From 3092558bc1cef6cbea12284de17c13175b8d97ab Mon Sep 17 00:00:00 2001 From: Tusooa Zhu Date: Sun, 12 Sep 2021 00:12:05 -0400 Subject: Add changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index e527f32de..4dcebb16c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Experimental support for Finch. Put `config :tesla, :adapter, {Tesla.Adapter.Finch, name: MyFinch}` in your secrets file to use it. Reverse Proxy will still use Hackney. - AdminAPI: allow moderators to manage reports, users, invites, and custom emojis - AdminAPI: restrict moderators to access sensitive data: change user credentials, get password reset token, read private statuses and chats, etc +- Added move account API ### Fixed - Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies -- cgit v1.2.3 From 57c486014c06715ff5cd5ad4361155d4a1776c23 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 6 May 2022 08:59:36 +0200 Subject: Release 2.4.3 --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 88ad0ada9..95405bb60 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Removed +## 2.4.3 - 2022-05-06 + +### Security +- Private `/objects/` and `/activities/` leaking if cached by authenticated user +- SweetXML library DTD bomb + ## 2.4.2 - 2022-01-10 ### Fixed -- cgit v1.2.3 From e06f2b9f5ea58c90cafd7864a66809fe8ea0a96f Mon Sep 17 00:00:00 2001 From: Tusooa Zhu Date: Tue, 9 Aug 2022 18:17:07 -0400 Subject: Add changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index f2ed9bbad..9e4cb9a4e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed - Allow users to remove their emails if instance does not need email to register - Uploadfilter `Pleroma.Upload.Filter.Exiftool` has been renamed to `Pleroma.Upload.Filter.Exiftool.StripLocation` +- **Breaking**: `/api/v1/pleroma/backups` endpoints now requires `read:backups` scope instead of `read:accounts` ### Added - `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object -- cgit v1.2.3 From 80c32ae00b0a67a19fcddb5ca04651468dfe246d Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 12 Aug 2022 15:06:45 -0400 Subject: Document the changes for Varnish 7.0+ compatibility and RFC compliance --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index f2ed9bbad..8d0ef4e11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed - Allow users to remove their emails if instance does not need email to register - Uploadfilter `Pleroma.Upload.Filter.Exiftool` has been renamed to `Pleroma.Upload.Filter.Exiftool.StripLocation` +- Updated the recommended pleroma.vcl configuration for Varnish to target Varnish 7.0+ ### Added - `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object @@ -48,6 +49,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fixed crash when pinned_objects is nil - Fixed slow timelines when there are a lot of deactivated users - Fixed account deletion API +- Fixed lowercase HTTP HEAD method in the Media Proxy Preview code ### Removed -- cgit v1.2.3 From 31fd41de0cbca28cd2461e96384460596e54e9e9 Mon Sep 17 00:00:00 2001 From: Tusooa Zhu Date: Fri, 19 Aug 2022 20:29:06 -0400 Subject: Release 2.4.4 --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 95405bb60..bcbe3ba56 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Removed +## 2.4.4 - 2022-08-19 + +### Security +- Streaming API sessions will now properly disconnect if the corresponding token is revoked + ## 2.4.3 - 2022-05-06 ### Security -- cgit v1.2.3 From ec0e912c52f9c44ef78dbb8971d39ab4ef53bf30 Mon Sep 17 00:00:00 2001 From: Tusooa Zhu Date: Wed, 29 Dec 2021 00:29:00 -0500 Subject: Add changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d0ef4e11..a979ff325 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Make backend-rendered pages translatable. This includes emails. Pages returned as a HTTP response are translated using the language specified in the `userLanguage` cookie, or the `Accept-Language` header. Emails are translated using the `language` field when registering. This language can be changed by `PATCH /api/v1/accounts/update_credentials` with the `language` field. - Uploadfilter `Pleroma.Upload.Filter.Exiftool.ReadDescription` returns description values to the FE so they can pre fill the image description field - Added move account API +- Enable remote users to interact with posts ### Fixed - Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies -- cgit v1.2.3 From 21ab7369cad6504be2f815aec888b38023d7a17a Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Sep 2022 22:35:08 +0200 Subject: Bump minimum Elixir version to 1.10 With the release of Elixir 1.14, Elixir 1.9 is now end-of-life. Elixir 1.10 Release Notes: https://github.com/elixir-lang/elixir/releases/tag/v1.10.0 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d0ef4e11..caa5d0cd2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - MastoFE ### Changed +- **Breaking:** Elixir >=1.10 is now required (was >= 1.9) - Allow users to remove their emails if instance does not need email to register - Uploadfilter `Pleroma.Upload.Filter.Exiftool` has been renamed to `Pleroma.Upload.Filter.Exiftool.StripLocation` - Updated the recommended pleroma.vcl configuration for Varnish to target Varnish 7.0+ -- cgit v1.2.3 From 30ded8876ace53e7cf39f94579746d27ea94cdea Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Thu, 4 Mar 2021 17:58:18 +0300 Subject: docs & changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a4cd1b05..6ea8b1cb6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,6 +37,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Uploadfilter `Pleroma.Upload.Filter.Exiftool.ReadDescription` returns description values to the FE so they can pre fill the image description field - Added move account API - Enable remote users to interact with posts +- Possibility to discover users like `user@example.org`, while Pleroma is working on `pleroma.example.org`. Additional configuration required. ### Fixed - Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies -- cgit v1.2.3 From 7d0175dc3a1265628ba4f58231dd15bec3286741 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 11 Nov 2022 12:35:25 -0500 Subject: Document removal of Quack --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ea8b1cb6..c54dabd58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -56,6 +56,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fixed lowercase HTTP HEAD method in the Media Proxy Preview code ### Removed +- Quack, the logging backend that pushes to Slack channels ## 2.4.4 - 2022-08-19 -- cgit v1.2.3 From a977e1ef96498418e10c29fbdef1ae04953effcb Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Sat, 12 Nov 2022 11:11:19 -0500 Subject: Document Oban workers getting timeouts defined --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ea8b1cb6..66ab62bab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Uploadfilter `Pleroma.Upload.Filter.Exiftool` has been renamed to `Pleroma.Upload.Filter.Exiftool.StripLocation` - **Breaking**: `/api/v1/pleroma/backups` endpoints now requires `read:backups` scope instead of `read:accounts` - Updated the recommended pleroma.vcl configuration for Varnish to target Varnish 7.0+ +- Set timeout values for Oban queues. The default is infinity and some operations may not time out on their own. ### Added - `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object -- cgit v1.2.3 From 39b24cdce683471372e2144dc00ed5d0f78740aa Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Sat, 12 Nov 2022 18:32:49 -0500 Subject: Document query performance improvement --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 889a3ebfe..30f5140bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -55,6 +55,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fixed slow timelines when there are a lot of deactivated users - Fixed account deletion API - Fixed lowercase HTTP HEAD method in the Media Proxy Preview code +- Improved performance for filtering out deactivated and invisible users ### Removed - Quack, the logging backend that pushes to Slack channels -- cgit v1.2.3 From 47b9847edd74c394e2bdfcb95a42f858329c9ef1 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Sun, 13 Nov 2022 12:25:52 -0500 Subject: Deletes do not generate notifications of any kind, so skip trying --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 889a3ebfe..141cc2e40 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -55,6 +55,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fixed slow timelines when there are a lot of deactivated users - Fixed account deletion API - Fixed lowercase HTTP HEAD method in the Media Proxy Preview code +- Removed useless notification call on Delete activities ### Removed - Quack, the logging backend that pushes to Slack channels -- cgit v1.2.3 From 2e0089dd5c27c86488d2c68170d80d02c24135f3 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Sun, 13 Nov 2022 13:33:27 -0500 Subject: Alter priority of Delete activities to be lowest This will prevent a user with a large number of posts from negatively affecting performance of the outgoing federation queue if they delete their account. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 141cc2e40..56f328234 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - **Breaking**: `/api/v1/pleroma/backups` endpoints now requires `read:backups` scope instead of `read:accounts` - Updated the recommended pleroma.vcl configuration for Varnish to target Varnish 7.0+ - Set timeout values for Oban queues. The default is infinity and some operations may not time out on their own. +- Delete activities are federated at lowest priority ### Added - `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object -- cgit v1.2.3 From cddcafee7f69fc832b18a66a78a7d47692553ae5 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 17 Nov 2022 12:02:32 -0500 Subject: Document inclusion of wasm-unsafe-eval --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 56f328234..66d01e005 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Updated the recommended pleroma.vcl configuration for Varnish to target Varnish 7.0+ - Set timeout values for Oban queues. The default is infinity and some operations may not time out on their own. - Delete activities are federated at lowest priority +- CSP now includes wasm-unsafe-eval ### Added - `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object -- cgit v1.2.3 From f6d55e1e7774492bb5b86b7d9bbc05ae9475eb4c Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 27 Nov 2022 04:05:45 +0100 Subject: Mergeback of release 2.4.5 --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index e95bda145..ec34ec91e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -63,6 +63,20 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Removed - Quack, the logging backend that pushes to Slack channels +## 2.4.5 - 2022-08-xx + +## Fixed +- Image `class` attributes not being scrubbed, allowing to exploit frontend special classes [!3792](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3792) +- Delete report notifs when demoting from superuser [!3642](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3642) +- Validate `mediaType` only by it's format rather than using a list [!3597](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3597) +- Pagination: Make mutes and blocks lists behave the same as other lists [!3693](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3693) +- Compatibility with Elixir 1.14 [!3740](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3740) +- Frontend installer: FediFE build URL [!3736](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3736) +- Streaming: Don't stream ChatMessage into the home timeline [!3738](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3738) +- Streaming: Stream local-only posts in the local timeline [!3738](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3738) +- Signatures: Fix `keyId` lookup for GoToSocial [!3725](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3725) +- Validator: Fix `replies` handling for GoToSocial [!3725](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3725) + ## 2.4.4 - 2022-08-19 ### Security -- cgit v1.2.3 From d6cd447cfa81cd5462ef81c0da1a0c05d14daf4c Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 27 Nov 2022 22:28:48 +0100 Subject: CHANGELOG.md: Fix date for 2.4.5 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index ec34ec91e..a3cff84a1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -63,7 +63,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Removed - Quack, the logging backend that pushes to Slack channels -## 2.4.5 - 2022-08-xx +## 2.4.5 - 2022-08-27 ## Fixed - Image `class` attributes not being scrubbed, allowing to exploit frontend special classes [!3792](https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3792) -- cgit v1.2.3