mirrors/pleroma
1
0
Fork 0
mirror of https://git.pleroma.social/pleroma/pleroma.git synced 2025-03-12 22:52:41 +00:00
Code Issues Projects Releases Wiki Activity

Changelog: Add missing changelog entries

Browse source
This commit is contained in:
Lain Soykaf 2025-03-11 17:57:45 +04:00
parent 2293d0826a
commit 3c2b51c7cb
6 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelog.d/c2s-update-authorization.security Normal file
View file

@ -0,0 +1 @@
Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content.

1
changelog.d/cross-domain-redirect-check.security Normal file
View file

@ -0,0 +1 @@
Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls.

1
changelog.d/emoji-shortcode-validation.security Normal file
View file

@ -0,0 +1 @@
Limit emoji shortcodes to alphanumeric, dash, or underscore characters to prevent potential abuse.

2
changelog.d/local-fetch-prevention.security
View file

@ -1 +1 @@
Security: Block attempts to fetch activities from the local instance to prevent spoofing.
Block attempts to fetch activities from the local instance to prevent spoofing.

1
changelog.d/media-proxy-sanitize.security Normal file
View file

@ -0,0 +1 @@
Sanitize Content-Type headers in media proxy to prevent serving malicious ActivityPub content through proxied media.

1
changelog.d/object-fetcher-content-type.security Normal file
View file

@ -0,0 +1 @@
Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks.