| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-08-04 | Release 2.5.53 | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | release_runtime_provider_test: chmod config for hardened permissions | Haelwenn (lanodan) Monnier | |
| Git doesn't manages file permissions precisely enough for us. | |||
| 2023-08-04 | changelog: Entry for config permissions restrictions | Haelwenn (lanodan) Monnier | |
| Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135 | |||
| 2023-08-04 | instance gen: Reduce permissions of pleroma directories and config files | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Config: Restrict permissions of OTP config file | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Release 2.5.3 | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | test: Fix warnings | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Force the use of amd64 runners for jobs using ci-base | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | release_runtime_provider_test: chmod config for hardened permissions | Haelwenn (lanodan) Monnier | |
| Git doesn't manages file permissions precisely enough for us. | |||
| 2023-08-04 | changelog: Entry for config permissions restrictions | Haelwenn (lanodan) Monnier | |
| Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135 | |||
| 2023-08-04 | instance gen: Reduce permissions of pleroma directories and config files | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Config: Restrict permissions of OTP config file | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-08-03 | Merge branch 'tusooa/3154-attachment-type-check' into 'develop' | Haelwenn | |
| Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923 | |||
| 2023-07-28 | Merge branch 'fix/2927-disallow-unauthenticated-access' into 'develop' | tusooa | |
| /api/v1/statuses/:id/context: filter context activities using Visibility.visible_for_user?/2 See merge request pleroma/pleroma!3801 | |||
| 2023-07-28 | add changelog entry | faried nawaz | |
| 2023-07-28 | cleaner ecto query to handle restrict_unauthenticated for activities | Faried Nawaz | |
| This fix is for this case: config :pleroma, :restrict_unauthenticated, activities: %{local: true, remote: true} | |||
| 2023-07-28 | status context: perform visibility check on activities around a status | faried nawaz | |
| issue #2927 | |||
| 2023-07-18 | Restrict attachments to only uploaded files only | tusooa | |
| 2023-07-17 | Merge branch '2023-06-deps-update' into 'develop' | Haelwenn | |
| 2023-06 deps update + de-override plug See merge request pleroma/pleroma!3911 | |||
| 2023-07-07 | Merge branch 'tusooa/2775-emoji-policy' into 'develop' | Haelwenn | |
| EmojiPolicy Closes #2775 See merge request pleroma/pleroma!3842 | |||
| 2023-07-07 | Make regex-to-string descriptor reusable | tusooa | |
| 2023-07-07 | Fix edge cases | tusooa | |
| 2023-07-07 | Add changelog | tusooa | |
| 2023-07-07 | Test that unicode emoji reactions are not affected | tusooa | |
| 2023-07-07 | Make EmojiPolicy aware of custom emoji reactions | tusooa | |
| 2023-07-07 | Improve config examples for EmojiPolicy | tusooa | |
| 2023-07-07 | Update config cheatsheet | tusooa | |
| 2023-07-07 | Move emoji_policy.ex to the right place | tusooa | |
| 2023-07-07 | EmojiPolicy: Implement delist | tusooa | |
| 2023-07-07 | EmojiPolicy: implement remove by shortcode | tusooa | |
| 2023-07-07 | Add emoji policy to remove emojis matching certain urls | tusooa | |
| https://git.pleroma.social/pleroma/pleroma/-/issues/2775 | |||
| 2023-07-04 | Merge branch 'deprecate-scrobbles' into 'develop' | tusooa | |
| Deprecate audio scrobbling See merge request pleroma/pleroma!3919 | |||
| 2023-07-04 | Merge branch 'hotfix/docs-broken-links' into 'develop' | Haelwenn | |
| docs: Fix broken links See merge request pleroma/pleroma!3920 | |||
| 2023-07-04 | docs: Fix broken links | Haelwenn (lanodan) Monnier | |
| 2023-07-04 | Merge branch 'fix/pipeline-triggers' into 'develop' | Haelwenn | |
| CI: Fix pipeline tokens & exit status See merge request pleroma/pleroma!3918 | |||
| 2023-07-04 | Deprecate audio scrobbling | Haelwenn (lanodan) Monnier | |
| 2023-07-04 | CI: Use CI_JOB_TOKEN for cross-repo pipeline triggers | Haelwenn (lanodan) Monnier | |
| 2023-07-04 | CI: Let curl return non-0 on http failure code | Haelwenn (lanodan) Monnier | |
| Otherwise it silently fails | |||
| 2023-07-03 | Merge branch 'gentoo_otp' into 'develop' | Haelwenn | |
| Packaged installation guide for gentoo See merge request pleroma/pleroma!3906 | |||
| 2023-07-02 | Merge branch 'tusooa/media-altdomain' into 'develop' | Haelwenn | |
| Add instructions to serve media on another domain See merge request pleroma/pleroma!3892 | |||
| 2023-07-02 | Merge branch 'testfix/system-config-use' into 'develop' | Haelwenn | |
| release_runtime_provider_test: Explicitely use non-existant config file See merge request pleroma/pleroma!3910 | |||
| 2023-07-02 | Merge branch 'tusooa/3131-handle-report-from-deactivated-user' into 'develop' | Haelwenn | |
| Fix handling report from a deactivated user Closes #3131 See merge request pleroma/pleroma!3915 | |||
| 2023-07-02 | Merge branch 'tusooa/3142-featured-collection-shouldnt-break-user-fetch' ↵ | Haelwenn | |
| into 'develop' Fix user fetch completely broken if featured collection is not in a supported form See merge request pleroma/pleroma!3914 | |||
| 2023-07-02 | Merge branch 'tusooa/3151-amd64-runner' into 'develop' | Haelwenn | |
| Force the use of amd64 runners for jobs using ci-base Closes #3151 See merge request pleroma/pleroma!3913 | |||
| 2023-07-02 | Fix handling report from a deactivated user | tusooa | |
| 2023-07-02 | Fix user fetch completely broken if featured collection is not in a ↵ | tusooa | |
| supported form | |||
| 2023-07-01 | Force the use of amd64 runners for jobs using ci-base | tusooa | |
| 2023-07-01 | Merge branch 'bugfix/full-revert-media-host-validation' into 'develop' | tusooa | |
| Merge Revert "Merge branch 'validate-host' into 'develop'" Closes #3136 See merge request pleroma/pleroma!3909 | |||
 |
index : pleroma | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |