What is Nostr?
erincandescent /
npub12fw…xddv
2024-02-16 11:54:07

erincandescent on Nostr: The latest Mastodon security vuln (GHSA-jhrq-qvrm-qr36) appears to be an exploit that ...

The latest Mastodon security vuln (GHSA-jhrq-qvrm-qr36) appears to be an exploit that can be used against instances that host their media on the same domain as the Mastodon instance itself

Reminder: It is best practice to put user uploaded media on a different hostname - ideally, a separate domain name entirely, but if not possible a subdomain will suffice.

(Note: Even if you do this, you still need to upgrade; the exploit is against remote instances0
Author Public Key
npub12fwzd4u7n0jj8wpk4encf3qsjmxayqzq4znd8qnvg79mj7j4thyspxxddv