From 3c58e40a6bf2cda66957c73536605059952854c6 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 7 Jan 2026 14:52:31 +0100 Subject: [PATCH] Bump version to v4.2.29 (#37412) Co-authored-by: David Roetzel --- CHANGELOG.md | 10 ++++++++++ docker-compose.yml | 6 +++--- lib/mastodon/version.rb | 2 +- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c27aca0a..a40e4d2d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to this project will be documented in this file. +## [4.2.29] - 2026-01-07 + +### Security + +- Fix SSRF protection bypass ([GHSA](https://github.com/mastodon/mastodon/security/advisories/GHSA-xfrj-c749-jxxq)) + +### Fixed + +- Fix mentions of domain-blocked users being processed (#37257 by @ClearlyClaire) + ## [4.2.28] - 2025-12-08 ### Security diff --git a/docker-compose.yml b/docker-compose.yml index 56fea4eec..eef22e1e3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -56,7 +56,7 @@ services: web: build: . - image: ghcr.io/mastodon/mastodon:v4.2.28 + image: ghcr.io/mastodon/mastodon:v4.2.29 restart: always env_file: .env.production command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" @@ -77,7 +77,7 @@ services: streaming: build: . - image: ghcr.io/mastodon/mastodon:v4.2.28 + image: ghcr.io/mastodon/mastodon:v4.2.29 restart: always env_file: .env.production command: node ./streaming @@ -95,7 +95,7 @@ services: sidekiq: build: . - image: ghcr.io/mastodon/mastodon:v4.2.28 + image: ghcr.io/mastodon/mastodon:v4.2.29 restart: always env_file: .env.production command: bundle exec sidekiq diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb index 257c04648..6f89850cf 100644 --- a/lib/mastodon/version.rb +++ b/lib/mastodon/version.rb @@ -13,7 +13,7 @@ module Mastodon end def patch - 28 + 29 end def default_prerelease