⁂ Article
Release v2.4.12 of Ktistec
The biggest changes in release v2.4.12 of Ktistec are the UI/UX enhancements. The mobile profile, in particular, felt like an afterthought—which it was. The changes make the mobile experience much more pleasant and ergonomic. All of the credit for this work goes to @jayvii.
This release also now refuses to deserialize and use embedded ActivityPub objects from hosts other than the host of the embedding object. While I haven't encountered any problems with the previous implementation in practice, this fix closes a gap that could be exploited by a bad actor to spoof or change content.
Added
- Add follow request status to the actor panel.
- Compute and cache monthly active accounts.
Changed
- (Internal) Only consider properties with changed values as "changed".
- (Internal) Only deserialize embedded ActivityPub objects if hosts match.
Fixed
- Remove line breaks in Turbo Stream output.