glitch-soc
diff --git a/‎CHANGELOG.md‎
Lines changed: 20 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎app/controllers/activitypub/likes_controller.rb‎
Lines changed: 1 addition & 1 deletion b/‎app/controllers/activitypub/likes_controller.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controllers/activitypub/quote_authorizations_controller.rb‎
Lines changed: 1 addition & 1 deletion b/‎app/controllers/activitypub/quote_authorizations_controller.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controllers/activitypub/replies_controller.rb‎
Lines changed: 1 addition & 1 deletion b/‎app/controllers/activitypub/replies_controller.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controllers/activitypub/shares_controller.rb‎
Lines changed: 1 addition & 1 deletion b/‎app/controllers/activitypub/shares_controller.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controllers/api/v1/polls/votes_controller.rb‎
Lines changed: 1 addition & 1 deletion b/‎app/controllers/api/v1/polls/votes_controller.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controllers/api/v1/polls_controller.rb‎
Lines changed: 1 addition & 1 deletion b/‎app/controllers/api/v1/polls_controller.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controllers/api/v1/statuses/base_controller.rb‎
Lines changed: 1 addition & 1 deletion b/‎app/controllers/api/v1/statuses/base_controller.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controllers/api/v1/statuses/bookmarks_controller.rb‎
Lines changed: 1 addition & 1 deletion b/‎app/controllers/api/v1/statuses/bookmarks_controller.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controllers/api/v1/statuses/favourites_controller.rb‎
Lines changed: 1 addition & 1 deletion b/‎app/controllers/api/v1/statuses/favourites_controller.rb‎
Lines changed: 1 addition & 1 deletion
@@ -2,6 +2,26 @@
 
 All notable changes to this project will be documented in this file.
 
+## [4.5.3] - 2025-12-08
+
+### Security
+
+- Fix inconsistent error handling leaking information on existence of private posts ([GHSA-gwhw-gcjx-72v8](https://github.com/mastodon/mastodon/security/advisories/GHSA-gwhw-gcjx-72v8))
+
+### Fixed
+
+- Fix “Delete and Redraft” on a non-quote being treated as a quote post in some cases (#37140 by @ClearlyClaire)
+- Fix YouTube embeds by sending referer (#37126 by @ChaosExAnima)
+- Fix streamed quoted polls not being hydrated correctly (#37118 by @ClearlyClaire)
+- Fix creation of duplicate conversations (#37108 by @oneiros)
+- Fix extraneous `noreferrer` in external links (#37107 by @ChaosExAnima)
+- Fix edge case error handling in some database migrations (#37079 by @ClearlyClaire)
+- Fix error handling when re-fetching already-known statuses (#37077 by @ClearlyClaire)
+- Fix post navigation in single-column mode when Advanced UI is enabled (#37044 by @diondiondion)
+- Fix `tootctl status remove` removing quoted posts and remote quotes of local posts (#37009 by @ClearlyClaire)
+- Fix known expensive S3 batch delete operation failing because of short timeouts (#37004 by @ClearlyClaire)
+- Fix compose autosuggest always lowercasing input token (#36995 by @ClearlyClaire)
+
 ## [4.5.2] - 2025-11-20
 
 ### Changed
 
@@ -22,7 +22,7 @@ def pundit_user
   def set_status
     @status = @account.statuses.find(params[:status_id])
     authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     not_found
   end
 
 
@@ -24,7 +24,7 @@ def set_quote_authorization
     return not_found unless @quote.status.present? && @quote.quoted_status.present?
 
     authorize @quote.quoted_status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     not_found
   end
 end
@@ -25,7 +25,7 @@ def pundit_user
   def set_status
     @status = @account.statuses.find(params[:status_id])
     authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     not_found
   end
 
 
@@ -22,7 +22,7 @@ def pundit_user
   def set_status
     @status = @account.statuses.find(params[:status_id])
     authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     not_found
   end
 
 
@@ -17,7 +17,7 @@ def create
   def set_poll
     @poll = Poll.find(params[:poll_id])
     authorize @poll.status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     not_found
   end
 
 
@@ -17,7 +17,7 @@ def show
   def set_poll
     @poll = Poll.find(params[:id])
     authorize @poll.status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     not_found
   end
 
 
@@ -10,7 +10,7 @@ class Api::V1::Statuses::BaseController < Api::BaseController
   def set_status
     @status = Status.find(params[:status_id])
     authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     not_found
   end
 end
@@ -23,7 +23,7 @@ def destroy
     bookmark&.destroy!
 
     render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, bookmarks_map: { @status.id => false })
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     not_found
   end
 end
@@ -25,7 +25,7 @@ def destroy
 
     relationships = StatusRelationshipsPresenter.new([@status], current_account.id, favourites_map: { @status.id => false }, attributes_map: { @status.id => { favourites_count: count } })
     render json: @status, serializer: REST::StatusSerializer, relationships: relationships
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
     not_found
   end
 end