Pleroma security release: 2.5.2
Pleroma 2.5.2 is a security release. Featuring many fixes, additions and improvements.
Upgrade notes
From source only
Get new dependencies and recompile Pleroma:
MIX_ENV=prod mix deps.get MIX_ENV=prod mix compile
Everyone
- Run database migrations (inside Pleroma directory):
- OTP:
./bin/pleroma_ctl migrate
- From Source:
mix ecto.migrate
- OTP:
- Recommended: Run
VACUUM ANALYZE
on your database - Restart Pleroma
Frontend changes
None.
Backend changes
Security
/proxy
endpoint now sets a Content-Security-Policy (sandbox)- WebSocket endpoint now respects unauthenticated restrictions for streams of public posts
- OEmbed HTML tags are now filtered
Changed
- docs: Be more explicit about the level of compatibility of OTP releases
- Set default background worker timeout to 15 minutes
Fixed
- Atom/RSS formatting (HTML truncation, published, missing summary)
- Remove
static_fe
pipeline for/users/:nickname/feed
- Stop oban from retrying if validating errors occur when processing incoming data
- Make sure object refetching as used by already received polls follows MRF rules
Removed
- BREAKING: Support for passwords generated with
crypt(3)
(Gnu Social migration artifact)
Admin Frontend changes
None.