Mergeback release 2.5.4

This commit is contained in:
Haelwenn (lanodan) Monnier 2023-08-05 08:27:42 +02:00
parent 6d48b0f1a9
commit 4099ddb3dc
3 changed files with 7 additions and 2 deletions

View file

@ -18,6 +18,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Removed ### Removed
- BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact) - BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact)
## 2.5.4
## Security
- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
## 2.5.3 ## 2.5.3
### Security ### Security

View file

@ -1 +1 @@
Restrict XML parser from processing external entitites (XXE) Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem

View file

@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
def project do def project do
[ [
app: :pleroma, app: :pleroma,
version: version("2.5.53"), version: version("2.5.54"),
elixir: "~> 1.11", elixir: "~> 1.11",
elixirc_paths: elixirc_paths(Mix.env()), elixirc_paths: elixirc_paths(Mix.env()),
compilers: [:phoenix] ++ Mix.compilers(), compilers: [:phoenix] ++ Mix.compilers(),