ecko
ecko copied to clipboard
magicstone-dev
Community-driven fork of Mastodon's federated social network software
The automated build at hub.docker.com is broken. Build log: https://gist.github.com/weex/786d387318fa64e7fe69807aa94d18f3
Ecko doesn't pass CI since the latest merge. The issue has to do with the blurhash Ruby package which has also been affecting YunoHost installation processes.
The code is susceptible to incorrect domain name normalization per CVE-2023-42451. Proposed solution: Apply https://github.com/mastodon/mastodon/commit/9deb1781269fd817c930d38f916672bec3d566a8
Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2. Release notes Sourced from semver's releases. v5.7.2 5.7.2 (2023-07-10) Bug Fixes 2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys) Changelog Sourced from semver's...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) from 4.0.0 to 4.1.3. Release notes Sourced from tough-cookie's releases. 4.1.3 Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the...
Bumps [sanitize](https://github.com/rgrove/sanitize) from 6.0.1 to 6.0.2. Release notes Sourced from sanitize's releases. v6.0.2 Bug Fixes CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS (cross-site scripting). This issue affects...
Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.5.2 to 5.6.6. Release notes Sourced from doorkeeper's releases. v5.6.6 #1644 Update HTTP headers. #1646 Block public clients automatic authorization skip. #1648 Add custom token attributes to...
Bumps [sidekiq](https://github.com/sidekiq/sidekiq) from 6.4.0 to 7.0.8. Changelog Sourced from sidekiq's changelog. 7.0.8 SECURITY Sanitize period input parameter on Metrics pages. Specially crafted values can lead to XSS. This functionality was...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.14.3. Release notes Sourced from nokogiri's releases. 1.14.3 / 2023-04-11 Security [CRuby] Vendored libxml2 is updated to address CVE-2023-29469, CVE-2023-28484, and one other security-related issue....
The tootctl cron job currently deletes attached media after certain period of time. However, many admins are complaining that there is a large amount of disk space being used in...
Metadata
Owner
Metadata
Community-driven fork of Mastodon's federated social network software