diff options
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | test/web/activity_pub/transmogrifier_test.exs | 2 |
2 files changed, 6 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index a65988991..de798792b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [1.0.1] - 2019-07-14 +### Security +- OStatus: fix an object spoofing vulnerability. + ## [1.0.0] - 2019-06-29 ### Security - Mastodon API: Fix display names not being sanitized diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index 68ec03c33..5a7b1ed80 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -390,6 +390,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do |> Map.put("attributedTo", user.ap_id) |> Map.put("to", ["https://www.w3.org/ns/activitystreams#Public"]) |> Map.put("cc", []) + |> Map.put("id", user.ap_id <> "/activities/12345678") data = Map.put(data, "object", object) @@ -413,6 +414,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do |> Map.put("attributedTo", user.ap_id) |> Map.put("to", nil) |> Map.put("cc", nil) + |> Map.put("id", user.ap_id <> "/activities/12345678") data = Map.put(data, "object", object) |