mirror of
https://iceshrimp.dev/iceshrimp/iceshrimp
synced 2024-11-23 14:46:07 +09:00
Release: v2023.12.11
This commit is contained in:
parent
a5f4279d32
commit
617f27d637
20
CHANGELOG.md
20
CHANGELOG.md
@ -1,3 +1,23 @@
|
||||
## v2023.12.11
|
||||
This release contains several critical security patches, as well as minor fixes and improvements. Upgrading is strongly recommended for all server operators.
|
||||
|
||||
### Highlights
|
||||
- Several DoS, impersonation, data leakage & click jacking vulnerabilities have been patched
|
||||
|
||||
### Backend
|
||||
- Various issues related to AP object validation have been resolved
|
||||
- The ap/get API endpoint is now only available to administrators
|
||||
- Blocks are now enforced in NoteRepository.isVisibleForMe
|
||||
- Audience parsing no longer bypasses the AP recursion limit
|
||||
- Edits of local-only notes are no longer federated out
|
||||
- AP object URIs now get canonicalized before comparing them for consistency
|
||||
- SSRF prevention now applies to all code paths
|
||||
|
||||
### Attribution
|
||||
This release was made possible by project contributors: Kopper & Laura Hausmann
|
||||
|
||||
Furthermore, I want to give special thanks to Hazel Koehler for the vulnerability disclosure.
|
||||
|
||||
## v2023.12.10
|
||||
This release contains a critical security patch, as well as minor fixes and improvements. Upgrading is strongly recommended for all server operators.
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "iceshrimp",
|
||||
"version": "2023.12.10",
|
||||
"version": "2023.12.11",
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "https://iceshrimp.dev/iceshrimp/iceshrimp.git"
|
||||
|
Loading…
Reference in New Issue
Block a user