diff options
| author | Lain Soykaf <lain@lain.com> | 2025-03-11 17:57:45 +0400 |
|---|---|---|
| committer | Lain Soykaf <lain@lain.com> | 2025-03-11 17:57:45 +0400 |
| commit | 3c2b51c7cb249e7c0fc92023ac556d324ac3d774 (patch) | |
| tree | 72803ff539c4b6c3ef10fd76c50f6b14d956b714 | |
| parent | 2293d0826a9fb28e3e8a3d9bbf5dd60863ec0fd9 (diff) | |
| download | pleroma-3c2b51c7cb249e7c0fc92023ac556d324ac3d774.tar.gz pleroma-3c2b51c7cb249e7c0fc92023ac556d324ac3d774.zip | |
Changelog: Add missing changelog entries
| -rw-r--r-- | changelog.d/c2s-update-authorization.security | 1 | ||||
| -rw-r--r-- | changelog.d/cross-domain-redirect-check.security | 1 | ||||
| -rw-r--r-- | changelog.d/emoji-shortcode-validation.security | 1 | ||||
| -rw-r--r-- | changelog.d/local-fetch-prevention.security | 2 | ||||
| -rw-r--r-- | changelog.d/media-proxy-sanitize.security | 1 | ||||
| -rw-r--r-- | changelog.d/object-fetcher-content-type.security | 1 |
6 files changed, 6 insertions, 1 deletions
diff --git a/changelog.d/c2s-update-authorization.security b/changelog.d/c2s-update-authorization.security new file mode 100644 index 000000000..0fe7d97c9 --- /dev/null +++ b/changelog.d/c2s-update-authorization.security @@ -0,0 +1 @@ +Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content.
\ No newline at end of file diff --git a/changelog.d/cross-domain-redirect-check.security b/changelog.d/cross-domain-redirect-check.security new file mode 100644 index 000000000..9201de794 --- /dev/null +++ b/changelog.d/cross-domain-redirect-check.security @@ -0,0 +1 @@ +Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls.
\ No newline at end of file diff --git a/changelog.d/emoji-shortcode-validation.security b/changelog.d/emoji-shortcode-validation.security new file mode 100644 index 000000000..5a7d39279 --- /dev/null +++ b/changelog.d/emoji-shortcode-validation.security @@ -0,0 +1 @@ +Limit emoji shortcodes to alphanumeric, dash, or underscore characters to prevent potential abuse.
\ No newline at end of file diff --git a/changelog.d/local-fetch-prevention.security b/changelog.d/local-fetch-prevention.security index f72342316..e012abcd5 100644 --- a/changelog.d/local-fetch-prevention.security +++ b/changelog.d/local-fetch-prevention.security @@ -1 +1 @@ -Security: Block attempts to fetch activities from the local instance to prevent spoofing.
\ No newline at end of file +Block attempts to fetch activities from the local instance to prevent spoofing.
\ No newline at end of file diff --git a/changelog.d/media-proxy-sanitize.security b/changelog.d/media-proxy-sanitize.security new file mode 100644 index 000000000..b94348ea7 --- /dev/null +++ b/changelog.d/media-proxy-sanitize.security @@ -0,0 +1 @@ +Sanitize Content-Type headers in media proxy to prevent serving malicious ActivityPub content through proxied media.
\ No newline at end of file diff --git a/changelog.d/object-fetcher-content-type.security b/changelog.d/object-fetcher-content-type.security new file mode 100644 index 000000000..2ef4aefe7 --- /dev/null +++ b/changelog.d/object-fetcher-content-type.security @@ -0,0 +1 @@ +Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks.
\ No newline at end of file |