Mastodon API: Fix lists leaking private posts
Our previous list visibility resolver grabbed posts if either follower collection of the user in a list who is followed is in `to` or if follower collection of the user in a list was in `cc`. This not only missed unlisted posts but also lead to leaking private posts when `fix_explicit_addressing` mistakingly started putting follower collections to `cc` (also fixed in this MR). Reported by @kurisu@iscute.moe via a DM
This commit is contained in:
rinpatch
parent
a9eaa55885
commit
d9c0650ff9
3 changed files with 44 additions and 16 deletions
|
|
@ -118,6 +118,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
## Removed
|
||||
- Configuration: `config :pleroma, :fe` in favor of the more flexible `config :pleroma, :frontend_configurations`
|
||||
|
||||
## [0.9.99999] - 2019-05-31
|
||||
### Security
|
||||
- Mastodon API: Fix lists leaking private posts
|
||||
|
||||
## [0.9.9999] - 2019-04-05
|
||||
### Security
|
||||
- Mastodon API: Fix content warnings skipping HTML sanitization
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue