pleroma - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2023-09-13	CommonAPI: disallow quoting private posts through the API	Alex Gleason

2023-09-13	Add InlineQuotePolicy to force quote URLs inline	Alex Gleason

2023-09-13	ActivityDraft: mix format, defensive actor ID	Alex Gleason

2023-09-13	ActivityDraft: mention the OP of a quoted post	Alex Gleason

2023-09-13	Return quote_url through the API, don't render quotes more than 1 level deep	Alex Gleason

2023-09-13	InstanceView: add "quote_posting" feature	Alex Gleason

2023-09-13	mix format	Alex Gleason

2023-09-13	ActivityDraft: allow quoting	Alex Gleason

2023-09-13	ActivityDraft: create quote posts	Alex Gleason

2023-09-13	StatusView: render the whole quoted status	Alex Gleason

2023-09-13	StatusView: show quoted posts through the API, probably	Alex Gleason

2023-09-13	Transmogrifier: fix quoteUrl here too	Alex Gleason

2023-09-13	Transmogrifier: fetch quoted post	Alex Gleason

2023-09-13	ObjectValidators: improve quoteUrl compatibility	Alex Gleason

2023-09-13	ObjectValidators: accept "quoteUrl" field	Alex Gleason

2023-09-07	Update InstanceView.features	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-09-03	CommonAPI: Prevent users from accessing media of other users	Mint

2023-08-30	Make lint happy	tusooa

2023-08-16	Merge branch 'csp-flash' into 'develop'	Haelwenn
	allow https: so that flash works across instances without need for media proxy See merge request pleroma/pleroma!3879
2023-08-16	Apply lanodan's suggestion(s) to 1 file(s)	Haelwenn

2023-08-11	InstanceView: Add common_information function	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-11	Implement api/v2/instance route	marcin mikołajczak
	Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-08-05	Completely disable xml entity resolution	mae

2023-08-04	Prevent XML parser from loading external entities	Mae

2023-08-04	instance gen: Reduce permissions of pleroma directories and config files	Haelwenn (lanodan) Monnier

2023-08-04	Config: Restrict permissions of OTP config file	Haelwenn (lanodan) Monnier

2023-08-04	Resolve information disclosure vulnerability through emoji pack archive ↵	Mark Felder
	download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org
2023-08-03	Merge branch 'tusooa/3154-attachment-type-check' into 'develop'	Haelwenn
	Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923
2023-07-28	cleaner ecto query to handle restrict_unauthenticated for activities	Faried Nawaz
	This fix is for this case: config :pleroma, :restrict_unauthenticated, activities: %{local: true, remote: true}
2023-07-28	status context: perform visibility check on activities around a status	faried nawaz
	issue #2927
2023-07-18	Restrict attachments to only uploaded files only	tusooa

2023-07-17	Merge branch '2023-06-deps-update' into 'develop'	Haelwenn
	2023-06 deps update + de-override plug See merge request pleroma/pleroma!3911
2023-07-07	Make regex-to-string descriptor reusable	tusooa

2023-07-07	Fix edge cases	tusooa

2023-07-07	Make EmojiPolicy aware of custom emoji reactions	tusooa

2023-07-07	Improve config examples for EmojiPolicy	tusooa

2023-07-07	Move emoji_policy.ex to the right place	tusooa

2023-07-07	EmojiPolicy: Implement delist	tusooa

2023-07-07	EmojiPolicy: implement remove by shortcode	tusooa

2023-07-07	Add emoji policy to remove emojis matching certain urls	tusooa
	https://git.pleroma.social/pleroma/pleroma/-/issues/2775
2023-07-04	Deprecate audio scrobbling	Haelwenn (lanodan) Monnier

2023-07-02	Merge branch 'tusooa/3131-handle-report-from-deactivated-user' into 'develop'	Haelwenn
	Fix handling report from a deactivated user Closes #3131 See merge request pleroma/pleroma!3915
2023-07-02	Fix handling report from a deactivated user	tusooa

2023-07-02	Fix user fetch completely broken if featured collection is not in a ↵	tusooa
	supported form
2023-07-01	Merge branch 'bugfix/full-revert-media-host-validation' into 'develop'	tusooa
	Merge Revert "Merge branch 'validate-host' into 'develop'" Closes #3136 See merge request pleroma/pleroma!3909
2023-06-27	Merge branch 'instance-nodeinfo-metadata' into 'develop'develop	Haelwenn
	instances: Store some metadata based on NodeInfo See merge request pleroma/pleroma!3853
2023-06-27	Merge branch 'tusooa/3119-bio-update' into 'develop'	Haelwenn
	Show more informative errors when profile exceeds char limits Closes #3119 See merge request pleroma/pleroma!3886
2023-06-27	Merge branch 'from/upstream-develop/tusooa/backup-status' into 'develop'	Haelwenn
	Detail backup states Closes #3024 See merge request pleroma/pleroma!3809
2023-06-27	router: Fix usage of globs	Haelwenn (lanodan) Monnier
	warning: doing a prefix match with globs is deprecated, invalid segment "pleromapath". You can either replace by a single segment match: /foo/bar-:var Or by mixing single segment match with globs: /foo/bar-:var/rest
2023-06-27	endpoint: Use custom Multipart module for dynamic configuration	Haelwenn (lanodan) Monnier