Merge branch 'stable' into 'release/2.6.0'
# Conflicts: # .gitlab-ci.yml # lib/pleroma/web/common_api/utils.ex # lib/pleroma/web/xml.ex # mix.exs # test/pleroma/web/activity_pub/transmogrifier/emoji_react_handling_test.exs # test/pleroma/web/common_api/utils_test.exs # test/pleroma/web/mastodon_api/update_credentials_test.exs # test/pleroma/web/xml_test.exs
This commit is contained in:
commit
ad45b06b3f
16
CHANGELOG.md
16
CHANGELOG.md
@ -59,6 +59,22 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
- Emoji pack loader sanitizes pack names
|
||||
- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
|
||||
|
||||
## 2.5.5
|
||||
|
||||
## Security
|
||||
- Prevent users from accessing media of other users by creating a status with reused attachment ID
|
||||
|
||||
## 2.5.4
|
||||
|
||||
## Security
|
||||
- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
|
||||
|
||||
## 2.5.3
|
||||
|
||||
### Security
|
||||
- Emoji pack loader sanitizes pack names
|
||||
- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
|
||||
|
||||
## 2.5.2
|
||||
|
||||
### Security
|
||||
|
1
changelog.d/akkoma-xml-remote-entities.security
Normal file
1
changelog.d/akkoma-xml-remote-entities.security
Normal file
@ -0,0 +1 @@
|
||||
Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
|
1
changelog.d/check-attachment-attribution.security
Normal file
1
changelog.d/check-attachment-attribution.security
Normal file
@ -0,0 +1 @@
|
||||
CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
|
1
changelog.d/emoji-pack-sanitization.security
Normal file
1
changelog.d/emoji-pack-sanitization.security
Normal file
@ -0,0 +1 @@
|
||||
Emoji pack loader sanitizes pack names
|
1
changelog.d/otp_perms.security
Normal file
1
changelog.d/otp_perms.security
Normal file
@ -0,0 +1 @@
|
||||
- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
|
Loading…
Reference in New Issue
Block a user