[2.0.7] - 2020-06-13

Security

  • Fix potential DoSes exploiting atom leaks in rich media parser and the UserAllowListPolicy MRF policy

Fixed

  • CSP: not allowing images/media from every host when mediaproxy is disabled
  • CSP: not adding mediaproxy base url to image/media hosts
  • StaticFE missing the CSS file

Upgrade notes

  1. Restart Pleroma