Alex Gleason
|
0d9c443e51
|
StatusView: render the whole quoted status
|
2023-09-13 19:19:03 -04:00 |
|
Alex Gleason
|
ce5eb31723
|
StatusView: show quoted posts through the API, probably
|
2023-09-13 19:19:03 -04:00 |
|
Alex Gleason
|
cc4badaf60
|
Transmogrifier: fix quoteUrl here too
|
2023-09-13 19:19:03 -04:00 |
|
Alex Gleason
|
b022d6635d
|
Transmogrifier: fetch quoted post
|
2023-09-13 19:19:03 -04:00 |
|
Alex Gleason
|
795736af16
|
ObjectValidators: improve quoteUrl compatibility
|
2023-09-13 19:19:03 -04:00 |
|
Alex Gleason
|
7deda1fa18
|
Quote post: add fixtures
|
2023-09-13 19:19:02 -04:00 |
|
Alex Gleason
|
31eb3dc245
|
ObjectValidators: accept "quoteUrl" field
|
2023-09-13 19:19:02 -04:00 |
|
Alex Gleason
|
9bec0223a0
|
Merge branch 'misc-fixes' into 'develop'
Update pack.ex
See merge request soapbox-pub/rebased!276
|
2023-09-11 02:55:25 +00:00 |
|
niggy
|
0eeb8ea74e
|
Update pack.ex
|
2023-09-04 08:47:01 +00:00 |
|
Alex Gleason
|
9db714fe01
|
Merge branch 'pleroma-security-fix' into 'develop'
Pleroma security fix
See merge request soapbox-pub/rebased!272
|
2023-09-03 16:22:56 +00:00 |
|
Alex Gleason
|
82d99b835e
|
Merge remote-tracking branch 'pleroma/develop' into merge-pleroma
|
2023-09-03 10:09:05 -05:00 |
|
Haelwenn
|
f966abe4fb
|
Merge branch 'release/2.5.5' into 'stable'
Release 2.5.5
See merge request pleroma/pleroma!3949
|
2023-09-03 12:12:44 +00:00 |
|
Haelwenn (lanodan) Monnier
|
385492577d
|
mix: version 2.5.5
|
2023-09-03 11:19:26 +02:00 |
|
Mint
|
535a5ecad0
|
CommonAPI: Prevent users from accessing media of other users
commit 1afde067b1 upstream.
|
2023-09-03 11:19:13 +02:00 |
|
Haelwenn
|
a94cf2ad4f
|
Merge branch 'check-attachment-attribution' into 'develop'
Prevent users from attaching other users' attachments
See merge request pleroma/pleroma!3947
|
2023-09-03 09:09:27 +00:00 |
|
Mint
|
1afde067b1
|
CommonAPI: Prevent users from accessing media of other users
|
2023-09-03 10:41:37 +02:00 |
|
Haelwenn
|
9da4f89b7b
|
Merge branch 'tusooa/lint' into 'develop'
Make lint happy
See merge request pleroma/pleroma!3944
|
2023-08-31 22:24:30 +00:00 |
|
tusooa
|
3c5ecca377
|
Skip changelog
|
2023-08-30 20:37:45 -04:00 |
|
tusooa
|
3d09bc320e
|
Make lint happy
|
2023-08-30 20:36:52 -04:00 |
|
marcin mikołajczak
|
9526197925
|
Merge branch 'webfinger-validation' into 'develop'
Fix validate_webfinger when running a different domain for Webfinger
See merge request soapbox-pub/rebased!271
|
2023-08-24 06:10:16 +00:00 |
|
|
|
acaae4c992
|
Fix tests
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
|
2023-08-24 01:22:20 +02:00 |
|
|
|
f08184b0fa
|
Fix validate_webfinger when running a different domain for Webfinger
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
|
2023-08-24 00:37:39 +02:00 |
|
Alex Gleason
|
38b1697b01
|
Merge branch 'webfinger-spoofing' into 'develop'
Prevent webfinger spoofing
See merge request soapbox-pub/rebased!270
|
2023-08-23 18:23:04 +00:00 |
|
Alex Gleason
|
2f52806410
|
Prevent webfinger spoofing
|
2023-08-23 13:10:19 -05:00 |
|
marcin mikołajczak
|
a9575da9de
|
Merge branch 'rebased-scope' into 'develop'
Add /api/1/rebased scope for Rebased-specific routes
See merge request soapbox-pub/rebased!269
|
2023-08-20 20:36:54 +00:00 |
|
|
|
f6de23a1cf
|
Add /api/1/soapbox scope for Rebased-specific routes
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
|
2023-08-20 22:22:53 +02:00 |
|
Haelwenn
|
1e685c8302
|
Merge branch 'csp-flash' into 'develop'
