What is Nostr?
lain /
npub1wah…xc8t
2023-05-29 09:28:03

lain on Nostr: PLEROMA ADMINS READ THIS, AKKOMA TOO Another important pleroma security post: Alex ...

PLEROMA ADMINS READ THIS, AKKOMA TOO

Another important pleroma security post: Alex Gleason (npub108p…yev6) and anime graf mays 🛰️🪐 (npub108z…dkr5) found ANOTHER injection bug, and this one was probably used for the attack. I think that single user instances are probably not affected, but I wouldn't want to risk it. Move your media and proxy to a subdomain as alex initially recommended, it's not complicated and takes 15 minutes, and eliminates this whole class of bugs.

Fix is being worked on, but just do the media/proxy thing now so you'll never have to worry about this again.

https://webb.spiderden.org/2023/05/26/pleroma-mitigation/
Author Public Key
npub1wahdrf28uf5n5tykfeyzf43sdgg65djvm8re3ulpentr3teaxujs09xc8t