Mergeback release 2.5.4

author: Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2023-08-05 08:27:42 +0200
committer: Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2023-08-05 08:58:05 +0200
commit: 4099ddb3dc5840fa10cff743d87464acf7898a80 (patch)
tree: 08a1a83efc47a77f2e44b16258e91b7a2b557b39 /changelog.d/akkoma-xml-remote-entities.security
parent: 6d48b0f1a93a5a44b95497063e885342240fbc27 (diff)
download: pleroma-4099ddb3dc5840fa10cff743d87464acf7898a80.tar.gz
pleroma-4099ddb3dc5840fa10cff743d87464acf7898a80.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/changelog.d/akkoma-xml-remote-entities.security b/changelog.d/akkoma-xml-remote-entities.security
index b3c86bee1..5e6725e5b 100644
--- a/changelog.d/akkoma-xml-remote-entities.security
+++ b/changelog.d/akkoma-xml-remote-entities.security
@@ -1 +1 @@
-Restrict XML parser from processing external entitites (XXE)
+Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
author	Haelwenn (lanodan) Monnier <contact@hacktivis.me>	2023-08-05 08:27:42 +0200
committer	Haelwenn (lanodan) Monnier <contact@hacktivis.me>	2023-08-05 08:58:05 +0200
commit	4099ddb3dc5840fa10cff743d87464acf7898a80 (patch)
tree	08a1a83efc47a77f2e44b16258e91b7a2b557b39 /changelog.d/akkoma-xml-remote-entities.security
parent	6d48b0f1a93a5a44b95497063e885342240fbc27 (diff)
download	pleroma-4099ddb3dc5840fa10cff743d87464acf7898a80.tar.gz pleroma-4099ddb3dc5840fa10cff743d87464acf7898a80.zip