| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-11-02 | update changelog | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-10-31 | Bump package version for mergeback | tusooa | |
| 2023-10-31 | Merge branch 'stable' into 'release/2.6.0' | tusooa | |
| # Conflicts: # .gitlab-ci.yml # lib/pleroma/web/common_api/utils.ex # lib/pleroma/web/xml.ex # mix.exs # test/pleroma/web/activity_pub/transmogrifier/emoji_react_handling_test.exs # test/pleroma/web/common_api/utils_test.exs # test/pleroma/web/mastodon_api/update_credentials_test.exs # test/pleroma/web/xml_test.exs | |||
| 2023-10-24 | Bump version to 2.6.0 | tusooa | |
| 2023-10-16 | Fix mentioning punycode domains when using Markdown | tusooa | |
| 2023-10-15 | Add changelog | tusooa | |
| 2023-09-24 | TwitterAPI: Return proper error when healthcheck is disabled | Haelwenn (lanodan) Monnier | |
| 2023-09-13 | Add changelog | tusooa | |
| 2023-09-03 | CommonAPI: Prevent users from accessing media of other users | Mint | |
| commit 1afde067b12ad0062c1820091ea9b0a680819281 upstream. | |||
| 2023-09-03 | CommonAPI: Prevent users from accessing media of other users | Mint | |
| 2023-08-30 | Skip changelog | tusooa | |
| 2023-08-16 | Merge branch 'csp-flash' into 'develop' | Haelwenn | |
| allow https: so that flash works across instances without need for media proxy See merge request pleroma/pleroma!3879 | |||
| 2023-08-11 | Implement api/v2/instance route | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-10 | Merge branch 'fix-dockerfile-perms' into 'develop' | tusooa | |
| Fix config ownership in dockerfile to pass restriction test See merge request pleroma/pleroma!3931 | |||
| 2023-08-08 | Fix config ownership in dockerfile to pass restriction test | Cat pony Black | |
| 2023-08-05 | Completely disable xml entity resolution | mae | |
| 2023-08-05 | Merge branch 'docs/gentoo-otp-intro' into 'develop' | Haelwenn | |
| gentoo_otp_en.md: Indicate which install method it covers See merge request pleroma/pleroma!3928 | |||
| 2023-08-05 | Mergeback release 2.5.4 | Haelwenn (lanodan) Monnier | |
| 2023-08-05 | Release 2.5.4 | Haelwenn (lanodan) Monnier | |
| 2023-08-05 | Document and test that XXE processing is disabled | Mark Felder | |
| https://vuln.be/post/xxe-in-erlang-and-elixir/ | |||
| 2023-08-05 | Document and test that XXE processing is disabled | Mark Felder | |
| https://vuln.be/post/xxe-in-erlang-and-elixir/ | |||
| 2023-08-04 | gentoo_otp_en.md: Indicate which install method it covers | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | changelog: Entry for config permissions restrictions | Haelwenn (lanodan) Monnier | |
| Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135 | |||
| 2023-08-04 | changelog: Entry for config permissions restrictions | Haelwenn (lanodan) Monnier | |
| Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135 | |||
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-08-03 | Merge branch 'tusooa/3154-attachment-type-check' into 'develop' | Haelwenn | |
| Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923 | |||
| 2023-07-28 | add changelog entry | faried nawaz | |
| 2023-07-18 | Restrict attachments to only uploaded files only | tusooa | |
| 2023-07-17 | Merge branch '2023-06-deps-update' into 'develop' | Haelwenn | |
| 2023-06 deps update + de-override plug See merge request pleroma/pleroma!3911 | |||
| 2023-07-07 | Add changelog | tusooa | |
| 2023-07-04 | Merge branch 'deprecate-scrobbles' into 'develop' | tusooa | |
| Deprecate audio scrobbling See merge request pleroma/pleroma!3919 | |||
| 2023-07-04 | docs: Fix broken links | Haelwenn (lanodan) Monnier | |
| 2023-07-04 | Merge branch 'fix/pipeline-triggers' into 'develop' | Haelwenn | |
| CI: Fix pipeline tokens & exit status See merge request pleroma/pleroma!3918 | |||
| 2023-07-04 | Deprecate audio scrobbling | Haelwenn (lanodan) Monnier | |
| 2023-07-04 | CI: Use CI_JOB_TOKEN for cross-repo pipeline triggers | Haelwenn (lanodan) Monnier | |
| 2023-07-03 | Merge branch 'gentoo_otp' into 'develop' | Haelwenn | |
| Packaged installation guide for gentoo See merge request pleroma/pleroma!3906 | |||
| 2023-07-02 | Merge branch 'tusooa/media-altdomain' into 'develop' | Haelwenn | |
| Add instructions to serve media on another domain See merge request pleroma/pleroma!3892 | |||
| 2023-07-02 | Merge branch 'testfix/system-config-use' into 'develop' | Haelwenn | |
| release_runtime_provider_test: Explicitely use non-existant config file See merge request pleroma/pleroma!3910 | |||
| 2023-07-02 | Merge branch 'tusooa/3131-handle-report-from-deactivated-user' into 'develop' | Haelwenn | |
| Fix handling report from a deactivated user Closes #3131 See merge request pleroma/pleroma!3915 | |||
| 2023-07-02 | Merge branch 'tusooa/3142-featured-collection-shouldnt-break-user-fetch' ↵ | Haelwenn | |
| into 'develop' Fix user fetch completely broken if featured collection is not in a supported form See merge request pleroma/pleroma!3914 | |||
| 2023-07-02 | Fix handling report from a deactivated user | tusooa | |
| 2023-07-02 | Fix user fetch completely broken if featured collection is not in a ↵ | tusooa | |
| supported form | |||
| 2023-07-01 | Force the use of amd64 runners for jobs using ci-base | tusooa | |
| 2023-07-01 | Merge branch 'bugfix/full-revert-media-host-validation' into 'develop' | tusooa | |
| Merge Revert "Merge branch 'validate-host' into 'develop'" Closes #3136 See merge request pleroma/pleroma!3909 | |||
| 2023-06-27 | Merge branch 'tusooa/3119-bio-update' into 'develop' | Haelwenn | |
| Show more informative errors when profile exceeds char limits Closes #3119 See merge request pleroma/pleroma!3886 | |||
| 2023-06-27 | mix: 2023-06 deps update | Haelwenn (lanodan) Monnier | |
| this fixes compatibility with Erlang OTP 26 Related: https://git.pleroma.social/pleroma/pleroma/-/issues/2913 | |||
| 2023-06-27 | release_runtime_provider_test: Explicitely use non-existant config file | Haelwenn (lanodan) Monnier | |
| 2023-06-22 | Merge Revert "Merge branch 'validate-host' into 'develop'" | Haelwenn (lanodan) Monnier | |
| This reverts commit d998a114e26033e98e87778e5ca659aff91831bf, reversing changes made to da6b4003acad84b0f60ad8da6d08cfe13564b058. | |||
| 2023-06-21 | Add changelog entry | Sean King | |
 |
index : pleroma | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |
path: root/changelog.d