Merge branch 'release/2.0.7' into 'stable'v2.0.7

Release/2.0.7 See merge request pleroma/secteam/pleroma!8
author: rinpatch <rinpatch@sdf.org> 2020-06-13 09:07:02 +0000
committer: rinpatch <rinpatch@sdf.org> 2020-06-13 09:07:02 +0000
commit: f891e2b2f1d1daa122b9856e4b660be394d31e34 (patch)
tree: ed57c9e3ebf43d80a17a399baa54b01cd1c85eb9 /CHANGELOG.md
parent: 6c90fc8e70760bf8c58bb731ce294e9eee02f430 (diff)
parent: d050d21103d09fa62bd1ff1b6755c62980de3517 (diff)
download: pleroma-2.0.7.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f5b75639d..7991b8196 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,20 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## [2.0.7] - 2020-06-13
+
+### Security
+- Fix potential DoSes exploiting atom leaks in rich media parser and the `UserAllowListPolicy` MRF policy
+
+### Fixed
+- CSP: not allowing images/media from every host when mediaproxy is disabled
+- CSP: not adding mediaproxy base url to image/media hosts
+- StaticFE missing the CSS file
+
+### Upgrade notes
+
+1. Restart Pleroma
+
 ## [2.0.6] - 2020-06-09
 
 ### Security
author	rinpatch <rinpatch@sdf.org>	2020-06-13 09:07:02 +0000
committer	rinpatch <rinpatch@sdf.org>	2020-06-13 09:07:02 +0000
commit	f891e2b2f1d1daa122b9856e4b660be394d31e34 (patch)
tree	ed57c9e3ebf43d80a17a399baa54b01cd1c85eb9 /CHANGELOG.md
parent	6c90fc8e70760bf8c58bb731ce294e9eee02f430 (diff)
parent	d050d21103d09fa62bd1ff1b6755c62980de3517 (diff)
download	pleroma-2.0.7.tar.gz