Pleroma security release: 2.5.3
Pleroma 2.5.3 is a security release. Fixes one path-traversal vulnerability, and hardens permissions.
Upgrade notes
From source only
Recompile Pleroma:
MIX_ENV=prod mix compile
Everyone
- Restart Pleroma
Frontend changes
None.
Backend changes
Security
- Emoji pack loader sanitizes pack names
- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories