diff options
author | lain <lain@soykaf.club> | 2020-08-25 15:16:20 +0200 |
---|---|---|
committer | lain <lain@soykaf.club> | 2020-08-25 15:38:12 +0200 |
commit | ea2b5c07e32eba6d8a5783fb1a45b79557e1c7b2 (patch) | |
tree | f2e44671aac832afbf8264c728c0e9c507ea6caf /CHANGELOG.md | |
parent | 361aa22e2862c1c914baf8257fdc8b20cbc7941d (diff) | |
parent | f891e2b2f1d1daa122b9856e4b660be394d31e34 (diff) |
Merge branch 'stable' of git.pleroma.social:pleroma/pleroma into pleroma-2.1-rc0
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 76 |
1 files changed, 72 insertions, 4 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 683bb98b5..8f6afe7a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## [unreleased] +## [2.1.0] - 2020-08-28 ### Changed @@ -114,11 +114,78 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Migrations not working on OTP releases if the database was connected over ssl - Fix relay following -## [Unreleased (patch)] +## [2.0.7] - 2020-06-13 + +### Security +- Fix potential DoSes exploiting atom leaks in rich media parser and the `UserAllowListPolicy` MRF policy + +### Fixed +- CSP: not allowing images/media from every host when mediaproxy is disabled +- CSP: not adding mediaproxy base url to image/media hosts +- StaticFE missing the CSS file + +### Upgrade notes + +1. Restart Pleroma + +## [2.0.6] - 2020-06-09 + +### Security +- CSP: harden `image-src` and `media-src` when MediaProxy is used + +### Fixed +- AP C2S: Fix pagination in inbox/outbox +- Various compilation errors on OTP 23 +- Mastodon API streaming: Repeats from muted threads not being filtered + +### Changed +- Various database performance improvements + +### Upgrade notes +1. Run database migrations (inside Pleroma directory): + - OTP: `./bin/pleroma_ctl migrate` + - From Source: `mix ecto.migrate` +2. Restart Pleroma + +## [2.0.5] - 2020-05-13 + +### Security +- Fix possible private status leaks in Mastodon Streaming API + +### Fixed +- Crashes when trying to block a user if block federation is disabled +- Not being able to start the instance without `erlang-eldap` installed +- Users with bios over the limit getting rejected +- Follower counters not being updated on incoming follow accepts + +### Upgrade notes + +1. Restart Pleroma + +## [2.0.4] - 2020-05-10 + +### Security +- AP C2S: Fix a potential DoS by creating nonsensical objects that break timelines ### Fixed +- Peertube user lookups not working +- `InsertSkeletonsForDeletedUsers` migration failing on some instances - Healthcheck reporting the number of memory currently used, rather than allocated in total -- `InsertSkeletonsForDeletedUsers` failing on some instances +- LDAP not being usable in OTP releases +- Default apache configuration having tls chain issues + +### Upgrade notes + +#### Apache only + +1. Remove the following line from your config: +``` + SSLCertificateFile /etc/letsencrypt/live/${servername}/cert.pem +``` + +#### Everyone + +1. Restart Pleroma ## [2.0.3] - 2020-05-02 @@ -142,7 +209,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Follow request notifications <details> <summary>API Changes</summary> - - Admin API: `GET /api/pleroma/admin/need_reboot`. </details> @@ -177,6 +243,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Static-FE: Fix remote posts not being sanitized ### Fixed +======= +- Rate limiter crashes when there is no explicitly specified ip in the config - 500 errors when no `Accept` header is present if Static-FE is enabled - Instance panel not being updated immediately due to wrong `Cache-Control` headers - Statuses posted with BBCode/Markdown having unncessary newlines in Pleroma-FE |