diff --git a/CHANGELOG.md b/CHANGELOG.md index b273b83c0..f649e01df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [0.9.99999] - 2019-05-31 ### Security - Mastodon API: Fix lists leaking private posts +- HTML escaping: Lock down allowed class attributes to only those related to microformats ## [0.9.9999] - 2019-04-05 ### Security diff --git a/README.md b/README.md index c6720ec4e..deef1712b 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ Client applications that are known to work well: * Tootle (iOS, No Streaming) * Whalebird (Windows + Mac + Linux) -This is the 0.9.9999 release. +This is the 0.9.99999 release. If you want to run your own server, feel free to contact us in our dev chat at #pleroma on freenode or via matrix at . diff --git a/mix.exs b/mix.exs index 5a253817a..211fc9ec2 100644 --- a/mix.exs +++ b/mix.exs @@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do def project do [ app: :pleroma, - version: version("0.9.9999"), + version: version("0.9.99999"), elixir: "~> 1.7", elixirc_paths: elixirc_paths(Mix.env()), compilers: [:phoenix, :gettext] ++ Mix.compilers(), diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index f8da86004..9daa26410 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -1461,7 +1461,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert user = json_response(conn, 200) assert user["note"] == - "I drink #cofe with #cofe with @#{user2.nickname}" end diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index 9249424cd..a4d054486 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -94,7 +94,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do card: nil, reblog: nil, content: - "cool test :firefox: #yeah", + "cool test :firefox: #yeah", created_at: created_at, reblogs_count: 0, replies_count: 0, diff --git a/test/web/twitter_api/views/activity_view_test.exs b/test/web/twitter_api/views/activity_view_test.exs index 4f854ecaa..47e2e1038 100644 --- a/test/web/twitter_api/views/activity_view_test.exs +++ b/test/web/twitter_api/views/activity_view_test.exs @@ -66,7 +66,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do result = ActivityView.render("activity.json", activity: activity) assert result["statusnet_html"] == - "#Bike log - Commute Tuesday
https://pla.bike/posts/20181211/
#cycling #CHScycling #commute
MVIMG_20181211_054020.jpg" + "#Bike log - Commute Tuesday
https://pla.bike/posts/20181211/
#cycling #CHScycling #commute
MVIMG_20181211_054020.jpg" assert result["text"] == "#Bike log - Commute Tuesday\nhttps://pla.bike/posts/20181211/\n#cycling #CHScycling #commute\nMVIMG_20181211_054020.jpg"