Release: 23.1

Gemfile.lock

@@ -99,7 +99,7 @@ GEM
     ast (2.4.3)
     attr_required (1.0.2)
     aws-eventstream (1.4.0)
-    aws-partitions (1.1227.0)
+    aws-partitions (1.1238.0)
     aws-sdk-core (3.244.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
@@ -111,7 +111,7 @@ GEM
     aws-sdk-kms (1.123.0)
       aws-sdk-core (~> 3, >= 3.244.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.217.0)
+    aws-sdk-s3 (1.219.0)
       aws-sdk-core (~> 3, >= 3.244.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -121,7 +121,7 @@ GEM
       rexml
     base64 (0.3.0)
     bcp47_spec (0.2.1)
-    bcrypt (3.1.21)
+    bcrypt (3.1.22)
     benchmark (0.5.0)
     better_errors (2.10.1)
       erubi (>= 1.0.0)
@@ -631,7 +631,7 @@ GEM
       activesupport (>= 3.0.0)
     raabro (1.4.0)
     racc (1.8.1)
-    rack (3.2.5)
+    rack (3.2.6)
     rack-attack (6.8.0)
       rack (>= 1.0, < 4)
     rack-cors (3.0.0)
@@ -650,7 +650,7 @@ GEM
       rack (>= 3.0.0, < 4)
     rack-proxy (0.7.7)
       rack
-    rack-session (2.1.1)
+    rack-session (2.1.2)
       base64 (>= 0.1.0)
       rack (>= 3.0.0)
     rack-test (2.2.0)

app/helpers/context_helper.rb

@@ -44,7 +44,7 @@ module ContextHelper
     },
     quote_requests: { 'QuoteRequest' => 'https://w3id.org/fep/044f#QuoteRequest' },
     quotes: {
-      'quote' => 'https://w3id.org/fep/044f#quote',
+      'quote' => { '@id' => 'https://w3id.org/fep/044f#quote', '@type' => '@id' },
       'quoteUri' => 'http://fedibird.com/ns#quoteUri',
       '_misskey_quote' => 'https://misskey-hub.net/ns#_misskey_quote',
       'quoteAuthorization' => { '@id' => 'https://w3id.org/fep/044f#quoteAuthorization', '@type' => '@id' },

app/javascript/mastodon/actions/notifications.js

@@ -47,8 +47,10 @@ export function updateEmojiReactions(emoji_reaction) {
 
 export function updateNotifications(notification, intlMessages, intlLocale) {
   return (dispatch, getState) => {
-    const showAlert    = getState().getIn(['settings', 'notifications', 'alerts', notification.type], true);
-    const playSound    = getState().getIn(['settings', 'notifications', 'sounds', notification.type], true);
+    const filterType = notification.type === 'quoted_update' ? 'update' : notification.type;
+
+    const showAlert    = getState().getIn(['settings', 'notifications', 'alerts', filterType], true);
+    const playSound    = getState().getIn(['settings', 'notifications', 'sounds', filterType], true);
 
     let filtered = false;
 

app/models/user.rb

@@ -97,7 +97,7 @@ class User < ApplicationRecord
 
   has_one :custom_css, inverse_of: :user, dependent: :destroy
 
-  validates :email, presence: true, email_address: true
+  validates :email, presence: true, email_address: true, length: { maximum: 320 }
 
   validates_with UserEmailValidator, if: -> { ENV['EMAIL_DOMAIN_LISTS_APPLY_AFTER_CONFIRMATION'] == 'true' || !confirmed? }
   validates_with EmailMxValidator, if: :validate_email_dns?

app/policies/status_policy.rb

@@ -26,9 +26,8 @@ def show_activity?
     following_author_domain?
   end
 
-  # This is about requesting a quote post, not validating it
   def quote?
-    show? && record.quote_policy_for_account(current_account) != :denied
+    show? && !blocking_author? && record.quote_policy_for_account(current_account) != :denied
   end
 
   def reblog?

app/services/activitypub/process_account_service.rb

@@ -32,8 +32,15 @@ def call(username, domain, json, options = {})
     @options[:request_id] ||= "#{Time.now.utc.to_i}-#{username}@#{domain}"
 
     with_redis_lock("process_account:#{@uri}") do
-      @account            = Account.remote.find_by(uri: @uri) if @options[:only_key]
-      @account          ||= Account.find_remote(@username, @domain)
+      if @options[:only_key]
+        # `only_key` is used to update an existing account known by its `uri`.
+        # Lookup by handle and new account creation do not make sense in this case.
+        @account = Account.remote.find_by(uri: @uri)
+        return if @account.nil?
+      else
+        @account = Account.find_remote(@username, @domain)
+      end
+
       @old_public_key     = @account&.public_key
       @old_protocol       = @account&.protocol
       @old_searchability  = @account&.searchability

app/validators/email_address_validator.rb

@@ -11,8 +11,14 @@ def validate_each(record, attribute, value)
     value = value.strip
 
     address = Mail::Address.new(value)
-    record.errors.add(attribute, :invalid) if address.address != value
+    record.errors.add(attribute, :invalid) if address.address != value || contains_disallowed_characters?(value)
   rescue Mail::Field::FieldError
     record.errors.add(attribute, :invalid)
   end
+
+  private
+
+  def contains_disallowed_characters?(value)
+    value.include?('%') || value.include?(',') || value.include?('"')
+  end
 end

docker-compose.yml

@@ -59,7 +59,7 @@ services:
   web:
     # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
     build: .
-    image: kmyblue:23.0
+    image: kmyblue:23.1
     restart: always
     env_file: .env.production
     command: bundle exec puma -C config/puma.rb
@@ -83,7 +83,7 @@ services:
     build:
       dockerfile: ./streaming/Dockerfile
       context: .
-    image: kmyblue-streaming:23.0
+    image: kmyblue-streaming:23.1
     restart: always
     env_file: .env.production
     command: node ./streaming/index.js
@@ -101,7 +101,7 @@ services:
 
   sidekiq:
     build: .
-    image: kmyblue:23.0
+    image: kmyblue:23.1
     restart: always
     env_file: .env.production
     command: bundle exec sidekiq

lib/mastodon/version.rb

@@ -13,7 +13,7 @@ def kmyblue_major
     end
 
     def kmyblue_minor
-      0
+      1
     end
 
     def kmyblue_flag
@@ -35,7 +35,7 @@ def patch
     end
 
     def default_prerelease
-      'alpha.6'
+      'alpha.7'
     end
 
     def prerelease

lib/tasks/dev.rake

@@ -441,7 +441,7 @@ namespace :dev do
         text: 'This post has a manual quote policy',
         account: remote_account,
         visibility: :public,
-        quote_approval_policy: Status::QUOTE_APPROVAL_POLICY_FLAGS[:public]
+        quote_approval_policy: InteractionPolicy::POLICY_FLAGS[:public]
       ).find_or_create_by!(id: 10_000_030)
     end
   end

lib/tasks/mastodon.rake

@@ -27,6 +27,12 @@ namespace :mastodon do
         q.messages[:valid?] = 'Invalid domain. If you intend to use unicode characters, enter punycode here'
       end
 
+      if env['LOCAL_DOMAIN'].include?('mastodon') || env['LOCAL_DOMAIN'].include?('mstdn')
+        prompt.warn 'The Mastodon name is a trademark and its use is restricted.'
+        prompt.warn 'You can read the trademark policy at https://joinmastodon.org/trademark'
+        next prompt.warn 'Nothing saved. Bye!' if prompt.no?('Continue anyway?')
+      end
+
       prompt.say "\n"
 
       prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')

package.json

@@ -61,7 +61,7 @@
     "@vitejs/plugin-react": "^5.0.0",
     "arrow-key-navigation": "^1.2.0",
     "async-mutex": "^0.5.0",
-    "axios": "^1.4.0",
+    "axios": "^1.15.0",
     "babel-plugin-formatjs": "^10.5.37",
     "babel-plugin-transform-react-remove-prop-types": "^0.4.24",
     "baseline-browser-mapping": "^2.8.30",
@@ -85,11 +85,11 @@
     "hoist-non-react-statics": "^3.3.2",
     "http-link-header": "^1.1.1",
     "idb": "^8.0.3",
-    "immutable": "^4.3.0",
+    "immutable": "^4.3.7",
     "intl-messageformat": "^10.7.16",
     "js-yaml": "^4.1.0",
     "lande": "^1.0.10",
-    "lodash": "^4.17.21",
+    "lodash": "4.18.1",
     "marky": "^1.2.5",
     "path-complete-extname": "^1.0.0",
     "postcss-preset-env": "^11.0.0",

spec/requests/api/v1/statuses_spec.rb

@@ -406,6 +406,56 @@
         end
       end
 
+      context 'with a quote in an unlisted message' do
+        let!(:quoted_status) { Fabricate(:status, quote_approval_policy: InteractionPolicy::POLICY_FLAGS[:public] << 16) }
+        let(:params) do
+          {
+            status: 'Hello, this is a quote',
+            quoted_status_id: quoted_status.id,
+            visibility: 'unlisted',
+          }
+        end
+
+        it 'returns a quote post, as well as rate limit headers', :aggregate_failures do
+          expect { subject }.to change(user.account.statuses, :count).by(1)
+
+          expect(response).to have_http_status(200)
+          expect(response.content_type)
+            .to start_with('application/json')
+          expect(response.parsed_body[:quote]).to be_present
+          expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s
+          expect(response.headers['X-RateLimit-Remaining']).to eq (RateLimiter::FAMILIES[:statuses][:limit] - 1).to_s
+        end
+
+        context 'when the quoter is blocked by the quotee' do
+          before do
+            quoted_status.account.block!(user.account)
+          end
+
+          it 'returns an error and does not create a post', :aggregate_failures do
+            expect { subject }.to_not change(user.account.statuses, :count)
+
+            expect(response).to have_http_status(404)
+            expect(response.content_type)
+              .to start_with('application/json')
+          end
+        end
+
+        context 'when the quotee is blocked by the quoter' do
+          before do
+            user.account.block!(quoted_status.account)
+          end
+
+          it 'returns an error and does not create a post', :aggregate_failures do
+            expect { subject }.to_not change(user.account.statuses, :count)
+
+            expect(response).to have_http_status(404)
+            expect(response.content_type)
+              .to start_with('application/json')
+          end
+        end
+      end
+
       context 'with a quote of a reblog' do
         let(:quoted_status) { Fabricate(:status, quote_approval_policy: InteractionPolicy::POLICY_FLAGS[:public] << 16) }
         let(:reblog) { Fabricate(:status, reblog: quoted_status) }