diff options
Diffstat (limited to 'changelog.d')
| -rw-r--r-- | changelog.d/2.6.0-mergeback.skip (renamed from changelog.d/3739.skip) | 0 | ||||
| -rw-r--r-- | changelog.d/3126.fix | 1 | ||||
| -rw-r--r-- | changelog.d/3831.skip | 0 | ||||
| -rw-r--r-- | changelog.d/3848.add | 1 | ||||
| -rw-r--r-- | changelog.d/3870.skip | 0 | ||||
| -rw-r--r-- | changelog.d/3872.remove | 1 | ||||
| -rw-r--r-- | changelog.d/3873.fix | 1 | ||||
| -rw-r--r-- | changelog.d/3876.skip | 0 | ||||
| -rw-r--r-- | changelog.d/3877.skip | 0 | ||||
| -rw-r--r-- | changelog.d/3878.skip | 0 | ||||
| -rw-r--r-- | changelog.d/3882.add | 1 | ||||
| -rw-r--r-- | changelog.d/3883.fix | 1 | ||||
| -rw-r--r-- | changelog.d/3891.fix | 1 | ||||
| -rw-r--r-- | changelog.d/3893.skip | 0 | ||||
| -rw-r--r-- | changelog.d/3896.add | 1 | ||||
| -rw-r--r-- | changelog.d/3897.add | 1 | ||||
| -rw-r--r-- | changelog.d/3899.skip | 0 | ||||
| -rw-r--r-- | changelog.d/akkoma-xml-remote-entities.security | 1 | ||||
| -rw-r--r-- | changelog.d/changelog-improve.skip | 0 | ||||
| -rw-r--r-- | changelog.d/check-attachment-attribution.security | 1 | ||||
| -rw-r--r-- | changelog.d/digest_emails.fix | 1 | ||||
| -rw-r--r-- | changelog.d/emoji-pack-sanitization.security | 1 | ||||
| -rw-r--r-- | changelog.d/fix-object-test.fix | 1 | ||||
| -rw-r--r-- | changelog.d/otp_perms.security | 1 |
24 files changed, 5 insertions, 10 deletions
diff --git a/changelog.d/3739.skip b/changelog.d/2.6.0-mergeback.skip index e69de29bb..e69de29bb 100644 --- a/changelog.d/3739.skip +++ b/changelog.d/2.6.0-mergeback.skip diff --git a/changelog.d/3126.fix b/changelog.d/3126.fix deleted file mode 100644 index 91d396c89..000000000 --- a/changelog.d/3126.fix +++ /dev/null @@ -1 +0,0 @@ -MediaProxy responses now return a sandbox CSP header diff --git a/changelog.d/3831.skip b/changelog.d/3831.skip deleted file mode 100644 index e69de29bb..000000000 --- a/changelog.d/3831.skip +++ /dev/null diff --git a/changelog.d/3848.add b/changelog.d/3848.add deleted file mode 100644 index d7b1b0a84..000000000 --- a/changelog.d/3848.add +++ /dev/null @@ -1 +0,0 @@ -Add OAuth scope descriptions diff --git a/changelog.d/3870.skip b/changelog.d/3870.skip deleted file mode 100644 index e69de29bb..000000000 --- a/changelog.d/3870.skip +++ /dev/null diff --git a/changelog.d/3872.remove b/changelog.d/3872.remove deleted file mode 100644 index 54cbb660e..000000000 --- a/changelog.d/3872.remove +++ /dev/null @@ -1 +0,0 @@ -remove BBS/SSH feature, replaced by an external bridge.
\ No newline at end of file diff --git a/changelog.d/3873.fix b/changelog.d/3873.fix deleted file mode 100644 index 4699f7b58..000000000 --- a/changelog.d/3873.fix +++ /dev/null @@ -1 +0,0 @@ -UploadedMedia: Add missing disposition_type to Content-Disposition
\ No newline at end of file diff --git a/changelog.d/3876.skip b/changelog.d/3876.skip deleted file mode 100644 index e69de29bb..000000000 --- a/changelog.d/3876.skip +++ /dev/null diff --git a/changelog.d/3877.skip b/changelog.d/3877.skip deleted file mode 100644 index e69de29bb..000000000 --- a/changelog.d/3877.skip +++ /dev/null diff --git a/changelog.d/3878.skip b/changelog.d/3878.skip deleted file mode 100644 index e69de29bb..000000000 --- a/changelog.d/3878.skip +++ /dev/null diff --git a/changelog.d/3882.add b/changelog.d/3882.add deleted file mode 100644 index 4712de1dc..000000000 --- a/changelog.d/3882.add +++ /dev/null @@ -1 +0,0 @@ -Allow lang attribute in status text diff --git a/changelog.d/3883.fix b/changelog.d/3883.fix deleted file mode 100644 index 6824f2013..000000000 --- a/changelog.d/3883.fix +++ /dev/null @@ -1 +0,0 @@ -Fix abnormal behaviour when refetching a poll diff --git a/changelog.d/3891.fix b/changelog.d/3891.fix deleted file mode 100644 index f1fb62d82..000000000 --- a/changelog.d/3891.fix +++ /dev/null @@ -1 +0,0 @@ -OEmbed HTML tags are now filtered diff --git a/changelog.d/3893.skip b/changelog.d/3893.skip deleted file mode 100644 index e69de29bb..000000000 --- a/changelog.d/3893.skip +++ /dev/null diff --git a/changelog.d/3896.add b/changelog.d/3896.add deleted file mode 100644 index 36d8286ff..000000000 --- a/changelog.d/3896.add +++ /dev/null @@ -1 +0,0 @@ -Validate Host header for MediaProxy and Uploads and return a 302 if the base_url has changed diff --git a/changelog.d/3897.add b/changelog.d/3897.add deleted file mode 100644 index 5c4402f45..000000000 --- a/changelog.d/3897.add +++ /dev/null @@ -1 +0,0 @@ -OnlyMedia Upload Filter diff --git a/changelog.d/3899.skip b/changelog.d/3899.skip deleted file mode 100644 index e69de29bb..000000000 --- a/changelog.d/3899.skip +++ /dev/null diff --git a/changelog.d/akkoma-xml-remote-entities.security b/changelog.d/akkoma-xml-remote-entities.security new file mode 100644 index 000000000..5e6725e5b --- /dev/null +++ b/changelog.d/akkoma-xml-remote-entities.security @@ -0,0 +1 @@ +Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem diff --git a/changelog.d/changelog-improve.skip b/changelog.d/changelog-improve.skip deleted file mode 100644 index e69de29bb..000000000 --- a/changelog.d/changelog-improve.skip +++ /dev/null diff --git a/changelog.d/check-attachment-attribution.security b/changelog.d/check-attachment-attribution.security new file mode 100644 index 000000000..e0e46525b --- /dev/null +++ b/changelog.d/check-attachment-attribution.security @@ -0,0 +1 @@ +CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID diff --git a/changelog.d/digest_emails.fix b/changelog.d/digest_emails.fix new file mode 100644 index 000000000..335a24464 --- /dev/null +++ b/changelog.d/digest_emails.fix @@ -0,0 +1 @@ +Fix the processing of email digest jobs. diff --git a/changelog.d/emoji-pack-sanitization.security b/changelog.d/emoji-pack-sanitization.security new file mode 100644 index 000000000..f3218abd4 --- /dev/null +++ b/changelog.d/emoji-pack-sanitization.security @@ -0,0 +1 @@ +Emoji pack loader sanitizes pack names diff --git a/changelog.d/fix-object-test.fix b/changelog.d/fix-object-test.fix deleted file mode 100644 index 5eea719f0..000000000 --- a/changelog.d/fix-object-test.fix +++ /dev/null @@ -1 +0,0 @@ -Correctly handle the situation when a poll has both "anyOf" and "oneOf" but one of them being empty diff --git a/changelog.d/otp_perms.security b/changelog.d/otp_perms.security new file mode 100644 index 000000000..a3da1c677 --- /dev/null +++ b/changelog.d/otp_perms.security @@ -0,0 +1 @@ +- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
\ No newline at end of file |