Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix leaking private statuses the admin account follows #11300

Merged

Conversation

ClearlyClaire
Copy link
Contributor

Now that the request is signed, it can return private toots. Do not leak them.

Now that the request is signed, it can return private toots. Do not leak them.
@ClearlyClaire ClearlyClaire added the security Security issues and fixes, vulnerabilities label Jul 14, 2019
@Gargron
Copy link
Member

Gargron commented Jul 14, 2019

At some point you wanted to sign such requests with the searching user, now would be the time to do it.

@ClearlyClaire
Copy link
Contributor Author

ClearlyClaire commented Jul 15, 2019 via email

@Gargron Gargron merged commit 3595ce6 into mastodon:master Jul 15, 2019
hiyuki2578 pushed a commit to ProjectMyosotis/mastodon that referenced this pull request Oct 2, 2019
Now that the request is signed, it can return private toots. Do not leak them.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security Security issues and fixes, vulnerabilities
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants