akkoma

History

Oneric 70fe99d196 Prevent key-actor mapping poisoning and key take overs Previously there were mainly two attack vectors: - for raw keys the owner <-> key mapping wasn't verified at all - keys were retrieved with refetching allowed and only the top-level ID was sanitised while usually keys are but a subobject This reintroduces public key checks in the user actor, previously removed in `9728e2f8f7` but now adapted to account for the new mapping mechanism.		2025-02-14 22:10:25 +01:00
..
activity_pub	Prevent key-actor mapping poisoning and key take overs	2025-02-14 22:10:25 +01:00
admin_api
akkoma_api
api_spec
auth
common_api
fallback
federator
feed
mailer
mastodon_api
media_proxy
metadata
mongoose_im
nodeinfo	Fix NodeInfo content-type	2024-11-19 19:25:31 +01:00
o_auth
o_status
pleroma_api
plugs	Migrate back to upstream Plug.Static	2025-02-14 22:10:25 +01:00
preload/providers
push
rich_media	cosmetic/rich_media/parser: fix typo	2025-02-14 22:10:25 +01:00
static_fe
templates	static_fe: fix HTML quotation for upload alt text	2025-02-14 18:49:51 +01:00
twitter_api
utils
views
web_finger
api_spec.ex
common_api.ex
controller_helper.ex
embed_controller.ex
endpoint.ex
federator.ex	Protected against counterfeit local docs being posted	2025-02-14 22:10:25 +01:00
gettext.ex
instance_document.ex
manifest_controller.ex
masto_fe_controller.ex
media_proxy.ex	Only proxy HTTP and HTTP urls via Media Proxy	2024-12-16 20:35:12 -06:00
metadata.ex
o_auth.ex
pipelines.ex
plug.ex
preload.ex
push.ex
rel_me.ex
router.ex	Allow unsigned fetches of a user's public key	2024-10-26 05:05:48 +01:00
streamer.ex
swagger.ex
telemetry.ex
translation_helpers.ex
uploader_controller.ex
web_finger.ex
xml.ex