Changelog: Update changelog

2025-12-31 10:49:28 +04:00 · 2025-12-31 10:49:28 +04:00 · a5da6ce58e
commit a5da6ce58e
parent 92fc8f0012
3 changed files with 2 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Security

 - Admin API: Fixed self-revocation vulnerability where admins could accidentally revoke their own admin status via the single-user permission endpoint
+- Fix bypass of the restrict unauthenticated setting by requesting local Activities

 ### Changed

@ -104,6 +105,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - ObjectView: Do not leak unsanitized internal representation of non-Create/non-Undo Activities on fetches
 - Fix WebFinger for split-domain setups
 - Enforce an exact domain match for WebFinger resolution
+- MastodonAPI: Fix misattribution of statuses when fetched via non-Announce Activity ID

 ## 2.9.1

--- a/changelog.d/mastoapi-misatrribution.fix
+++ b/changelog.d/mastoapi-misatrribution.fix
@ -1 +0,0 @@
-MastodonAPI: Fix misattribution of statuses when fetched via non-Announce Activity ID
--- a/changelog.d/restrict-unauthenticated-bypass.fix
+++ b/changelog.d/restrict-unauthenticated-bypass.fix
@ -1 +0,0 @@
-Fix bypass of the restrict unauthenticated setting by requesting local Activities
				`@ -1 +0,0 @@`
				`MastodonAPI: Fix misattribution of statuses when fetched via non-Announce Activity ID`
				`@ -1 +0,0 @@`
				`Fix bypass of the restrict unauthenticated setting by requesting local Activities`