Commit 40e208f5 authored by rinpatch's avatar rinpatch

Merge branch 'release/2.0.7' into 'master'

Release/2.0.7

See merge request pleroma/secteam/pleroma.social!3
parents 57a78113 27a1e6af
Pipeline #27197 passed with stages
in 3 minutes and 59 seconds
---
title: "Pleroma security release: 2.0.7"
date: 2020-06-13 08:46 UTC
tags: ["stable", "Release"]
authors: ["rinpatch"]
---
Pleroma 2.0.7 is a security release, fixing 2 potential DoSes and CSP regressions introduced in 2.0.6 release.
<!--more-->
## Backend Changes
### Security
- Fix potential DoSes exploiting atom leaks in rich media parser and the `UserAllowListPolicy` MRF policy
### Fixed
- CSP: not allowing images/media from every host when mediaproxy is disabled
- CSP: not adding mediaproxy base url to image/media hosts
- StaticFE missing the CSS file
## Upgrade notes
1. Restart Pleroma
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment