closed
Merged
ClearlyClaire pushed a commit that referenced this pull request Jul 6, 2023
@ThisIsMissEm @ClearlyClaire
Fix performance of streaming by parsing message JSON once (#25278)
e78ee58
ClearlyClaire pushed a commit that referenced this pull request Jul 6, 2023
@ThisIsMissEm @ClearlyClaire
Fix performance of streaming by parsing message JSON once (#25278)
f94aee0
ClearlyClaire pushed a commit that referenced this pull request Jul 6, 2023
@ThisIsMissEm @ClearlyClaire
Fix performance of streaming by parsing message JSON once (#25278)
6f819c7
IsabelaY pushed a commit to IsabelaY/mastodon that referenced this pull request Jul 6, 2023
@ThisIsMissEm @IsabelaY
Fix performance of streaming by parsing message JSON once (mastodon#2…
52344a7 
…5278)
F-Finene pushed a commit to F-Finene/mastodon that referenced this pull request Jul 7, 2023
@ThisIsMissEm @F-Finene
Fix performance of streaming by parsing message JSON once (mastodon#2…
42c743e 
…5278)

(cherry picked from commit e78ee58)
skerit pushed a commit to 11ways/mastodon that referenced this pull request Jul 7, 2023
@ThisIsMissEm @skerit
Fix performance of streaming by parsing message JSON once (mastodon#2…
094774b 
…5278)
vitunvuohi added a commit to meemudotorg/mastodon that referenced this pull request Jul 8, 2023
@vitunvuohi @mjankowski
@renovate @nschonni @ClearlyClaire @renchap @Gargron @jsgoldstein @danielmbrasil @ThisIsMissEm @c960657 @S-H-GAMELINKS @j-f1 @dariusk @ljcooke @johnholdun @ineffyble @hobgoblina @alfe @takayamaki @Plastikmensch @taichi221228 @iparr @mgmn @viviicat @forsamori @xdesign-sambc @nemobis @goatrocks
Updatemeemu (#16)
e517e64 
* Fix `RSpec/DescribedClass` cop (mastodon#25104)

* Update dependency redis to v4.6.7 (mastodon#25300)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Autofix Rubocop Regex Style rules (mastodon#23690)

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Fix `RSpec/DescribedClass` cop missed items (mastodon#25309)

* Fix RSpec/MissingExampleGroupArgument cop (mastodon#25310)

* Configure RenovateBot to add proper language labels (mastodon#25316)

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Nick Schonning <nschonni@gmail.com>

* Change design of dropdowns in web UI (mastodon#25107)

* Add `legal` as report category (mastodon#23941)

* Fix compatibility of recent migration with PostgreSQL 10 (mastodon#25324)

* Update dependency sass-loader to v10.4.1 (mastodon#25315)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency dotenv to v16.1.3 (mastodon#25302)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency webpack-bundle-analyzer to v4.9.0 (mastodon#25327)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Remove reference to deleted statsd config file (mastodon#25336)

* Fix translations for changing theme  (mastodon#25340)

* Migrate to request specs in `/api/v1/admin/email_domain_blocks` (mastodon#25337)

* Remove unused `redis_info` method Admin::Dashboard (mastodon#25345)

* Add Ruby & Bundler versions to Gemfile.lock (mastodon#25317)

* Fix performance of streaming by parsing message JSON once (mastodon#25278)

* Add time zone preference (mastodon#25342)

* [Glitch] Upgrade react-intl

Port 44cd88a to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Translate CW, poll options and media descriptions

Port 6905746 to glitch-soc

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix prev/next buttons color in media viewer

Port 675672f to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Add a confirmation screen when suspending a domain

Port e9385e9 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix using Date.now() instead of intl.now()

Port b3f9a0d to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix `/share` and cleanup and reorganize frontend locale loading

Port b0780cf to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix spacing of middle dots in the detailed status meta section

Port acc419b to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Add card with who invited you to join when displaying rules on sign-up

Port SCSS from 0766c9a to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Add exclusive lists

Port bacb674 to glitch-soc

Co-authored-by: Liam Cooke <liam@liamcooke.com>
Co-authored-by: John Holdun <john@johnholdun.com>
Co-authored-by: Effy Elden <effy@effy.space>
Co-authored-by: Lina Reyne <git@lina.pizza>
Co-authored-by: Lina <20880695+necropolina@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix design issues with recent react-intl upgrade

Port c2c3961 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix not shown announcements in hometimeline.

