1 files changed, 1 insertions, 0 deletions

diff --git a/changelog.d/cross-domain-redirect-check.security b/changelog.d/cross-domain-redirect-check.security
new file mode 100644
index 000000000..9201de794
--- /dev/null
+++ b/changelog.d/cross-domain-redirect-check.security
@@ -0,0 +1 @@
+Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls.
\ No newline at end of file