Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into pleroma-meilisearch

author: Lain Soykaf <lain@lain.com> 2023-11-12 13:53:18 +0400
committer: Lain Soykaf <lain@lain.com> 2023-11-12 13:53:18 +0400
commit: 0c5cc519833166e1c748deb81394af9940c05928 (patch)
tree: 4eb13f297395d738df1054c82a744b3ae99479e0 /changelog.d/check-attachment-attribution.security
parent: 398141da68328cea982f017a3e8bc95a9f9c1fbf (diff)
parent: a51f3937eef0c6add91234863d5f936c59830d88 (diff)
download: pleroma-0c5cc519833166e1c748deb81394af9940c05928.tar.gz
pleroma-0c5cc519833166e1c748deb81394af9940c05928.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/check-attachment-attribution.security b/changelog.d/check-attachment-attribution.security
new file mode 100644
index 000000000..e0e46525b
--- /dev/null
+++ b/changelog.d/check-attachment-attribution.security
@@ -0,0 +1 @@
+CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
author	Lain Soykaf <lain@lain.com>	2023-11-12 13:53:18 +0400
committer	Lain Soykaf <lain@lain.com>	2023-11-12 13:53:18 +0400
commit	0c5cc519833166e1c748deb81394af9940c05928 (patch)
tree	4eb13f297395d738df1054c82a744b3ae99479e0 /changelog.d/check-attachment-attribution.security
parent	398141da68328cea982f017a3e8bc95a9f9c1fbf (diff)
parent	a51f3937eef0c6add91234863d5f936c59830d88 (diff)
download	pleroma-0c5cc519833166e1c748deb81394af9940c05928.tar.gz pleroma-0c5cc519833166e1c748deb81394af9940c05928.zip