diff options
| author | Haelwenn (lanodan) Monnier <contact@hacktivis.me> | 2023-08-05 08:27:42 +0200 |
|---|---|---|
| committer | Haelwenn (lanodan) Monnier <contact@hacktivis.me> | 2023-08-05 08:27:42 +0200 |
| commit | b631180b38ac63029f08bef137b13231bcf57b59 (patch) | |
| tree | 55a72082c7776290cdbbbd16fbf043f9c6fc4bb5 | |
| parent | cc848b78dca51fcd7e785eb92a7a3a4d5d1c419e (diff) | |
| download | pleroma-b631180b38ac63029f08bef137b13231bcf57b59.tar.gz pleroma-b631180b38ac63029f08bef137b13231bcf57b59.zip | |
Release 2.5.4
| -rw-r--r-- | CHANGELOG.md | 5 | ||||
| -rw-r--r-- | changelog.d/akkoma-xml-remote-entities.security | 2 | ||||
| -rw-r--r-- | mix.exs | 2 |
3 files changed, 7 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 468ec1012..9d9aadc6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Removed +## 2.5.54 + +## Security +- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem + ## 2.5.3 ### Security diff --git a/changelog.d/akkoma-xml-remote-entities.security b/changelog.d/akkoma-xml-remote-entities.security index b3c86bee1..5e6725e5b 100644 --- a/changelog.d/akkoma-xml-remote-entities.security +++ b/changelog.d/akkoma-xml-remote-entities.security @@ -1 +1 @@ -Restrict XML parser from processing external entitites (XXE) +Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem @@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do def project do [ app: :pleroma, - version: version("2.5.3"), + version: version("2.5.4"), elixir: "~> 1.11", elixirc_paths: elixirc_paths(Mix.env()), compilers: [:phoenix, :gettext] ++ Mix.compilers(), |