Port a6c898f to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Add data-nosnippet so Google doesn't use trending posts in snippets for /

Port 1483a3d to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Rewrite `<LoadMore />` as FC and TS

Port fb5bf5c to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Change design of dropdowns in web UI

Port e4fd950 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* Switch to using a `common` runtime chunk rather than `locales`

* Fix logging of messages that are binary before closing their connection (mastodon#25361)

* Disable paperclip processing in specs (mastodon#25359)

* Use `build` where possible in fabricators (mastodon#25360)

* Migrate to request specs in `/api/v1/admin/reports` (mastodon#25355)

* Migrate to request specs in `/api/v1/admin/domain_blocks` (mastodon#25335)

* Migrate to request specs in `/api/v1/admin/domain_allows` (mastodon#25333)

* Migrate to request specs in `/api/v1/admin/ip_blocks` (mastodon#25331)

* Migrate to request specs in `/api/v1/admin/canonical_email_blocks` (mastodon#25330)

* migrate test for `GET /api/v1/accounts/{account_id}` to request spec (mastodon#25322)

* Add logging of websocket send errors (mastodon#25280)

* Add coverage for `CLI::Cache` command (mastodon#25238)

* Add coverage for `CLI::Feeds` command (mastodon#25319)

* Reduce `RSpec/MultipleExpectations` cop max to 8 (mastodon#25313)

* Fix some translation strings inconsistencies

* Change "bot" label to "automated" (mastodon#25356)

* Rewrite <LoadPending /> as FC and TS (mastodon#25363)

* [Glitch] Change "direct message" nomenclature to "private mention" in web UI (mastodon#2158)

Port 68a192e to glitch-soc

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Add unsubscribe link to e-mails (mastodon#25378)

* Enable paperclip for account attachment examples (mastodon#25381)

* Remove unused shared examples for scoped settings (mastodon#25389)

* Add missing report category translation (mastodon#25400)

* Update Rubocop 1.52.1 (mastodon#25376)

* Rewrite `<LoadingIndicator/>` as FC and TS  (mastodon#25364)

* Rewrite `emoji_mart_data_light` as TS (mastodon#25138)

* Fix CAPTCHA page not following design pattern of sign-up flow (mastodon#25395)

* Change edit profile page (mastodon#25413)

* Fix ArgumentError when loading newer Private Mentions (mastodon#25399)

* Fix always redirecting to onboarding in web UI (mastodon#25396)

* Update dependency aws-sdk-s3 to v1.124.0 (mastodon#25297)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency capybara to v3.39.2 (mastodon#25407)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update babel monorepo to v7.22.5 (mastodon#25405)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Renaud Chaput <renchap@gmail.com>

* Extract shared examples from api specs (mastodon#25387)

* Migrate to request specs in `/api/v1/apps` (mastodon#25401)

* Migrate to request specs in `/api/v1/apps/verify_credentials` (mastodon#25404)

* Speed improvement for `AccountsStatusesCleanupScheduler` spec (mastodon#25406)

* Reduce factory data created in spec/models/trends/statuses spec (mastodon#25410)

* Update dependency glob to v10.2.7 (mastodon#25417)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update formatjs monorepo (mastodon#25418)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency redis-namespace to v1.11.0 (mastodon#25421)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency sass to v1.63.3 (mastodon#25422)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix `ArgumentError` in `/api/v1/admin/accounts/:id/action` (mastodon#25386)

* Migrate to request specs in `/api/v1/follow_requests` (mastodon#25411)

* Migrate to request specs in `/api/v1/domain_blocks` (mastodon#25414)

* Update rubocop-rspec to version 2.22.0, fix `RSpec/IndexedLet` cop (mastodon#24698)

* Update devDependencies (non-major) (mastodon#25427)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update libretranslate/libretranslate Docker tag to v1.3.11 (mastodon#25428)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency core-js to v3.31.0 (mastodon#25430)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency intl-messageformat to v10.5.0 (mastodon#25431)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Lock file maintenance (mastodon#25434)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Migrate to request specs in `/api/v1/lists` (mastodon#25443)

* Update dependency better_errors to v2.10.1 (mastodon#25445)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Remove Ruby GC config from spec helper (mastodon#25455)

* Fix non-interactive upload container being given a `button` role and tabIndex (mastodon#25462)

* Update dependency aws-sdk-s3 to v1.125.0 (mastodon#25458)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* [Glitch] Change "bot" label to "automated"

Port 432a5d2 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Rewrite <LoadPending /> as FC and TS

Port dfaf59d to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Add missing report category translation

Port 1cb4514 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Rewrite `<LoadingIndicator/>` as FC and TS (mastodon#25364)

Port a86886b to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Rewrite `emoji_mart_data_light` as TS

Port 3b5e302 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix CAPTCHA page not following design pattern of sign-up flow

Port 39110d1 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* Fix glitch-soc-only test being broken by refactor of the surrounding tests

* [Glitch] Fix non-interactive upload container being given a `button` role and tabIndex

Port c9d06d1 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* Fix cross-origin loading of locales (mastodon#25498)

* Migrate to request specs in `/api/v1/tags` (mastodon#25439)

* Fix incorrect pagination headers in `/api/v2/admin/accounts` (mastodon#25477)

* Update dependency aws-sdk-s3 to v1.126.0 (mastodon#25480)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Remove unused `picture_hint` helper method (mastodon#25485)

* Combine assertions in api/v1/notifications spec (mastodon#25486)

* Add coverage for `UserMailer` methods (mastodon#25484)

* Update dependency dotenv to v16.2.0 (mastodon#25506)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Reduce `sleep` time in request pool spec (mastodon#25470)

* Rewrite `<AutosuggestHashtag />` as FC and TS (mastodon#25481)

* Fix user settings not getting validated (mastodon#25508)

* Re-allow title attribute in <abbr> (mastodon#2254)

* Re-allow title attribute in <abbr>

This was accidentally removed in 7623e18

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Add test

Add a new test to check that title attribute on <abbr> is kept.

