lain on Nostr: PLEROMA ADMINS READ THIS, AKKOMA TOO Another important pleroma security post: Alex ...
PLEROMA ADMINS READ THIS, AKKOMA TOO
Another important pleroma security post: Alex Gleason (npub108p…yev6) and anime graf mays 🛰️🪐 (npub108z…dkr5) found ANOTHER injection bug, and this one was probably used for the attack. I think that single user instances are probably not affected, but I wouldn't want to risk it. Move your media and proxy to a subdomain as alex initially recommended, it's not complicated and takes 15 minutes, and eliminates this whole class of bugs.
Fix is being worked on, but just do the media/proxy thing now so you'll never have to worry about this again.
https://webb.spiderden.org/2023/05/26/pleroma-mitigation/
Another important pleroma security post: Alex Gleason (npub108p…yev6) and anime graf mays 🛰️🪐 (npub108z…dkr5) found ANOTHER injection bug, and this one was probably used for the attack. I think that single user instances are probably not affected, but I wouldn't want to risk it. Move your media and proxy to a subdomain as alex initially recommended, it's not complicated and takes 15 minutes, and eliminates this whole class of bugs.
Fix is being worked on, but just do the media/proxy thing now so you'll never have to worry about this again.
https://webb.spiderden.org/2023/05/26/pleroma-mitigation/