[2.0.1] - 2020-03-15

Security

  • Static-FE: Fix remote posts not being sanitized

Fixed

  • Rate limiter crashes when there is no explicitly specified ip in the config
  • 500 errors when no Accept header is present if Static-FE is enabled
  • Instance panel not being updated immediately due to wrong Cache-Control headers
  • Statuses posted with BBCode/Markdown having unncessary newlines in Pleroma-FE
  • OTP: Fix some settings not being migrated to in-database config properly
  • No Cache-Control headers on attachment/media proxy requests
  • Character limit enforcement being off by 1
  • Mastodon Streaming API: hashtag timelines not working

Changed

  • BBCode and Markdown formatters will no longer return any \n and only use <br/> for newlines
  • Mastodon API: Allow registration without email if email verification is not enabled

Upgrade notes

Nginx only

  1. Remove proxy_ignore_headers Cache-Control; and proxy_hide_header Cache-Control; from your config.

Everyone

  1. Run database migrations (inside Pleroma directory):
  • OTP: ./bin/pleroma_ctl migrate
  • From Source: mix ecto.migrate
  1. Restart Pleroma