Hey, guys.

Pre-workday-Netto chiming in to inform you that a XSS vulnerability has been found in Lemmy’s frontend and that several instances have been compromised.

You can track the issue here.

I implemented the supposed patch and uploaded an ARM64 build that has the patch applied to Docker Hub, if any other instance might need it (use with caution).

Please note that you’ll have to log back in, as all active sessions have been terminated.

I’ll continue to monitor the situation when I’m at work.

✌️

  • Netto Hikari@social.fossware.spaceOPM
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    If you guys experience short “bursts” of downtime: I’m doing some security hardening in the background. In the future, I’ll spin up a test instance for these things.