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

---------

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Prevent UserCleanupScheduler from overwhelming streaming (mastodon#25519)

* Add translate="no" to outgoing mentions and links (mastodon#25524)

* Fix wrong view being displayed when a webhook fails validation (mastodon#25464)

* Migrate to request specs in `/api/v1/admin/account_actions` (mastodon#25514)

* Fix missing validation on `default_privacy` setting (mastodon#25513)

* Fix /api/v1/conversations sometimes returning empty accounts (mastodon#25499)

* Add per-test timeouts to AutoStatusesCleanupScheduler tests (mastodon#24841)

* Change emoji picker icon (mastodon#25479)

* Migrate to request specs in `/api/v1/suggestions` (mastodon#25540)

* Speed-up on `BackupService` spec (mastodon#25527)

* Fix custom signup URL may not loaded (mastodon#25531)

* Speed-up on `StatusesController` spec (mastodon#25549)

* Add finer permission requirements for managing webhooks (mastodon#25463)

* Reduce `Admin::Reports::Actions` spec db activity (mastodon#25465)

* Fix `RSpec/VerifiedDoubles` cop (mastodon#25469)

* Change /api/v1/statuses/:id/history to always return at least one item (mastodon#25510)

* Fix j/k keyboard shortcuts on some status lists (mastodon#25554)

* Use default `bootsnap/setup` in boot.rb (mastodon#25502)

* Add POST /api/v1/conversations/:id/unread (mastodon#25509)

* Add onboarding prompt when home feed too slow in web UI (mastodon#25267)

* Remove unique accounts condition from Home onboarding prompt (mastodon#25556)

* Change labels and styles on the onboarding screen in web UI (mastodon#25559)

* Fix verified badge in account lists potentially including rel="me" links (mastodon#25561)

* [Glitch] Rewrite `<AutosuggestHashtag />` as FC and TS

Port 804488d to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Change emoji picker icon

Port 69db507 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix custom signup URL may not loaded

Port 8d2c268 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix j/k keyboard shortcuts on some status lists

Port a8c1c8b to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Add onboarding prompt when home feed too slow in web UI

Port 00ec439 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Remove unique accounts condition from Home onboarding prompt

Port 0842a68 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* Fix search not being easily findable on smaller screens in web UI (mastodon#25576)

* Fix onboarding prompt flashing while home feed is loading in web UI (mastodon#25579)

* Change header backgrounds to use fewer different colors in web UI (mastodon#25577)

* Fix compose form not being shown when clicking “Make your first post” on mobile (mastodon#25581)

* Improve dismissable banner buttons when they dont fit on 1 line (mastodon#25580)

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Change files to be deleted in batches instead of one-by-one (mastodon#23302)

* Remove media attachment only when file was exist (mastodon#25586)

* Update dependency react-redux to v8.1.1 (mastodon#25432)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix batch attachment deletion leaving empty directories (mastodon#25587)

* Update dependency rails to v6.1.7.4 (mastodon#25606)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency sass to v1.63.6 (mastodon#25607)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency react-textarea-autosize to v8.5.0 (mastodon#25610)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency pg-connection-string to v2.6.1 (mastodon#25605)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency pg to v8.11.1 (mastodon#25604)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update mcr.microsoft.com/devcontainers/ruby Docker tag to v1 (mastodon#25613)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency glob to v10.3.0 (mastodon#25608)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix suspending an already-limited domain (mastodon#25603)

* [Glitch] Fix search not being easily findable on smaller screens in web UI

Port 2b78c07 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix onboarding prompt flashing while home feed is loading in web UI

Port 65aa046 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Improve dismissable banner buttons when they dont fit on 1 line

Port ae30a60 to glitch-soc

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* Remove the search button from UI header when logged out (mastodon#25631)

* Change account search to match by text when opted-in (mastodon#25599)

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

* Fix ResolveURLService not resolving local URLs for remote content (mastodon#25637)

* Remove `pkg-config` gem dependency (mastodon#25615)

* Update Crowdin configuration file

* Fix onboarding prompt being displayed because of disconnection gaps (mastodon#25617)

* Use an Immutable Record as the root state (mastodon#25584)

