Pleroma security release: 2.5.4
Pleroma 2.5.4 is a security release. Fixes a file loading vulnerability via XML External Entity (XXE).
Upgrade notes
From source only
Recompile Pleroma:
MIX_ENV=prod mix compile
Everyone
- Restart Pleroma
Frontend changes
None.
Backend changes
Security
- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitrary files from the server’s filesystem (reported by @Mae@is.badat.dev)