Update changelog

2025-03-11 18:06:43 +04:00 · 2025-03-11 18:06:43 +04:00 · 4c8a8a4b62
commit 4c8a8a4b62
parent 0a93a7b0c9
10 changed files with 17 additions and 9 deletions
--- a/changelog.d/c2s-update-authorization.security
+++ b/changelog.d/c2s-update-authorization.security
@ -1 +0,0 @@
-Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content.
--- a/changelog.d/content-type-sanitize.security
+++ b/changelog.d/content-type-sanitize.security
@ -1 +0,0 @@
-Fix content-type spoofing vulnerability that could allow users to upload ActivityPub objects as attachments
--- a/changelog.d/cross-domain-redirect-check.security
+++ b/changelog.d/cross-domain-redirect-check.security
@ -1 +0,0 @@
-Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls.
--- a/changelog.d/debian-distro-docs-pleromaBE.fix
+++ b/changelog.d/debian-distro-docs-pleromaBE.fix
@ -1 +0,0 @@
-Remove trailing ` from end of line 75 which caused issues copy-pasting
--- a/changelog.d/emoji-shortcode-validation.security
+++ b/changelog.d/emoji-shortcode-validation.security
@ -1 +0,0 @@
-Limit emoji shortcodes to alphanumeric, dash, or underscore characters to prevent potential abuse.
--- a/changelog.d/local-fetch-prevention.security
+++ b/changelog.d/local-fetch-prevention.security
@ -1 +0,0 @@
-Block attempts to fetch activities from the local instance to prevent spoofing.
--- a/changelog.d/media-proxy-sanitize.security
+++ b/changelog.d/media-proxy-sanitize.security
@ -1 +0,0 @@
-Sanitize Content-Type headers in media proxy to prevent serving malicious ActivityPub content through proxied media.
--- a/changelog.d/object-fetcher-content-type.security
+++ b/changelog.d/object-fetcher-content-type.security
@ -1 +0,0 @@
-Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks.
--- a/changelog.d/pl-fe.change
+++ b/changelog.d/pl-fe.change
@ -1 +0,0 @@
-Include `pl-fe` in available frontends
				`@ -1 +0,0 @@`
				`Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content.`
				`@ -1 +0,0 @@`
				`Fix content-type spoofing vulnerability that could allow users to upload ActivityPub objects as attachments`
				`@ -1 +0,0 @@`
				`Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls.`
				`@ -1 +0,0 @@`
				Remove trailing ` from end of line 75 which caused issues copy-pasting
				`@ -1 +0,0 @@`
				`Limit emoji shortcodes to alphanumeric, dash, or underscore characters to prevent potential abuse.`
				`@ -1 +0,0 @@`
				`Block attempts to fetch activities from the local instance to prevent spoofing.`
				`@ -1 +0,0 @@`
				`Sanitize Content-Type headers in media proxy to prevent serving malicious ActivityPub content through proxied media.`
				`@ -1 +0,0 @@`
				`Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks.`