mastodon-app/CHANGELOG
Johannes Zellner fdc4e20c77 Bump version
2024-02-14 18:05:43 +01:00

450 lines
24 KiB
Text

[0.1.0]
* Initial Cloudron packaging
[1.0.0]
* Initial stable version
[1.1.0]
* Update Mastodon to 3.1.2
[1.1.1]
* Run db migration script on updates
[1.1.2]
* Update Mastodon to 3.1.3
* Add ability to filter audit log in admin UI (Gargron)
* Add titles to warning presets in admin UI (Gargron)
* Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (Gargron)
* Add ability to delete files uploaded for settings in admin UI (ThibG)
* Add sorting by username, creation and last activity in admin UI (ThibG)
* Add explanation as to why unlocked accounts may have follow requests in web UI (ThibG)
* Add link to bookmarks to dropdown in web UI (mayaeh)
* Add support for links to statuses in announcements to be opened in web UI (ThibG, ThibG)
* Add tooltips to audio/video player buttons in web UI (ariasuni)
* Add submit button to the top of preferences pages (guigeekz)
[1.2.0]
* Use latest base image 2.0.0
* Update the memory limit to 1.5.GB
[1.3.0]
* Add forumUrl
[1.3.1]
* Update Mastodon to 3.1.5
* [Full changelog](https://github.com/tootsuite/mastodon/releases/tag/v3.1.5)
* Security: Fix media attachment enumeration (ThibG)
* Security: Change rate limits for various paths (Gargron)
* Security: Fix other sessions not being logged out on password change (Gargron)
[1.4.0]
* Update Mastodon to 3.2.0
* [Full changelog](https://github.com/tootsuite/mastodon/releases/tag/v3.2.0)
* Add hotkey for toggling content warning input in web UI (ThibG)
* Add support for summary field for media description in ActivityPub (ThibG)
* Add hints about incomplete remote content to web UI (Gargron, noellabo)
* Add personal notes for accounts (ThibG, Gargron, Sasha-Sorokin)
* Add customizable thumbnails for audio and video attachments (Gargron, Gargron, Gargron, Gargron, ThibG, ThibG, noellabo, noellabo)
* Add a visibility indicator to toots in web UI (noellabo, highemerly)
* Add tootctl email_domain_blocks (tateisu, Gargron)
* Add "Add new domain block" to header of federation page in admin UI (ariasuni)
* Add ability to keep emoji picker open with ctrl+click in web UI (bclindner, noellabo)
* Add custom icon for private boosts in web UI (ThibG)
* Add support for Create and Update activities that don't inline objects in ActivityPub (ThibG)
* Add support for Undo activities that don't inline activities in ActivityPub (ThibG)
[1.4.1]
* Add cron job to cleanup cached files
[1.4.2]
* Update Mastodon to 3.2.1
* [Full changelog](https://github.com/tootsuite/mastodon/releases/tag/v3.2.1)
* Add support for latest HTTP Signatures spec draft (ThibG)
* Add support for inlined objects in ActivityPub to/cc (ThibG)
* Fix crash when failing to load emoji picker in web UI (ThibG)
* Fix contrast requirements in thumbnail color extraction (ThibG)
* Fix audio/video player not using CDN_HOST on public pages (ThibG)
* Fix private boost icon not being used on public pages (OmmyZhang)
* Fix audio player on Safari in web UI (ThibG, ThibG)
[1.4.3]
* Install ffmpeg. This was causing sidekiq jobs to fail
[1.4.4]
* Update Mastodon to 3.2.2
* Remove dependency on unused and unmaintained http_parser.rb gem (ThibG)
* Fix Move handler not being triggered when failing to fetch target account (ThibG)
* Fix downloading remote media files when server returns empty filename (ThibG)
* Fix possible casing inconsistencies in hashtag search (ThibG)
* Fix updating account counters when association is not yet created (Gargron)
* Fix account processing failing because of large collections (ThibG)
* Fix resolving an account through its non-canonical form (i.e. alternate domain) (ThibG)
* Fix slow distinct queries where grouped queries are faster (Gargron)
* Fix 2FA/sign-in token sessions being valid after password change (Gargron)
* Fix resolving accounts sometimes creating duplicate records for a given ActivityPub identifier (ThibG)
[1.5.0]
* Update Mastodon to 3.3.0
