Merge branch 'check-attachment-attribution' into 'develop'

Prevent users from attaching other users' attachments See merge request pleroma/pleroma!3947
author: Haelwenn <contact+git.pleroma.social@hacktivis.me> 2023-09-03 09:09:27 +0000
committer: Haelwenn <contact+git.pleroma.social@hacktivis.me> 2023-09-03 09:09:27 +0000
commit: a94cf2ad4ff523f72d03a9bf76ca9ec6b242c79b (patch)
tree: 20c4e70ff722773215a962131f560c356e8cb97e /changelog.d/check-attachment-attribution.security
parent: 9da4f89b7b8c59947a812b95aeafd4f8efaf6a8a (diff)
parent: 1afde067b12ad0062c1820091ea9b0a680819281 (diff)
download: pleroma-a94cf2ad4ff523f72d03a9bf76ca9ec6b242c79b.tar.gz
pleroma-a94cf2ad4ff523f72d03a9bf76ca9ec6b242c79b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/check-attachment-attribution.security b/changelog.d/check-attachment-attribution.security
new file mode 100644
index 000000000..e0e46525b
--- /dev/null
+++ b/changelog.d/check-attachment-attribution.security
@@ -0,0 +1 @@
+CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
author	Haelwenn <contact+git.pleroma.social@hacktivis.me>	2023-09-03 09:09:27 +0000
committer	Haelwenn <contact+git.pleroma.social@hacktivis.me>	2023-09-03 09:09:27 +0000
commit	a94cf2ad4ff523f72d03a9bf76ca9ec6b242c79b (patch)
tree	20c4e70ff722773215a962131f560c356e8cb97e /changelog.d/check-attachment-attribution.security
parent	9da4f89b7b8c59947a812b95aeafd4f8efaf6a8a (diff)
parent	1afde067b12ad0062c1820091ea9b0a680819281 (diff)
download	pleroma-a94cf2ad4ff523f72d03a9bf76ca9ec6b242c79b.tar.gz pleroma-a94cf2ad4ff523f72d03a9bf76ca9ec6b242c79b.zip