mix: version 2.5.5

author: Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2022-12-23 18:46:14 +0100
committer: Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2023-09-03 11:19:26 +0200
commit: 385492577d11e9667064d7f7e0dacdc00457064a (patch)
tree: 14c3999daac4222947c3e707ccfbaf34da5ec122 /CHANGELOG.md
parent: 535a5ecad04c9c49105a77e7025fe9f4b4d23ba6 (diff)
download: pleroma-385492577d11e9667064d7f7e0dacdc00457064a.tar.gz
pleroma-385492577d11e9667064d7f7e0dacdc00457064a.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9d9aadc6e..32ec440de 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,7 +14,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Removed
 
-## 2.5.54
+## 2.5.5
+
+## Security
+- Prevent users from accessing media of other users by creating a status with reused attachment ID
+
+## 2.5.4
 
 ## Security
 - Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
author	Haelwenn (lanodan) Monnier <contact@hacktivis.me>	2022-12-23 18:46:14 +0100
committer	Haelwenn (lanodan) Monnier <contact@hacktivis.me>	2023-09-03 11:19:26 +0200
commit	385492577d11e9667064d7f7e0dacdc00457064a (patch)
tree	14c3999daac4222947c3e707ccfbaf34da5ec122 /CHANGELOG.md
parent	535a5ecad04c9c49105a77e7025fe9f4b4d23ba6 (diff)
download	pleroma-385492577d11e9667064d7f7e0dacdc00457064a.tar.gz pleroma-385492577d11e9667064d7f7e0dacdc00457064a.zip