From 367f66caa4bb2cb64fabc06c894c861e86d1bc8f Mon Sep 17 00:00:00 2001 From: Misty Release Bot Date: Wed, 1 Oct 2025 18:12:05 +0000 Subject: [PATCH 1/8] chore: incrementing version number - v4.6.0 --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index e57a59d011..9f957c9ae5 100644 --- a/install/package.json +++ b/install/package.json @@ -2,7 +2,7 @@ "name": "nodebb", "license": "GPL-3.0", "description": "NodeBB Forum", - "version": "4.5.2", + "version": "4.6.0", "homepage": "https://www.nodebb.org", "repository": { "type": "git", From c0d9bb0723713b5b0f1cc69e239d50322d41d6f3 Mon Sep 17 00:00:00 2001 From: Misty Release Bot Date: Wed, 1 Oct 2025 18:12:06 +0000 Subject: [PATCH 2/8] chore: update changelog for v4.6.0 --- CHANGELOG.md | 126 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c35feb4d24..cbb3067783 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,129 @@ +#### v4.6.0 (2025-10-01) + +##### Chores + +* remove unneeded secureRandom require (3fcaa678) +* incrementing version number - v4.5.2 (ad2da639) +* update changelog for v4.5.2 (9a596d67) +* fix grammatical error in language string (cf3964be) +* remove formatApiResponse logging (feda629f) +* up eslint (a5ea4b40) +* incrementing version number - v4.5.1 (69f4b61f) +* update default settings (5d653571) +* incrementing version number - v4.5.0 (f05c5d06) +* incrementing version number - v4.4.6 (074043ad) +* incrementing version number - v4.4.5 (6f106923) +* incrementing version number - v4.4.4 (d323af44) +* incrementing version number - v4.4.3 (d354c2eb) +* incrementing version number - v4.4.2 (55c510ae) +* incrementing version number - v4.4.1 (5ae79b4e) +* incrementing version number - v4.4.0 (0a75eee3) +* incrementing version number - v4.3.2 (b92b5d80) +* incrementing version number - v4.3.1 (308e6b9f) +* incrementing version number - v4.3.0 (bff291db) +* incrementing version number - v4.2.2 (17fecc24) +* incrementing version number - v4.2.1 (852a270c) +* incrementing version number - v4.2.0 (87581958) +* incrementing version number - v4.1.1 (b2afbb16) +* incrementing version number - v4.1.0 (36c80850) +* incrementing version number - v4.0.6 (4a52fb2e) +* incrementing version number - v4.0.5 (1792a62b) +* incrementing version number - v4.0.4 (b1125cce) +* incrementing version number - v4.0.3 (2b65c735) +* incrementing version number - v4.0.2 (73fe5fcf) +* incrementing version number - v4.0.1 (a461b758) +* incrementing version number - v4.0.0 (c1eaee45) +* **deps:** + * update dependency lint-staged to v16.2.3 (#13681) (d7e93a5d) + * update actions/download-artifact action to v5 (#13646) (30ca0000) + * update dependency @eslint/js to v9.36.0 (#13670) (a4d8619b) + * update commitlint monorepo to v20 (#13678) (6dab3f2e) + * update dependency @stylistic/eslint-plugin to v5.4.0 (#13671) (3370c064) + * update dependency lint-staged to v16.2.1 (#13672) (13ce106b) + * update dependency sass-embedded to v1.93.2 (#13673) (df9d637c) + * update dependency jsdom to v27 (#13653) (3238248e) + * update dependency sass-embedded to v1.92.1 (#13638) (15b0b540) + * update dependency lint-staged to v16.1.6 (#13635) (7147a2e3) + * update actions/setup-node action to v5 (#13647) (4f5e770c) + * update dependency mocha to v11.7.2 (#13636) (ac90ef8c) +* **i18n:** + * fallback strings for new resources: nodebb.admin-manage-categories (6055b345) + * fallback strings for new resources: nodebb.admin-manage-categories (8730073a) + * fallback strings for new resources: nodebb.admin-manage-categories (8d4e4652) + * fallback strings for new resources: nodebb.admin-settings-activitypub (89390101) + +##### Documentation Changes + +* update openapi schema to refer to try.nodebb.org instead of example.org (56a93366) + +##### New Features + +* ability to nickname remote categories, closes #13677 (bd80b77a) +* allow activities to be addressed to as:Public or Public to be treated as public content (5f4790a4) +* allow user auto-categorization rule (1d6a9fe7) +* add minor pre-processing step to better handle header elements in incoming html (15f9fbaa) + +##### Bug Fixes + +* login handler to handle if non-confirmed email is entered (5ed19ef8) +* allow quote-inline class in mocks sanitizer so quote-post fallback elements can be detected and removed during title generation, fixes #13688 (675178ac) +* force outgoing page on direct access to `/ap` handler (9cee7999) +* update outgoing page to match 404 design (954e7bc8) +* don\'t begin processing local login if the passed-in username isn't even valid (c3df68f2) +* #13667, record