Merge branch 'security-2.9' into release/2.9.0

author: Lain Soykaf <lain@lain.com> 2025-03-01 17:45:28 +0400
committer: Lain Soykaf <lain@lain.com> 2025-03-01 17:45:28 +0400
commit: 32acdf0936847870657fb265e02c56c1273378e0 (patch)
tree: 6350d15a98b971d2c581c9d239d50617dd7be97a /changelog.d
parent: a8e863e0d627b6ed9563d953ee2cc8c9f4c9ee7a (diff)
parent: 13a88bd1a5a13c771d33d327d54125c68bbb9cb3 (diff)
download: pleroma-32acdf0936847870657fb265e02c56c1273378e0.tar.gz
pleroma-32acdf0936847870657fb265e02c56c1273378e0.zip
2 files changed, 2 insertions, 0 deletions
diff --git a/changelog.d/c2s-update-verify.fix b/changelog.d/c2s-update-verify.fix
new file mode 100644
index 000000000..a4dfe7c07
--- /dev/null
+++ b/changelog.d/c2s-update-verify.fix
@@ -0,0 +1 @@
+Verify a local Update sent through AP C2S so users can only update their own objects
diff --git a/changelog.d/ensure-authorized-fetch.security b/changelog.d/ensure-authorized-fetch.security
new file mode 100644
index 000000000..200abdae0
--- /dev/null
+++ b/changelog.d/ensure-authorized-fetch.security
@@ -0,0 +1 @@
+Require HTTP signatures (if enabled) for routes used by both C2S and S2S AP API
+\ No newline at end of file
author	Lain Soykaf <lain@lain.com>	2025-03-01 17:45:28 +0400
committer	Lain Soykaf <lain@lain.com>	2025-03-01 17:45:28 +0400
commit	32acdf0936847870657fb265e02c56c1273378e0 (patch)
tree	6350d15a98b971d2c581c9d239d50617dd7be97a /changelog.d
parent	a8e863e0d627b6ed9563d953ee2cc8c9f4c9ee7a (diff)
parent	13a88bd1a5a13c771d33d327d54125c68bbb9cb3 (diff)
download	pleroma-32acdf0936847870657fb265e02c56c1273378e0.tar.gz pleroma-32acdf0936847870657fb265e02c56c1273378e0.zip