X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=CHANGELOG.md;h=8e638bdd8f6655464e8b89be741de1036b634143;hb=357f80a714a9d9834130ede9b4919c6c763fffcf;hp=3106854bafb378ad96a0ac4b2b1b9abd81be8dfb;hpb=5624366056b026b17439756a3057676308e7f7d9;p=akkoma

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3106854ba..8e638bdd8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Argon2 password hashing
 - Ability to "verify" links in profile fields via rel=me
 - Mix tasks to dump/load config to/from json for bulk editing
+- Followed hashtag list at /api/v1/followed\_tags, API parity with mastodon
 
 ### Removed
 - Non-finch HTTP adapters
@@ -25,7 +26,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Non-admin users now cannot register `admin` scope tokens (not security-critical, they didn't work before, but you _could_ create them)
   - Admin scopes will be dropped on create
 - Rich media will now backoff for 20 minutes after a failure
+- Quote posts are now considered as part of the same thread as the post they are quoting
 - Simplified HTTP signature processing
+- Rich media will now hard-exit after 5 seconds, to prevent timeline hangs
+- HTTP Content Security Policy is now far more strict to prevent any potential XSS/CSS leakages
 
 ### Fixed 
 - /api/v1/accounts/lookup will now respect restrict\_unauthenticated