mirror/iceshrimp
1
0
Fork 0
mirror of https://iceshrimp.dev/iceshrimp/iceshrimp synced 2024-11-23 06:36:06 +09:00
Code Issues Actions Packages Projects Releases Wiki Activity

Release: v2023.12.11

Browse Source
This commit is contained in:
Laura Hausmann 2024-11-17 18:42:18 +01:00
parent a5f4279d32
commit 617f27d637
No known key found for this signature in database
GPG Key ID: D044E84C5BE01605
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CHANGELOG.md
View File

@ -1,3 +1,23 @@
## v2023.12.11
This release contains several critical security patches, as well as minor fixes and improvements. Upgrading is strongly recommended for all server operators.
### Highlights
- Several DoS, impersonation, data leakage & click jacking vulnerabilities have been patched
### Backend
- Various issues related to AP object validation have been resolved
- The ap/get API endpoint is now only available to administrators
- Blocks are now enforced in NoteRepository.isVisibleForMe
- Audience parsing no longer bypasses the AP recursion limit
- Edits of local-only notes are no longer federated out
- AP object URIs now get canonicalized before comparing them for consistency
- SSRF prevention now applies to all code paths
### Attribution
This release was made possible by project contributors: Kopper & Laura Hausmann
Furthermore, I want to give special thanks to Hazel Koehler for the vulnerability disclosure.
## v2023.12.10
This release contains a critical security patch, as well as minor fixes and improvements. Upgrading is strongly recommended for all server operators.

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "iceshrimp",
"version": "2023.12.10",
"version": "2023.12.11",
"repository": {
"type": "git",
"url": "https://iceshrimp.dev/iceshrimp/iceshrimp.git"