to instances:lastSeen instead of domains:lastSeen (7184507b) +* #13676, bug where nested remote categories could not be removed (175dc209) +* regression 218f5ea from via, stricter check on whether the calling user is a remote uid (8c553b18) +* #13668, privilege checking on topic create for remote users; was not properly checking against fediverse pseudo-user (218f5eab) +* update logic as to whether a post is served as an article or not (d122bf4a) +* update activitypubFilterList logic so that it is also checked on resolveInbox and ActivityPub.get methods, updated instances.isAllowed to no longer return a promise (be9212b5) +* add missing unlock in nested try/catch (9184a7a4) +* wrap majority of note assertion logic in try..catch to handle exceptions so that the lock is always released (95fb084c) +* use newline_boundaries param for tokenizer during title and summary generation, attempt to serve HTML in summary generation (2ea624fc) +* deprecated call to api.topics.move (0f9015f0) +* **deps:** + * update dependency webpack to v5.102.0 (#13683) (17dba0b0) + * update dependency mongodb to v6.20.0 (#13665) (9b00ff1e) + * update dependency lru-cache to v11.2.2 (#13669) (00d80616) + * update dependency sass to v1.93.2 (#13674) (1b5804e1) + * update fontsource monorepo (#13663) (6e84e35f) + * update dependency esbuild to v0.25.10 (#13664) (9b48bbd5) + * update dependency sharp to v0.34.4 (#13662) (c8680f30) + * update dependency satori to v0.18.3 (#13660) (b2d91dc3) + * update dependency nodebb-theme-harmony to v2.1.20 (#13659) (b845aa48) + * update dependency fs-extra to v11.3.2 (#13658) (8324be2d) + * update dependency @fontsource/inter to v5.2.7 (#13655) (db892509) + * update dependency commander to v14.0.1 (#13652) (19f39198) + * update dependency bootswatch to v5.3.8 (#13651) (1e82af66) + * update dependency sass to v1.92.1 (#13645) (10344c98) + * update dependency workerpool to v9.3.4 (#13650) (6a1e9e8a) + * update dependency lru-cache to v11.2.1 (#13644) (6adfbb24) + +##### Other Changes + +* disallow checkHeader from returning a URL from a different origin than the passed-in URL (4776d012) +* 'nickname' and 'descriptionParsed' use in categories controller (051043b6) + +##### Performance Improvements + +* update old upgrade scripts to use bulkSet/Add (2b987d09) + +##### Refactors + +* notes.assert to add finally block, update assertPayload to update instances:lastSeen via method instead of direct db call (559155da) + +##### Reverts + +* post queue changes to fix tests (10350ea6) + +##### Tests + +* fix message (d6e7e168) +* show tids on test fail (8614d825) +* more fixes for note vs. article (3bba9029) +* short OPs create Notes again (15878087) +* ap timeouts (8d6a0f02) +* disable post queue when testing posting logic (9bfce68b) + #### v4.5.2 (2025-09-29) ##### Chores From ec3998974c6484116852418254dbb61f9fcce6b1 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Mon, 6 Oct 2025 22:17:35 -0400 Subject: [PATCH 3/8] fix: omg what. --- src/activitypub/notes.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/activitypub/notes.js b/src/activitypub/notes.js index c7e7b332c3..130cb1874f 100644 --- a/src/activitypub/notes.js +++ b/src/activitypub/notes.js @@ -159,7 +159,7 @@ Notes.assert = async (uid, input, options = { skipChecks: false }) => { let prettified = pretty(content || sourceContent); // Remove any lines that contain quote-post fallbacks - prettified = prettified.split('\n').filter(line => !line.startsWith('

!line.startsWith('

Date: Tue, 7 Oct 2025 17:34:55 -0400 Subject: [PATCH 4/8] chore: up harmony --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index 9f957c9ae5..3fcc3f33ef 100644 --- a/install/package.json +++ b/install/package.json @@ -106,7 +106,7 @@ "nodebb-plugin-spam-be-gone": "2.3.2", "nodebb-plugin-web-push": "0.7.5", "nodebb-rewards-essentials": "1.0.2", - "nodebb-theme-harmony": "2.1.20", + "nodebb-theme-harmony": "2.1.21", "nodebb-theme-lavender": "7.1.19", "nodebb-theme-peace": "2.2.48", "nodebb-theme-persona": "14.1.14", From 623cec9d910c03dd67c94db3ce45bf334dafd869 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Wed, 8 Oct 2025 11:07:43 -0400 Subject: [PATCH 5/8] fix: logic error in image mime type checking --- src/activitypub/mocks.