Pleroma security release: 2.0.7
Pleroma 2.0.7 is a security release, fixing 2 potential DoSes and CSP regressions introduced in 2.0.6 release.
Backend Changes
Security
- Fix potential DoSes exploiting atom leaks in rich media parser and the
UserAllowListPolicyMRF policy
Fixed
- CSP: not allowing images/media from every host when mediaproxy is disabled
- CSP: not adding mediaproxy base url to image/media hosts
- StaticFE missing the CSS file
Upgrade notes
- Restart Pleroma