From 3924b3391466c15e7058d0631f07bb9673af2f20 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 6 Nov 2025 14:58:16 +0100 Subject: [PATCH 1/5] Update security policy for 4.3 (#36756) --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 19f431fac5..385c946512 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -16,6 +16,6 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through | Version | Supported | | ------- | ---------------- | | 4.4.x | Yes | -| 4.3.x | Yes | +| 4.3.x | Until 2026-05-06 | | 4.2.x | Until 2026-01-08 | | < 4.2 | No | From 9636fc22cc571bf009dcc44e8554ac64dbf981a2 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 19 Nov 2025 14:13:06 +0100 Subject: [PATCH 2/5] Fix `Update` importing old previously-unknown activities and treating them as recent ones (#36848) --- app/lib/activitypub/activity/update.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/app/lib/activitypub/activity/update.rb b/app/lib/activitypub/activity/update.rb index 15025ca5e7..5185507bdc 100644 --- a/app/lib/activitypub/activity/update.rb +++ b/app/lib/activitypub/activity/update.rb @@ -1,6 +1,9 @@ # frozen_string_literal: true class ActivityPub::Activity::Update < ActivityPub::Activity + # Updates to unknown objects older than that are ignored + OBJECT_AGE_THRESHOLD = 1.day + def perform @account.schedule_refresh_if_stale! @@ -28,6 +31,9 @@ class ActivityPub::Activity::Update < ActivityPub::Activity @status = Status.find_by(uri: object_uri, account_id: @account.id) + # Ignore updates for old unknown objects, since those are updates we are not interested in + return if @status.nil? && object_too_old? + # We may be getting `Create` and `Update` out of order @status ||= ActivityPub::Activity::Create.new(@json, @account, **@options).perform @@ -35,4 +41,10 @@ class ActivityPub::Activity::Update < ActivityPub::Activity ActivityPub::ProcessStatusUpdateService.new.call(@status, @json, @object, request_id: @options[:request_id]) end + + def object_too_old? + @object['published'].present? && @object['published'].to_datetime < OBJECT_AGE_THRESHOLD.ago + rescue Date::Error + false + end end From d2f1767b810b0b58455f268cd54a2efab38fee82 Mon Sep 17 00:00:00 2001 From: Shugo Maeda Date: Mon, 17 Nov 2025 22:34:20 +0900 Subject: [PATCH 3/5] Fix ArgumentError of tootctl upgrade storage-schema (#36914) --- lib/mastodon/cli/upgrade.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/mastodon/cli/upgrade.rb b/lib/mastodon/cli/upgrade.rb index 2cb5105794..d5822cacc0 100644 --- a/lib/mastodon/cli/upgrade.rb +++ b/lib/mastodon/cli/upgrade.rb @@ -123,12 +123,12 @@ module Mastodon::CLI progress.log("Moving #{previous_path} to #{upgraded_path}") if options[:verbose] begin - move_previous_to_upgraded + move_previous_to_upgraded(previous_path, upgraded_path) rescue => e progress.log(pastel.red("Error processing #{previous_path}: #{e}")) success = false - remove_directory + remove_directory(upgraded_path) end end From b635c419fc1446f3a768bf7cd60e7126f5ff6569 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 19 Nov 2025 16:29:53 +0100 Subject: [PATCH 4/5] Update dependency `glob` (#36943) --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index c681fd7ca9..7d52326a7f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9063,8 +9063,8 @@ __metadata: linkType: hard "glob@npm:^10.2.2, glob@npm:^10.2.6, glob@npm:^10.3.10": - version: 10.4.5 - resolution: "glob@npm:10.4.5" + version: 10.5.0 + resolution: "glob@npm:10.5.0" dependencies: foreground-child: "npm:^3.1.0" jackspeak: "npm:^3.1.2" @@ -9074,7 +9074,7 @@ __metadata: path-scurry: "npm:^1.11.1" bin: glob: dist/esm/bin.mjs - checksum: 10c0/19a9759ea77b8e3ca0a43c2f07ecddc2ad46216b786bb8f993c445aee80d345925a21e5280c7b7c6c59e860a0154b84e4b2b60321fea92cd3c56b4a7489f160e + checksum: 10c0/100705eddbde6323e7b35e1d1ac28bcb58322095bd8e63a7d0bef1a2cdafe0d0f7922a981b2b48369a4f8c1b077be5c171804534c3509dfe950dde15fbe6d828 languageName: node linkType: hard From 3260d25a8e77635aa7ab874c9ca9acf51dfb36fb Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 20 Nov 2025 14:41:15 +0100 Subject: [PATCH 5/5] Bump version to v4.3.15 (#36947) --- CHANGELOG.md | 7 +++++++ docker-compose.yml | 6 +++--- lib/mastodon/version.rb | 2 +- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 20e12f3ccd..76f40bd1d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.3.15] - 2025-11-20 + +### Fixed + +- Fix `tootctl upgrade storage-schema` failing with `ArgumentError` (#36914 by @shugo) +- Fix old previously-undiscovered posts being treated as new when receiving an `Update` (#36848 by @ClearlyClaire) + ## [4.3.14] - 2025-10-13 ### Security diff --git a/docker-compose.yml b/docker-compose.yml index aa85aa066f..cb691e53e1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -59,7 +59,7 @@ services: web: # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes # build: . - image: ghcr.io/mastodon/mastodon:v4.3.14 + image: ghcr.io/mastodon/mastodon:v4.3.15 restart: always env_file: .env.production command: bundle exec puma -C config/puma.rb @@ -83,7 +83,7 @@ services: # build: # dockerfile: ./streaming/Dockerfile # context: . - image: ghcr.io/mastodon/mastodon-streaming:v4.3.14 + image: ghcr.io/mastodon/mastodon-streaming:v4.3.15 restart: always env_file: .env.production command: node ./streaming/index.js @@ -102,7 +102,7 @@ services: sidekiq: # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes # build: . - image: ghcr.io/mastodon/mastodon:v4.3.14 + image: ghcr.io/mastodon/mastodon:v4.3.15 restart: always env_file: .env.production command: bundle exec sidekiq diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb index 33e5922b71..94de9035da 100644 --- a/lib/mastodon/version.rb +++ b/lib/mastodon/version.rb @@ -13,7 +13,7 @@ module Mastodon end def patch - 14 + 15 end def default_prerelease