allow https: so that flash works across instances without need for media proxy
See merge request pleroma/pleroma!3879
|
2023-08-16 13:37:49 +00:00 |
|
Haelwenn
|
d838d1990b
|
Apply lanodan's suggestion(s) to 1 file(s)
|
2023-08-16 13:34:32 +00:00 |
|
marcin mikołajczak
|
bf50f18eeb
|
Merge branch 'logger_deprecated_warn' into 'develop'
Replace deprecated Logger.warn/1 with Logger.warning
See merge request soapbox-pub/rebased!267
|
2023-08-10 21:53:27 +00:00 |
|
|
|
83054ebd5e
|
Replace deprecated Logger.warn/1 with Logger.warning
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
|
2023-08-10 23:29:35 +02:00 |
|
tusooa
|
b729a8b140
|
Merge branch 'fix-dockerfile-perms' into 'develop'
Fix config ownership in dockerfile to pass restriction test
See merge request pleroma/pleroma!3931
|
2023-08-10 00:42:29 +00:00 |
|
Cat pony Black
|
c298e0165c
|
Fix config ownership in dockerfile to pass restriction test
|
2023-08-08 19:07:48 +02:00 |
|
Haelwenn
|
4e355b8595
|
Merge branch 'disable-xml-entities-completely' into 'develop'
Completely disable xml entity resolution
See merge request pleroma/pleroma!3932
|
2023-08-06 08:27:27 +00:00 |
|
marcin mikołajczak
|
b094e92c50
|
Merge branch 'merge-pleroma' into 'develop'
Merge Pleroma (security fix)
See merge request soapbox-pub/rebased!264
|
2023-08-05 13:27:42 +00:00 |
|
|
|
cc5053fb92
|
Merge remote-tracking branch 'pleroma/develop' into merge-pleroma
|
2023-08-05 15:26:32 +02:00 |
|
|
|
96a6b4dbc8
|
Merge remote-tracking branch 'pleroma/develop' into merge-pleroma
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
|
2023-08-05 15:22:01 +02:00 |
|
mae
|
48b1e9bdc7
|
Completely disable xml entity resolution
|
2023-08-05 14:17:04 +02:00 |
|
Haelwenn
|
17c336de66
|
Merge branch 'docs/gentoo-otp-intro' into 'develop'
gentoo_otp_en.md: Indicate which install method it covers
See merge request pleroma/pleroma!3928
|
2023-08-05 11:04:32 +00:00 |
|
Haelwenn
|
d0f7a5c4f5
|
Merge branch 'mergeback/2.5.4' into 'develop'
Mergeback: 2.5.4
See merge request pleroma/pleroma!3930
|
2023-08-05 08:13:03 +00:00 |
|
Haelwenn
|
1f4be2b349
|
Merge branch 'releases/2.5.4' into 'stable'
Release 2.5.4
See merge request pleroma/pleroma!3929
|
2023-08-05 08:12:25 +00:00 |
|
Haelwenn (lanodan) Monnier
|
4099ddb3dc
|
Mergeback release 2.5.4
|
2023-08-05 08:58:05 +02:00 |
|
Haelwenn (lanodan) Monnier
|
b631180b38
|
Release 2.5.4
|
2023-08-05 08:27:42 +02:00 |
|
Mark Felder
|
cc848b78dc
|
Document and test that XXE processing is disabled
https://vuln.be/post/xxe-in-erlang-and-elixir/
|
2023-08-05 08:23:04 +02:00 |
|
FloatingGhost
|
77d57c974a
|
Add unit test for external entity loading
|
2023-08-05 08:23:04 +02:00 |
|
Mae
|
fc10e07ffb
|
Prevent XML parser from loading external entities
|
2023-08-05 08:23:04 +02:00 |
|
Mark Felder
|
6d48b0f1a9
|
Document and test that XXE processing is disabled
https://vuln.be/post/xxe-in-erlang-and-elixir/
|
2023-08-05 08:14:27 +02:00 |
|
FloatingGhost
|
307692cee8
|
Add unit test for external entity loading
|
2023-08-05 08:14:27 +02:00 |
|
Mae
|
ca0859b90f
|
Prevent XML parser from loading external entities
|
2023-08-04 22:35:13 -04:00 |
|
Haelwenn (lanodan) Monnier
|
0e321698d2
|
gentoo_otp_en.md: Indicate which install method it covers
|
2023-08-04 17:11:20 +02:00 |
|
Alex Gleason
|
a2a85bc88e
|
Merge branch 'merge-pleroma' into 'develop'
Merge Pleroma (security fix)
See merge request soapbox-pub/rebased!263
|
2023-08-04 14:52:20 +00:00 |
|
