New option to use and configure Prosody mod_firewall WIP (#97):

* new setting * new configuration screen for Peertube admins * include the mod_firewall module * load mod_firewall if enabled * sys admin can disable the firewall config editing by creating a special file on the disk * user documentation
2024-08-12 18:17:31 +02:00
parent 481f265a44
commit 8e99199f29
76 changed files with 7577 additions and 300 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,7 +2,9 @@

 ## 11.0.0 (Not Released Yet)

-TODO: actions related to #144 and #145 must be added in the occupant list (waiting for some work on Converse to do this).
+### Importante Notes
+
+With the new [mod_firewall](https://livingston.frama.io/peertube-plugin-livechat/documentation/admin/mod_firewall/) feature, Peertube admins can write firewall rules for the Prosody server. These rules could be used to run arbitrary code on the server. If you are a hosting provider, and you don't want to allow Peertube admins to write such rules, you can disable the online editing by creating a `disable_mod_firewall_editing` file in the plugin directory. Check the documentation for more information. This is opt-out, as Peertube admins can already run arbitrary code just by installing any plugin.

 ### New features

@ -11,6 +13,7 @@ TODO: actions related to #144 and #145 must be added in the occupant list (waiti
 * #137: option to hide moderator name who made actions (kick, ban, message moderation, ...).
 * #144: [moderator notes](https://livingston.frama.io/peertube-plugin-livechat/documentation/user/streamers/moderation_notes/).
 * #145: action for moderators to find all messages from a given participant.
+* #97: option to use and configure [mod_firewall](https://livingston.frama.io/peertube-plugin-livechat/documentation/admin/mod_firewall/) at the server level.

 ### Minor changes and fixes