From: rinpatch Date: Tue, 8 Sep 2020 17:34:02 +0000 (+0300) Subject: Merge branch 'stable' into stable-sync/2.1.1 X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=5ef840ed9ce277ebaf6367f2529cc686b8d6404b;p=akkoma Merge branch 'stable' into stable-sync/2.1.1 --- 5ef840ed9ce277ebaf6367f2529cc686b8d6404b diff --cc CHANGELOG.md index 512547427,92635f6d0..19b2596cc --- a/CHANGELOG.md +++ b/CHANGELOG.md @@@ -3,18 -3,12 +3,23 @@@ All notable changes to this project wil The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## Unreleased + +### Changed + +- Renamed `:await_up_timeout` in `:connections_pool` namespace to `:connect_timeout`, old name is deprecated. +- Renamed `:timeout` in `pools` namespace to `:recv_timeout`, old name is deprecated. + +### Removed + +- **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`. + - ## unreleased-patch - ??? + ## [2.1.1] - 2020-09-08 + + ### Security + - Fix possible DoS in Mastodon API user search due to an error in match clauses, leading to an infinite recursion and subsequent OOM with certain inputs. + - Fix metadata leak for accounts and statuses on private instances. + - Fix possible DoS in Admin API search using an atom leak vulnerability. Authentication with admin rights was required to exploit. ### Changed