pleroma

hj/pleroma

Author	SHA1	Message	Date
Haelwenn	9da4f89b7b	Merge branch 'tusooa/lint' into 'develop' Make lint happy See merge request pleroma/pleroma!3944	2023-08-31 22:24:30 +00:00
marcin mikołajczak	b52d189fcc	Move is_good_locale_code? to object validator Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-31 11:35:09 +02:00
tusooa	3c5ecca377	Skip changelog	2023-08-30 20:37:45 -04:00
tusooa	3d09bc320e	Make lint happy	2023-08-30 20:36:52 -04:00
marcin mikołajczak	c160ef7b6a	Remove test Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-20 13:00:13 +02:00
marcin mikołajczak	62340b50b5	Move maybe_add_content_map out of Transmogrifier, use code from tusooa's branch for MapOfString Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-19 19:03:48 +02:00
marcin mikołajczak	edc8689d91	Move `maybe_add_language` to CommonFixes Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-19 15:28:19 +02:00
Haelwenn	1e685c8302	Merge branch 'csp-flash' into 'develop' allow https: so that flash works across instances without need for media proxy See merge request pleroma/pleroma!3879	2023-08-16 13:37:49 +00:00
Haelwenn	d838d1990b	Apply lanodan's suggestion(s) to 1 file(s)	2023-08-16 13:34:32 +00:00
marcin mikołajczak	47ba7d346f	Remove test Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-11 18:10:58 +02:00
marcin mikołajczak	69d53a6238	Rename test Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-11 16:45:26 +02:00
marcin mikołajczak	b430b805c4	Lint Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-11 16:44:19 +02:00
marcin mikołajczak	366559c5a3	Make status.language == nil for 'und' value Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-11 14:59:58 +02:00
marcin mikołajczak	79e46ce73f	InstanceView: Add common_information function Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-11 13:57:22 +02:00
marcin mikołajczak	04c8f6b4d1	Add ObjectValidators.LanguageCode type Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-11 13:44:30 +02:00
Haelwenn	049045cf2a	Apply lanodan's suggestion	2023-08-11 11:44:13 +00:00
marcin mikołajczak	9effa24f30	Implement api/v2/instance route Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-11 00:08:05 +02:00
marcin mikołajczak	4745a41393	Allow to specify post language Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-11 00:07:03 +02:00
tusooa	b729a8b140	Merge branch 'fix-dockerfile-perms' into 'develop' Fix config ownership in dockerfile to pass restriction test See merge request pleroma/pleroma!3931	2023-08-10 00:42:29 +00:00
Cat pony Black	c298e0165c	Fix config ownership in dockerfile to pass restriction test	2023-08-08 19:07:48 +02:00
Haelwenn	4e355b8595	Merge branch 'disable-xml-entities-completely' into 'develop' Completely disable xml entity resolution See merge request pleroma/pleroma!3932	2023-08-06 08:27:27 +00:00
mae	48b1e9bdc7	Completely disable xml entity resolution	2023-08-05 14:17:04 +02:00
Haelwenn	17c336de66	Merge branch 'docs/gentoo-otp-intro' into 'develop' gentoo_otp_en.md: Indicate which install method it covers See merge request pleroma/pleroma!3928	2023-08-05 11:04:32 +00:00
Haelwenn	d0f7a5c4f5	Merge branch 'mergeback/2.5.4' into 'develop' Mergeback: 2.5.4 See merge request pleroma/pleroma!3930	2023-08-05 08:13:03 +00:00
Haelwenn	1f4be2b349	Merge branch 'releases/2.5.4' into 'stable' Release 2.5.4 See merge request pleroma/pleroma!3929	2023-08-05 08:12:25 +00:00
Haelwenn (lanodan) Monnier	4099ddb3dc	Mergeback release 2.5.4	2023-08-05 08:58:05 +02:00
Haelwenn (lanodan) Monnier	b631180b38	Release 2.5.4	2023-08-05 08:27:42 +02:00
Mark Felder	cc848b78dc	Document and test that XXE processing is disabled https://vuln.be/post/xxe-in-erlang-and-elixir/	2023-08-05 08:23:04 +02:00
FloatingGhost	77d57c974a	Add unit test for external entity loading	2023-08-05 08:23:04 +02:00
Mae	fc10e07ffb	Prevent XML parser from loading external entities	2023-08-05 08:23:04 +02:00
Mark Felder	6d48b0f1a9	Document and test that XXE processing is disabled https://vuln.be/post/xxe-in-erlang-and-elixir/	2023-08-05 08:14:27 +02:00
FloatingGhost	307692cee8	Add unit test for external entity loading	2023-08-05 08:14:27 +02:00
Mae	ca0859b90f	Prevent XML parser from loading external entities	2023-08-04 22:35:13 -04:00
Haelwenn (lanodan) Monnier	0e321698d2	gentoo_otp_en.md: Indicate which install method it covers	2023-08-04 17:11:20 +02:00
Haelwenn	ff2f3862ab	Merge branch 'release/2.5.3' into 'stable' Release 2.5.3 See merge request pleroma/pleroma!3926	2023-08-04 09:45:48 +00:00
Haelwenn	1062185ba0	Merge branch 'mergeback/2.5.3' into 'develop' Mergeback: 2.5.3 Closes #3135 See merge request pleroma/pleroma!3927	2023-08-04 09:38:01 +00:00
Haelwenn (lanodan) Monnier	6a0fd77c48	Release 2.5.53	2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier	65ef8f19c5	release_runtime_provider_test: chmod config for hardened permissions Git doesn't manages file permissions precisely enough for us.	2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier	9f0ad901ed	changelog: Entry for config permissions restrictions Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135	2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier	69caedc591	instance gen: Reduce permissions of pleroma directories and config files	2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier	8cc8100120	Config: Restrict permissions of OTP config file	2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier	57f7453748	Release 2.5.3	2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier	5ac2b7417d	test: Fix warnings	2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier	c37561214a	Force the use of amd64 runners for jobs using ci-base	2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier	76e408e42d	release_runtime_provider_test: chmod config for hardened permissions Git doesn't manages file permissions precisely enough for us.	2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier	22df32b3f5	changelog: Entry for config permissions restrictions Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3135	2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier	bd7381f2f4	instance gen: Reduce permissions of pleroma directories and config files	2023-08-04 09:49:53 +02:00
Haelwenn (lanodan) Monnier	4befb3b1d0	Config: Restrict permissions of OTP config file	2023-08-04 09:49:53 +02:00
Mark Felder	2c79509453	Resolve information disclosure vulnerability through emoji pack archive download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org	2023-08-04 08:40:27 +02:00
Mark Felder	18a0c923d0	Resolve information disclosure vulnerability through emoji pack archive download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org	2023-08-04 08:39:55 +02:00

... 13 14 15 16 17 ...

15,944 commits