From 3a805cc35cff0c46f6b9dd45169d888936cc5c53 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sat, 13 Apr 2019 00:31:18 +0300 Subject: [PATCH 1/2] Add a changelog --- CHANGELOG.md | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++ Changelog.md | 8 ----- mix.exs | 2 +- 3 files changed, 92 insertions(+), 9 deletions(-) create mode 100644 CHANGELOG.md delete mode 100644 Changelog.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 000000000..1fbbf5c2e --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,91 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). + +## [unreleased] +### Added +- LDAP authentication +- External OAuth provider authentication +- A [job queue](https://git.pleroma.social/pleroma/pleroma_job_queue) for federation, emails, web push, etc. +- [Prometheus](https://prometheus.io/) metrics +- Support for Mastodon's remote interaction +- Federation: Support for reports +- Configuration: `safe_dm_mentions` option +- Configuration: `link_name` option +- Configuration: `fetch_initial_posts` option +- Pleroma API: User subscribtions +- Admin API: Endpoints for listing/revoking invite tokens +- Admin API: Endpoints for making users follow/unfollow each other +- Mastodon API: [Scheduled statuses](https://docs.joinmastodon.org/api/rest/scheduled-statuses/) +- Mastodon API: `/api/v1/notifications/destroy_multiple` (glitch-soc extension) +- Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/) +- ActivityPub C2S: OAuth endpoints + +### Changed +- Enforcement of OAuth scopes +- Add multiple use/time expiring invite token +- Restyled OAuth pages to fit with Pleroma's default theme +- Link/mention/hashtag detection is now handled by [auto_linker](https://git.pleroma.social/pleroma/auto_linker) +- NodeInfo: Return `safe_dm_mentions` feature flag +- Federation: Expand the audience of delete activities to all recipients of the deleted object +- Configuration: Dedupe enabled by default +- Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer +- Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change +- Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications` +- Mastodon API: Add `languages` and `registrations` to `/api/v1/instance` +- Mastodon API: Provide plaintext versions of cw/content in the Status entity +- Mastodon API: Add `pleroma.conversation_id` field to the Status entity +- Mastodon API: Add `pleroma.tags`, `pleroma.relationship{}`, `pleroma.is_moderator`, `pleroma.is_admin`, `pleroma.confirmation_pending` fields to the User entity +- Mastodon API: Add `pleroma.is_seen` to the Notification entity +- Mastodon API: Add `pleroma.local` to the Status entity +- Mastodon API: Add `preview` parameter to `POST /api/v1/statuses` +- Mastodon API: Add `with_muted` parameter to timeline endpoints +- Mastodon API: Actual reblog hiding instead of a dummy +- Mastodon API: Remove attachment limit in the Status entity +- Deps: Updated Cowboy to 2.6 +- Deps: Updated Ecto to 3.0.7 + +### Fixed +- Followers counter not being updated when a follower is blocked +- Deactivated users being able to request an access token +- Limit on request body in rich media/relme parsers being ignored resulting in a possible memory leak +- proper Twitter Card generation instead of a dummy +- NodeInfo: Include admins in `staffAccounts` +- ActivityPub: Crashing when requesting empty local user's outbox +- Federation: Handling of objects without `summary` property +- Federation: Add a language tag to activities as required by ActivityStreams 2.0 +- Federation: Do not federate avatar/banner if set to default allowing other servers/clients to use their defaults +- Federation: Cope with missing or explicitly nulled address lists +- Federation: Explicitly ensure activities addressed to `as:Public` become addressed to the followers collection +- Federation: Better cope with actors which do not declare a followers collection and use `as:Public` with these semantics +- MediaProxy: Parse name from content disposition headers even for non-whitelisted types +- MediaProxy: S3 link encoding +- Rich Media: Reject any data which cannot be explicitly encoded into JSON +- Mastodon API: `/api/v1/favourites` serving only public activities +- Mastodon API: Reblogs having `in_reply_to_id` - `null` even when they are replies +- Mastodon API: Streaming API broadcasting wrong activity id +- Mastodon API: 500 errors when requesting a card for a private conversation + +## [0.9.9999] - 2019-04-05 +### Security +- Various fixes + +## [0.9.999] - 2019-03-13 +Frontend changes only. +### Added +- Added floating action button for posting status on mobile +### Changed +- Changed user-settings icon to a pencil +### Fixed +- Keyboard shortcuts activating when typing a message +- Gaps when scrolling down on a timeline after showing new + +## [0.9.99] - 2019-03-08 +### Changed +- Update the frontend to the 0.9.99 tag +### Fixed +- Sign the date header in federation to fix Mastodon federation. + +## [0.9.9] - 2019-02-22 +This is our first stable release. diff --git a/Changelog.md b/Changelog.md deleted file mode 100644 index 1fddf41cd..000000000 --- a/Changelog.md +++ /dev/null @@ -1,8 +0,0 @@ -# Changelog -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - -## [unreleased] -### Changed -- Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer diff --git a/mix.exs b/mix.exs index 26a03b70b..2a14781f7 100644 --- a/mix.exs +++ b/mix.exs @@ -22,7 +22,7 @@ defmodule Pleroma.Mixfile do homepage_url: "https://pleroma.social/", docs: [ logo: "priv/static/static/logo.png", - extras: ["README.md" | Path.wildcard("docs/**/*.md")], + extras: ["README.md", "CHANGELOG.md"] ++ Path.wildcard("docs/**/*.md"), groups_for_extras: [ "Installation manuals": Path.wildcard("docs/installation/*.md"), Configuration: Path.wildcard("docs/config/*.md"), From 3018d81d870f64b2d0bc988d49b9eb4f9ff7c228 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sat, 13 Apr 2019 21:17:10 +0300 Subject: [PATCH 2/2] Put an actual description of the vulnerability and add **Breaking:** to breaking changes --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1fbbf5c2e..cf751a496 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - ActivityPub C2S: OAuth endpoints ### Changed +- **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer - Enforcement of OAuth scopes - Add multiple use/time expiring invite token - Restyled OAuth pages to fit with Pleroma's default theme @@ -30,7 +31,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - NodeInfo: Return `safe_dm_mentions` feature flag - Federation: Expand the audience of delete activities to all recipients of the deleted object - Configuration: Dedupe enabled by default -- Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer - Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change - Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications` - Mastodon API: Add `languages` and `registrations` to `/api/v1/instance` @@ -69,7 +69,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [0.9.9999] - 2019-04-05 ### Security -- Various fixes +- Mastodon API: Fix content warnings skipping HTML sanitization ## [0.9.999] - 2019-03-13 Frontend changes only.