X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=CHANGELOG.md;h=adea6d01924cd7d90cbe92f57669f8a33de0a82a;hb=a781f41f969bd1a929005b2b5006a40d42855ae8;hp=e6180a6dac44fe5debfeb19e5991705f354866d3;hpb=d34dc4a7469b97e28ca4fffc8b2387c937ab56d8;p=akkoma diff --git a/CHANGELOG.md b/CHANGELOG.md index e6180a6da..adea6d019 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,25 +9,50 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Renamed `:await_up_timeout` in `:connections_pool` namespace to `:connect_timeout`, old name is deprecated. - Renamed `:timeout` in `pools` namespace to `:recv_timeout`, old name is deprecated. +- Minimum lifetime for ephmeral activities changed to 10 minutes and made configurable (`:min_lifetime` option). + +### Added +- Media preview proxy (requires media proxy be enabled; see `:media_preview_proxy` config for more details). ### Removed -- **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`. +- **Breaking:** `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab` (moved to a simpler implementation). +- **Breaking:** `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` (moved to scheduled jobs). +- **Breaking:** `Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker` setting from Oban `:crontab` (moved to scheduled jobs). +- Removed `:managed_config` option. In practice, it was accidentally removed with 2.0.0 release when frontends were +switched to a new configuration mechanism, however it was not officially removed until now. ## unreleased-patch - ??? -### Added +### Fixed -- Rich media failure tracking (along with `:failure_backoff` option) +- Welcome Chat messages preventing user registration with MRF Simple Policy applied to the local instance +- Mastodon API: the public timeline returning an error when the `reply_visibility` parameter is set to `self` for an unauthenticated user -### Fixed +## [2.1.1] - 2020-09-08 + +### Security +- Fix possible DoS in Mastodon API user search due to an error in match clauses, leading to an infinite recursion and subsequent OOM with certain inputs. +- Fix metadata leak for accounts and statuses on private instances. +- Fix possible DoS in Admin API search using an atom leak vulnerability. Authentication with admin rights was required to exploit. -- Possible OOM errors with the default HTTP adapter +### Changed + +- **Breaking:** The metadata providers RelMe and Feed are no longer configurable. RelMe should always be activated and Feed only provides a header tag for the actual RSS/Atom feed when the instance is public. +- Improved error message when cmake is not available at build stage. + +### Added +- Rich media failure tracking (along with `:failure_backoff` option). + +### Fixed +- Default HTTP adapter not respecting pool setting, leading to possible OOM. +- Fixed uploading webp images when the Exiftool Upload Filter is enabled by skipping them - Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers - Mastodon API: Timelines hanging for (`number of posts with links * rich media timeout`) in the worst case. Reduced to just rich media timeout. -- Mastodon API: Cards being wrong for preview statuses due to cache key collision -- Password resets no longer processed for deactivated accounts +- Mastodon API: Cards being wrong for preview statuses due to cache key collision. +- Password resets no longer processed for deactivated accounts. +- Favicon scraper raising exceptions on URLs longer than 255 characters. ## [2.1.0] - 2020-08-28