Merge branch 'develop' into phoenix1.7

author: Mark Felder <feld@feld.me> 2023-11-07 16:05:04 -0500
committer: Mark Felder <feld@feld.me> 2023-11-07 16:05:04 -0500
commit: a0e08c6ec21b724432ac77eb395a18e6f8e2a093 (patch)
tree: 879947cf9b932c2c312b604d8768bc7e472234e1 /changelog.d/akkoma-xml-remote-entities.security
parent: 63ef1dcedca7fb315f611388e477d3847d1acaa1 (diff)
parent: 11c520607fcb2bf5b8323d1b22b3123acf12efe1 (diff)
download: pleroma-a0e08c6ec21b724432ac77eb395a18e6f8e2a093.tar.gz
pleroma-a0e08c6ec21b724432ac77eb395a18e6f8e2a093.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/akkoma-xml-remote-entities.security b/changelog.d/akkoma-xml-remote-entities.security
new file mode 100644
index 000000000..5e6725e5b
--- /dev/null
+++ b/changelog.d/akkoma-xml-remote-entities.security
@@ -0,0 +1 @@
+Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
author	Mark Felder <feld@feld.me>	2023-11-07 16:05:04 -0500
committer	Mark Felder <feld@feld.me>	2023-11-07 16:05:04 -0500
commit	a0e08c6ec21b724432ac77eb395a18e6f8e2a093 (patch)
tree	879947cf9b932c2c312b604d8768bc7e472234e1 /changelog.d/akkoma-xml-remote-entities.security
parent	63ef1dcedca7fb315f611388e477d3847d1acaa1 (diff)
parent	11c520607fcb2bf5b8323d1b22b3123acf12efe1 (diff)
download	pleroma-a0e08c6ec21b724432ac77eb395a18e6f8e2a093.tar.gz pleroma-a0e08c6ec21b724432ac77eb395a18e6f8e2a093.zip