* Add index to backups on `user_id` column (mastodon#25647)

* Fix rails `rewhere` deprecation warning in directories api controller (mastodon#25625)

* Remove unused routes (mastodon#25578)

* Fixing an issue with a missing argument (mastodon#2261)

undefined

* Update uri to version 0.12.2 (CVE fix) (mastodon#25657)

* Change local and federated timelines to be in a single firehose column (mastodon#25641)

* Fix HTTP 500 in `/api/v1/emails/check_confirmation` (mastodon#25595)

* Rails 7 update (mastodon#24241)

* Change dropdown icon above compose form from ellipsis to bars in web UI (mastodon#25661)

* Prevent duplicate concurrent calls of `/api/*/instance` in web UI (mastodon#25663)

* Revert "Rails 7 update" (mastodon#25667)

* [Glitch] Remove the search button from UI header when logged out

Port 285a691 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix onboarding prompt being displayed because of disconnection gaps

Port 9934949 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Use an Immutable Record as the root state

Port 78ba12f to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Change local and federated timelines to be in a single firehose column

Port cea9db5 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Change dropdown icon above compose form from ellipsis to bars in web UI

Port 0512537 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Prevent duplicate concurrent calls of `/api/*/instance` in web UI

Port 5b46345 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* Fix inefficient query when requesting a new confirmation email from a logged-in account (mastodon#25669)

* Add superapp index on `oauth_applications` (mastodon#25670)

* Add users index on unconfirmed_email (mastodon#25672)

* Show local-only posts in “All” by default, and add back option to toggle it

* Fix showing local only toots in "All" (mastodon#2265)

* Fix warnings about missing dependency in hooks

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Add `allowLocalOnly` to timelineId

Without this local-only toots will never be loaded.

feedType is checked to be public to not show local-only toots in the "Remote" tab.

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

---------

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Change button colors to increase hover/focus contrast and consistency (mastodon#25677)

* Add regex filter back to firehose (mastodon#2266)

* Add regex filter back to firehose

The regex filter will apply to all tabs and not be automatically applied when pinned.

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Keep regex when pinned

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

---------

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Fix regression of icon button colors in web UI (mastodon#25679)

* Fix `/api/v2/search` not working with following query param (mastodon#25681)

* Change labels of live feeds tabs in web UI (mastodon#25683)

* Add at-symbol prepended to mention span title (mastodon#25684)

Co-authored-by: Sam BC <samuel.balbirnie-cumming@xdesign.com>

* Fix local live feeds does not expand (mastodon#25694)

* Fix forgotten unconfirmed_email migration file (mastodon#25702)

* fix read more button overlapping thread line bug (mastodon#25706)

* Fix re-activated accounts being deleted by AccountDeletionWorker (mastodon#25711)

* Fix OAuth apps page crashing when listing apps with certain admin API scopes (mastodon#25713)

* Add button to see results for polls in web UI (mastodon#25726)

* Add canonical link tags in web UI (mastodon#25715)

* [Glitch] Change labels of live feeds tabs in web UI

Port 54a1052 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Add at-symbol prepended to mention span title

Port d9a5c1a to glitch-soc

Co-authored-by: Sam BC <samuel.balbirnie-cumming@xdesign.com>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix local live feeds does not expand

Port 6268188 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Add canonical link tags in web UI

Port 000b835 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Add button to see results for polls in web UI

Port b7910bc to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Change button colors to increase hover/focus contrast and consistency

Port 54cb679 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* [Glitch] Fix regression of icon button colors in web UI

Port 69e124e to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

* Add hardened headers to user-uploaded files (mastodon#25756)

* Merge pull request from GHSA-ccm4-vgcc-73hp

* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes

* Merge pull request from GHSA-9928-3cp5-93fm

* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged

* Merge pull request from GHSA-9pxv-6qvf-pjwc

* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now

* Merge pull request from GHSA-55j9-c3mp-6fcq

* Bump version to v4.1.3 (mastodon#25757)

* Fix incorrect secondary button size (mastodon#2276)

* Fix processing of media files with unusual names (mastodon#25788)

* Update dependency sanitize to v6.0.2 [SECURITY] (mastodon#25777)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix typo in CHANGELOG.md (mastodon#25764)

* Fix branding:generate_app_icons failing because of disallowed ICO coder (mastodon#25794)

* Fix crash in admin interface when viewing a remote user with verified links (mastodon#25796)

* Tag images with the latest tag only when running against the latest stable branch (mastodon#25803)

* Bump version to v4.1.4 (mastodon#25805)