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/activitypub/mocks.js b/src/activitypub/mocks.js index a88fed09dc..1e04fb99ab 100644 --- a/src/activitypub/mocks.js +++ b/src/activitypub/mocks.js @@ -104,7 +104,7 @@ Mocks._normalize = async (object) => { if (image) { const parsed = new URL(image); const type = mime.getType(parsed.pathname); - if (!type || type.startsWith('image/')) { + if (!type || !type.startsWith('image/')) { activitypub.helpers.log(`[activitypub/mocks.post] Received image not identified as image due to MIME type: ${image}`); image = null; } From b309a672a8f102265f430112c8321089ee518cd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Fri, 10 Oct 2025 12:19:58 -0400 Subject: [PATCH 6/8] chore: up persona --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index 3fcc3f33ef..6e48066aed 100644 --- a/install/package.json +++ b/install/package.json @@ -109,7 +109,7 @@ "nodebb-theme-harmony": "2.1.21", "nodebb-theme-lavender": "7.1.19", "nodebb-theme-peace": "2.2.48", - "nodebb-theme-persona": "14.1.14", + "nodebb-theme-persona": "14.1.15", "nodebb-widget-essentials": "7.0.40", "nodemailer": "7.0.6", "nprogress": "0.2.0", From 499c50a485eb6db4b8600f253846591caa909a93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Mon, 13 Oct 2025 13:45:11 -0400 Subject: [PATCH 7/8] fix: #13705, don't cover link if preview is opening up --- public/src/client/topic.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/public/src/client/topic.js b/public/src/client/topic.js index cce6f1f99a..5ee1f91f60 100644 --- a/public/src/client/topic.js +++ b/public/src/client/topic.js @@ -358,7 +358,6 @@ define('forum/topic', [ const postContent = link.parents('[component="topic"]').find('[component="post/content"]').first(); const postRect = postContent.offset(); const postWidth = postContent.width(); - const linkRect = link.offset(); const { top } = link.get(0).getBoundingClientRect(); const dropup = top > window.innerHeight / 2; tooltip.on('mouseenter', function () { @@ -366,11 +365,16 @@ define('forum/topic', [ }); tooltip.one('mouseleave', destroyTooltip); $(window).off('click', onClickOutside).one('click', onClickOutside); - tooltip.css({ - top: dropup ? linkRect.top - tooltip.outerHeight() : linkRect.top + 30, + const css = { left: postRect.left, width: postWidth, - }); + }; + if (dropup) { + css.bottom = window.innerHeight - top - window.scrollY + 5; + } else { + css.top = top + window.scrollY + 30; + } + tooltip.css(css); } } From ecf95d1898347d3d8f0c6799d6c2ea9c92d4818b Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Fri, 17 Oct 2025 11:11:04 -0400 Subject: [PATCH 8/8] fix: do not include image or icon props if they are falsy values --- src/activitypub/mocks.js | 54 +++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/src/activitypub/mocks.js b/src/activitypub/mocks.js index 1e04fb99ab..81db4b7a01 100644 --- a/src/activitypub/mocks.js +++ b/src/activitypub/mocks.js @@ -486,35 +486,37 @@ Mocks.actors.user = async (uid) => { }); return { - '@context': [ - 'https://www.w3.org/ns/activitystreams', - 'https://w3id.org/security/v1', - ], - id: `${nconf.get('url')}/uid/${uid}`, - url: `${nconf.get('url')}/user/${userslug}`, - followers: `${nconf.get('url')}/uid/${uid}/followers`, - following: `${nconf.get('url')}/uid/${uid}/following`, - inbox: `${nconf.get('url')}/uid/${uid}/inbox`, - outbox: `${nconf.get('url')}/uid/${uid}/outbox`, + ...{ + '@context': [ + 'https://www.w3.org/ns/activitystreams', + 'https://w3id.org/security/v1', + ], + id: `${nconf.get('url')}/uid/${uid}`, + url: `${nconf.get('url')}/user/${userslug}`, + followers: `${nconf.get('url')}/uid/${uid}/followers`, + following: `${nconf.get('url')}/uid/${uid}/following`, + inbox: `${nconf.get('url')}/uid/${uid}/inbox`, + outbox: `${nconf.get('url')}/uid/${uid}/outbox`, - type: 'Person', - name: username !== displayname ? fullname : username, // displayname is escaped, fullname is not - preferredUsername: userslug, - summary: aboutmeParsed, - icon: picture, - image: cover, - published: new Date(joindate).toISOString(), - attachment, + type: 'Person', + name: username !== displayname ? fullname : username, // displayname is escaped, fullname is not + preferredUsername: userslug, + summary: aboutmeParsed, + published: new Date(joindate).toISOString(), + attachment, - publicKey: { - id: `${nconf.get('url')}/uid/${uid}#key`, - owner: `${nconf.get('url')}/uid/${uid}`, - publicKeyPem: publicKey, - }, - - endpoints: { - sharedInbox: `${nconf.get('url')}/inbox`, + publicKey: { + id: `${nconf.get('url')}/uid/${uid}#key`, + owner: `${nconf.get('url')}/uid/${uid}`, + publicKeyPem: publicKey, + }, + + endpoints: { + sharedInbox: `${nconf.get('url')}/inbox`, + }, }, + ...(picture && { icon: picture }), + ...(cover && { image: cover }), }; };