diff options
author | Starfall <us@starfall.systems> | 2022-02-03 07:12:41 -0600 |
---|---|---|
committer | Starfall <us@starfall.systems> | 2022-02-03 07:12:41 -0600 |
commit | 2daee3d28bba6da5dbaf277eca350cc94e5ade13 (patch) | |
tree | a95d76986390b720e34555ea6d27dee5f68d8486 /CHANGELOG.md | |
parent | 71022b8a93167706e658dbc21d7ab15e71566b37 (diff) | |
parent | 73b730e649555c9b0d2419130c5496e715fd3387 (diff) |
2021-02-03 security fixes
Merge remote-tracking branch 'glitch/main'
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 9deff5a0d..c2eff7fa3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,18 @@ Changelog All notable changes to this project will be documented in this file. +## [3.4.6] - 2022-02-03 +### Fixed +- Fix `mastodon:webpush:generate_vapid_key` task requiring a functional environment ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17338)) +- Fix spurious errors when receiving an Add activity for a private post ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17425)) + +### Security +- Fix error-prone SQL queries ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/15828)) +- Fix not compacting incoming signed JSON-LD activities ([puckipedia](https://github.com/mastodon/mastodon/pull/17426), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17428)) (CVE-2022-24307) +- Fix insufficient sanitization of report comments ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17430)) +- Fix stop condition of a Common Table Expression ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17427)) +- Disable legacy XSS filtering ([Wonderfall](https://github.com/mastodon/mastodon/pull/17289)) + ## [3.4.5] - 2022-01-31 ### Added - Add more advanced migration tests ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17393)) |