* woo

---------

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>
Co-authored-by: Matt Jankowski <matt@jankowski.online>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Nick Schonning <nschonni@gmail.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Renaud Chaput <renchap@gmail.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: jsgoldstein <jakegoldstein95@gmail.com>
Co-authored-by: Daniel M Brasil <danielmbrasil@protonmail.com>
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Co-authored-by: Christian Schmidt <github@chsc.dk>
Co-authored-by: S.H <gamelinks007@gmail.com>
Co-authored-by: Jed Fox <git@jedfox.com>
Co-authored-by: Darius Kazemi <darius.kazemi@gmail.com>
Co-authored-by: Liam Cooke <liam@liamcooke.com>
Co-authored-by: John Holdun <john@johnholdun.com>
Co-authored-by: Effy Elden <effy@effy.space>
Co-authored-by: Lina Reyne <git@lina.pizza>
Co-authored-by: Lina <20880695+necropolina@users.noreply.github.com>
Co-authored-by: alfe <alfe10251+github@gmail.com>
Co-authored-by: fusagiko / takayamaki <24884114+takayamaki@users.noreply.github.com>
Co-authored-by: alfe <alfe10251@gmail.com>
Co-authored-by: Plastikmensch <Plastikmensch@users.noreply.github.com>
Co-authored-by: たいち ひ <taichi221228@icloud.com>
Co-authored-by: Ian <ian@devolute.net>
Co-authored-by: mogaminsk <mgmnjp@icloud.com>
Co-authored-by: Vivianne <puttabutta@gmail.com>
Co-authored-by: Trevor Wolf <teeerevor@gmail.com>
Co-authored-by: forsamori <forsamori@yahoo.co.uk>
Co-authored-by: Sam BC <samuel.balbirnie-cumming@xdesign.com>
Co-authored-by: nemobis <federicoleva@tiscali.it>
Co-authored-by: m c <458905+goatrocks@users.noreply.github.com>
@ClearlyClaire ClearlyClaire mentioned this pull request Jul 25, 2023
Merged
nrdufour added a commit to nrdufour/home-ops that referenced this pull request Aug 1, 2023
@nrdufour
chore(deps): update ghcr.io/mastodon/mastodon docker tag to v4.1.6 (#17)
e68ee5e 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/mastodon/mastodon](https://github.com/mastodon/mastodon) | patch | `v4.1.2` -> `v4.1.6` |

---

### Release Notes

<details>
<summary>mastodon/mastodon (ghcr.io/mastodon/mastodon)</summary>

### [`v4.1.6`](https://github.com/mastodon/mastodon/releases/tag/v4.1.6)

[Compare Source](mastodon/mastodon@v4.1.5...v4.1.6)

<h1><picture>
  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
</picture></h1>

> ⚠️ We recently released critical security updates, so if you are still using 4.1.2 or below, 4.0.4 or below, or 3.5.8 or below, please update as soon as possible (see the release notes for [v4.1.4](https://github.com/mastodon/mastodon/releases/tag/v4.1.4)).

#### Upgrade overview

ℹ️ Requires streaming API restart

For more information, scroll down to the upgrade instructions section.

#### Changelog

##### Fixed

-   Fix memory leak in streaming server ([ThisIsMissEm](mastodon/mastodon#26228))
-   Fix wrong filters sometimes applying in streaming ([ClearlyClaire](mastodon/mastodon#26159), [ThisIsMissEm](mastodon/mastodon#26213), [renchap](mastodon/mastodon#26233))
-   Fix incorrect connect timeout in outgoing requests ([ClearlyClaire](mastodon/mastodon#26116))

#### Upgrade notes

To get the code for v4.1.6, use `git fetch && git checkout v4.1.6`.

> As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: `docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump`

##### Dependencies

External dependencies have not changed compared to v4.1.5, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

-   Ruby: 2.7 to 3.0
-   PostgreSQL: 9.5 or newer
-   Elasticsearch (optional, for full-text search): 7.x
-   Redis: 4 or newer
-   Node: >= 14, < 18
-   ImageMagick: 6.9.7-7 or newer

> If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it [on this page](mastodon/mastodon#25776).

##### Update steps

The following instructions are for updating from 4.1.5.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

**Non-Docker only:**

1.  Install dependencies: `bundle install` and `yarn install`

**Both Docker and non-Docker:**

1.  Restart all Mastodon processes

### [`v4.1.5`](https://github.com/mastodon/mastodon/releases/tag/v4.1.5)

[Compare Source](mastodon/mastodon@v4.1.4...v4.1.5)

<h1><picture>
  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
</picture></h1>

> ⚠️ We recently released critical security updates, so if you are still using 4.1.2 or below, 4.0.4 or below, or 3.5.8 or below, please update as soon as possible (see the release notes for [v4.1.4](https://github.com/mastodon/mastodon/releases/tag/v4.1.4)).

#### Changelog

##### Added

-   Add check preventing Sidekiq workers from running with Makara configured ([ClearlyClaire](mastodon/mastodon#25850))

##### Changed

-   Change request timeout handling to use a longer deadline ([ClearlyClaire](mastodon/mastodon#26055))

##### Fixed

-   Fix moderation interface for remote instances with a .zip TLD ([ClearlyClaire](mastodon/mastodon#25885))
-   Fix remote accounts being possibly persisted to database with incomplete protocol values ([ClearlyClaire](mastodon/mastodon#25886))
-   Fix trending publishers table not rendering correctly on narrow screens ([vmstan](mastodon/mastodon#25945))

##### Security

-   Fix CSP headers being unintentionally wide ([ClearlyClaire](mastodon/mastodon#26105))

#### Upgrade notes

To get the code for v4.1.5, use `git fetch && git checkout v4.1.5`.

> As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: `docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump`

##### Dependencies

External dependencies have not changed compared to v4.1.4, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

-   Ruby: 2.7 to 3.0
-   PostgreSQL: 9.5 or newer
-   Elasticsearch (optional, for full-text search): 7.x
-   Redis: 4 or newer
-   Node: >= 14, < 18
-   ImageMagick: 6.9.7-7 or newer

> If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it [on this page](mastodon/mastodon#25776).

##### Update steps

The following instructions are for updating from 4.1.4.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

**Non-Docker only:**

1.  Install dependencies: `bundle install` and `yarn install`

**Both Docker and non-Docker:**

1.  Restart all Mastodon processes

### [`v4.1.4`](https://github.com/mastodon/mastodon/releases/tag/v4.1.4)

[Compare Source](mastodon/mastodon@v4.1.3...v4.1.4)

<h1><picture>
  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
</picture></h1>

> This release addresses a few issues that were missed in the last security update and includes changelogs for both updates.
>
> ⚠️ It is a follow-up to the important 4.1.3 security release fixing multiple **critical security issues** (CVE-2023-36460, CVE-2023-36459).
>
> Corresponding security releases are available for the [4.0.x branch](https://github.com/mastodon/mastodon/releases/tag/v4.0.6) and the [3.5.x branch](https://github.com/mastodon/mastodon/releases/tag/v3.5.10).
> If you are using nightly builds, **do not use this release** but update to `nightly-2023-07-07-v4.1.4` or newer instead. If you are on the `main` branch, update to the latest commit.

#### Upgrade overview

This release contains upgrade notes that deviate from the norm:

ℹ️ Requires streaming API restart
ℹ️ There are suggested reverse proxy configuration changes
:warning: The minimal supported ImageMagick version has been bumped to 6.9.7-7

For more information, scroll down to the upgrade instructions section.

#### Changelog (v4.1.4)

##### Fixed

-   Fix branding:generate_app_icons failing because of disallowed ICO coder ([ClearlyClaire](mastodon/mastodon#25794))
-   Fix crash in admin interface when viewing a remote user with verified links ([ClearlyClaire](mastodon/mastodon#25796))
-   Fix processing of media files with unusual names ([ClearlyClaire](mastodon/mastodon#25788))

#### Changelog (v4.1.3)

##### Added

-   Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` ([ClearlyClaire](mastodon/mastodon#23600))

##### Changed

-   Change OpenGraph-based embeds to allow fullscreen ([ClearlyClaire](mastodon/mastodon#25058))
-   Change AccessTokensVacuum to also delete expired tokens ([ClearlyClaire](mastodon/mastodon#24868))
-   Change profile updates to be sent to recently-mentioned servers ([ClearlyClaire](mastodon/mastodon#24852))
-   Change automatic post deletion thresholds and load detection ([ClearlyClaire](mastodon/mastodon#24614))
-   Change `/api/v1/statuses/:id/history` to always return at least one item ([ClearlyClaire](mastodon/mastodon#25510))
-   Change auto-linking to allow carets in URL query params ([renchap](mastodon/mastodon#25216))

##### Removed

-   Remove invalid `X-Frame-Options: ALLOWALL` ([ClearlyClaire](mastodon/mastodon#25070))

