hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16,931 commits 1 branch 0 tags 221 MiB
Commit graph

16,931 commits

This branch
This branch
All branches
Author SHA1 Message Date
Haelwenn
a94cf2ad4f Merge branch 'check-attachment-attribution' into 'develop' 
Prevent users from attaching other users' attachments

See merge request pleroma/pleroma!3947
 2023-09-03 09:09:27 +00:00
Mint
1afde067b1 CommonAPI: Prevent users from accessing media of other users 2023-09-03 10:41:37 +02:00
Haelwenn
9da4f89b7b Merge branch 'tusooa/lint' into 'develop' 
Make lint happy

See merge request pleroma/pleroma!3944
 2023-08-31 22:24:30 +00:00
marcin mikołajczak
b52d189fcc Move is_good_locale_code? to object validator 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-31 11:35:09 +02:00
tusooa
3c5ecca377
 		Skip changelog 2023-08-30 20:37:45 -04:00
tusooa
3d09bc320e
 		Make lint happy 2023-08-30 20:36:52 -04:00
marcin mikołajczak
c160ef7b6a Remove test 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-20 13:00:13 +02:00
marcin mikołajczak
62340b50b5 Move maybe_add_content_map out of Transmogrifier, use code from tusooa's branch for MapOfString 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-19 19:03:48 +02:00
marcin mikołajczak
edc8689d91 Move maybe_add_language to CommonFixes 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-19 15:28:19 +02:00
Haelwenn
1e685c8302 Merge branch 'csp-flash' into 'develop' 
allow https: so that flash works across instances without need for media proxy

See merge request pleroma/pleroma!3879
 2023-08-16 13:37:49 +00:00
Haelwenn
d838d1990b Apply lanodan's suggestion(s) to 1 file(s) 2023-08-16 13:34:32 +00:00
marcin mikołajczak
47ba7d346f Remove test 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-11 18:10:58 +02:00
marcin mikołajczak
69d53a6238 Rename test 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-11 16:45:26 +02:00
marcin mikołajczak
b430b805c4 Lint 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-11 16:44:19 +02:00
marcin mikołajczak
366559c5a3 Make status.language == nil for 'und' value 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-11 14:59:58 +02:00
marcin mikołajczak
79e46ce73f InstanceView: Add common_information function 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-11 13:57:22 +02:00
marcin mikołajczak
04c8f6b4d1 Add ObjectValidators.LanguageCode type 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-11 13:44:30 +02:00
Haelwenn
049045cf2a Apply lanodan's suggestion 2023-08-11 11:44:13 +00:00
marcin mikołajczak
9effa24f30 Implement api/v2/instance route 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-11 00:08:05 +02:00
marcin mikołajczak
4745a41393 Allow to specify post language 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2023-08-11 00:07:03 +02:00
tusooa
b729a8b140 Merge branch 'fix-dockerfile-perms' into 'develop' 
Fix config ownership in dockerfile to pass restriction test

See merge request pleroma/pleroma!3931
 2023-08-10 00:42:29 +00:00
Cat pony Black
c298e0165c Fix config ownership in dockerfile to pass restriction test 2023-08-08 19:07:48 +02:00
Haelwenn
4e355b8595 Merge branch 'disable-xml-entities-completely' into 'develop' 
Completely disable xml entity resolution

See merge request pleroma/pleroma!3932
 2023-08-06 08:27:27 +00:00
mae
48b1e9bdc7 Completely disable xml entity resolution 2023-08-05 14:17:04 +02:00
Haelwenn
17c336de66 Merge branch 'docs/gentoo-otp-intro' into 'develop' 
gentoo_otp_en.md: Indicate which install method it covers

See merge request pleroma/pleroma!3928
 2023-08-05 11:04:32 +00:00
Haelwenn
d0f7a5c4f5 Merge branch 'mergeback/2.5.4' into 'develop' 
Mergeback: 2.5.4

See merge request pleroma/pleroma!3930
 2023-08-05 08:13:03 +00:00
Haelwenn
1f4be2b349 Merge branch 'releases/2.5.4' into 'stable' 
Release 2.5.4

See merge request pleroma/pleroma!3929
 2023-08-05 08:12:25 +00:00
Haelwenn (lanodan) Monnier
4099ddb3dc Mergeback release 2.5.4 2023-08-05 08:58:05 +02:00
Haelwenn (lanodan) Monnier
b631180b38 Release 2.5.4 2023-08-05 08:27:42 +02:00
Mark Felder
cc848b78dc Document and test that XXE processing is disabled 
https://vuln.be/post/xxe-in-erlang-and-elixir/
 2023-08-05 08:23:04 +02:00
FloatingGhost
77d57c974a Add unit test for external entity loading 2023-08-05 08:23:04 +02:00
Mae
fc10e07ffb Prevent XML parser from loading external entities 2023-08-05 08:23:04 +02:00
Mark Felder
6d48b0f1a9 Document and test that XXE processing is disabled 
https://vuln.be/post/xxe-in-erlang-and-elixir/
 2023-08-05 08:14:27 +02:00
FloatingGhost
307692cee8 Add unit test for external entity loading 2023-08-05 08:14:27 +02:00
Mae
ca0859b90f Prevent XML parser from loading external entities 2023-08-04 22:35:13 -04:00
Haelwenn (lanodan) Monnier
0e321698d2 gentoo_otp_en.md: Indicate which install method it covers 2023-08-04 17:11:20 +02:00
Haelwenn
ff2f3862ab Merge branch 'release/2.5.3' into 'stable' 
Release 2.5.3

See merge request pleroma/pleroma!3926
 2023-08-04 09:45:48 +00:00
Haelwenn
1062185ba0 Merge branch 'mergeback/2.5.3' into 'develop' 
Mergeback: 2.5.3

Closes #3135

See merge request pleroma/pleroma!3927
 2023-08-04 09:38:01 +00:00
Haelwenn (lanodan) Monnier
6a0fd77c48 Release 2.5.53 2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier
65ef8f19c5 release_runtime_provider_test: chmod config for hardened permissions 
Git doesn't manages file permissions precisely enough for us.
 2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier
9f0ad901ed changelog: Entry for config permissions restrictions 
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135
 2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier
69caedc591 instance gen: Reduce permissions of pleroma directories and config files 2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier
8cc8100120 Config: Restrict permissions of OTP config file 2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier
57f7453748 Release 2.5.3 2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier
5ac2b7417d test: Fix warnings 2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier
c37561214a Force the use of amd64 runners for jobs using ci-base 2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier
76e408e42d release_runtime_provider_test: chmod config for hardened permissions 
Git doesn't manages file permissions precisely enough for us.
 2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier
22df32b3f5 changelog: Entry for config permissions restrictions 
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135
 2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier
bd7381f2f4 instance gen: Reduce permissions of pleroma directories and config files 2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier
4befb3b1d0 Config: Restrict permissions of OTP config file 2023-08-04 09:49:53 +02:00