Alex Gleason
|
c20e90e898
|
BuilderTest: build quote post
|
2023-09-13 19:19:03 -04:00 |
Alex Gleason
|
d4fea8b559
|
ActivityDraft: allow quoting
|
2023-09-13 19:19:03 -04:00 |
Alex Gleason
|
6ac19c3999
|
ActivityDraft: create quote posts
|
2023-09-13 19:19:03 -04:00 |
Alex Gleason
|
0d9c443e51
|
StatusView: render the whole quoted status
|
2023-09-13 19:19:03 -04:00 |
Alex Gleason
|
ce5eb31723
|
StatusView: show quoted posts through the API, probably
|
2023-09-13 19:19:03 -04:00 |
Alex Gleason
|
cc4badaf60
|
Transmogrifier: fix quoteUrl here too
|
2023-09-13 19:19:03 -04:00 |
Alex Gleason
|
b022d6635d
|
Transmogrifier: fetch quoted post
|
2023-09-13 19:19:03 -04:00 |
Alex Gleason
|
795736af16
|
ObjectValidators: improve quoteUrl compatibility
|
2023-09-13 19:19:03 -04:00 |
Alex Gleason
|
7deda1fa18
|
Quote post: add fixtures
|
2023-09-13 19:19:02 -04:00 |
Alex Gleason
|
31eb3dc245
|
ObjectValidators: accept "quoteUrl" field
|
2023-09-13 19:19:02 -04:00 |
Haelwenn
|
f966abe4fb
|
Merge branch 'release/2.5.5' into 'stable'
Release 2.5.5
See merge request pleroma/pleroma!3949
|
2023-09-03 12:12:44 +00:00 |
Haelwenn (lanodan) Monnier
|
385492577d
|
mix: version 2.5.5
|
2023-09-03 11:19:26 +02:00 |
Mint
|
535a5ecad0
|
CommonAPI: Prevent users from accessing media of other users
commit 1afde067b1 upstream.
|
2023-09-03 11:19:13 +02:00 |
Haelwenn
|
a94cf2ad4f
|
Merge branch 'check-attachment-attribution' into 'develop'
Prevent users from attaching other users' attachments
See merge request pleroma/pleroma!3947
|
2023-09-03 09:09:27 +00:00 |
Mint
|
1afde067b1
|
CommonAPI: Prevent users from accessing media of other users
|
2023-09-03 10:41:37 +02:00 |
Haelwenn
|
9da4f89b7b
|
Merge branch 'tusooa/lint' into 'develop'
Make lint happy
See merge request pleroma/pleroma!3944
|
2023-08-31 22:24:30 +00:00 |
tusooa
|
3c5ecca377
|
Skip changelog
|
2023-08-30 20:37:45 -04:00 |
tusooa
|
3d09bc320e
|
Make lint happy
|
2023-08-30 20:36:52 -04:00 |
Haelwenn
|
1e685c8302
|
Merge branch 'csp-flash' into 'develop'
allow https: so that flash works across instances without need for media proxy
See merge request pleroma/pleroma!3879
|
2023-08-16 13:37:49 +00:00 |
Haelwenn
|
d838d1990b
|
Apply lanodan's suggestion(s) to 1 file(s)
|
2023-08-16 13:34:32 +00:00 |
tusooa
|
b729a8b140
|
Merge branch 'fix-dockerfile-perms' into 'develop'
Fix config ownership in dockerfile to pass restriction test
See merge request pleroma/pleroma!3931
|
2023-08-10 00:42:29 +00:00 |
Cat pony Black
|
c298e0165c
|
Fix config ownership in dockerfile to pass restriction test
|
2023-08-08 19:07:48 +02:00 |
Haelwenn
|
4e355b8595
|
Merge branch 'disable-xml-entities-completely' into 'develop'
Completely disable xml entity resolution
See merge request pleroma/pleroma!3932
|
2023-08-06 08:27:27 +00:00 |
mae
|
48b1e9bdc7
|
Completely disable xml entity resolution
|
2023-08-05 14:17:04 +02:00 |
Haelwenn
|
17c336de66
|
Merge branch 'docs/gentoo-otp-intro' into 'develop'
gentoo_otp_en.md: Indicate which install method it covers
See merge request pleroma/pleroma!3928
|
2023-08-05 11:04:32 +00:00 |
Haelwenn
|
d0f7a5c4f5
|
Merge branch 'mergeback/2.5.4' into 'develop'
Mergeback: 2.5.4
See merge request pleroma/pleroma!3930
|
