Enforce an ImageMagick policy.xml for all pods.

This fix was heavily inspired by Mastodon's fix for GHSA-9928-3cp5-93fm. So, thank you Cure53 for finding this issue, thank you Mozilla for paying Cure53 to look into it, and thanks for Mastodon for fixing it.
2026-01-09 23:28:02 -05:00 · 2023-07-10 00:16:49 +02:00
parent 52f206fa8a
commit 42b835f0c0
5 changed files with 69 additions and 0 deletions
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,3 +1,7 @@
+# 0.7.18.2
+
+To avoid potential security issues, diaspora\* now makes sure that ImageMagick image processing always runs with a restricted `policy.xml`, regardless of the global system settings.
+
 # 0.7.18.1

 ## Bug fixes