mirror-bot/pleroma
1
0
Fork 0
mirror of https://git.pleroma.social/pleroma/pleroma.git synced 2026-02-15 17:16:57 +00:00
Code Packages 1 Activity

Changelog: Update changelog

Browse source
This commit is contained in:
Lain Soykaf 2025-12-31 10:49:28 +04:00
parent 92fc8f0012
commit a5da6ce58e
3 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Security ### Security
- Admin API: Fixed self-revocation vulnerability where admins could accidentally revoke their own admin status via the single-user permission endpoint - Admin API: Fixed self-revocation vulnerability where admins could accidentally revoke their own admin status via the single-user permission endpoint
- Fix bypass of the restrict unauthenticated setting by requesting local Activities
### Changed ### Changed
@ -104,6 +105,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- ObjectView: Do not leak unsanitized internal representation of non-Create/non-Undo Activities on fetches - ObjectView: Do not leak unsanitized internal representation of non-Create/non-Undo Activities on fetches
- Fix WebFinger for split-domain setups - Fix WebFinger for split-domain setups
- Enforce an exact domain match for WebFinger resolution - Enforce an exact domain match for WebFinger resolution
- MastodonAPI: Fix misattribution of statuses when fetched via non-Announce Activity ID
## 2.9.1 ## 2.9.1

1
changelog.d/mastoapi-misatrribution.fix
View file

@ -1 +0,0 @@
MastodonAPI: Fix misattribution of statuses when fetched via non-Announce Activity ID

1
changelog.d/restrict-unauthenticated-bypass.fix
View file

@ -1 +0,0 @@
Fix bypass of the restrict unauthenticated setting by requesting local Activities