Bump version to 2.6.0
This commit is contained in:
parent
e3ea311cd5
commit
a2a69709b5
38
CHANGELOG.md
38
CHANGELOG.md
|
@ -4,19 +4,49 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
|
|
||||||
## Unreleased
|
## 2.6.0
|
||||||
|
### Security
|
||||||
### Changed
|
- Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes.
|
||||||
|
- CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
|
||||||
|
- Disable XML entity resolution completely to fix a dos vulnerability
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
- Support for Image activities, namely from Hubzilla
|
- Support for Image activities, namely from Hubzilla
|
||||||
|
- Add OAuth scope descriptions
|
||||||
|
- Allow lang attribute in status text
|
||||||
|
- OnlyMedia Upload Filter
|
||||||
|
- Implement MRF policy to reject or delist according to emojis
|
||||||
|
- (hardening) Add no_new_privs=yes to OpenRC service files
|
||||||
|
- Implement quotes
|
||||||
|
- Add unified streaming endpoint
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
- rel="me" was missing its cache
|
- rel="me" was missing its cache
|
||||||
|
- MediaProxy responses now return a sandbox CSP header
|
||||||
|
- Filter context activities using Visibility.visible_for_user?
|
||||||
|
- UploadedMedia: Add missing disposition_type to Content-Disposition
|
||||||
|
- fix not being able to fetch flash file from remote instance
|
||||||
|
- Fix abnormal behaviour when refetching a poll
|
||||||
|
- Allow non-HTTP(s) URIs in "url" fields for compatibility with "FEP-fffd: Proxy Objects"
|
||||||
|
- Fix opengraph and twitter card meta tags
|
||||||
|
- ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts
|
||||||
|
- OEmbed HTML tags are now filtered
|
||||||
|
- Restrict attachments to only uploaded files only
|
||||||
|
- Fix error 404 when deleting status of a banned user
|
||||||
|
- Fix config ownership in dockerfile to pass restriction test
|
||||||
|
- Fix user fetch completely broken if featured collection is not in a supported form
|
||||||
|
- Correctly handle the situation when a poll has both "anyOf" and "oneOf" but one of them being empty
|
||||||
|
- Fix handling report from a deactivated user
|
||||||
|
- Prevent using the .json format to bypass authorized fetch mode
|
||||||
|
- Fix mentioning punycode domains when using Markdown
|
||||||
|
- Show more informative errors when profile exceeds char limits
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
- BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact)
|
- BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact)
|
||||||
|
- remove BBS/SSH feature, replaced by an external bridge.
|
||||||
|
- Remove a few unused indexes.
|
||||||
|
- Cleanup OStatus-era user upgrades and ap_enabled indicator
|
||||||
|
- Deprecate Pleroma's audio scrobbling
|
||||||
|
|
||||||
## 2.5.4
|
## 2.5.4
|
||||||
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
MediaProxy responses now return a sandbox CSP header
|
|
|
@ -1 +0,0 @@
|
||||||
Filter context activities using Visibility.visible_for_user?
|
|
|
@ -1 +0,0 @@
|
||||||
Add OAuth scope descriptions
|
|
|
@ -1 +0,0 @@
|
||||||
remove BBS/SSH feature, replaced by an external bridge.
|
|
|
@ -1 +0,0 @@
|
||||||
UploadedMedia: Add missing disposition_type to Content-Disposition
|
|
|
@ -1 +0,0 @@
|
||||||
Remove a few unused indexes.
|
|
|
@ -1 +0,0 @@
|
||||||
fix not being able to fetch flash file from remote instance
|
|
|
@ -1 +0,0 @@
|
||||||
Cleanup OStatus-era user upgrades and ap_enabled indicator
|
|
|
@ -1 +0,0 @@
|
||||||
Allow lang attribute in status text
|
|
|
@ -1 +0,0 @@
|
||||||
Fix abnormal behaviour when refetching a poll
|
|
|
@ -1 +0,0 @@
|
||||||
Allow non-HTTP(s) URIs in "url" fields for compatibility with "FEP-fffd: Proxy Objects"
|
|
|
@ -1 +0,0 @@
|
||||||
Fix opengraph and twitter card meta tags
|
|
|
@ -1 +0,0 @@
|
||||||
ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts
|
|
|
@ -1 +0,0 @@
|
||||||
OEmbed HTML tags are now filtered
|
|
|
@ -1 +0,0 @@
|
||||||
OnlyMedia Upload Filter
|
|
|
@ -1 +0,0 @@
|
||||||
Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes.
|
|
|
@ -1 +0,0 @@
|
||||||
Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
|
|
|
@ -1 +0,0 @@
|
||||||
Restrict attachments to only uploaded files only
|
|
|
@ -1 +0,0 @@
|
||||||
CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
|
|
|
@ -1 +0,0 @@
|
||||||
Fix error 404 when deleting status of a banned user
|
|
|
@ -1 +0,0 @@
|
||||||
Deprecate Pleroma's audio scrobbling
|
|
|
@ -1 +0,0 @@
|
||||||
Disable XML entity resolution completely to fix a dos vulnerability
|
|
|
@ -1 +0,0 @@
|
||||||
- Fix config ownership in dockerfile to pass restriction test
|
|
|
@ -1 +0,0 @@
|
||||||
Emoji pack loader sanitizes pack names
|
|
|
@ -1 +0,0 @@
|
||||||
Implement MRF policy to reject or delist according to emojis
|
|
|
@ -1 +0,0 @@
|
||||||
Fix user fetch completely broken if featured collection is not in a supported form
|
|
|
@ -1 +0,0 @@
|
||||||
Correctly handle the situation when a poll has both "anyOf" and "oneOf" but one of them being empty
|
|
|
@ -1 +0,0 @@
|
||||||
Fix handling report from a deactivated user
|
|
|
@ -1 +0,0 @@
|
||||||
(hardening) Add no_new_privs=yes to OpenRC service files
|
|
|
@ -1 +0,0 @@
|
||||||
- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
|
|
|
@ -1 +0,0 @@
|
||||||
Prevent using the .json format to bypass authorized fetch mode
|
|
|
@ -1 +0,0 @@
|
||||||
Fix mentioning punycode domains when using Markdown
|
|
|
@ -1 +0,0 @@
|
||||||
Implement quotes
|
|
|
@ -1 +0,0 @@
|
||||||
Add unified streaming endpoint
|
|
|
@ -1 +0,0 @@
|
||||||
Show more informative errors when profile exceeds char limits
|
|
2
mix.exs
2
mix.exs
|
@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
|
||||||
def project do
|
def project do
|
||||||
[
|
[
|
||||||
app: :pleroma,
|
app: :pleroma,
|
||||||
version: version("2.5.54"),
|
version: version("2.6.0"),
|
||||||
elixir: "~> 1.11",
|
elixir: "~> 1.11",
|
||||||
elixirc_paths: elixirc_paths(Mix.env()),
|
elixirc_paths: elixirc_paths(Mix.env()),
|
||||||
compilers: [:phoenix] ++ Mix.compilers(),
|
compilers: [:phoenix] ++ Mix.compilers(),
|
||||||
|
|
Loading…
Reference in New Issue