Tag images with the latest tag only when running against the latest stable branch (#25803)
Fix crash in admin interface when viewing a remote user with verified links (#25796)
Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794)
Fix typo in CHANGELOG.md (#25764)
Update dependency sanitize to v6.0.2 [SECURITY] (#25777)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Fix processing of media files with unusual names (#25788)
Bump version to v4.1.3 (#25757)
Merge pull request from GHSA-55j9-c3mp-6fcq
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests
* Use CLOCK_MONOTONIC instead of Time.now
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards
* Sanitize preview cards at render time
* Add `sandbox` attribute to preview card iframes
Add hardened headers to user-uploaded files (#25756)
Add canonical link tags in web UI (#25715)
Add button to see results for polls in web UI (#25726)
Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713)
Fix re-activated accounts being deleted by AccountDeletionWorker (#25711)
fix read more button overlapping thread line bug (#25706)
Fix forgotten unconfirmed_email migration file (#25702)
Fix local live feeds does not expand (#25694)