Merge remote-tracking branch 'origin/develop' into instance-v2

author: Marcin Mikołajczak <git@mkljczk.pl> 2023-11-08 20:46:57 +0100
committer: Marcin Mikołajczak <git@mkljczk.pl> 2023-11-08 20:46:57 +0100
commit: 1e9333a9aa5f15dd9cbea826ee42561e4a9d12c3 (patch)
tree: 923fa49e845b97b99c65855de3113b444253e10c /changelog.d/check-attachment-attribution.security
parent: c6cedbb8106a16527e48ac8ae03907e1d66c5a1b (diff)
parent: a51f3937eef0c6add91234863d5f936c59830d88 (diff)
download: pleroma-1e9333a9aa5f15dd9cbea826ee42561e4a9d12c3.tar.gz
pleroma-1e9333a9aa5f15dd9cbea826ee42561e4a9d12c3.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/check-attachment-attribution.security b/changelog.d/check-attachment-attribution.security
new file mode 100644
index 000000000..e0e46525b
--- /dev/null
+++ b/changelog.d/check-attachment-attribution.security
@@ -0,0 +1 @@
+CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
author	Marcin Mikołajczak <git@mkljczk.pl>	2023-11-08 20:46:57 +0100
committer	Marcin Mikołajczak <git@mkljczk.pl>	2023-11-08 20:46:57 +0100
commit	1e9333a9aa5f15dd9cbea826ee42561e4a9d12c3 (patch)
tree	923fa49e845b97b99c65855de3113b444253e10c /changelog.d/check-attachment-attribution.security
parent	c6cedbb8106a16527e48ac8ae03907e1d66c5a1b (diff)
parent	a51f3937eef0c6add91234863d5f936c59830d88 (diff)
download	pleroma-1e9333a9aa5f15dd9cbea826ee42561e4a9d12c3.tar.gz pleroma-1e9333a9aa5f15dd9cbea826ee42561e4a9d12c3.zip