pleroma - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2023-09-07	Rename MapOfString to ContentLanguageMap	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-31	Move is_good_locale_code? to object validator	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-20	Remove test	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-19	Move maybe_add_content_map out of Transmogrifier, use code from tusooa's ↵	marcin mikołajczak
	branch for MapOfString Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-19	Move `maybe_add_language` to CommonFixes	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-11	Remove test	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-11	Rename test	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-11	Lint	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-11	Make status.language == nil for 'und' value	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-11	Add ObjectValidators.LanguageCode type	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-11	Apply lanodan's suggestion	Haelwenn

2023-08-11	Allow to specify post language	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-10	Merge branch 'fix-dockerfile-perms' into 'develop'	tusooa
	Fix config ownership in dockerfile to pass restriction test See merge request pleroma/pleroma!3931
2023-08-08	Fix config ownership in dockerfile to pass restriction test	Cat pony Black

2023-08-06	Merge branch 'disable-xml-entities-completely' into 'develop'	Haelwenn
	Completely disable xml entity resolution See merge request pleroma/pleroma!3932
2023-08-05	Completely disable xml entity resolution	mae

2023-08-05	Merge branch 'docs/gentoo-otp-intro' into 'develop'	Haelwenn
	gentoo_otp_en.md: Indicate which install method it covers See merge request pleroma/pleroma!3928
2023-08-05	Merge branch 'mergeback/2.5.4' into 'develop'	Haelwenn
	Mergeback: 2.5.4 See merge request pleroma/pleroma!3930
2023-08-05	Mergeback release 2.5.4	Haelwenn (lanodan) Monnier

2023-08-05	Document and test that XXE processing is disabled	Mark Felder
	https://vuln.be/post/xxe-in-erlang-and-elixir/
2023-08-05	Add unit test for external entity loading	FloatingGhost

2023-08-04	Prevent XML parser from loading external entities	Mae

2023-08-04	gentoo_otp_en.md: Indicate which install method it covers	Haelwenn (lanodan) Monnier

2023-08-04	Merge branch 'mergeback/2.5.3' into 'develop'	Haelwenn
	Mergeback: 2.5.3 Closes #3135 See merge request pleroma/pleroma!3927
2023-08-04	Release 2.5.53	Haelwenn (lanodan) Monnier

2023-08-04	release_runtime_provider_test: chmod config for hardened permissions	Haelwenn (lanodan) Monnier
	Git doesn't manages file permissions precisely enough for us.
2023-08-04	changelog: Entry for config permissions restrictions	Haelwenn (lanodan) Monnier
	Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135
2023-08-04	instance gen: Reduce permissions of pleroma directories and config files	Haelwenn (lanodan) Monnier

2023-08-04	Config: Restrict permissions of OTP config file	Haelwenn (lanodan) Monnier

2023-08-04	Resolve information disclosure vulnerability through emoji pack archive ↵	Mark Felder
	download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org
2023-08-03	Merge branch 'tusooa/3154-attachment-type-check' into 'develop'	Haelwenn
	Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923
2023-07-28	Merge branch 'fix/2927-disallow-unauthenticated-access' into 'develop'	tusooa
	/api/v1/statuses/:id/context: filter context activities using Visibility.visible_for_user?/2 See merge request pleroma/pleroma!3801
2023-07-28	add changelog entry	faried nawaz

2023-07-28	cleaner ecto query to handle restrict_unauthenticated for activities	Faried Nawaz
	This fix is for this case: config :pleroma, :restrict_unauthenticated, activities: %{local: true, remote: true}
2023-07-28	status context: perform visibility check on activities around a status	faried nawaz
	issue #2927
2023-07-18	Restrict attachments to only uploaded files only	tusooa

2023-07-17	Merge branch '2023-06-deps-update' into 'develop'	Haelwenn
	2023-06 deps update + de-override plug See merge request pleroma/pleroma!3911
2023-07-07	Merge branch 'tusooa/2775-emoji-policy' into 'develop'	Haelwenn
	EmojiPolicy Closes #2775 See merge request pleroma/pleroma!3842
2023-07-07	Make regex-to-string descriptor reusable	tusooa

2023-07-07	Fix edge cases	tusooa

2023-07-07	Add changelog	tusooa

2023-07-07	Test that unicode emoji reactions are not affected	tusooa

2023-07-07	Make EmojiPolicy aware of custom emoji reactions	tusooa

2023-07-07	Improve config examples for EmojiPolicy	tusooa

2023-07-07	Update config cheatsheet	tusooa

2023-07-07	Move emoji_policy.ex to the right place	tusooa

2023-07-07	EmojiPolicy: Implement delist	tusooa

2023-07-07	EmojiPolicy: implement remove by shortcode	tusooa

2023-07-07	Add emoji policy to remove emojis matching certain urls	tusooa
	https://git.pleroma.social/pleroma/pleroma/-/issues/2775
2023-07-04	Merge branch 'deprecate-scrobbles' into 'develop'	tusooa
	Deprecate audio scrobbling See merge request pleroma/pleroma!3919