##### Fixed

-   Fix wrong view being displayed when a webhook fails validation ([ClearlyClaire](mastodon/mastodon#25464))
-   Fix soft-deleted post cleanup scheduler overwhelming the streaming server ([ThisIsMissEm](mastodon/mastodon#25519))
-   Fix incorrect pagination headers in `/api/v2/admin/accounts` ([danielmbrasil](mastodon/mastodon#25477))
-   Fix multiple inefficiencies in automatic post cleanup worker ([ClearlyClaire](mastodon/mastodon#24607), [ClearlyClaire](mastodon/mastodon#24785), [ClearlyClaire](mastodon/mastodon#24840))
-   Fix performance of streaming by parsing message JSON once ([ThisIsMissEm](mastodon/mastodon#25278), [ThisIsMissEm](mastodon/mastodon#25361))
-   Fix CSP headers when `S3_ALIAS_HOST` includes a path component ([ClearlyClaire](mastodon/mastodon#25273))
-   Fix `tootctl accounts approve --number N` not aproving N earliest registrations ([danielmbrasil](mastodon/mastodon#24605))
-   Fix reports not being closed when performing batch suspensions ([ClearlyClaire](mastodon/mastodon#24988))
-   Fix being able to vote on your own polls ([ClearlyClaire](mastodon/mastodon#25015))
-   Fix race condition when reblogging a status ([ClearlyClaire](mastodon/mastodon#25016))
-   Fix “Authorized applications” inefficiently and incorrectly getting last use date ([ClearlyClaire](mastodon/mastodon#25060))
-   Fix “Authorized applications” crashing when listing apps with certain admin API scopes ([ClearlyClaire](mastodon/mastodon#25713))
-   Fix multiple N+1s in ConversationsController ([ClearlyClaire](mastodon/mastodon#25134), [ClearlyClaire](mastodon/mastodon#25399), [ClearlyClaire](mastodon/mastodon#25499))
-   Fix user archive takeouts when using OpenStack Swift ([ClearlyClaire](mastodon/mastodon#24431))
-   Fix searching for remote content by URL not working under certain conditions ([ClearlyClaire](mastodon/mastodon#25637))
-   Fix inefficiencies in indexing content for search ([VyrCossont](mastodon/mastodon#24285), [VyrCossont](mastodon/mastodon#24342))

##### Security

-   Add finer permission requirements for managing webhooks ([ClearlyClaire](mastodon/mastodon#25463))
-   Update dependencies
-   Add hardening headers for user-uploaded files ([ClearlyClaire](mastodon/mastodon#25756))
-   Fix verified links possibly hiding important parts of the URL (CVE-2023-36462)
-   Fix timeout handling of outbound HTTP requests (CVE-2023-36461)
-   Fix arbitrary file creation through media processing (CVE-2023-36460)
-   Fix possible XSS in preview cards (CVE-2023-36459)

#### Upgrade notes

To get the code for v4.1.4, use `git fetch && git checkout v4.1.4`.

> As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db\_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

##### Dependencies

Apart from ImageMagick, external dependencies have not changed compared to v4.1.2, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

-   Ruby: 2.7 to 3.0
-   PostgreSQL: 9.5 or newer
-   Elasticsearch (optional, for full-text search): 7.x
-   Redis: 4 or newer
-   Node: >= 14, < 18
-   ImageMagick: 6.9.7-7 or newer

If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more informations and ways to fix it [on this page](mastodon/mastodon#25776).

##### Update steps

The following instructions are for updating from 4.1.2.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

**Non-Docker only:**

1.  Install dependencies: `bundle install` and `yarn install`

**Both Docker and non-Docker:**

ℹ️ The recommended configuration for reverse proxies has been updated. Unlike updating Mastodon itself, this is not urgent, but hardening. The change is about setting `Content-Security-Policy: default-src 'none'; form-action 'none'` and `X-Content-Type-Options: nosniff` on assets. Check `dist/nginx.conf` for more information, and [the documentation](https://docs.joinmastodon.org/admin/optional/object-storage-proxy/) if you are proxying external object storage.

1.  Restart all Mastodon processes

### [`v4.1.3`](https://github.com/mastodon/mastodon/releases/tag/v4.1.3)

[Compare Source](mastodon/mastodon@v4.1.2...v4.1.3)

<h1><picture>
  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
</picture></h1>

> ⚠️ This release is an important security release fixing multiple **critical security issues** (CVE-2023-36460, CVE-2023-36459).
>
> Corresponding security releases are available for the [4.0.x branch](https://github.com/mastodon/mastodon/releases/tag/v4.0.5) and the [3.5.x branch](https://github.com/mastodon/mastodon/releases/tag/v3.5.9).
> If you are using nightly builds, **do not use this release** but update to `nightly-2023-07-06-security` or newer instead. If you are on the `main` branch, update to the latest commit.

#### Upgrade overview

This release contains upgrade notes that deviate from the norm:

ℹ️ Requires streaming API restart
ℹ️ There are suggested reverse proxy configuration changes
:warning: The minimal supported ImageMagick version has been bumped to 6.9.7-7

For more information, scroll down to the upgrade instructions section.

#### Changelog

##### Added

-   Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` ([ClearlyClaire](mastodon/mastodon#23600))

##### Changed

-   Change OpenGraph-based embeds to allow fullscreen ([ClearlyClaire](mastodon/mastodon#25058))
-   Change AccessTokensVacuum to also delete expired tokens ([ClearlyClaire](mastodon/mastodon#24868))
-   Change profile updates to be sent to recently-mentioned servers ([ClearlyClaire](mastodon/mastodon#24852))
-   Change automatic post deletion thresholds and load detection ([ClearlyClaire](mastodon/mastodon#24614))
-   Change `/api/v1/statuses/:id/history` to always return at least one item ([ClearlyClaire](mastodon/mastodon#25510))
-   Change auto-linking to allow carets in URL query params ([renchap](mastodon/mastodon#25216))

