From e7837bc14e3fd539837802bca0c2ed05e2178ea5 Mon Sep 17 00:00:00 2001 From: feld Date: Wed, 11 Mar 2020 16:53:05 +0000 Subject: Merge branch 'fix/signup-without-email' into 'develop' Allow account registration without an email See merge request pleroma/pleroma!2246 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 59f7dfcdd..100228c6c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -38,6 +38,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Rate limiter is now disabled for localhost/socket (unless remoteip plug is enabled) - Logger: default log level changed from `warn` to `info`. - Config mix task `migrate_to_db` truncates `config` table before migrating the config file. +- Allow account registration without an email - Default to `prepare: :unnamed` in the database configuration. - Instance stats are now loaded on startup instead of being empty until next hourly job.
-- cgit v1.2.3 From 5f9fbd7d336d2ffed6cd8f2640d9399f78ed7c2f Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 13 Feb 2020 03:39:47 +0100 Subject: Formatting: Do not use \n and prefer
instead It moves bbcode to bbcode_pleroma as the former is owned by kaniini and transfering ownership wasn't done in a timely manner. Closes: https://git.pleroma.social/pleroma/pleroma/issues/1374 Closes: https://git.pleroma.social/pleroma/pleroma/issues/1375 --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 100228c6c..4168086e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [unreleased] +### Changed +- **Breaking:** BBCode and Markdown formatters will no longer return any `\n` and only use `
` for newlines + ## [2.0.0] - 2019-03-08 ### Security - Mastodon API: Fix being able to request enourmous amount of statuses in timelines leading to DoS. Now limited to 40 per request. -- cgit v1.2.3 From 8096bfb891cf29b5e54e102ef1b3a3911cbda33d Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 15 Mar 2020 17:26:58 +0300 Subject: changelog.md: add 2.0.1 entry --- CHANGELOG.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 4168086e2..c68572f6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,19 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## [unreleased] +## [2.0.1] - 2020-03-15 +### Fixed +- 500 errors when no `Accept` header is present if Static-FE is enabled +- Instance panel not being updated immediately due to wrong `Cache-Control` headers +- Statuses posted with BBCode/Markdown having unncessary newlines in Pleroma-FE +- OTP: Fix some settings not being migrated to in-database config properly +- No `Cache-Control` headers on attachment/media proxy requests +- Character limit enforcement being off by 1 +- Mastodon Streaming API: hashtag timelines not working + ### Changed -- **Breaking:** BBCode and Markdown formatters will no longer return any `\n` and only use `
` for newlines +- BBCode and Markdown formatters will no longer return any `\n` and only use `
` for newlines +- Mastodon API: Allow registration without email if email verification is not enabled ## [2.0.0] - 2019-03-08 ### Security -- cgit v1.2.3 From be500f8c884d64a7c834f90b790806dccf407be1 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Mon, 16 Mar 2020 00:18:16 +0300 Subject: CHANGELOG.md: Add remaining entries for 2.0.1 --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index c68572f6e..0cc314797 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [2.0.1] - 2020-03-15 +### Security +- Static-FE: Fix remote posts not being sanitized + ### Fixed +- Rate limiter crashes when there is no explicitly specified ip in the config - 500 errors when no `Accept` header is present if Static-FE is enabled - Instance panel not being updated immediately due to wrong `Cache-Control` headers - Statuses posted with BBCode/Markdown having unncessary newlines in Pleroma-FE -- cgit v1.2.3 From 8d15d6c3ab9aecb82ba5126bb5efef20b3dfef41 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Mon, 16 Mar 2020 00:50:03 +0300 Subject: CHANGELOG.md: Add upgrade notes for 2.0.1 --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 0cc314797..f1766a255 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - BBCode and Markdown formatters will no longer return any `\n` and only use `
` for newlines - Mastodon API: Allow registration without email if email verification is not enabled +### Upgrade notes +#### Nginx only +1. Remove `proxy_ignore_headers Cache-Control;` and `proxy_hide_header Cache-Control;` from your config. + +#### Everyone +1. Run database migrations (inside Pleroma directory): + - OTP: `./bin/pleroma_ctl migrate` + - From Source: `mix ecto.migrate` +2. Restart Pleroma + ## [2.0.0] - 2019-03-08 ### Security - Mastodon API: Fix being able to request enourmous amount of statuses in timelines leading to DoS. Now limited to 40 per request. -- cgit v1.2.3 From c4d3ccc7b952445069ed3fc8586da14af6db937d Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 24 Mar 2020 17:34:13 +0000 Subject: Merge branch 'admin-api-change-password' into 'develop' Admin API: `PATCH /api/pleroma/admin/users/:nickname/update_credentials` See merge request pleroma/pleroma!2149 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index f1766a255..957bbdcfe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -91,6 +91,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: User timelines will now respect blocks, unless you are getting the user timeline of somebody you blocked (which would be empty otherwise). - Mastodon API: Favoriting / Repeating a post multiple times will now return the identical response every time. Before, executing that action twice would return an error ("already favorited") on the second try. - Mastodon API: Limit timeline requests to 3 per timeline per 500ms per user/ip by default. +- Admin API: `PATCH /api/pleroma/admin/users/:nickname/credentials` and `GET /api/pleroma/admin/users/:nickname/credentials`
### Added -- cgit v1.2.3 From 78b6549611e19248b0fb2dd71f69ef28a0bc2cb2 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Tue, 31 Mar 2020 13:59:26 +0300 Subject: CHANGELOG.md: Add 2.0.2 entry --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 957bbdcfe..f03f402d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,16 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [2.0.2] - 2020-03-31 +### Fixed +- Blocked/muted users still generating push notifications +- Input textbox for bio ignoring newlines +- OTP: Inability to use PostgreSQL databases with SSL +- `user delete_activities` breaking when trying to delete already deleted posts + +### Added +- Admin API: `PATCH /api/pleroma/admin/users/:nickname/update_credentials` + ## [2.0.1] - 2020-03-15 ### Security - Static-FE: Fix remote posts not being sanitized -- cgit v1.2.3 From ae937bcaa1477999ef96eb47dcf82d874ecddbab Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 2 Apr 2020 23:37:14 +0300 Subject: CHANGELOG.md: add entries for funkwhale-related changes --- CHANGELOG.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index f03f402d4..be50b3995 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,14 +4,16 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [2.0.2] - 2020-03-31 +### Added +- Support for Funkwhale's `Audio` activity +- Admin API: `PATCH /api/pleroma/admin/users/:nickname/update_credentials` + ### Fixed - Blocked/muted users still generating push notifications - Input textbox for bio ignoring newlines - OTP: Inability to use PostgreSQL databases with SSL - `user delete_activities` breaking when trying to delete already deleted posts - -### Added -- Admin API: `PATCH /api/pleroma/admin/users/:nickname/update_credentials` +- Incorrect URL for Funkwhale channels ## [2.0.1] - 2020-03-15 ### Security -- cgit v1.2.3 From 8593867c476aeb436f69d4203fc712da9e7c0eeb Mon Sep 17 00:00:00 2001 From: rinpatch Date: Wed, 8 Apr 2020 00:38:48 +0300 Subject: CHANGELOG.md: add 2.0.2 update notes --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index be50b3995..8b1b5c9d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - `user delete_activities` breaking when trying to delete already deleted posts - Incorrect URL for Funkwhale channels +### Upgrade notes +1. Restart Pleroma + ## [2.0.1] - 2020-03-15 ### Security - Static-FE: Fix remote posts not being sanitized -- cgit v1.2.3 From a8d98ba3aace04ae7e8fcf4370d2a6830e9b04ad Mon Sep 17 00:00:00 2001 From: rinpatch Date: Wed, 8 Apr 2020 00:39:55 +0300 Subject: CHANGELOG.md: update 2.0.2 release date --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b1b5c9d8..c861699f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## [2.0.2] - 2020-03-31 +## [2.0.2] - 2020-04-08 ### Added - Support for Funkwhale's `Audio` activity - Admin API: `PATCH /api/pleroma/admin/users/:nickname/update_credentials` -- cgit v1.2.3 From e0d392c04c3ff6e1c2d777c40e3cf44dfa68a136 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 1 May 2020 22:10:02 +0300 Subject: CHANGELOG.md: Add 2.0.3 changelog --- CHANGELOG.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index c861699f4..f3394ecbc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,38 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [2.0.3] - 2020-05-02 + +### Security +- Disallow re-registration of previously deleted users, which allowed viewing direct messages addressed to them +- Mastodon API: Fix `POST /api/v1/follow_requests/:id/authorize` allowing to force a follow from a local user even if they didn't request to follow +- CSP: Sandbox uploads + +### Fixed +- Notifications from blocked domains +- Potential federation issues with Mastodon versions before 3.0.0 +- HTTP Basic Authentication permissions issue +- Follow/Block imports not being able to find the user if the nickname started with an `@` +- Instance stats counting internal users +- Inability to run a From Source release without git +- ObjectAgePolicy didn't filter out old messages +- `blob:` urls not being allowed by CSP + +### Added +- NodeInfo: ObjectAgePolicy settings to the `federation` list. +- Follow request notifications +
+ API Changes +- Admin API: `GET /api/pleroma/admin/need_reboot`. +