* [Full changelog](https://github.com/tootsuite/mastodon/releases/tag/v3.3.0)
* Add hotkeys for audio/video control in web UI (Gargron, Gargron)
* Add expand/compress button on media modal in web UI (mashirozx, mashirozx, mashirozx)
* Add border around man_dancing emoji in web UI (ThibG)
* Add border around beetle emoji in web UI (ThibG)
* Add home link to the getting started column when home isn't mounted (ThibG)
* Add option to disable swiping motions across the web UI (ThibG)
* Add pop-out player for audio/video in web UI (Gargron, Gargron, Gargron, noellabo)
[1.6.0]
* Update base image to v3
[1.6.1]
* Update Mastodon to 3.4.0
* Add follow recommendations for onboarding
* Update dependencies
[1.6.2]
* Update Mastodon to 3.4.1
* Add new emoji assets from Twemoji 13.1.0
* Fix some ActivityPub identifiers in server actor outbox (ClearlyClaire)
* Fix custom CSS path setting cookies and being uncacheable due to it (tribela)
* Fix unread notification count when polling in web UI (ClearlyClaire)
* Fix health check not being accessible through localhost (ClearlyClaire)
* Fix some redis locks auto-releasing too fast (ClearlyClaire, ClearlyClaire)
* Fix e-mail confirmations API not working correctly (Gargron)
* Fix migration script not being able to run if it fails midway (ClearlyClaire)
* Fix account deletion sometimes failing because of optimistic locks (ClearlyClaire)
* Fix deprecated slash as division in SASS files (ClearlyClaire)
* Fix tootctl search deploy compatibility error on Ruby 3 (ClearlyClaire)
* Fix mailer jobs for deleted notifications erroring out (ClearlyClaire)
[1.7.0]
* Add `/app/data/config.sh` to customize puma, sidekiq and streaming configs
[1.7.1]
* Update Mastodon to 3.4.3
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v3.4.2)
* Fix handling of back button with modal windows in web UI (ClearlyClaire)
* Fix pop-in player when author has long username in web UI (ClearlyClaire)
* Fix crash when a status with a playing video gets deleted in web UI (ClearlyClaire)
* Fix crash with Microsoft Translate in web UI (ClearlyClaire)
* Fix PWA not being usable from alternate domains (HolgerHuo)
* Fix locale-specific number rounding errors (ClearlyClaire)
* Fix scheduling a status decreasing status count (ClearlyClaire)
* Fix user's canonical email address being blocked when user deletes own account (ClearlyClaire)
[1.7.2]
* Update Mastodon to 3.4.4
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v3.4.4)
* Fix error when suspending user with an already blocked canonical email (ClearlyClaire)
* Fix overflow of long profile fields in admin UI (ClearlyClaire)
* Fix confusing error when WebFinger request returns empty document (ClearlyClaire)
* Fix upload of remote media with OpenStack Swift sometimes failing (ClearlyClaire)
* Fix logout link not working in Safari (noellabo)
* Fix “open” link of media modal not closing modal in web UI (ClearlyClaire)
* Fix replying from modal in web UI (ClearlyClaire)
[1.7.3]
* Update base image to 3.2.0
[1.7.4]
* Update Mastodon to 3.4.5
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v3.4.5)
[1.7.5]
* Update Mastodon to 3.4.6
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v3.4.6)
* Fix mastodon:webpush:generate_vapid_key task requiring a functional environment (ClearlyClaire)
* Fix spurious errors when receiving an Add activity for a private post (ClearlyClaire)
* Fix error-prone SQL queries (ClearlyClaire)
* Fix not compacting incoming signed JSON-LD activities (puckipedia, ClearlyClaire) (CVE-2022-24307)
* Fix insufficient sanitization of report comments (ClearlyClaire)
* Fix stop condition of a Common Table Expression (ClearlyClaire)
* Disable legacy XSS filtering (Wonderfall)
[1.8.0]
* Update Mastodon to 3.5.0
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v3.5.0)
* Add support for incoming edited posts
* Add appeals for moderator decisions
* Add notifications for posts deleted by moderators
* Add explore page with trending posts and links
* Add graphs and retention metrics to admin dashboard