##### Removed

-   Remove invalid `X-Frame-Options: ALLOWALL` ([ClearlyClaire](mastodon/mastodon#25070))

##### Fixed

-   Fix wrong view being displayed when a webhook fails validation ([ClearlyClaire](mastodon/mastodon#25464))
-   Fix soft-deleted post cleanup scheduler overwhelming the streaming server ([ThisIsMissEm](mastodon/mastodon#25519))
-   Fix incorrect pagination headers in `/api/v2/admin/accounts` ([danielmbrasil](mastodon/mastodon#25477))
-   Fix multiple inefficiencies in automatic post cleanup worker ([ClearlyClaire](mastodon/mastodon#24607), [ClearlyClaire](mastodon/mastodon#24785), [ClearlyClaire](mastodon/mastodon#24840))
-   Fix performance of streaming by parsing message JSON once ([ThisIsMissEm](mastodon/mastodon#25278), [ThisIsMissEm](mastodon/mastodon#25361))
-   Fix CSP headers when `S3_ALIAS_HOST` includes a path component ([ClearlyClaire](mastodon/mastodon#25273))
-   Fix `tootctl accounts approve --number N` not aproving N earliest registrations ([danielmbrasil](mastodon/mastodon#24605))
-   Fix reports not being closed when performing batch suspensions ([ClearlyClaire](mastodon/mastodon#24988))
-   Fix being able to vote on your own polls ([ClearlyClaire](mastodon/mastodon#25015))
-   Fix race condition when reblogging a status ([ClearlyClaire](mastodon/mastodon#25016))
-   Fix “Authorized applications” inefficiently and incorrectly getting last use date ([ClearlyClaire](mastodon/mastodon#25060))
-   Fix “Authorized applications” crashing when listing apps with certain admin API scopes ([ClearlyClaire](mastodon/mastodon#25713))
-   Fix multiple N+1s in ConversationsController ([ClearlyClaire](mastodon/mastodon#25134), [ClearlyClaire](mastodon/mastodon#25399), [ClearlyClaire](mastodon/mastodon#25499))
-   Fix user archive takeouts when using OpenStack Swift ([ClearlyClaire](mastodon/mastodon#24431))
-   Fix searching for remote content by URL not working under certain conditions ([ClearlyClaire](mastodon/mastodon#25637))
-   Fix inefficiencies in indexing content for search ([VyrCossont](mastodon/mastodon#24285), [VyrCossont](mastodon/mastodon#24342))

##### Security

-   Add finer permission requirements for managing webhooks ([ClearlyClaire](mastodon/mastodon#25463))
-   Update dependencies
-   Add hardening headers for user-uploaded files ([ClearlyClaire](mastodon/mastodon#25756))
-   Fix verified links possibly hiding important parts of the URL (CVE-2023-36462)
-   Fix timeout handling of outbound HTTP requests (CVE-2023-36461)
-   Fix arbitrary file creation through media processing (CVE-2023-36460)
-   Fix possible XSS in preview cards (CVE-2023-36459)

#### Upgrade notes

To get the code for v4.1.3, use `git fetch && git checkout v4.1.3`.

> As always, **make sure you have backups of the database before performing any upgrades**. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db\_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump

##### Dependencies

Apart from ImageMagick, external dependencies have not changed compared to v4.1.2, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is:

-   Ruby: 2.7 to 3.0
-   PostgreSQL: 9.5 or newer
-   Elasticsearch (optional, for full-text search): 7.x
-   Redis: 4 or newer
-   Node: >= 14, < 18
-   ImageMagick: 6.9.7-7 or newer

If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more informations and ways to fix it [on this page](mastodon/mastodon#25776).

##### Update steps

The following instructions are for updating from 4.1.2.

If you are upgrading directly from an earlier release, please carefully read the upgrade notes for the skipped releases as well, as they often require extra steps such as database migrations.

**Non-Docker only:**

1.  Install dependencies: `bundle install` and `yarn install`

**Both Docker and non-Docker:**

ℹ️ The recommended configuration for reverse proxies has been updated. Unlike updating Mastodon itself, this is not urgent, but hardening. The change is about setting `Content-Security-Policy: default-src 'none'; form-action 'none'` and `X-Content-Type-Options: nosniff` on assets. Check `dist/nginx.conf` for more information, and [the documentation](https://docs.joinmastodon.org/admin/optional/object-storage-proxy/) if you are proxying external object storage.

1.  Restart all Mastodon processes

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yMy4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Reviewed-on: https://git.home/nrdufour/home-ops/pulls/17
Co-authored-by: Renovate <renovate@ptinem.io>
Co-committed-by: Renovate <renovate@ptinem.io>
@ThisIsMissEm ThisIsMissEm mentioned this pull request Aug 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ClearlyClaire ClearlyClaire ClearlyClaire approved these changes

Assignees
No one assigned
Labels
streaming Streaming server
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ThisIsMissEm @ClearlyClaire @renchap @Gargron