commit: 3c2b51c7cb249e7c0fc92023ac556d324ac3d774 parent 2293d0826a9fb28e3e8a3d9bbf5dd60863ec0fd9 Author: Lain Soykaf <lain@lain.com> Date: Tue, 11 Mar 2025 17:57:45 +0400 Changelog: Add missing changelog entriesDiffstat:
6 files changed, 12 insertions(+), 2 deletions(-)diff --git a/changelog.d/c2s-update-authorization.security b/changelog.d/c2s-update-authorization.security@@ -0,0 +1 @@ +Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content. +\ No newline at end of filediff --git a/changelog.d/cross-domain-redirect-check.security b/changelog.d/cross-domain-redirect-check.security@@ -0,0 +1 @@ +Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls. +\ No newline at end of filediff --git a/changelog.d/emoji-shortcode-validation.security b/changelog.d/emoji-shortcode-validation.security@@ -0,0 +1 @@ +Limit emoji shortcodes to alphanumeric, dash, or underscore characters to prevent potential abuse. +\ No newline at end of filediff --git a/changelog.d/local-fetch-prevention.security b/changelog.d/local-fetch-prevention.security@@ -1 +1 @@ -Security: Block attempts to fetch activities from the local instance to prevent spoofing. -\ No newline at end of file +Block attempts to fetch activities from the local instance to prevent spoofing. +\ No newline at end of filediff --git a/changelog.d/media-proxy-sanitize.security b/changelog.d/media-proxy-sanitize.security@@ -0,0 +1 @@ +Sanitize Content-Type headers in media proxy to prevent serving malicious ActivityPub content through proxied media. +\ No newline at end of filediff --git a/changelog.d/object-fetcher-content-type.security b/changelog.d/object-fetcher-content-type.security@@ -0,0 +1 @@ +Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks. +\ No newline at end of file