#crystallang

This release fixes a small number of bugs found in recent releases. The full changelog: Fixed Prevent runaway recursion when handling filtered posts.Ensure profile header and header_static images are always present.Render the inline replies collection for local objects.Exclude blocked actors from object statistics and notifications. Changed Return 410 Gone instead of 404 Not Found for missing actors. Removed Tag counts on public pages. This release fixes a hard-to-exploit but potentially server-crashing bug. If you're running v3.3.9 or v3.4.0, you should upgrade. #ktistec #crystallang #activitypub #fediverse

Release v3.3.9 of Ktistec continues the security hardening work from recent releases, with further progress on the Mastodon-compatible API. Of note: all network connections now go through a new Ktistec::Network module. This allows Ktistec to limit the size of HTTP bodies it reads, on both inbound and outbound requests, and ensures it only opens connections to valid remote IP addresses. Here's the full changelog: Added New Mastodon-compatible APIs. Fixed Close DNS rebinding window for outbound HTTP requests.Limit the size of HTTP bodies the server reads.Sanitize RSS feed output to prevent CDATA breakout.Destroy all sessions and access tokens on account termination. Changed Ensure all GET and POST requests utilize Ktistec::Network.Process local recipients in-process in inbox/outbox activity processors. As always, it's worth upgrading for the security fixes! #ktistec #crystallang #activitypub #fediverse