2023-08-05 08:13:03 +00:00 |
Haelwenn
|
1f4be2b349
|
Merge branch 'releases/2.5.4' into 'stable'
Release 2.5.4
See merge request pleroma/pleroma!3929
|
2023-08-05 08:12:25 +00:00 |
Haelwenn (lanodan) Monnier
|
4099ddb3dc
|
Mergeback release 2.5.4
|
2023-08-05 08:58:05 +02:00 |
Haelwenn (lanodan) Monnier
|
b631180b38
|
Release 2.5.4
|
2023-08-05 08:27:42 +02:00 |
Mark Felder
|
cc848b78dc
|
Document and test that XXE processing is disabled
https://vuln.be/post/xxe-in-erlang-and-elixir/
|
2023-08-05 08:23:04 +02:00 |
FloatingGhost
|
77d57c974a
|
Add unit test for external entity loading
|
2023-08-05 08:23:04 +02:00 |
Mae
|
fc10e07ffb
|
Prevent XML parser from loading external entities
|
2023-08-05 08:23:04 +02:00 |
Mark Felder
|
6d48b0f1a9
|
Document and test that XXE processing is disabled
https://vuln.be/post/xxe-in-erlang-and-elixir/
|
2023-08-05 08:14:27 +02:00 |
FloatingGhost
|
307692cee8
|
Add unit test for external entity loading
|
2023-08-05 08:14:27 +02:00 |
Mae
|
ca0859b90f
|
Prevent XML parser from loading external entities
|
2023-08-04 22:35:13 -04:00 |
Haelwenn (lanodan) Monnier
|
0e321698d2
|
gentoo_otp_en.md: Indicate which install method it covers
|
2023-08-04 17:11:20 +02:00 |
Haelwenn
|
ff2f3862ab
|
Merge branch 'release/2.5.3' into 'stable'
Release 2.5.3
See merge request pleroma/pleroma!3926
|
2023-08-04 09:45:48 +00:00 |
Haelwenn
|
1062185ba0
|
Merge branch 'mergeback/2.5.3' into 'develop'
Mergeback: 2.5.3
Closes #3135
See merge request pleroma/pleroma!3927
|
2023-08-04 09:38:01 +00:00 |
Haelwenn (lanodan) Monnier
|
6a0fd77c48
|
Release 2.5.53
|
2023-08-04 09:50:28 +02:00 |
Haelwenn (lanodan) Monnier
|
65ef8f19c5
|
release_runtime_provider_test: chmod config for hardened permissions
Git doesn't manages file permissions precisely enough for us.
|
2023-08-04 09:50:28 +02:00 |
Haelwenn (lanodan) Monnier
|
9f0ad901ed
|
changelog: Entry for config permissions restrictions
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135
|
2023-08-04 09:50:28 +02:00 |
Haelwenn (lanodan) Monnier
|
69caedc591
|
instance gen: Reduce permissions of pleroma directories and config files
|
2023-08-04 09:50:28 +02:00 |
Haelwenn (lanodan) Monnier
|
8cc8100120
|
Config: Restrict permissions of OTP config file
|
2023-08-04 09:50:28 +02:00 |
Haelwenn (lanodan) Monnier
|
57f7453748
|
Release 2.5.3
|
2023-08-04 09:49:53 +02:00 |
Haelwenn (lanodan) Monnier
|
5ac2b7417d
|
test: Fix warnings
|
2023-08-04 09:49:53 +02:00 |
Haelwenn (lanodan) Monnier
|
c37561214a
|
Force the use of amd64 runners for jobs using ci-base
|
2023-08-04 09:49:53 +02:00 |
Haelwenn (lanodan) Monnier
|
76e408e42d
|
release_runtime_provider_test: chmod config for hardened permissions
Git doesn't manages file permissions precisely enough for us.
|
2023-08-04 09:49:53 +02:00 |
Haelwenn (lanodan) Monnier
|
22df32b3f5
|
changelog: Entry for config permissions restrictions
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135
|
2023-08-04 09:49:53 +02:00 |
Haelwenn (lanodan) Monnier
|
bd7381f2f4
|
instance gen: Reduce permissions of pleroma directories and config files
|
2023-08-04 09:49:53 +02:00 |
Haelwenn (lanodan) Monnier
|
4befb3b1d0
|
Config: Restrict permissions of OTP config file
|
2023-08-04 09:49:53 +02:00 |