diff --git a/SECURITY.md b/SECURITY.md
index 19f431fac5..385c946512 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -16,6 +16,6 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through
| Version | Supported |
| ------- | ---------------- |
| 4.4.x | Yes |
-| 4.3.x | Yes |
+| 4.3.x | Until 2026-05-06 |
| 4.2.x | Until 2026-01-08 |
| < 4.2 | No |
diff --git a/app/javascript/flavours/glitch/features/status/components/detailed_status.tsx b/app/javascript/flavours/glitch/features/status/components/detailed_status.tsx
index 16017e9bec..945a8e1101 100644
--- a/app/javascript/flavours/glitch/features/status/components/detailed_status.tsx
+++ b/app/javascript/flavours/glitch/features/status/components/detailed_status.tsx
@@ -421,6 +421,7 @@ export const DetailedStatus: React.FC<{
)}
diff --git a/app/javascript/mastodon/features/status/components/detailed_status.tsx b/app/javascript/mastodon/features/status/components/detailed_status.tsx
index 3922ab5617..ca7ea9a19b 100644
--- a/app/javascript/mastodon/features/status/components/detailed_status.tsx
+++ b/app/javascript/mastodon/features/status/components/detailed_status.tsx
@@ -384,6 +384,7 @@ export const DetailedStatus: React.FC<{
)}
diff --git a/app/lib/activitypub/activity/update.rb b/app/lib/activitypub/activity/update.rb
index 15025ca5e7..5185507bdc 100644
--- a/app/lib/activitypub/activity/update.rb
+++ b/app/lib/activitypub/activity/update.rb
@@ -1,6 +1,9 @@
# frozen_string_literal: true
class ActivityPub::Activity::Update < ActivityPub::Activity
+ # Updates to unknown objects older than that are ignored
+ OBJECT_AGE_THRESHOLD = 1.day
+
def perform
@account.schedule_refresh_if_stale!
@@ -28,6 +31,9 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
@status = Status.find_by(uri: object_uri, account_id: @account.id)
+ # Ignore updates for old unknown objects, since those are updates we are not interested in
+ return if @status.nil? && object_too_old?
+
# We may be getting `Create` and `Update` out of order
@status ||= ActivityPub::Activity::Create.new(@json, @account, **@options).perform
@@ -35,4 +41,10 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
ActivityPub::ProcessStatusUpdateService.new.call(@status, @json, @object, request_id: @options[:request_id])
end
+
+ def object_too_old?
+ @object['published'].present? && @object['published'].to_datetime < OBJECT_AGE_THRESHOLD.ago
+ rescue Date::Error
+ false
+ end
end
diff --git a/lib/mastodon/cli/upgrade.rb b/lib/mastodon/cli/upgrade.rb
index 2cb5105794..d5822cacc0 100644
--- a/lib/mastodon/cli/upgrade.rb
+++ b/lib/mastodon/cli/upgrade.rb
@@ -123,12 +123,12 @@ module Mastodon::CLI
progress.log("Moving #{previous_path} to #{upgraded_path}") if options[:verbose]
begin
- move_previous_to_upgraded
+ move_previous_to_upgraded(previous_path, upgraded_path)
rescue => e
progress.log(pastel.red("Error processing #{previous_path}: #{e}"))
success = false
- remove_directory
+ remove_directory(upgraded_path)
end
end
diff --git a/package.json b/package.json
index 910227d69d..0a2530317e 100644
--- a/package.json
+++ b/package.json
@@ -76,7 +76,7 @@
"http-link-header": "^1.1.1",
"immutable": "^4.3.0",
"intl-messageformat": "^10.7.16",
- "js-yaml": "^4.1.0",
+ "js-yaml": "^4.1.1",
"lande": "^1.0.10",
"lodash": "^4.17.21",
"marky": "^1.2.5",
diff --git a/spec/lib/activitypub/activity_spec.rb b/spec/lib/activitypub/activity_spec.rb
index 218da04d9b..d7d0700dc6 100644
--- a/spec/lib/activitypub/activity_spec.rb
+++ b/spec/lib/activitypub/activity_spec.rb
@@ -34,6 +34,8 @@ RSpec.describe ActivityPub::Activity do
}
end
+ let(:publication_date) { 1.hour.ago.utc }
+
let(:create_json) do
{
'@context': [
@@ -52,7 +54,7 @@ RSpec.describe ActivityPub::Activity do
'https://www.w3.org/ns/activitystreams#Public',
],
content: 'foo',
- published: '2025-05-24T11:03:10Z',
+ published: publication_date.iso8601,
quote: ActivityPub::TagManager.instance.uri_for(quoted_status),
},
}.deep_stringify_keys
@@ -77,7 +79,7 @@ RSpec.describe ActivityPub::Activity do
'https://www.w3.org/ns/activitystreams#Public',
],
content: 'foo',
- published: '2025-05-24T11:03:10Z',
+ published: publication_date.iso8601,
quote: ActivityPub::TagManager.instance.uri_for(quoted_status),
quoteAuthorization: approval_uri,
},
diff --git a/yarn.lock b/yarn.lock
index 5bda2fdbeb..69e6a5485f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2689,7 +2689,7 @@ __metadata:
husky: "npm:^9.0.11"
immutable: "npm:^4.3.0"
intl-messageformat: "npm:^10.7.16"
- js-yaml: "npm:^4.1.0"
+ js-yaml: "npm:^4.1.1"
lande: "npm:^1.0.10"
lint-staged: "npm:^16.0.0"
lodash: "npm:^4.17.21"
@@ -7769,8 +7769,8 @@ __metadata:
linkType: hard
"glob@npm:^10.0.0, glob@npm:^10.2.2, glob@npm:^10.3.10, glob@npm:^10.4.1":
- version: 10.4.5
- resolution: "glob@npm:10.4.5"
+ version: 10.5.0
+ resolution: "glob@npm:10.5.0"
dependencies:
foreground-child: "npm:^3.1.0"
jackspeak: "npm:^3.1.2"
@@ -7780,7 +7780,7 @@ __metadata:
path-scurry: "npm:^1.11.1"
bin:
glob: dist/esm/bin.mjs
- checksum: 10c0/19a9759ea77b8e3ca0a43c2f07ecddc2ad46216b786bb8f993c445aee80d345925a21e5280c7b7c6c59e860a0154b84e4b2b60321fea92cd3c56b4a7489f160e
+ checksum: 10c0/100705eddbde6323e7b35e1d1ac28bcb58322095bd8e63a7d0bef1a2cdafe0d0f7922a981b2b48369a4f8c1b077be5c171804534c3509dfe950dde15fbe6d828
languageName: node
linkType: hard
@@ -8762,6 +8762,17 @@ __metadata:
languageName: node
linkType: hard
+"js-yaml@npm:^4.1.1":
+ version: 4.1.1
+ resolution: "js-yaml@npm:4.1.1"
+ dependencies:
+ argparse: "npm:^2.0.1"
+ bin:
+ js-yaml: bin/js-yaml.js
+ checksum: 10c0/561c7d7088c40a9bb53cc75becbfb1df6ae49b34b5e6e5a81744b14ae8667ec564ad2527709d1a6e7d5e5fa6d483aa0f373a50ad98d42fde368ec4a190d4fae7
+ languageName: node
+ linkType: hard
+
"jsdoc-type-pratt-parser@npm:~4.1.0":
version: 4.1.0
resolution: "jsdoc-type-pratt-parser@npm:4.1.0"