Release 2.5.4 - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: b631180b38ac63029f08bef137b13231bcf57b59
parent cc848b78dca51fcd7e785eb92a7a3a4d5d1c419e
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Sat,  5 Aug 2023 08:27:42 +0200

Release 2.5.4

Diffstat:
M CHANGELOG.md 5 +++++
M changelog.d/akkoma-xml-remote-entities.security 2 +-
M mix.exs 2 +-

3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Removed
 
+## 2.5.54
+
+## Security
+- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
+
 ## 2.5.3
 
 ### Security
diff --git a/changelog.d/akkoma-xml-remote-entities.security b/changelog.d/akkoma-xml-remote-entities.security
@@ -1 +1 @@
-Restrict XML parser from processing external entitites (XXE)
+Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
diff --git a/mix.exs b/mix.exs
@@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
   def project do
     [
       app: :pleroma,
-      version: version("2.5.3"),
+      version: version("2.5.4"),
       elixir: "~> 1.11",
       elixirc_paths: elixirc_paths(Mix.env()),
       compilers: [:phoenix, :gettext] ++ Mix.compilers(),

M	CHANGELOG.md	5	+++++
M	changelog.d/akkoma-xml-remote-entities.security	2	+-
M	mix.exs	2	+-