itepechi/akkoma
1
0
Fork 0
Code Issues Pull requests Releases Activity
akkoma/lib
History
Oneric 70fe99d196 Prevent key-actor mapping poisoning and key take overs 
Previously there were mainly two attack vectors:
 - for raw keys the owner <-> key mapping wasn't verified at all
 - keys were retrieved with refetching allowed
   and only the top-level ID was sanitised while
   usually keys are but a subobject

This reintroduces public key checks in the user actor,
previously removed in 9728e2f8f7
but now adapted to account for the new mapping mechanism.
2025-02-14 22:10:25 +01:00
..
mix Convert all raw :zip usage to SafeZip 2025-02-14 22:10:25 +01:00
phoenix/transports/web_socket Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
pleroma Prevent key-actor mapping poisoning and key take overs 2025-02-14 22:10:25 +01:00