| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-11-13 | Change mediaproxy previews to use vips to generate thumbnails instead of ↵ | Mark Felder | |
| ImageMagick | |||
| 2023-11-13 | Use the "change" type | Mark Felder | |
| 2023-11-13 | Switch to PromEx for prometheus metrics | Mark Felder | |
| Recommending use of the separate HTTP server for exposing the metrics and securing it externally on your firewall or reverse proxy. It will listen on port 4021 by default. | |||
| 2023-11-13 | Fix GenerateUnsetUserKeys migration | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-11-12 | Merge branch 'quotes-count' into 'develop' | lain | |
| Count and display post quotes See merge request pleroma/pleroma!3956 | |||
| 2023-11-12 | Count and display post quotes | marcin mikołajczak | |
| 2023-11-12 | Merge branch 'phoenix1.7' into 'develop' | lain | |
| Update to Phoenix 1.7 See merge request pleroma/pleroma!3900 | |||
| 2023-11-12 | Add changelog. | Lain Soykaf | |
| 2023-11-08 | Merge remote-tracking branch 'origin/develop' into instance-v2 | Marcin Mikołajczak | |
| 2023-11-08 | Ensure benchee doesn't run unless we are executing benchmarks | Mark Felder | |
| 2023-11-08 | Merge branch 'develop' into phoenix1.7 | Mark Felder | |
| 2023-11-08 | ObjectValidators.BareUriTest: Replace calls of SafeText to BareUri | Haelwenn (lanodan) Monnier | |
| 2023-11-07 | Merge branch 'develop' into phoenix1.7 | Mark Felder | |
| 2023-11-07 | Fix digest email processing, consolidate Oban queues | Mark Felder | |
| The email related jobs can all share a single Oban queue | |||
| 2023-11-02 | Support /authorize-interaction route used by Mastodon | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-11-02 | update changelog | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-10-31 | Bump package version for mergeback | tusooa | |
| 2023-10-31 | Merge branch 'stable' into 'release/2.6.0' | tusooa | |
| # Conflicts: # .gitlab-ci.yml # lib/pleroma/web/common_api/utils.ex # lib/pleroma/web/xml.ex # mix.exs # test/pleroma/web/activity_pub/transmogrifier/emoji_react_handling_test.exs # test/pleroma/web/common_api/utils_test.exs # test/pleroma/web/mastodon_api/update_credentials_test.exs # test/pleroma/web/xml_test.exs | |||
| 2023-10-24 | Bump version to 2.6.0 | tusooa | |
| 2023-10-16 | Fix mentioning punycode domains when using Markdown | tusooa | |
| 2023-10-15 | Add changelog | tusooa | |
| 2023-09-24 | TwitterAPI: Return proper error when healthcheck is disabled | Haelwenn (lanodan) Monnier | |
| 2023-09-13 | Add changelog | tusooa | |
| 2023-09-03 | CommonAPI: Prevent users from accessing media of other users | Mint | |
| commit 1afde067b12ad0062c1820091ea9b0a680819281 upstream. | |||
| 2023-09-03 | CommonAPI: Prevent users from accessing media of other users | Mint | |
| 2023-08-30 | Skip changelog | tusooa | |
| 2023-08-16 | Merge branch 'csp-flash' into 'develop' | Haelwenn | |
| allow https: so that flash works across instances without need for media proxy See merge request pleroma/pleroma!3879 | |||
| 2023-08-11 | Implement api/v2/instance route | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-10 | Merge branch 'fix-dockerfile-perms' into 'develop' | tusooa | |
| Fix config ownership in dockerfile to pass restriction test See merge request pleroma/pleroma!3931 | |||
| 2023-08-08 | Fix config ownership in dockerfile to pass restriction test | Cat pony Black | |
| 2023-08-05 | Completely disable xml entity resolution | mae | |
| 2023-08-05 | Merge branch 'docs/gentoo-otp-intro' into 'develop' | Haelwenn | |
| gentoo_otp_en.md: Indicate which install method it covers See merge request pleroma/pleroma!3928 | |||
| 2023-08-05 | Mergeback release 2.5.4 | Haelwenn (lanodan) Monnier | |
| 2023-08-05 | Release 2.5.4 | Haelwenn (lanodan) Monnier | |
| 2023-08-05 | Document and test that XXE processing is disabled | Mark Felder | |
| https://vuln.be/post/xxe-in-erlang-and-elixir/ | |||
| 2023-08-05 | Document and test that XXE processing is disabled | Mark Felder | |
| https://vuln.be/post/xxe-in-erlang-and-elixir/ | |||
| 2023-08-04 | gentoo_otp_en.md: Indicate which install method it covers | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | changelog: Entry for config permissions restrictions | Haelwenn (lanodan) Monnier | |
| Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135 | |||
| 2023-08-04 | changelog: Entry for config permissions restrictions | Haelwenn (lanodan) Monnier | |
| Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135 | |||
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-08-03 | Merge branch 'tusooa/3154-attachment-type-check' into 'develop' | Haelwenn | |
| Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923 | |||
| 2023-07-28 | add changelog entry | faried nawaz | |
| 2023-07-18 | Restrict attachments to only uploaded files only | tusooa | |
| 2023-07-17 | Merge branch '2023-06-deps-update' into 'develop' | Haelwenn | |
| 2023-06 deps update + de-override plug See merge request pleroma/pleroma!3911 | |||
| 2023-07-07 | Add changelog | tusooa | |
| 2023-07-04 | Merge branch 'deprecate-scrobbles' into 'develop' | tusooa | |
| Deprecate audio scrobbling See merge request pleroma/pleroma!3919 | |||
| 2023-07-04 | docs: Fix broken links | Haelwenn (lanodan) Monnier | |
| 2023-07-04 | Merge branch 'fix/pipeline-triggers' into 'develop' | Haelwenn | |
| CI: Fix pipeline tokens & exit status See merge request pleroma/pleroma!3918 | |||
| 2023-07-04 | Deprecate audio scrobbling | Haelwenn (lanodan) Monnier | |
 |
index : pleroma | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |
path: root/changelog.d