Bump version to 2.6.0
This commit is contained in:
parent
e3ea311cd5
commit
a2a69709b5
58 changed files with 35 additions and 40 deletions
38
CHANGELOG.md
38
CHANGELOG.md
|
@ -4,19 +4,49 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
## Unreleased
|
||||
|
||||
### Changed
|
||||
## 2.6.0
|
||||
### Security
|
||||
- Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes.
|
||||
- CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
|
||||
- Disable XML entity resolution completely to fix a dos vulnerability
|
||||
|
||||
### Added
|
||||
- Support for Image activities, namely from Hubzilla
|
||||
- Add OAuth scope descriptions
|
||||
- Allow lang attribute in status text
|
||||
- OnlyMedia Upload Filter
|
||||
- Implement MRF policy to reject or delist according to emojis
|
||||
- (hardening) Add no_new_privs=yes to OpenRC service files
|
||||
- Implement quotes
|
||||
- Add unified streaming endpoint
|
||||
|
||||
### Fixed
|
||||
|
||||
- rel="me" was missing its cache
|
||||
- MediaProxy responses now return a sandbox CSP header
|
||||
- Filter context activities using Visibility.visible_for_user?
|
||||
- UploadedMedia: Add missing disposition_type to Content-Disposition
|
||||
- fix not being able to fetch flash file from remote instance
|
||||
- Fix abnormal behaviour when refetching a poll
|
||||
- Allow non-HTTP(s) URIs in "url" fields for compatibility with "FEP-fffd: Proxy Objects"
|
||||
- Fix opengraph and twitter card meta tags
|
||||
- ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts
|
||||
- OEmbed HTML tags are now filtered
|
||||
- Restrict attachments to only uploaded files only
|
||||
- Fix error 404 when deleting status of a banned user
|
||||
- Fix config ownership in dockerfile to pass restriction test
|
||||
- Fix user fetch completely broken if featured collection is not in a supported form
|
||||
- Correctly handle the situation when a poll has both "anyOf" and "oneOf" but one of them being empty
|
||||
- Fix handling report from a deactivated user
|
||||
- Prevent using the .json format to bypass authorized fetch mode
|
||||
- Fix mentioning punycode domains when using Markdown
|
||||
- Show more informative errors when profile exceeds char limits
|
||||
|
||||
### Removed
|
||||
- BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact)
|
||||
- remove BBS/SSH feature, replaced by an external bridge.
|
||||
- Remove a few unused indexes.
|
||||
- Cleanup OStatus-era user upgrades and ap_enabled indicator
|
||||
- Deprecate Pleroma's audio scrobbling
|
||||
|
||||
## 2.5.4
|
||||
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
MediaProxy responses now return a sandbox CSP header
|
|
@ -1 +0,0 @@
|
|||
Filter context activities using Visibility.visible_for_user?
|
|
@ -1 +0,0 @@
|
|||
Add OAuth scope descriptions
|
|
@ -1 +0,0 @@
|
|||
remove BBS/SSH feature, replaced by an external bridge.
|
|
@ -1 +0,0 @@
|
|||
UploadedMedia: Add missing disposition_type to Content-Disposition
|
|
@ -1 +0,0 @@
|
|||
Remove a few unused indexes.
|
|
@ -1 +0,0 @@
|
|||
fix not being able to fetch flash file from remote instance
|
|
@ -1 +0,0 @@
|
|||
Cleanup OStatus-era user upgrades and ap_enabled indicator
|
|
@ -1 +0,0 @@
|
|||
Allow lang attribute in status text
|
|
@ -1 +0,0 @@
|
|||
Fix abnormal behaviour when refetching a poll
|
|
@ -1 +0,0 @@
|
|||
Allow non-HTTP(s) URIs in "url" fields for compatibility with "FEP-fffd: Proxy Objects"
|
|
@ -1 +0,0 @@
|
|||
Fix opengraph and twitter card meta tags
|
|
@ -1 +0,0 @@
|
|||
ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts
|
|
@ -1 +0,0 @@
|
|||
OEmbed HTML tags are now filtered
|
|
@ -1 +0,0 @@
|
|||
OnlyMedia Upload Filter
|
|
@ -1 +0,0 @@
|
|||
Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes.
|
|
@ -1 +0,0 @@
|
|||
Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
|
|
@ -1 +0,0 @@
|
|||
Restrict attachments to only uploaded files only
|
|
@ -1 +0,0 @@
|
|||
CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
|
|
@ -1 +0,0 @@
|
|||
Fix error 404 when deleting status of a banned user
|
|
@ -1 +0,0 @@
|
|||
Deprecate Pleroma's audio scrobbling
|
|
@ -1 +0,0 @@
|
|||
Disable XML entity resolution completely to fix a dos vulnerability
|
|
@ -1 +0,0 @@
|
|||
- Fix config ownership in dockerfile to pass restriction test
|
|
@ -1 +0,0 @@
|
|||
Emoji pack loader sanitizes pack names
|
|
@ -1 +0,0 @@
|
|||
Implement MRF policy to reject or delist according to emojis
|
|
@ -1 +0,0 @@
|
|||
Fix user fetch completely broken if featured collection is not in a supported form
|
|
@ -1 +0,0 @@
|
|||
Correctly handle the situation when a poll has both "anyOf" and "oneOf" but one of them being empty
|
|
@ -1 +0,0 @@
|
|||
Fix handling report from a deactivated user
|
|
@ -1 +0,0 @@
|
|||
(hardening) Add no_new_privs=yes to OpenRC service files
|
|
@ -1 +0,0 @@
|
|||
- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
|
|
@ -1 +0,0 @@
|
|||
Prevent using the .json format to bypass authorized fetch mode
|
|
@ -1 +0,0 @@
|
|||
Fix mentioning punycode domains when using Markdown
|
|
@ -1 +0,0 @@
|
|||
Implement quotes
|
|
@ -1 +0,0 @@
|
|||
Add unified streaming endpoint
|
|
@ -1 +0,0 @@
|
|||
Show more informative errors when profile exceeds char limits
|
2
mix.exs
2
mix.exs
|
@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
|
|||
def project do
|
||||
[
|
||||
app: :pleroma,
|
||||
version: version("2.5.54"),
|
||||
version: version("2.6.0"),
|
||||
elixir: "~> 1.11",
|
||||
elixirc_paths: elixirc_paths(Mix.env()),
|
||||
compilers: [:phoenix] ++ Mix.compilers(),
|
||||
|
|
Loading…
Reference in a new issue