diff options
| author | rinpatch <rinpatch@sdf.org> | 2020-06-12 21:09:40 +0300 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-06-12 21:09:40 +0300 |
| commit | ffd12d3a1e8305aaba66cdbf015e5fbc32bc88bc (patch) | |
| tree | 6bd69d20c29b78211a6ab9fa2ece8b42b7ce7b26 | |
| parent | 9046f85ced90e6cc1c857c33c04f259150c0e197 (diff) | |
| download | pleroma-ffd12d3a1e8305aaba66cdbf015e5fbc32bc88bc.tar.gz | |
CHANGELOG.md: add 2.0.7 entry
| -rw-r--r-- | CHANGELOG.md | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index f5b75639d..b3f51fcb1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,20 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [2.0.7] - 2020-06-13 + +### Security +- Fix potential DoSes exploiting atom leaks in rich media parser/`UserAllowListPolicy` MRF policy + +### Fixed +- CSP: not allowing images/media from every host when mediaproxy is disabled +- CSP: not adding mediaproxy base url to image/media hosts +- StaticFE missing the CSS file + +### Upgrade notes + +1. Restart Pleroma + ## [2.0.6] - 2020-06-09 ### Security |