CHANGELOG.md: add 2.0.7 entry

author rinpatch <rinpatch@sdf.org>

Fri, 12 Jun 2020 18:09:40 +0000 (21:09 +0300)

committer rinpatch <rinpatch@sdf.org>

Fri, 12 Jun 2020 18:09:40 +0000 (21:09 +0300)
author rinpatch <rinpatch@sdf.org>
Fri, 12 Jun 2020 18:09:40 +0000 (21:09 +0300)
committer rinpatch <rinpatch@sdf.org>
Fri, 12 Jun 2020 18:09:40 +0000 (21:09 +0300)
diff --git a/CHANGELOG.md b/CHANGELOG.md

index f5b75639de4f1d052e186cb3ccae9c6790832fe7..b3f51fcb185ece93dcb16440653eeeb6040e158a 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,20 @@ All notable changes to this project will be documented in this file.
  
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
  
+## [2.0.7] - 2020-06-13
+
+### Security
+- Fix potential DoSes exploiting atom leaks in rich media parser/`UserAllowListPolicy` MRF policy
+
+### Fixed
+- CSP: not allowing images/media from every host when mediaproxy is disabled
+- CSP: not adding mediaproxy base url to image/media hosts
+- StaticFE missing the CSS file
+
+### Upgrade notes
+
+1. Restart Pleroma
+
  ## [2.0.6] - 2020-06-09
  
  ### Security
author	rinpatch <rinpatch@sdf.org>
	Fri, 12 Jun 2020 18:09:40 +0000 (21:09 +0300)
committer	rinpatch <rinpatch@sdf.org>
	Fri, 12 Jun 2020 18:09:40 +0000 (21:09 +0300)