diff options
| author | Alexander Strizhakov <alex.strizhakov@gmail.com> | 2020-03-01 12:48:49 +0300 |
|---|---|---|
| committer | Alexander Strizhakov <alex.strizhakov@gmail.com> | 2020-03-01 12:48:49 +0300 |
| commit | d9e4b77f8be8249b428a7ef1448c9a2161dee88a (patch) | |
| tree | 927869f5bdadc70c579b2fcbe09223a9dd593ab1 /CHANGELOG.md | |
| parent | 814b275af7748df6bd11dfc6be1b4efce8d5ae70 (diff) | |
| parent | 438394d40447bdfb590ff206ad80907294da0e65 (diff) | |
| download | pleroma-d9e4b77f8be8249b428a7ef1448c9a2161dee88a.tar.gz pleroma-d9e4b77f8be8249b428a7ef1448c9a2161dee88a.zip | |
Merge branch 'develop' into gun
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 7afe5c21b..263d8d2ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [Unreleased] +### Security +- Mastodon API: Fix being able to request enourmous amount of statuses in timelines leading to DoS. Now limited to 40 per request. + ### Removed - **Breaking**: Removed 1.0+ deprecated configurations `Pleroma.Upload, :strip_exif` and `:instance, :dedupe_media` - **Breaking**: OStatus protocol support @@ -56,6 +59,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Admin API: Render whole status in grouped reports - Mastodon API: User timelines will now respect blocks, unless you are getting the user timeline of somebody you blocked (which would be empty otherwise). - Mastodon API: Favoriting / Repeating a post multiple times will now return the identical response every time. Before, executing that action twice would return an error ("already favorited") on the second try. +- Mastodon API: Limit timeline requests to 3 per timeline per 500ms per user/ip by default. </details> ### Added |