A privacy-aware, distributed, open source social network.
This release addresses possible security issues when processing images uploaded by users that is affecting some system configurations.
This fix was heavily inspired by Mastodon's fix for GHSA-9928-3cp5-93fm, and while diaspora*s attack surface is significantly smaller and some operating systems do ship a restrictive ImageMagick policy, this release makes sure that everyone is safe.
Thank you Cure53 for finding this issue, thank you Mozilla for paying Cure53 to look into it, and thanks for Mastodon for fixing it.
assets:precompile
a lot #8362
rvm install 2.7
. #8366
/.well-known/host-meta
, check for /.well-known/nodeinfo
instead #8377
chat_enabled
flag from archive export #8265
AccountMigration
if receiving message to a migrated account #8288
http://
links in the UI with their https://
counterparts #8207
Photo#ownserhip_of_status_message
validation #8214
rvm install 2.6
. #7929