diff options
| author | rinpatch <rinpatch@sdf.org> | 2019-04-24 20:01:42 +0300 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2019-04-24 20:01:42 +0300 |
| commit | 4baea6e6d9efa619402a031a84f74787653df2b5 (patch) | |
| tree | 02fe60e2fc34ca6164ae67b1ab47bc4b4179890b /CHANGELOG.md | |
| parent | 030a7876b42a0c925fd52474de514ae5e9171e55 (diff) | |
| download | pleroma-4baea6e6d9efa619402a031a84f74787653df2b5.tar.gz pleroma-4baea6e6d9efa619402a031a84f74787653df2b5.zip | |
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API
This patch:
- Fixes `rights` in twitterapi ignoring `show_role`
- Fixes exposing default scope of the user to anyone in Mastodon API
- Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674)
Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 70381f382..51ba239b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,7 +44,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Add `languages` and `registrations` to `/api/v1/instance` - Mastodon API: Provide plaintext versions of cw/content in the Status entity - Mastodon API: Add `pleroma.conversation_id`, `pleroma.in_reply_to_account_acct` fields to the Status entity -- Mastodon API: Add `pleroma.tags`, `pleroma.relationship{}`, `pleroma.is_moderator`, `pleroma.is_admin`, `pleroma.confirmation_pending` fields to the User entity +- Mastodon API: Add `pleroma.tags`, `pleroma.relationship{}`, `pleroma.is_moderator`, `pleroma.is_admin`, `pleroma.confirmation_pending`, `pleroma.hide_followers`, `pleroma.hide_follows`, `pleroma.hide_favorites` fields to the User entity +- Mastodon API: Add `pleroma.show_role`, `pleroma.no_rich_text` fields to the User entity (when the user is requesting themselves) +- Mastodon API: Add support for updating `no_rich_text`, `hide_followers`, `hide_follows`, `hide_favorites`, `show_role` in `PATCH /api/v1/update_credentials` - Mastodon API: Add `pleroma.is_seen` to the Notification entity - Mastodon API: Add `pleroma.local` to the Status entity - Mastodon API: Add `preview` parameter to `POST /api/v1/statuses` @@ -72,12 +74,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - MediaProxy: S3 link encoding - Rich Media: Reject any data which cannot be explicitly encoded into JSON - Pleroma API: Importing follows from Mastodon 2.8+ +- Twitter API: Exposing default scope, `no_rich_text` of the user to anyone +- Twitter API: Returning the `role` object in user entity despite `show_role = false` - Mastodon API: `/api/v1/favourites` serving only public activities - Mastodon API: Reblogs having `in_reply_to_id` - `null` even when they are replies - Mastodon API: Streaming API broadcasting wrong activity id - Mastodon API: 500 errors when requesting a card for a private conversation - Mastodon API: Handling of `reblogs` in `/api/v1/accounts/:id/follow` - Mastodon API: Correct `reblogged`, `favourited`, and `bookmarked` values in the reblog status JSON +- Mastodon API: Exposing default scope of the user to anyone ## [0.9.9999] - 2019-04-05 ### Security |