| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-09-07 | Update InstanceView.features | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-09-03 | CommonAPI: Prevent users from accessing media of other users | Mint | |
| 2023-08-30 | Make lint happy | tusooa | |
| 2023-08-16 | Merge branch 'csp-flash' into 'develop' | Haelwenn | |
| allow https: so that flash works across instances without need for media proxy See merge request pleroma/pleroma!3879 | |||
| 2023-08-16 | Apply lanodan's suggestion(s) to 1 file(s) | Haelwenn | |
| 2023-08-11 | InstanceView: Add common_information function | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Implement api/v2/instance route | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-05 | Completely disable xml entity resolution | mae | |
| 2023-08-04 | Prevent XML parser from loading external entities | Mae | |
| 2023-08-04 | instance gen: Reduce permissions of pleroma directories and config files | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Config: Restrict permissions of OTP config file | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-08-03 | Merge branch 'tusooa/3154-attachment-type-check' into 'develop' | Haelwenn | |
| Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923 | |||
| 2023-07-28 | cleaner ecto query to handle restrict_unauthenticated for activities | Faried Nawaz | |
| This fix is for this case: config :pleroma, :restrict_unauthenticated, activities: %{local: true, remote: true} | |||
| 2023-07-28 | status context: perform visibility check on activities around a status | faried nawaz | |
| issue #2927 | |||
| 2023-07-18 | Restrict attachments to only uploaded files only | tusooa | |
| 2023-07-17 | Merge branch '2023-06-deps-update' into 'develop' | Haelwenn | |
| 2023-06 deps update + de-override plug See merge request pleroma/pleroma!3911 | |||
| 2023-07-07 | Make regex-to-string descriptor reusable | tusooa | |
| 2023-07-07 | Fix edge cases | tusooa | |
| 2023-07-07 | Make EmojiPolicy aware of custom emoji reactions | tusooa | |
| 2023-07-07 | Improve config examples for EmojiPolicy | tusooa | |
| 2023-07-07 | Move emoji_policy.ex to the right place | tusooa | |
| 2023-07-07 | EmojiPolicy: Implement delist | tusooa | |
| 2023-07-07 | EmojiPolicy: implement remove by shortcode | tusooa | |
| 2023-07-07 | Add emoji policy to remove emojis matching certain urls | tusooa | |
| https://git.pleroma.social/pleroma/pleroma/-/issues/2775 | |||
| 2023-07-04 | Deprecate audio scrobbling | Haelwenn (lanodan) Monnier | |
| 2023-07-02 | Merge branch 'tusooa/3131-handle-report-from-deactivated-user' into 'develop' | Haelwenn | |
| Fix handling report from a deactivated user Closes #3131 See merge request pleroma/pleroma!3915 | |||
| 2023-07-02 | Fix handling report from a deactivated user | tusooa | |
| 2023-07-02 | Fix user fetch completely broken if featured collection is not in a ↵ | tusooa | |
| supported form | |||
| 2023-07-01 | Merge branch 'bugfix/full-revert-media-host-validation' into 'develop' | tusooa | |
| Merge Revert "Merge branch 'validate-host' into 'develop'" Closes #3136 See merge request pleroma/pleroma!3909 | |||
| 2023-06-27 | Merge branch 'instance-nodeinfo-metadata' into 'develop'develop | Haelwenn | |
| instances: Store some metadata based on NodeInfo See merge request pleroma/pleroma!3853 | |||
| 2023-06-27 | Merge branch 'tusooa/3119-bio-update' into 'develop' | Haelwenn | |
| Show more informative errors when profile exceeds char limits Closes #3119 See merge request pleroma/pleroma!3886 | |||
| 2023-06-27 | Merge branch 'from/upstream-develop/tusooa/backup-status' into 'develop' | Haelwenn | |
| Detail backup states Closes #3024 See merge request pleroma/pleroma!3809 | |||
| 2023-06-27 | router: Fix usage of globs | Haelwenn (lanodan) Monnier | |
| warning: doing a prefix match with globs is deprecated, invalid segment "pleroma*path". You can either replace by a single segment match: /foo/bar-:var Or by mixing single segment match with globs: /foo/bar-:var/*rest | |||
| 2023-06-27 | endpoint: Use custom Multipart module for dynamic configuration | Haelwenn (lanodan) Monnier | |
| 2023-06-22 | Merge Revert "Merge branch 'validate-host' into 'develop'" | Haelwenn (lanodan) Monnier | |
| This reverts commit d998a114e26033e98e87778e5ca659aff91831bf, reversing changes made to da6b4003acad84b0f60ad8da6d08cfe13564b058. | |||
| 2023-06-21 | Prevent bypassing authorized fetch mode with a json file | Sean King | |
| 2023-06-11 | Merge branch 'tusooa/3054-banned-delete' into 'develop' | lain | |
| Fix deleting banned users' statuses See merge request pleroma/pleroma!3889 | |||
| 2023-06-11 | B ForceMentionsInContent: Fix test, refactor. | Lain Soykaf | |
| 2023-06-11 | Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into ↵ | Lain Soykaf | |
| pleroma-double_mentions | |||
| 2023-06-11 | Merge branch 'fix/metadata-tags' into 'develop' | lain | |
| static frontend: fix meta tags See merge request pleroma/pleroma!3885 | |||
| 2023-06-11 | Merge branch 'cleanup/ostatus-user-upgrade' into 'develop' | lain | |
| Cleanup OStatus-era user upgrades and ap_enabled indicator See merge request pleroma/pleroma!3880 | |||
| 2023-06-11 | Merge branch 'revert-mediaproxy-host-validation' into 'develop' | feld | |
| Revert MediaProxy Host header validation See merge request pleroma/pleroma!3902 | |||
| 2023-06-11 | Merge branch 'fep-fffd-url' into 'develop' | lain | |
| CommonFields: Use BareUri for :url Closes #3121 See merge request pleroma/pleroma!3884 | |||
| 2023-06-07 | Revert MediaProxy Host header validation | Mark Felder | |
| Something is going wrong here even though the tests are correct. | |||
| 2023-06-03 | Phoenix.Router.routes/1 is the public function we are meant to be using here | Mark Felder | |
| 2023-06-02 | B Preload: Make sure that the preloaded json is html safe | Lain Soykaf | |
| 2023-05-31 | Fix compile warning | Mark Felder | |
| warning: doing a prefix match with globs is deprecated, invalid segment "pleroma*path" | |||
| 2023-05-31 | Phoenix.Socket.Transport.force_ssl/4 no longer exists | Mark Felder | |
| 2023-05-31 | Clean up Plug.Parsers.MULTIPART deprecation warnings | Mark Felder | |
| There is no need to the length setting to :multipart. The length setting is global for all of the parsers. | |||
 |
index : pleroma | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |