From 20ae0829a5ddeab7d747cfd07acf9c8bb136fe0a Mon Sep 17 00:00:00 2001 From: Laura Hausmann Date: Fri, 16 Feb 2024 19:42:36 +0100 Subject: [PATCH] Release: v2023.12.4 --- CHANGELOG.md | 23 +++++++++++++++++++++++ package.json | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index db0f2693a..bb71ff3d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,26 @@ +## v2023.12.4 +This is a security release. Upgrading is therefore strongly recommended. + +### Backend +- The content type of fetched activities is now enforced +- Fetched activities' IDs must now match the hostname of the final request URL (after redirects) +- A typo in the activity audience parser was fixed, fixing federation of public posts with JSON-LD compliant remote instances + +### Mastodon client API +- The quote_id parameter is now supported when creating new posts +- The /v2/suggestions endpoint now requires the same scope as Mastodon (which differs from their API documentation) +- Full OAuth scopes (read/write/follow) are now also registered when expanding the authorized scopes list + +### Frontend +- Migrating from/to the same account twice no longer breaks the migration page + +### Miscellaneous +- The packaged yarn version (for NixOS) was updated to 4.1.0 +- Various translation updates + +### Attribution +This release was made possible by project contributors: Laura Hausmann, Pyrox & tournesol + ## v2023.12.3 ### Release notes This is a security release. Upgrading is strongly recommended, as is adding an instance-wide announcement informing your users that if they previously imported posts from Mastodon, they should check their imported post history for DMs and follower-only posts that should not be public. diff --git a/package.json b/package.json index 0e81b30ea..b9c4b6f23 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "iceshrimp", - "version": "2023.12.3", + "version": "2023.12.4", "repository": { "type": "git", "url": "https://iceshrimp.dev/iceshrimp/iceshrimp.git"