+ +### Upgrade notes + +1. Restart Pleroma +2. Run database migrations (inside Pleroma directory): + - OTP: `./bin/pleroma_ctl migrate` + - From Source: `mix ecto.migrate` + ## [2.0.2] - 2020-04-08 ### Added - Support for Funkwhale's `Audio` activity -- cgit v1.2.3 From 69e1f23dd377a8c5b63582ad2df67587c54fc910 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 10 May 2020 02:36:32 +0300 Subject: CHANGELOG.md: Add 2.0.4 entry --- CHANGELOG.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index f3394ecbc..d18822507 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,28 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [2.0.4] - 2020-05-10 + +### Fixed +- Peertube user lookups not working +- `InsertSkeletonsForDeletedUsers` migration failing on some instances +- Healthcheck reporting the number of memory currently used, rather than allocated in total +- LDAP not being usable in OTP releases +- Default apache configuration having tls chain issues + +### Upgrade notes + +#### Apache only + +1. Remove the following line from your config: +``` + SSLCertificateFile /etc/letsencrypt/live/${servername}/cert.pem +``` + +#### Everyone + +1. Restart Pleroma + ## [2.0.3] - 2020-05-02 ### Security -- cgit v1.2.3 From 489201d5d549a1ad32bf55d7a29d53c8f2316f14 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 10 May 2020 19:54:37 +0300 Subject: CHANGELOG.md: mention AP C2S change --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index d18822507..f01dc3bd2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [2.0.4] - 2020-05-10 +### Security +- AP C2S: Fix a potential DoS by creating nonsensical objects that break timelines + ### Fixed - Peertube user lookups not working - `InsertSkeletonsForDeletedUsers` migration failing on some instances -- cgit v1.2.3 From 6430df851d9971aec9c1d11772487e97b6b84903 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Wed, 13 May 2020 00:08:07 +0300 Subject: CHANGELOG.md: add 2.0.5 entry --- CHANGELOG.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index f01dc3bd2..947394ad1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,21 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [2.0.5] - 2020-05-13 + +### Security +- Fix possible private status leaks in Mastodon Streaming API + +### Fixed +- Crashes when trying to block a user if block federation is disabled +- Not being able to start the instance without `erlang-eldap` installed +- Users with bios over the limit getting rejected +- Follower counters not being updated on incoming follow accepts + +### Upgrade notes + +1. Restart Pleroma + ## [2.0.4] - 2020-05-10 ### Security -- cgit v1.2.3 From f05f206e13a152ccdae679e84a29633adfbba2b1 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Mon, 8 Jun 2020 01:33:43 +0300 Subject: CHANGELOG.md: add 2.0.6 entry --- CHANGELOG.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 947394ad1..f5b75639d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,25 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [2.0.6] - 2020-06-09 + +### Security +- CSP: harden `image-src` and `media-src` when MediaProxy is used + +### Fixed +- AP C2S: Fix pagination in inbox/outbox +- Various compilation errors on OTP 23 +- Mastodon API streaming: Repeats from muted threads not being filtered + +### Changed +- Various database performance improvements + +### Upgrade notes +1. Run database migrations (inside Pleroma directory): + - OTP: `./bin/pleroma_ctl migrate` + - From Source: `mix ecto.migrate` +2. Restart Pleroma + ## [2.0.5] - 2020-05-13 ### Security -- cgit v1.2.3 From ffd12d3a1e8305aaba66cdbf015e5fbc32bc88bc Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 12 Jun 2020 21:09:40 +0300 Subject: CHANGELOG.md: add 2.0.7 entry --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index f5b75639d..b3f51fcb1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,20 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [2.0.7] - 2020-06-13 + +### Security +- Fix potential DoSes exploiting atom leaks in rich media parser/`UserAllowListPolicy` MRF policy + +### Fixed +- CSP: not allowing images/media from every host when mediaproxy is disabled +- CSP: not adding mediaproxy base url to image/media hosts +- StaticFE missing the CSS file + +### Upgrade notes + +1. Restart Pleroma + ## [2.0.6] - 2020-06-09 ### Security -- cgit v1.2.3 From d050d21103d09fa62bd1ff1b6755c62980de3517 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 12 Jun 2020 20:06:49 +0000 Subject: Apply suggestion to CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index b3f51fcb1..7991b8196 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [2.0.7] - 2020-06-13 ### Security -- Fix potential DoSes exploiting atom leaks in rich media parser/`UserAllowListPolicy` MRF policy +- Fix potential DoSes exploiting atom leaks in rich media parser and the `UserAllowListPolicy` MRF policy ### Fixed - CSP: not allowing images/media from every host when mediaproxy is disabled -- cgit v1.2.3