Pleroma security release: 2.6.3
Pleroma 2.6.3 is a security release. It fixes an issue with webfinger queries not properly checking the account domain, leading to impersonation.
Upgrade notes
From source only
- Pull updates
- Recompile Pleroma:
MIX_ENV=prod mix compile - Restart Pleroma
Everyone
- Update and Restart Pleroma
Frontend changes
None.
Backend changes
Security
- Fix webfinger spoofing.