summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHaelwenn (lanodan) Monnier <contact@hacktivis.me>2023-08-05 08:27:42 +0200
committerHaelwenn (lanodan) Monnier <contact@hacktivis.me>2023-08-05 08:58:05 +0200
commit4099ddb3dc5840fa10cff743d87464acf7898a80 (patch)
tree08a1a83efc47a77f2e44b16258e91b7a2b557b39
parent6d48b0f1a93a5a44b95497063e885342240fbc27 (diff)
downloadpleroma-4099ddb3dc5840fa10cff743d87464acf7898a80.tar.gz
pleroma-4099ddb3dc5840fa10cff743d87464acf7898a80.zip
Mergeback release 2.5.4
Diffstat
-rw-r--r--CHANGELOG.md5
-rw-r--r--changelog.d/akkoma-xml-remote-entities.security2
-rw-r--r--mix.exs2
3 files changed, 7 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 87e9c5298..65acfad3e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Removed
- BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact)
+## 2.5.4
+
+## Security
+- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
+
## 2.5.3
### Security
diff --git a/changelog.d/akkoma-xml-remote-entities.security b/changelog.d/akkoma-xml-remote-entities.security
index b3c86bee1..5e6725e5b 100644
--- a/changelog.d/akkoma-xml-remote-entities.security
+++ b/changelog.d/akkoma-xml-remote-entities.security
@@ -1 +1 @@
-Restrict XML parser from processing external entitites (XXE)
+Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
diff --git a/mix.exs b/mix.exs
index 115e7113f..b071e7c7b 100644
--- a/mix.exs
+++ b/mix.exs
@@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
def project do
[
app: :pleroma,
- version: version("2.5.53"),
+ version: version("2.5.54"),
elixir: "~> 1.11",
elixirc_paths: elixirc_paths(Mix.env()),
compilers: [:phoenix] ++ Mix.compilers(),
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-24 17:48:35 +0000