...
 
Commits (5)
---
title: "Pleroma security release: 2.0.5"
date: 2020-05-13 10:00 UTC
tags: ["stable", "Release"]
authors: ["rinpatch"]
---
Pleroma 2.0.5 is a security release, fixing a potential private status leak in Streaming API,
removes the hard dependency on `erlang-eldap` introduced in 2.0.4 and other bugs found since 2.0.4 release.
<!--more-->
## Backend changes
### Security
- Fix possible private status leaks in Mastodon Streaming API
### Fixed
- Crashes when trying to block a user if block federation is disabled
- Not being able to start the instance without `erlang-eldap` installed
- Users with bios over the limit getting rejected
- Follower counters not being updated on incoming follow accepts
## Pleroma-FE changes
### Added
- Private notifications option for push notifications
- 'Copy link' button for statuses (in the ellipsis menu)
### Changed
- Registration page no longer requires email if the server is configured not to require it
### Fixed
- Status ellipsis menu closes properly when selecting certain options
## Upgrade notes
1. Restart Pleroma
---
title: "Pleroma patch release: 2.0.6"
date: 2020-06-08 18:55 UTC
tags: ["stable", "Release"]
authors: ["rinpatch"]
---
Pleroma 2.0.6 is a patch release, bringing some database performance improvements, security hardening and
fixing bugs found after the 2.0.5 release.
<!--more-->
## Backend changes
### Security
- CSP: harden `image-src` and `media-src` when MediaProxy is used
### Fixed
- AP C2S: Fix pagination in inbox/outbox
- Various compilation errors on OTP 23
- Mastodon API streaming: Repeats from muted threads not being filtered
### Changed
- Various database performance improvements
## Upgrade notes
1. Run database migrations (inside Pleroma directory):
- OTP: `./bin/pleroma_ctl migrate`
- From Source: `mix ecto.migrate`
2. Restart Pleroma