Merge branch 'stable' into stable-sync/2.1.1

author rinpatch <rinpatch@sdf.org>

Tue, 8 Sep 2020 17:34:02 +0000 (20:34 +0300)

committer rinpatch <rinpatch@sdf.org>

Tue, 8 Sep 2020 17:34:02 +0000 (20:34 +0300)
author rinpatch <rinpatch@sdf.org>
Tue, 8 Sep 2020 17:34:02 +0000 (20:34 +0300)
committer rinpatch <rinpatch@sdf.org>
Tue, 8 Sep 2020 17:34:02 +0000 (20:34 +0300)
diff --cc CHANGELOG.md

index 51254742713a95b03dd8b533f22b209bd498d80c,92635f6d0984a5792b85bd103788ca1117c9ade6..19b2596cc32aa640263a8fe9cef104585f2714ac
--- 1/CHANGELOG.md
--- 2/CHANGELOG.md
+++ b/CHANGELOG.md
@@@ -3,18 -3,12 +3,23 @@@ All notable changes to this project wil
   
   The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
   
- ## unreleased-patch - ???
+ +## Unreleased
+ +
+ +### Changed
+ +
+ +- Renamed `:await_up_timeout` in `:connections_pool` namespace to `:connect_timeout`, old name is deprecated.
+ +- Renamed `:timeout` in `pools` namespace to `:recv_timeout`, old name is deprecated.
+ +
+ +### Removed
+ +
+ +- **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`.
+ +
+ ## [2.1.1] - 2020-09-08
+ 
+ ### Security
+ - Fix possible DoS in Mastodon API user search due to an error in match clauses, leading to an infinite recursion and subsequent OOM with certain inputs.
+ - Fix metadata leak for accounts and statuses on private instances.
+ - Fix possible DoS in Admin API search using an atom leak vulnerability. Authentication with admin rights was required to exploit.
   
   ### Changed
author	rinpatch <rinpatch@sdf.org>
	Tue, 8 Sep 2020 17:34:02 +0000 (20:34 +0300)
committer	rinpatch <rinpatch@sdf.org>
	Tue, 8 Sep 2020 17:34:02 +0000 (20:34 +0300)