Anon/pleroma
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Release 2.5.4

Browse Source
This commit is contained in:
Haelwenn (lanodan) Monnier 2023-08-05 08:27:42 +02:00
parent cc848b78dc
commit b631180b38
3 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -14,6 +14,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Removed ### Removed
## 2.5.54
## Security
- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
## 2.5.3 ## 2.5.3
### Security ### Security

2
changelog.d/akkoma-xml-remote-entities.security
View File

@ -1 +1 @@
Restrict XML parser from processing external entitites (XXE) Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem

2
mix.exs
View File

@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
def project do def project do
[ [
app: :pleroma, app: :pleroma,
version: version("2.5.3"), version: version("2.5.4"),
elixir: "~> 1.11", elixir: "~> 1.11",
elixirc_paths: elixirc_paths(Mix.env()), elixirc_paths: elixirc_paths(Mix.env()),
compilers: [:phoenix, :gettext] ++ Mix.compilers(), compilers: [:phoenix, :gettext] ++ Mix.compilers(),