Release: v2023.12.11

CHANGELOG.md

@@ -1,3 +1,23 @@
+## v2023.12.11
+This release contains several critical security patches, as well as minor fixes and improvements. Upgrading is strongly recommended for all server operators.
+
+### Highlights
+- Several DoS, impersonation, data leakage & click jacking vulnerabilities have been patched
+
+### Backend
+- Various issues related to AP object validation have been resolved
+- The ap/get API endpoint is now only available to administrators
+- Blocks are now enforced in NoteRepository.isVisibleForMe
+- Audience parsing no longer bypasses the AP recursion limit
+- Edits of local-only notes are no longer federated out
+- AP object URIs now get canonicalized before comparing them for consistency
+- SSRF prevention now applies to all code paths
+
+### Attribution
+This release was made possible by project contributors: Kopper & Laura Hausmann
+
+Furthermore, I want to give special thanks to Hazel Koehler for the vulnerability disclosure.
+
 ## v2023.12.10
 This release contains a critical security patch, as well as minor fixes and improvements. Upgrading is strongly recommended for all server operators.
 

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "iceshrimp",
-	"version": "2023.12.10",
+	"version": "2023.12.11",
 	"repository": {
 		"type": "git",
 		"url": "https://iceshrimp.dev/iceshrimp/iceshrimp.git"