A privacy-aware, distributed, open source social network.
AGPL-3.0 License
Bot releases are hidden (Show)
Published by denschub over 8 years ago
Published by jhass over 8 years ago
Update Nokogiri to 1.6.8, which in turn updates libxml2 to 2.9.4 and libxslt to 1.1.29, addressing a range of security issues. See https://groups.google.com/forum/#!topic/ruby-security-ann/RCHyF5K9Lbc for more details.
Published by denschub over 8 years ago
Published by denschub over 8 years ago
Published by denschub over 8 years ago
This security release disables post fetching for relayables. Due to an insecure implementation, fetching of root posts for relayables could allow an attacker to distribute malicious/spoofed/modified posts for any person.
Disabling the fetching will make the current federation a bit less reliable, but for a hotfix, this is the best solution. We will re-enable the fetching in 0.6.0.0 when we moved out the federation into its own library and are able to implement further validation during fetches.
Published by denschub over 8 years ago
suppress_annoying_errors
eating too much errors #6653
Published by denschub over 8 years ago
Fix evil regression caused by Active Model no longer exposing include_root_in_json
in instances.
Published by denschub over 8 years ago
Published by denschub over 8 years ago
Published by denschub almost 9 years ago
Published by denschub almost 9 years ago
Published by denschub almost 9 years ago
Published by denschub almost 9 years ago
Published by jhass about 9 years ago
Fix a leak of potentially private profile data to unauthorized users who were sharing with the person and on a pod that received that data.
Published by denschub about 9 years ago
Published by denschub about 9 years ago
diaspora_federation-rails
gem #6151
let
instead of before blocks #6199
Published by jhass over 9 years ago
diaspora* versions prior 0.5.1.2 leaked potentially private profile data (namely the bio, birthday, gender and location fields) to unauthorized users. While the frontend properly hid them, the backend missed a check to not include them in responses.
Published by jhass over 9 years ago
Update rails to 4.2.2, rack to 1.6.2 and jquery-rails to 4.0.4. This fixes
Published by jhass over 9 years ago
hasPhotos
and hasText
functions #5969
og:url
s #5926
Published by jhass over 9 years ago
Use the correct setting for captcha length instead of defaulting to 1 always.