* Add notifications for moderators about new sign-ups
* Add ability to suspend accounts in batches in admin UI
[1.8.1]
* Update Mastodon to 3.5.1
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v3.5.1)
* Add pagination for trending statuses in web UI (Gargron)
* Change e-mail notifications to only be sent when recipient is offline (Gargron)
* Send e-mails for mentions and follows by default again
* But only when recipient does not have push notifications through an app
* Change website attribute to be nullable on Application entity in REST API (rinsuki)
[1.8.2]
* Update Mastodon to 3.5.2
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v3.5.2)
* Add warning on direct messages screen in web UI (Gargron)
* We already had a warning when composing a direct message, it has now been reworded to be more clear
* Same warning is now displayed when viewing sent and received direct messages
* Add ability to set approval-based registration through tootctl (ClearlyClaire)
* Add pre-filling of domain from search filter in domain allow/block admin UI (ClearlyClaire)
[1.8.3]
* Update Mastodon to 3.5.3
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v3.5.3)
* Add language dropdown to compose form in web UI (Gargron, ykzts)
* Add warning for limited accounts in web UI (Gargron)
* Add limited attribute to accounts in REST API (Gargron)
[1.8.4]
* Update Mastodon to 3.5.4
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v3.5.4)
* Install ruby 3.0.4
* Fix emoFix emoji substitution not applying only to text nodes in backend code (ClearlyClaire)
* Fix emoji substitution not applying only to text nodes in Web UI (ClearlyClaire)
* Fix rate limiting for paths with formats (Gargron)
* Fix out-of-bound reads in blurhash transcoder (delroth)
[1.8.5]
* Update Mastodon to 3.5.5
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v3.5.5)
* Fix nodes order being sometimes mangled when rewriting emoji (ClearlyClaire)
[1.9.0]
* Update Mastodon to 4.0.2
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.0.0)
* Add ability to filter followed accounts' posts by language (Gargron, ClearlyClaire)
* Add ability to follow hashtags (Gargron, Gargron, Gargron, noellabo)
* Add ability to filter individual posts (ClearlyClaire)
* Add ability to translate posts (Gargron, ClearlyClaire, Gargron, ClearlyClaire, Gargron, ykzts, Gargron)
* Add featured tags to web UI (noellabo, noellabo, noellabo, noellabo, Gargron, ykzts, noellabo, noellabo, Gargron, Gargron, ClearlyClaire)
* Add support for language preferences for trending statuses and links (Gargron, Gargron, ykzts)
* Add server rules to sign-up flow (Gargron)
* Add privacy icons to report modal in web UI (ClearlyClaire)
* Add noopener to links to remote profiles in web UI (shleeable)
* Add option to open original page in dropdowns of remote content in web UI (Gargron)
* Add warning for sensitive audio posts in web UI (rgroothuijsen)
* Add language attribute to posts in web UI (tribela)
* Add support for uploading WebP files (Saiv46)
* Add support for uploading audio/vnd.wave files (tribela)
* Add support for uploading AVIF files (txt-file)
* Add support for uploading HEIC files (Gargron)
[1.9.0-1]
* Cleanup preview-cards cache and orphaned media
[1.9.1]
* Only chown if needed
[1.10.0]
* Update base image to 4.0.0
[1.11.0]
* Update Mastodon to 4.1.0
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.1.0)
* Add support for importing/exporting server-wide domain blocks (enbylenore, ClearlyClaire, dariusk, ClearlyClaire)
* Add listing of followed hashtags (connorshea)
* Add support for editing media description and focus point of already-sent posts (ClearlyClaire)
* Add follow request banner on account header (ClearlyClaire)
* Add confirmation screen when handling reports (ClearlyClaire, Gargron, tribela)
* Add option to make the landing page be /about even when trends are enabled (ClearlyClaire)
[1.11.1]
* Update Mastodon to 4.1.1
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.1.1)
* Add redirection from paths with url-encoded @ to their decoded form (thijskh)
* Add lang attribute to native language names in language picker in Web UI (ClearlyClaire)
* Add headers to outgoing mails to avoid auto-replies (ClearlyClaire)
* Add support for refreshing many accounts at once with tootctl accounts refresh (9p4)
* Add confirmation modal when clicking to edit a post with a non-empty compose form (PauloVilarinho)
* Add support for the HAproxy PROXY protocol through the PROXY_PROTO_V1 environment variable (CSDUMMI)
* Add SENDFILE_HEADER environment variable (Gargron)
* Add cache headers to static files served through Rails (Gargron)
* Increase contrast of upload progress bar background (toolmantim)
* Change post auto-deletion throttling constants to better scale with server size (ClearlyClaire)
* Change order of bookmark and favourite sidebar entries in single-column UI for consistency (TerryGarcia)
* Change ActivityPub::DeliveryWorker retries to be spread out more (ClearlyClaire)
* Fix “Remove all followers from the selected domains” also removing follows and notifications (ClearlyClaire)
* Fix streaming metrics format (emilweth, emilweth)
* Fix case-sensitive check for previously used hashtags in hashtag autocompletion (deanveloper)
* Fix focus point of already-attached media not saving after edit (ClearlyClaire)
* Fix sidebar behavior in settings/admin UI on mobile (wxt2005)
* Fix inefficiency when searching accounts per username in admin interface (ClearlyClaire)
* Fix duplicate “Publish” button on mobile (ClearlyClaire)
* Fix server error when failing to follow back followers from /relationships (ClearlyClaire)
* Fix server error when attempting to display the edit history of a trendable post in the admin interface (ClearlyClaire)
* Fix tootctl accounts migrate crashing because of a typo (ClearlyClaire)
* Fix original account being unfollowed on migration before the follow request to the new account could be sent (ClearlyClaire)
* Fix the “Back” button in column headers sometimes leaving Mastodon (c960657)
* Fix pgBouncer resetting application name on every transaction (Gargron)
* Fix unconfirmed accounts being counted as active users (ClearlyClaire)
* Fix /api/v1/streaming sub-paths not being redirected (ClearlyClaire)
* Fix drag'n'drop upload area text that spans multiple lines not being centered (vintprox)
* Fix sidekiq jobs not triggering Elasticsearch index updates (ClearlyClaire)
* Fix tags being unnecessarily stripped from plain-text short site description (c960657)
* Fix HTML entities not being un-escaped in extracted plain-text from remote posts (c960657)
* Fix dashboard crash on ElasticSearch server error (ClearlyClaire)
* Fix incorrect post links in strikes when the account is remote (ClearlyClaire)
* Fix misleading error code when receiving invalid WebAuthn credentials (ClearlyClaire)
* Fix duplicate mails being sent when the SMTP server is too slow to close the connection (ClearlyClaire)
* Change user backups to use expiring URLs for download when possible (Gargron)
* Add warning for object storage misconfiguration (ClearlyClaire)
[1.11.2]
* Update nginx config
[1.11.3]
* Update Mastodon to 4.1.2
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.1.2)
* Fix crash in tootctl commands making use of parallelization when Elasticsearch is enabled (ClearlyClaire, ClearlyClaire)
* Fix crash in db:setup when Elasticsearch is enabled (rrgeorge)
* Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (ClearlyClaire)
* Fix invalid/expired invites being processed on sign-up (ClearlyClaire)
* Update Ruby to 3.0.6 due to ReDoS vulnerabilities (saizai)
* Fix unescaped user input in LDAP query (ClearlyClaire)
[1.11.4]
* Allow to customize cache retention days
* Cleanup accounts cache
[1.11.5]
* Update Mastodon to 4.1.3
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.1.3)
* fixing multiple critical security issues (CVE-2023-36460, CVE-2023-36459)
* Change OpenGraph-based embeds to allow fullscreen (ClearlyClaire)
