X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=CHANGELOG.md;h=0850deed78558f5443ea79ee84cfd4f71a4ef2b2;hb=2ecc7d92308d624dc9edb50665d752a71f55f608;hp=9b616ee57d9f1b3f08a485dfb88b5d29e5687c75;hpb=6b01a09a08e14c415ac3bd48ea28c742ee7a3dc8;p=akkoma diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b616ee57..0850deed7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## [unreleased] +## [2.1.0] - 2020-08-28 ### Changed @@ -116,11 +116,78 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Migrations not working on OTP releases if the database was connected over ssl - Fix relay following -## [Unreleased (patch)] +## [2.0.7] - 2020-06-13 + +### Security +- Fix potential DoSes exploiting atom leaks in rich media parser and the `UserAllowListPolicy` MRF policy + +### Fixed +- CSP: not allowing images/media from every host when mediaproxy is disabled +- CSP: not adding mediaproxy base url to image/media hosts +- StaticFE missing the CSS file + +### Upgrade notes + +1. Restart Pleroma + +## [2.0.6] - 2020-06-09 + +### Security +- CSP: harden `image-src` and `media-src` when MediaProxy is used + +### Fixed +- AP C2S: Fix pagination in inbox/outbox +- Various compilation errors on OTP 23 +- Mastodon API streaming: Repeats from muted threads not being filtered + +### Changed +- Various database performance improvements + +### Upgrade notes +1. Run database migrations (inside Pleroma directory): + - OTP: `./bin/pleroma_ctl migrate` + - From Source: `mix ecto.migrate` +2. Restart Pleroma + +## [2.0.5] - 2020-05-13 + +### Security +- Fix possible private status leaks in Mastodon Streaming API + +### Fixed +- Crashes when trying to block a user if block federation is disabled +- Not being able to start the instance without `erlang-eldap` installed +- Users with bios over the limit getting rejected +- Follower counters not being updated on incoming follow accepts + +### Upgrade notes + +1. Restart Pleroma + +## [2.0.4] - 2020-05-10 + +### Security +- AP C2S: Fix a potential DoS by creating nonsensical objects that break timelines ### Fixed +- Peertube user lookups not working +- `InsertSkeletonsForDeletedUsers` migration failing on some instances - Healthcheck reporting the number of memory currently used, rather than allocated in total -- `InsertSkeletonsForDeletedUsers` failing on some instances +- LDAP not being usable in OTP releases +- Default apache configuration having tls chain issues + +### Upgrade notes + +#### Apache only + +1. Remove the following line from your config: +``` + SSLCertificateFile /etc/letsencrypt/live/${servername}/cert.pem +``` + +#### Everyone + +1. Restart Pleroma ## [2.0.3] - 2020-05-02 @@ -144,7 +211,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Follow request notifications
API Changes - - Admin API: `GET /api/pleroma/admin/need_reboot`.
@@ -179,6 +245,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Static-FE: Fix remote posts not being sanitized ### Fixed +======= +- Rate limiter crashes when there is no explicitly specified ip in the config - 500 errors when no `Accept` header is present if Static-FE is enabled - Instance panel not being updated immediately due to wrong `Cache-Control` headers - Statuses posted with BBCode/Markdown having unncessary newlines in Pleroma-FE