diff --git a/CHANGELOG.md b/CHANGELOG.md index 2ad86946b0..98975a4704 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,13 +1,14 @@ -## Unreleased +## 2025.2.0 ### General - Enhance: アンテナでセンシティブなチャンネルのノートを除外できるように ( #14177 ) ### Client -- +- Fix: 一部環境でセンシティブなファイルを含むノートの非表示が効かない問題 +- Fix: データセーバー有効時にもユーザーページの「ファイル」タブで画像が読み込まれてしまう問題を修正 ### Server -- +- Fix: 個別お知らせページのmetaタグ出力の条件が間違っていたのを修正 ## 2025.1.0 diff --git a/SECURITY.md b/SECURITY.md index 04567baf07..19f5f2eea2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,6 +7,11 @@ bug report to the GitHub repository. Thanks for helping make Misskey safe for everyone. +> [!note] +> CNA [requires](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_5-2_Description) that CVEs include a description in English for inclusion in the CVE Catalog. +> +> When creating a security advisory, all content must be written in English (it is acceptable to include a non-English description along with the English one). + ## When create a patch If you can also create a patch to fix the vulnerability, please create a PR on the private fork. diff --git a/package.json b/package.json index bddb4f85a2..db3c492b60 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "misskey", - "version": "2025.1.0", + "version": "2025.2.0-alpha.0", "codename": "nasubi", "repository": { "type": "git", diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts index 4c884dd314..f8b3843cac 100644 --- a/packages/backend/src/server/web/ClientServerService.ts +++ b/packages/backend/src/server/web/ClientServerService.ts @@ -817,6 +817,7 @@ export class ClientServerService { fastify.get<{ Params: { announcementId: string; } }>('/announcements/:announcementId', async (request, reply) => { const announcement = await this.announcementsRepository.findOneBy({ id: request.params.announcementId, + userId: IsNull(), }); if (announcement) { diff --git a/packages/frontend/src/account.ts b/packages/frontend/src/account.ts index 36186ecac1..9006150bc8 100644 --- a/packages/frontend/src/account.ts +++ b/packages/frontend/src/account.ts @@ -41,6 +41,12 @@ export async function signout() { if (!$i) return; waiting(); + document.cookie.split(';').forEach((cookie) => { + const cookieName = cookie.split('=')[0].trim(); + if (cookieName === 'token') { + document.cookie = `${cookieName}=; max-age=0; path=/`; + } + }); miLocalStorage.removeItem('account'); await removeAccount($i.id); const accounts = await getAccounts(); @@ -101,6 +107,9 @@ export async function removeAccount(idOrToken: Account['id']) { } function fetchAccount(token: string, id?: string, forceShowDialog?: boolean): Promise { + document.cookie = "token=; path=/; max-age=0"; + document.cookie = `token=${token}; path=/queue; max-age=86400; SameSite=Strict; Secure`; // bull dashboardの認証とかで使う + return new Promise((done, fail) => { window.fetch(`${apiUrl}/i`, { method: 'POST', @@ -213,7 +222,6 @@ export async function login(token: Account['token'], redirect?: string) { throw reason; }); miLocalStorage.setItem('account', JSON.stringify(me)); - document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う await addAccount(me.id, token); if (redirect) { diff --git a/packages/frontend/src/components/MkCustomEmojiDetailedDialog.vue b/packages/frontend/src/components/MkCustomEmojiDetailedDialog.vue index ecbee864dc..e6ab17417d 100644 --- a/packages/frontend/src/components/MkCustomEmojiDetailedDialog.vue +++ b/packages/frontend/src/components/MkCustomEmojiDetailedDialog.vue @@ -57,7 +57,7 @@ SPDX-License-Identifier: AGPL-3.0-only