Looks like the instance is on the latest RC which includes the fix for the vulnerability.
erre
joined 1 year ago
I think the lemmy.world admin posted on his official Mastodon.
If you run the instance only for yourself then I'd say it makes you an unattractive target. Why do a lot of work to hack an instance with one user?
But yeah, since Lemmy's code is not super mature there'll be some pains in the short term.
Oops indeed. Lemmy needs a security audit 😬
Realizing this blew my mind. Definitely more interesting than following people.
I'd wager you're likely fine if you're using a mobile app when the affected image loads. Also, it appears they're stealing auth tokens.. not passwords or anything. At worst they could impersonate you until your token expires.. but you're not a high value target unless you're an admin of an instance.
What kind of terrible markdown editor allows adding onload scripts to images though.. it's insane.
If it's onload then simply viewing the image runs that script. Yikes.
This is hilariously timed considering the current panic at the hacked instances.
Tough call, probably for the best. Hopefully it's resolved soon.
Tapping the post form submit button results in an error that says to pick one of the ten communities listed which I guess are those that horizontally scroll under the "community name" form field. So I guess I can only post to those.. not sure why it's limited. It's a bug unless I missed a new setting.
I had to create this post using Jerboa 😞
Connect version 1.0.69. Also applies to 1.0.71.
My instance restarted while browsing Lemmy. The error message output is raw html rather than a user-friendly message.
Not a huge deal but wanted to point it out.
Version 1.0.69
She's a little sweetheart.
For me at least.
Looks like they enforced rate limits an hour before midnight UTC.
Not complaining 😂
view more: next ›
I like that imgur removes exif data, any recommendations that do that too?
I took a look at a few posted and they don't appear to do so.