masterブランチをmaster_securityとマージ (#9260)

* Fix: forkbomb 2

* 12.119.2

Co-authored-by: mei23 <m@m544.net>

CHANGELOG.md

@@ -9,6 +9,10 @@
 You should also include the user name that made the change.
 -->
 
+## 12.119.2 (2022/12/04)
+### Bugfixes
+- Server: Backported versions mitigate isn't working @mei23
+
 ## 12.119.1 (2022/12/03)
 ### Bugfixes
 - Server: Mitigate AP reference chain DoS vector @skehmatics

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "misskey",
-	"version": "12.119.1",
+	"version": "12.119.2",
 	"codename": "indigo",
 	"repository": {
 		"type": "git",

packages/backend/src/remote/activitypub/models/mention.ts

@@ -5,11 +5,9 @@ import { IObject, isMention, IApMention } from '../type.js';
 import Resolver from '../resolver.js';
 import { resolvePerson } from './person.js';
 
-export async function extractApMentions(tags: IObject | IObject[] | null | undefined) {
+export async function extractApMentions(tags: IObject | IObject[] | null | undefined, resolver: Resolver) {
 	const hrefs = unique(extractApMentionObjects(tags).map(x => x.href as string));
 
-	const resolver = new Resolver();
-
 	const limit = promiseLimit<CacheableUser | null>(2);
 	const mentionedUsers = (await Promise.all(
 		hrefs.map(x => limit(() => resolvePerson(x, resolver).catch(() => null))),

packages/backend/src/remote/activitypub/models/note.ts

@@ -97,7 +97,7 @@ export async function createNote(value: string | IObject, resolver?: Resolver, s
 		throw new Error('actor has been suspended');
 	}
 
-	const noteAudience = await parseAudience(actor, note.to, note.cc);
+	const noteAudience = await parseAudience(actor, note.to, note.cc, resolver);
 	let visibility = noteAudience.visibility;
 	const visibleUsers = noteAudience.visibleUsers;
 
@@ -111,7 +111,7 @@ export async function createNote(value: string | IObject, resolver?: Resolver, s
 
 	let isTalk = note._misskey_talk && visibility === 'specified';
 
-	const apMentions = await extractApMentions(note.tag);
+	const apMentions = await extractApMentions(note.tag, resolver);
 	const apHashtags = await extractApHashtags(note.tag);
 
 	// 添付ファイル

packages/backend/src/remote/activitypub/resolver.ts

@@ -23,6 +23,7 @@ export default class Resolver {
 
 	constructor(recursionLimit = 100) {
 		this.history = new Set();
+		this.recursionLimit = recursionLimit;
 	}
 
 	public getHistory(): string[] {