X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=CHANGELOG.md;h=5afc5701771bf872e832f8fc51d443246baa8139;hb=39ed608b13f9204e0503311c7394934b01501ab8;hp=12f7e8fab9e66d485c1677454a5232297d123986;hpb=d075bdc9e9b0d12b12939223e0603a7afe5af2c5;p=akkoma diff --git a/CHANGELOG.md b/CHANGELOG.md index 12f7e8fab..5afc57017 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## [Unreleased] +## [2.0.0] - 2019-03-08 +### Security +- Mastodon API: Fix being able to request enourmous amount of statuses in timelines leading to DoS. Now limited to 40 per request. + ### Removed - **Breaking**: Removed 1.0+ deprecated configurations `Pleroma.Upload, :strip_exif` and `:instance, :dedupe_media` - **Breaking**: OStatus protocol support @@ -35,6 +38,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Rate limiter is now disabled for localhost/socket (unless remoteip plug is enabled) - Logger: default log level changed from `warn` to `info`. - Config mix task `migrate_to_db` truncates `config` table before migrating the config file. +- Allow account registration without an email +- Default to `prepare: :unnamed` in the database configuration. +- Instance stats are now loaded on startup instead of being empty until next hourly job.
API Changes @@ -56,6 +62,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Admin API: Render whole status in grouped reports - Mastodon API: User timelines will now respect blocks, unless you are getting the user timeline of somebody you blocked (which would be empty otherwise). - Mastodon API: Favoriting / Repeating a post multiple times will now return the identical response every time. Before, executing that action twice would return an error ("already favorited") on the second try. +- Mastodon API: Limit timeline requests to 3 per timeline per 500ms per user/ip by default.
### Added @@ -74,6 +81,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - User settings: Add _This account is a_ option. - A new users admin digest email - OAuth: admin scopes support (relevant setting: `[:auth, :enforce_oauth_admin_scope_usage]`). +- New HTTP adapter [gun](https://github.com/ninenines/gun). Gun adapter requires minimum OTP version of 22.2 otherwise Pleroma won’t start. For hackney OTP update is not required. - Add an option `authorized_fetch_mode` to require HTTP signatures for AP fetches. - ActivityPub: support for `replies` collection (output for outgoing federation & fetching on incoming federation). - Mix task to refresh counter cache (`mix pleroma.refresh_counter_cache`) @@ -144,6 +152,43 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Marking a conversation as read (`POST /api/v1/conversations/:id/read`) now no longer brings it to the top in the user's direct conversation list +## [1.1.9] - 2020-02-10 +### Fixed +- OTP: Inability to set the upload limit (again) +- Not being able to pin polls +- Streaming API: incorrect handling of reblog mutes +- Rejecting the user when field length limit is exceeded +- OpenGraph provider: html entities in descriptions + +## [1.1.8] - 2020-01-10 +### Fixed +- Captcha generation issues +- Returned Kocaptcha endpoint to configuration +- Captcha validity is now 5 minutes + +## [1.1.7] - 2019-12-13 +### Fixed +- OTP: Inability to set the upload limit +- OTP: Inability to override node name/distribution type to run 2 Pleroma instances on the same machine + +### Added +- Integrated captcha provider + +### Changed +- Captcha enabled by default +- Default Captcha provider changed from `Pleroma.Captcha.Kocaptcha` to `Pleroma.Captcha.Native` +- Better `Cache-Control` header for static content + +### Bundled Pleroma-FE Changes +#### Added +- Icons in the navigation panel + +#### Fixed +- Improved support unauthenticated view of private instances + +#### Removed +- Whitespace hack on empty post content + ## [1.1.6] - 2019-11-19 ### Fixed - Not being able to log into to third party apps when the browser is logged into mastofe