| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-09-13 | InlineQuotePolicy: skip objects which already have an .inline-quote span | Alex Gleason | |
| 2023-09-13 | Actually, don't send _misskey_quote anymore | Alex Gleason | |
| 2023-09-13 | InlineQuotePolicy: improve the way Markdown quotes are displayed by other ↵ | Alex Gleason | |
| software | |||
| 2023-09-13 | Handle Fedibird's new quoteUri field | Alex Gleason | |
| 2023-09-13 | Transmogrifier: federate quotes with _misskey_quote field | Alex Gleason | |
| 2023-09-13 | StatusView: return quote post inside a reblog | Alex Gleason | |
| 2023-09-13 | InlineQuotePolicy: don't add line breaks to markdown posts | Alex Gleason | |
| 2023-09-13 | StatusView: add `quote_visible` param | Alex Gleason | |
| 2023-09-13 | StatusView: fix quote visibility | Alex Gleason | |
| 2023-09-13 | CommonAPI: disallow quoting private posts through the API | Alex Gleason | |
| 2023-09-13 | Add InlineQuotePolicy to force quote URLs inline | Alex Gleason | |
| 2023-09-13 | ActivityDraft: mix format, defensive actor ID | Alex Gleason | |
| 2023-09-13 | ActivityDraft: mention the OP of a quoted post | Alex Gleason | |
| 2023-09-13 | Return quote_url through the API, don't render quotes more than 1 level deep | Alex Gleason | |
| 2023-09-13 | InstanceView: add "quote_posting" feature | Alex Gleason | |
| 2023-09-13 | mix format | Alex Gleason | |
| 2023-09-13 | ActivityDraft: allow quoting | Alex Gleason | |
| 2023-09-13 | ActivityDraft: create quote posts | Alex Gleason | |
| 2023-09-13 | StatusView: render the whole quoted status | Alex Gleason | |
| 2023-09-13 | StatusView: show quoted posts through the API, probably | Alex Gleason | |
| 2023-09-13 | Transmogrifier: fix quoteUrl here too | Alex Gleason | |
| 2023-09-13 | Transmogrifier: fetch quoted post | Alex Gleason | |
| 2023-09-13 | ObjectValidators: improve quoteUrl compatibility | Alex Gleason | |
| 2023-09-13 | ObjectValidators: accept "quoteUrl" field | Alex Gleason | |
| 2023-09-07 | Update InstanceView.features | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-09-03 | CommonAPI: Prevent users from accessing media of other users | Mint | |
| 2023-08-30 | Make lint happy | tusooa | |
| 2023-08-16 | Merge branch 'csp-flash' into 'develop' | Haelwenn | |
| allow https: so that flash works across instances without need for media proxy See merge request pleroma/pleroma!3879 | |||
| 2023-08-16 | Apply lanodan's suggestion(s) to 1 file(s) | Haelwenn | |
| 2023-08-11 | InstanceView: Add common_information function | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Implement api/v2/instance route | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-05 | Completely disable xml entity resolution | mae | |
| 2023-08-04 | Prevent XML parser from loading external entities | Mae | |
| 2023-08-04 | instance gen: Reduce permissions of pleroma directories and config files | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Config: Restrict permissions of OTP config file | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-08-03 | Merge branch 'tusooa/3154-attachment-type-check' into 'develop' | Haelwenn | |
| Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923 | |||
| 2023-07-28 | cleaner ecto query to handle restrict_unauthenticated for activities | Faried Nawaz | |
| This fix is for this case: config :pleroma, :restrict_unauthenticated, activities: %{local: true, remote: true} | |||
| 2023-07-28 | status context: perform visibility check on activities around a status | faried nawaz | |
| issue #2927 | |||
| 2023-07-18 | Restrict attachments to only uploaded files only | tusooa | |
| 2023-07-17 | Merge branch '2023-06-deps-update' into 'develop' | Haelwenn | |
| 2023-06 deps update + de-override plug See merge request pleroma/pleroma!3911 | |||
| 2023-07-07 | Make regex-to-string descriptor reusable | tusooa | |
| 2023-07-07 | Fix edge cases | tusooa | |
| 2023-07-07 | Make EmojiPolicy aware of custom emoji reactions | tusooa | |
| 2023-07-07 | Improve config examples for EmojiPolicy | tusooa | |
| 2023-07-07 | Move emoji_policy.ex to the right place | tusooa | |
| 2023-07-07 | EmojiPolicy: Implement delist | tusooa | |
| 2023-07-07 | EmojiPolicy: implement remove by shortcode | tusooa | |
| 2023-07-07 | Add emoji policy to remove emojis matching certain urls | tusooa | |
| https://git.pleroma.social/pleroma/pleroma/-/issues/2775 | |||
| 2023-07-04 | Deprecate audio scrobbling | Haelwenn (lanodan) Monnier | |
 |
index : pleroma | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |