develop-arepa
develop
language-on-posts
stable
rabbit
credo-on-pr
unify-http
translations
normalise-markup-by-default
buildx
v1.1.5
v1.1.4
pre-rebase
soapbox-v1.0.0
soapbox-v1.1.0
soapbox-v1.1.1
stable-2022.07
stable-202209
v0.0.1
v0.9.0
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.90
v1.0.91
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.1.0
v2.1.1
v2.1.2
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.5.0
v2.5.0-1
v2.5.0-2
v2.5.0-3
v2.5.0-4
v2.5.0-5
v2.5.0-6
v2.5.0-7
v2.5.0-8
v2.5.1
v2.5.2
v2.5.2-1
v2.5.2-2
v2.5.2-3
v2.5.2-4
v2.5.2-5
v2.5.2-6
v3.0.0
v3.1.0
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.3.0
v3.3.1
v3.4.0
v3.5.0
${ noResults }
1 Commits (5de65ce3e89ba2f229170ed18933c99e5caa8dff)
Author | SHA1 | Message | Date |
---|---|---|---|
rinpatch | 6ca709816f |
Fix object spoofing vulnerability in attachments
Validate the content-type of the response when fetching an object, according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects. content-type headers had to be added to many mocks in order to support this, some of this was done with a regex. While I did go over the resulting files to check I didn't modify anything unrelated, there is a possibility I missed something. Closes pleroma#1948 |
4 years ago |