Pleroma security release: 2.4.3
Pleroma 2.4.3 is a security release. Notably fixing a cache issue which can leak private Activities and Objects.
Upgrade notes
From source only
Get new dependencies and recompile Pleroma:
MIX_ENV=prod mix deps.get MIX_ENV=prod mix compile
Everyone
- Restart Pleroma
Frontend changes
None
Backend changes
Security
- Private
/objects/
and/activities/
leaking if cached by authenticated user - SweetXML library DTD bomb