mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2024-12-22 16:16:34 +00:00
Mergeback release 2.5.4
This commit is contained in:
parent
6d48b0f1a9
commit
4099ddb3dc
3 changed files with 7 additions and 2 deletions
|
@ -18,6 +18,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
### Removed
|
||||
- BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact)
|
||||
|
||||
## 2.5.4
|
||||
|
||||
## Security
|
||||
- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
|
||||
|
||||
## 2.5.3
|
||||
|
||||
### Security
|
||||
|
|
|
@ -1 +1 @@
|
|||
Restrict XML parser from processing external entitites (XXE)
|
||||
Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
|
||||
|
|
2
mix.exs
2
mix.exs
|
@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
|
|||
def project do
|
||||
[
|
||||
app: :pleroma,
|
||||
version: version("2.5.53"),
|
||||
version: version("2.5.54"),
|
||||
elixir: "~> 1.11",
|
||||
elixirc_paths: elixirc_paths(Mix.env()),
|
||||
compilers: [:phoenix] ++ Mix.compilers(),
|
||||
|
|
Loading…
Reference in a new issue