* Change AccessTokensVacuum to also delete expired tokens (ClearlyClaire)
* Change profile updates to be sent to recently-mentioned servers (ClearlyClaire)
* Change automatic post deletion thresholds and load detection (ClearlyClaire)
[1.11.6]
* Update Mastodon to 4.1.4
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.1.4)
* Fix branding:generate_app_icons failing because of disallowed ICO coder (ClearlyClaire)
* Fix crash in admin interface when viewing a remote user with verified links (ClearlyClaire)
* Fix processing of media files with unusual names (ClearlyClaire)
[1.11.7]
* Update Mastodon to 4.1.5
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.1.5)
* Add check preventing Sidekiq workers from running with Makara configured (ClearlyClaire)
* Change request timeout handling to use a longer deadline (ClearlyClaire)
* Fix moderation interface for remote instances with a .zip TLD (ClearlyClaire)
* Fix remote accounts being possibly persisted to database with incomplete protocol values (ClearlyClaire)
* Fix trending publishers table not rendering correctly on narrow screens (vmstan)
* Fix CSP headers being unintentionally wide (ClearlyClaire)
[1.11.8]
* Update Mastodon to 4.1.6
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.1.6)
* Fix memory leak in streaming server (ThisIsMissEm)
* Fix wrong filters sometimes applying in streaming (ClearlyClaire, ThisIsMissEm, renchap)
* Fix incorrect connect timeout in outgoing requests (ClearlyClaire)
[1.11.9]
* Update Mastodon to 4.1.7
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.1.7)
* Change remote report processing to accept reports with long comments, but truncate them (ThisIsMissEm)
* Fix blocking subdomains of an already-blocked domain (ClearlyClaire)
* Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (danielmbrasil)
* Fix inefficiencies in PlainTextFormatter (ClearlyClaire)
[1.11.10]
* Update Mastodon to 4.1.8
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.1.8)
* This release is an important security release fixing major security issues (CVE-2023-42451, CVE-2023-42452).
* Fix post edits not being forwarded as expected (ClearlyClaire)
* Fix moderator rights inconsistencies (ClearlyClaire)
* Fix crash when encountering invalid URL (ClearlyClaire)
* Fix cached posts including stale stats (ClearlyClaire)
[1.11.11]
* Update Mastodon to 4.1.9
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.1.9)
* Fix post translation erroring out (ClearlyClaire)
* Fix post edits not being forwarded as expected (ClearlyClaire)
* Fix moderator rights inconsistencies (ClearlyClaire)
* Fix crash when encountering invalid URL (ClearlyClaire)
* Fix cached posts including stale stats (ClearlyClaire)
* Fix uploading of video files for which ffprobe reports 0/0 average framerate (NicolaiSoeborg)
* Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (yufushiro)
* Fix missing HTML sanitization in translation API (CVE-2023-42452, GHSA-2693-xr3m-jhqr)
* Fix incorrect domain name normalization (CVE-2023-42451, GHSA-v3xf-c9qf-j667)
[1.12.0]
* Update Mastodon to 4.2.0
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.2.0)
* Add “Privacy and reach” tab in profile settings (Gargron, ClearlyClaire)
* This reorganized scattered privacy and reach settings to a single place, as well as improve their wording.
* Add display of out-of-band hashtags in the web interface (Gargron, arbolitoloco1, ClearlyClaire, ClearlyClaire, ClearlyClaire, Gargron, ClearlyClaire)
* Add role badges to the web interface (ClearlyClaire, Gargron)
* Add ability to pick domains to forward reports to using the forward_to_domains parameter in POST /api/v1/reports (ClearlyClaire, ClearlyClaire)
* The forward_to_domains REST API parameter is a list of strings. If it is empty or omitted, the previous behavior is maintained.
* The forward parameter still needs to be set for forward_to_domains to be taken into account.
* The forwarded-to domains can only include that of the original author and people being replied to.
* Add forwarding of reported replies to servers being replied to (Gargron, ClearlyClaire)
* Add ONE_CLICK_SSO_LOGIN environment variable to directly link to the Single-Sign On provider if there is only one sign up method available (CSDUMMI, ClearlyClaire, CSDUMMI, ClearlyClaire)
* Add webhook templating (Gargron)
* Add webhooks for local status.created, status.updated, account.updated and report.updated (VyrCossont, VyrCossont, VyrCossont)
[1.12.1]
* Update Mastodon to 4.2.1
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.2.1)
* Add redirection on /deck URLs for logged-out users (ClearlyClaire)
* Add support for v4.2.0 migrations to tootctl maintenance fix-duplicates (ClearlyClaire)
* Change some worker lock TTLs to be shorter-lived (ClearlyClaire)
* Change user archive export allowed period from 7 days to 6 days (suddjian)
[1.12.2]
* Update Mastodon to 4.2.2
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.2.2)
* Change dismissed banners to be stored server-side (ClearlyClaire)
* Change GIF max matrix size error to explicitly mention GIF files (ClearlyClaire)
* Change Follow activities delivery to bypass availability check (ShadowJonathan)
* Change single-column navigation notice to be displayed outside of the logo container (renchap, renchap)
* Change Content-Security-Policy to be tighter on media paths (ClearlyClaire)
* Change post language code to include country code when relevant (gunchleoc, ClearlyClaire)
* Fix upper border radius of onboarding columns (ClearlyClaire)
* Fix incoming status creation date not being restricted to standard ISO8601 (ClearlyClaire, ClearlyClaire)
* Fix some posts from threads received out-of-order sometimes not being inserted into timelines (ClearlyClaire)
* Fix posts from force-sensitized accounts being able to trend (ClearlyClaire)
* Fix error when trying to delete already-deleted file with OpenStack Swift (ClearlyClaire)
* Fix batch attachment deletion when using OpenStack Swift (ClearlyClaire)
* Fix processing LDSigned activities from actors with unknown public keys (ClearlyClaire)
* Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (ClearlyClaire)
* Fix report processing notice not mentioning the report number when performing a custom action (ClearlyClaire)
* Fix handling of inLanguage attribute in preview card processing (ClearlyClaire)
* Fix own posts being removed from home timeline when unfollowing a used hashtag (kmycode)
* Fix some link anchors being recognized as hashtags (ClearlyClaire, ClearlyClaire)
* Fix format-dependent redirects being cached regardless of requested format (ClearlyClaire)
[1.12.3]
* Update Mastodon to 4.2.3
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.2.3)
* Fix dependency on json-canonicalization version that has been made unavailable since last release
[1.12.4]
* Update Mastodon to 4.2.4
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.2.4)
* Add rate-limit of TOTP authentication attempts at controller level (ClearlyClaire)
* Fix error when processing remote files with unusually long names (ClearlyClaire)
* Fix processing of compacted single-item JSON-LD collections (ClearlyClaire)
* Retry 401 errors on replies fetching (ShadowJonathan)
* Fix RecordNotUnique errors in LinkCrawlWorker (tribela)
* Fix Mastodon not correctly processing HTTP Signatures with query strings (ClearlyClaire, ClearlyClaire)
[1.12.5]
* Update Mastodon to 4.2.5
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.2.5)
* Fix insufficient origin validation (CVE-2024-23832, GHSA-3fjr-858r-92rw)
[1.12.6]
* Update Mastodon to 4.2.6
* This release is an important security release fixing several security issue.
* [Full changelog](https://github.com/mastodon/mastodon/releases/tag/v4.2.6)
* Change external authentication behavior to never reattach a new identity to an existing user by default (GHSA-vm39-j3vx-pch3)
* Update the nokogiri dependency (see GHSA-xc9x-jj77-9p9j)
* Disable administrative Doorkeeper routes (ThisIsMissEm)
* Fix ongoing streaming sessions not being invalidated when applications get deleted in some cases (GHSA-7w3c-p9j8-mq3x)
* Update the sidekiq-unique-jobs dependency (see GHSA-cmh9-rx85-xj38)