[2.1.2] - 2020-09-17

Security

  • Fix most MRF rules either crashing or not being applied to objects passed into the Common Pipeline (ChatMessage, Question, Answer, Audio, Event).

Fixed

  • Welcome Chat messages preventing user registration with MRF Simple Policy applied to the local instance.
  • Mastodon API: the public timeline returning an error when the reply_visibility parameter is set to self for an unauthenticated user.
  • Mastodon Streaming API: Handler crashes on authentication failures, resulting in error logs.
  • Mastodon Streaming API: Error logs on client pings.
  • Rich media: Log spam on failures. Now the error is only logged once per attempt.

Changed

  • Rich Media: A HEAD request is now done to the url, to ensure it has the appropriate content type and size before proceeding with a GET.

Upgrade notes

  1. Restart Pleroma