| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-08-05 | Prevent XML parser from loading external entities | Mae | |
| 2023-08-04 | Merge branch 'release/2.5.3' into 'stable' | Haelwenn | |
| Release 2.5.3 See merge request pleroma/pleroma!3926 | |||
| 2023-08-04 | Release 2.5.3 | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | test: Fix warnings | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Force the use of amd64 runners for jobs using ci-base | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | release_runtime_provider_test: chmod config for hardened permissions | Haelwenn (lanodan) Monnier | |
| Git doesn't manages file permissions precisely enough for us. | |||
| 2023-08-04 | changelog: Entry for config permissions restrictions | Haelwenn (lanodan) Monnier | |
| Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135 | |||
| 2023-08-04 | instance gen: Reduce permissions of pleroma directories and config files | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Config: Restrict permissions of OTP config file | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-05-26 | Merge branch 'release/2.5.2' into 'stable' | Haelwenn | |
| Security release 2.5.2 See merge request pleroma/pleroma!3863 | |||
| 2023-05-26 | Version 2.5.2 | Haelwenn (lanodan) Monnier | |
| 2023-05-26 | Filter OEmbed HTML tags | Mark Felder | |
| 2023-05-26 | Enforce unauth restrictions for public streaming endpoints | tusooa | |
| 2023-05-26 | Merge branch 'issue/3126' into 'develop' | Haelwenn | |
| MediaProxyController: Apply CSP sandbox See merge request pleroma/pleroma!3890 | |||
| 2023-05-26 | Merge branch 'tusooa/fix-object-test' into 'develop' | Haelwenn | |
| Fix ObjectTest See merge request pleroma/pleroma!3887 | |||
| 2023-05-26 | Merge branch 'tusooa/rework-refetch' into 'develop' | Haelwenn | |
| Make sure object refetching follows update rules See merge request pleroma/pleroma!3883 | |||
| 2023-03-30 | Merge branch 'background-timeout' into 'develop' | Haelwenn | |
| Set background worker timeout to 15 minutes See merge request pleroma/pleroma!3857 | |||
| 2023-03-30 | Merge branch 'docs-otp-support' into 'develop' | tusooa | |
| docs: Be more explicit about the level of compatibility of OTP releases See merge request pleroma/pleroma!3849 | |||
| 2023-03-30 | Merge branch 'remove-crypt' into 'develop' | tusooa | |
| Remove crypt(3) support Closes #3030 and #3062 See merge request pleroma/pleroma!3847 | |||
| 2023-03-30 | Merge branch 'fix/tag-feed-crashes' into 'develop' | Haelwenn | |
| fix: atom/rss feed issues Closes #3045 See merge request pleroma/pleroma!3851 | |||
| 2023-03-30 | Merge branch 'fix/static-fe-feed-500' into 'develop' | Haelwenn | |
| fix: remove static_fe pipeline for /users/:nickname/feed See merge request pleroma/pleroma!3852 | |||
| 2023-03-30 | Merge branch 'tusooa/oban-common-pipeline' into 'develop' | Haelwenn | |
| Stop oban from retrying if validating errors occur when processing incoming data See merge request pleroma/pleroma!3844 | |||
| 2023-03-02 | Merge branch 'release/2.5.1' into 'stable' | tusooa | |
| release: 2.5.1 See merge request pleroma/pleroma!3841 | |||
| 2023-03-01 | Add the security fix to the changelog | tusooa | |
| 2023-03-01 | Sanitize filenames when uploading | tusooa | |
| 2023-02-20 | Bundle frontend | tusooa | |
| 2023-02-20 | Bump version in mix project to 2.5.1 | tusooa | |
| 2023-02-20 | Compose changelog for 2.5.1 | tusooa | |
| 2023-02-20 | Ignores in exiftool read descriptions | tusooa | |
| 2023-02-20 | Bump crypt to v1.0.1 | Sean King | |
| 2023-02-20 | Update mix.exs | lain | |
| 2023-02-20 | Bump linkify | tusooa | |
| 2023-02-20 | Test double dot link | tusooa | |
| 2023-02-20 | Test that zwnj is treated as word char in hashtags | tusooa | |
| 2023-02-20 | Require related object for notifications to filter on content | Alexander Tumin | |
| 2023-02-20 | Fix inproper content being cached in report content | tusooa | |
| 2023-02-20 | Use versioned image from hexpm | tusooa | |
| 2023-02-20 | Allow customizing instance languages | tusooa | |
| 2023-02-20 | Remove unwanted code specific to MIX_ENV=test | Mark Felder | |
| 2023-02-20 | Fix rel="me" | Mark Felder | |
| Cachex for this was not started | |||
| 2023-02-20 | Fix block_from_stranger setting | tusooa | |
| 2023-02-20 | B StripLocation: Add test, work for all svgs. | Lain Soykaf | |
| 2023-02-20 | Added SVG to formats not compatible with exiftool | Dmytro Poltavchenko | |
| 2023-02-20 | Bump earmark to 1.4.22 | tusooa | |
| 2022-12-23 | Merge branch 'release/2.5.0' into 'stable' | Haelwenn | |
| Release 2.5.0 See merge request pleroma/pleroma!3816 | |||
| 2022-12-23 | mix: Release 2.5.0 | Haelwenn (lanodan) Monnier | |
| 2022-12-23 | CHANGELOG: Set 2.5.0 | Haelwenn (lanodan) Monnier | |
| 2022-12-23 | Git merge is not my favorite tool | Haelwenn (lanodan) Monnier | |
| 2022-12-23 | Revert "Delete report notifs when demoting from superuser" | Haelwenn (lanodan) Monnier | |
| This reverts commit 4504c810802e2253599f06ddf6d58d3389fb23ac. | |||
 |
index : pleroma | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |