diff options
| author | rinpatch <rinpatch@sdf.org> | 2020-02-28 17:59:16 +0300 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-03-01 01:13:08 +0300 |
| commit | e6ccf121292292d8851688822e951d6651ef3bf3 (patch) | |
| tree | c8b677862e66aa353e35a47e1bea1f1918420c74 | |
| parent | ffcebe7e22b4c5ccaf3ba63f3ed2885ac55a6b4d (diff) | |
| download | pleroma-e6ccf121292292d8851688822e951d6651ef3bf3.tar.gz | |
changelog: entries for timeline DoS fixes
| -rw-r--r-- | CHANGELOG.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 12f7e8fab..37df345ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [Unreleased] +### Security +- Mastodon API: Fix being able to request enourmous amount of statuses in timelines leading to DoS. Now limited to 40 per request. + ### Removed - **Breaking**: Removed 1.0+ deprecated configurations `Pleroma.Upload, :strip_exif` and `:instance, :dedupe_media` - **Breaking**: OStatus protocol support @@ -56,6 +59,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Admin API: Render whole status in grouped reports - Mastodon API: User timelines will now respect blocks, unless you are getting the user timeline of somebody you blocked (which would be empty otherwise). - Mastodon API: Favoriting / Repeating a post multiple times will now return the identical response every time. Before, executing that action twice would return an error ("already favorited") on the second try. +- Mastodon API: Limit timeline requests to 3 per timeline per 500ms per user/ip by default. </details> ### Added |