X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;ds=sidebyside;f=CHANGELOG.md;h=cdd5b94a8038f0fdc1c7bda897e8cde05a70f478;hb=473458b0fbecb05121b235f525aefcef34f0409e;hp=1ed8445b52e65beba99f818094eb027bc3a4c1da;hpb=d39abd02acf75d5f653052b0d4b579164a7fde5b;p=akkoma diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ed8445b5..cdd5b94a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,18 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## [unreleased] +## unreleased-patch - ??? + +### Added +- Rich media failure tracking (along with `:failure_backoff` option) + +### Fixed +- Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers +- Mastodon API: Timelines hanging for (`number of posts with links * rich media timeout`) in the worst case. + Reduced to just rich media timeout. +- Password resets no longer processed for deactivated accounts + +## [2.1.0] - 2020-08-28 ### Changed @@ -36,6 +47,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Add `pleroma.unread_count` to the Marker entity. - Mastodon API: Added `pleroma.metadata.post_formats` to /api/v1/instance - Mastodon API (legacy): Allow query parameters for `/api/v1/domain_blocks`, e.g. `/api/v1/domain_blocks?domain=badposters.zone` +- Mastodon API: Make notifications about statuses from muted users and threads read automatically - Pleroma API: `/api/pleroma/captcha` responses now include `seconds_valid` with an integer value. @@ -55,6 +67,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Added +- Frontends: Add mix task to install frontends. +- Frontends: Add configurable frontends for primary and admin fe. - Configuration: Added a blacklist for email servers. - Chats: Added `accepts_chat_messages` field to user, exposed in APIs and federation. - Chats: Added support for federated chats. For details, see the docs. @@ -96,6 +110,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Fixed +- Fix list pagination and other list issues. - Support pagination in conversations API - **Breaking**: SimplePolicy `:reject` and `:accept` allow deletions again - Fix follower/blocks import when nicknames starts with @ @@ -112,11 +127,78 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Migrations not working on OTP releases if the database was connected over ssl - Fix relay following -## [Unreleased (patch)] +## [2.0.7] - 2020-06-13 + +### Security +- Fix potential DoSes exploiting atom leaks in rich media parser and the `UserAllowListPolicy` MRF policy ### Fixed +- CSP: not allowing images/media from every host when mediaproxy is disabled +- CSP: not adding mediaproxy base url to image/media hosts +- StaticFE missing the CSS file + +### Upgrade notes + +1. Restart Pleroma + +## [2.0.6] - 2020-06-09 + +### Security +- CSP: harden `image-src` and `media-src` when MediaProxy is used + +### Fixed +- AP C2S: Fix pagination in inbox/outbox +- Various compilation errors on OTP 23 +- Mastodon API streaming: Repeats from muted threads not being filtered + +### Changed +- Various database performance improvements + +### Upgrade notes +1. Run database migrations (inside Pleroma directory): + - OTP: `./bin/pleroma_ctl migrate` + - From Source: `mix ecto.migrate` +2. Restart Pleroma + +## [2.0.5] - 2020-05-13 + +### Security +- Fix possible private status leaks in Mastodon Streaming API + +### Fixed +- Crashes when trying to block a user if block federation is disabled +- Not being able to start the instance without `erlang-eldap` installed +- Users with bios over the limit getting rejected +- Follower counters not being updated on incoming follow accepts + +### Upgrade notes + +1. Restart Pleroma + +## [2.0.4] - 2020-05-10 + +### Security +- AP C2S: Fix a potential DoS by creating nonsensical objects that break timelines + +### Fixed +- Peertube user lookups not working +- `InsertSkeletonsForDeletedUsers` migration failing on some instances - Healthcheck reporting the number of memory currently used, rather than allocated in total -- `InsertSkeletonsForDeletedUsers` failing on some instances +- LDAP not being usable in OTP releases +- Default apache configuration having tls chain issues + +### Upgrade notes + +#### Apache only + +1. Remove the following line from your config: +``` + SSLCertificateFile /etc/letsencrypt/live/${servername}/cert.pem +``` + +#### Everyone + +1. Restart Pleroma ## [2.0.3] - 2020-05-02 @@ -140,7 +222,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Follow request notifications
API Changes - - Admin API: `GET /api/pleroma/admin/need_reboot`.
@@ -175,6 +256,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Static-FE: Fix remote posts not being sanitized ### Fixed +======= +- Rate limiter crashes when there is no explicitly specified ip in the config - 500 errors when no `Accept` header is present if Static-FE is enabled - Instance panel not being updated immediately due to wrong `Cache-Control` headers - Statuses posted with BBCode/Markdown having unncessary newlines in Pleroma-FE