1
submitted 1 year ago* (last edited 1 year ago) by poVoq@slrpnk.net to c/meta@slrpnk.net

As you might have heard several Lemmy instances have been attacked via a security vulnerability in the browser frontend related to custom emoji.

While SLRPNK was vulnerable to it, we seem to have not been actively targeted and I took the instance down as a precaution as soon as I learned about it.

I have applied all the currently known mitigations, which means that everyone got logged out of their account and needs to log back in manually.

As of writing this the API is working again and can be used with apps like Jerboa safely.

I am still contemplating if I want to re-enable the web frontend now or wait for a release that fixes the issues found.

Edit: the main issue was fixed and I restarted the web ui with it.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here
this post was submitted on 10 Jul 2023
1 points (100.0% liked)

Meta

0 readers
0 users here now

Here we can discuss anything about this Lemmy instance/server itself.

founded 2 years ago
MODERATORS