From f4d50fbd8132d8d48c4e8a57966afab480a26c0b Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 8 May 2020 23:54:16 +0300 Subject: [PATCH] CHANGELOG.md: Add entries from 2.0.3 --- CHANGELOG.md | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ec191575f..270c1b869 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,24 +40,41 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Filtering of push notifications on activities from blocked domains - Resolving Peertube accounts with Webfinger -## [unreleased-patch] +## [Unreleased (patch)] + +## [2.0.3] - 2020-05-02 + ### Security - Disallow re-registration of previously deleted users, which allowed viewing direct messages addressed to them - Mastodon API: Fix `POST /api/v1/follow_requests/:id/authorize` allowing to force a follow from a local user even if they didn't request to follow +- CSP: Sandbox uploads ### Fixed -- Logger configuration through AdminFE +- Notifications from blocked domains +- Potential federation issues with Mastodon versions before 3.0.0 - HTTP Basic Authentication permissions issue +- Follow/Block imports not being able to find the user if the nickname started with an `@` +- Instance stats counting internal users +- Inability to run a From Source release without git - ObjectAgePolicy didn't filter out old messages -- Transmogrifier: Keep object sensitive settings for outgoing representation (AP C2S) +- `blob:` urls not being allowed by CSP ### Added - NodeInfo: ObjectAgePolicy settings to the `federation` list. +- Follow request notifications
API Changes - Admin API: `GET /api/pleroma/admin/need_reboot`.
+### Upgrade notes + +1. Restart Pleroma +2. Run database migrations (inside Pleroma directory): + - OTP: `./bin/pleroma_ctl migrate` + - From Source: `mix ecto.migrate` + + ## [2.0.2] - 2020-04-08 ### Added - Support for Funkwhale's `Audio` activity