ember/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
5897 commits 143 branches 32 tags 16 MiB
Commit graph

5897 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ginger
88c84f221f
chore: Add comment and warning to unhappy path 2026-01-06 00:59:32 +00:00
Laurențiu Nicola
a10bd71945
fix(admin): fix force-leaving rooms with no left_state PDU 2026-01-06 00:59:31 +00:00
Jade Ellis
2f11bf4d74
docs: Document image mirrors 2026-01-06 00:45:12 +00:00
Jade Ellis
1e8748d1a0
docs: Fix some issues 2026-01-06 00:45:12 +00:00
Tom Foster
70ef6e4211
docs: Document maxperf Docker image variants from #1017 
Add documentation for the new performance-optimised Docker images with
"-maxperf" suffix. These use the release-max-perf build profile with LTO
and target haswell CPU architecture on amd64 for optimal performance.

Also restructure the static prebuilt binary section in generic deployment
docs for better clarity and fix various UK English spelling issues.
 2026-01-06 00:45:12 +00:00
Renovate Bot
212c1bc14d
chore(deps): update github-actions-non-major 2026-01-06 00:24:55 +00:00
timedout
ce46b6869f
chore: Bump dependencies to fix request errors 2026-01-05 20:10:30 +00:00
timedout
a18b8254d0
chore: Add news fragment 2026-01-05 20:10:30 +00:00
timedout
279f7cbfe4
style: Fix failing lints 2026-01-05 20:10:29 +00:00
timedout
006c57face
perf: Don't check accept_make_join twice for restricted make_join 2026-01-05 20:10:29 +00:00
timedout
d52e0dc014
fix: Apply check_all_joins to make_join 2026-01-05 20:10:29 +00:00
timedout
4b873a1b95
fix: Apply spam checker to local restricted joins 2026-01-05 20:10:29 +00:00
timedout
76865e6f91
fix: Accept_may_join callback works again 2026-01-05 20:10:29 +00:00
timedout
99f16c2dfc
fix: Call user_may_join_room later in the join process 2026-01-05 20:10:28 +00:00
timedout
5ac82f36f3
feat: Consolidate antispam checks into a service 
Also adds support for the spam checker join rule, and Draupnir callbacks
 2026-01-05 20:10:28 +00:00
timedout
c249dd992e
feat: Add support for automatically rejecting pending invites 2026-01-05 20:10:28 +00:00
timedout
0956779802
feat: Add Meowlnir invite interception support 
Co-authored-by: Jade Ellis <jade@ellis.link>
 2026-01-05 20:10:27 +00:00
timedout
a83c1f1513
fix: Restrict suspend+lock commands to admin room 
Also prevent locking the service user or admin users
 2026-01-05 19:49:12 +00:00
timedout
8b5e4d8fe1
chore: Add news fragment 2026-01-05 19:34:21 +00:00
timedout
7502a944d7
feat: Add user locking and unlocking commands and functionality 
Also corrects the response code returned by UserSuspended
 2026-01-05 19:30:16 +00:00
Jade Ellis
aed15f246a
refactor: Clean up logging issues 
Primary issues: Double escapes (debug fmt), spans without levels
 2026-01-05 18:28:57 +00:00
timedout
27d6604d14
fix: Use a timeout instead of deadline 2026-01-03 17:08:47 +00:00
timedout
1c7bd2f6fa
style: Remove unnecessary then() calls in chain 2026-01-03 16:22:49 +00:00
timedout
56d7099011
style: Include errors in key claim response too 2026-01-03 16:10:06 +00:00
timedout
bc426e1bfc
fix: Apply client-requested timeout to federated key queries 
Also parallelised federation calls in related functions
 2026-01-03 16:05:05 +00:00
timedout
6c61b3ec5b
fix: Build error two: electric boogaloo 2025-12-31 21:15:28 +00:00
timedout
9d9d1170b6
fix: Build error 2025-12-31 21:04:06 +00:00
Jade Ellis
7be20abcad
style: Fix typo 2025-12-31 20:08:53 +00:00
Jade Ellis
078275964c
chore: Update precommit hooks 2025-12-31 20:08:53 +00:00
timedout
bf200ad12d
fix: Resolve compile errors 
me and cargo check are oops now
 2025-12-31 20:01:29 +00:00
timedout
41e628892d
chore: Add news fragment 2025-12-31 20:01:29 +00:00
timedout
44851ee6a2
feat: Fall back to remote room summary if local fails 2025-12-31 20:01:29 +00:00
timedout
a7e6e6e83f
feat: Allow local server admins to bypass summary visibility checks 
feat: Allow local server admins to bypass summary visibility checks

Also improve error messages so they aren't so damn long.
 2025-12-31 20:01:29 +00:00
Ginger
8a561fcd3a
chore: Clippy fixes 2025-12-31 19:56:35 +00:00
Ginger
25c305f473
chore: Fix comment formatting 2025-12-31 19:56:35 +00:00
Ginger
c900350164
chore: Add news fragment 2025-12-31 19:56:35 +00:00
Ginger
c565e6ffbc
feat: Restrict where certain admin commands may be used 2025-12-31 19:56:31 +00:00
Jade Ellis
442f887c98
style: Improve warning regarding admin removal 2025-12-31 19:40:42 +00:00
Terry
03220845e5
docs: Changelog 2025-12-31 19:35:53 +00:00
Terry
f8c1e9bcde
feat: Config defined admin list 
Closes !1246
 2025-12-31 19:35:40 +00:00
Ginger
21324b748f
feat: Enable console feature by default 2025-12-31 19:12:25 +00:00
Jade Ellis
b7bf36443b
docs: Fix typo 2025-12-31 19:03:22 +00:00
ginger
d72192aa32
fix(ci): Stop using nightly to build Debian packages 2025-12-30 14:23:31 -05:00
Jade Ellis
38ecc41780
chore: Release 2025-12-30 17:45:32 +00:00
Jade Ellis
7ae958bb03
docs: Announcement 2025-12-30 17:35:20 +00:00
Jade Ellis
f676fa53f1
chore: Specify the tag body template 2025-12-30 17:34:44 +00:00
Jade Ellis
978bdc6466
docs: Changelog 2025-12-30 17:34:44 +00:00
timedout
7c741e62cf
fix: Forbid creators in power levels 2025-12-30 17:34:43 +00:00
Olivia Lee
12aecf8091
validate membership events returned by remote servers 
This fixes a vulnerability where an attacker with a malicious remote
server and a user on the local server can trick the local server into
signing arbitrary events. The attacker issue a remote leave as the local
user to a room on the malicious server. Without any validation of the
make_leave response, the local server would sign the attacker-controlled
event and pass it back to the malicious server with send_leave.

The join and knock endpoints are also fixed in this commit, but are less
useful for exploitation because the local server replaces the "content"
field returned by the remote server. Remote invites are unaffected
because we already check that the event returned from /invite has the
same event ID as the event passed to it.

Co-authored-by: timedout <git@nexy7574.co.uk>
Co-authored-by: Jade Ellis <jade@ellis.link>
Co-authored-by: Ginger <ginger@gingershaped.computer>
 2025-12-30 15:24:45 +00:00
Renovate Bot
19372f0b15 chore(deps): update dependency cargo-bins/cargo-binstall to v1.16.6 2025-12-29 23:52:04 +00:00