diff options
| author | rinpatch <rinpatch@sdf.org> | 2020-05-01 00:28:28 +0300 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-05-02 19:05:13 +0300 |
| commit | 9a92e5a351b7066f42fb5f4d2951f5ef4e4c2a6d (patch) | |
| tree | 481c6583b43a37a1db72fc86f0097e1b589aa79e | |
| parent | 66a8e1312dc82fa755a635984f89a5314917d209 (diff) | |
| download | pleroma-9a92e5a351b7066f42fb5f4d2951f5ef4e4c2a6d.tar.gz | |
Reword changelog entry for follow relationship bug
| -rw-r--r-- | CHANGELOG.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 54a0561b3..9279c1af0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,11 +37,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Filtering of push notifications on activities from blocked domains ## [unreleased-patch] +### Security +- Mastodon API: Fix `POST /api/v1/follow_requests/:id/authorize` allowing to force a follow from a local user even if they didn't request to follow + ### Fixed - Logger configuration through AdminFE - HTTP Basic Authentication permissions issue - ObjectAgePolicy didn't filter out old messages -- Mastodon API: do not create a following relationship if the corresponding follow request doesn't exist when calling `POST /api/v1/follow_requests/:id/authorize` ### Added - NodeInfo: ObjectAgePolicy settings to the `federation` list. |