ATTENTION LEMMY ADMINS: XSS VULNERABILITY NEEDS PATCHING

wakest ⁂@social.wake.st · 1 year ago

ATTENTION LEMMY ADMINS: XSS VULNERABILITY NEEDS PATCHING

CommunityLinkFixerBot@lemmings.world · 1 year ago

Hi there! Looks like you linked to a Lemmy community using an URL instead of its name, which doesn’t work well for people on different instances. Try fixing it like this: !fediverse@lemmy.ml

FartsWithAnAccent@lemmy.world · 1 year ago

I love you bot, keep being good.

wakest@lemmy.ml · 1 year ago

I posted this from mastodon where you can’t link to communities in that way…

Rikudou_Sage@lemmings.world · 1 year ago

Well, in that case ignore it, it at least provides a clickable link for Lemmy users.

sup@lemmy.ca · 1 year ago

Good bot

Seytoux@lemmy.one · 1 year ago

Good bot.

¡Nay! Great bot

BlessedDog@lemmy.ml · 1 year ago

I thought it was typed “a URL”, not " an URL"

Not sure though, dont kill me, English isn’t my native language.

Rikudou_Sage@lemmings.world · 1 year ago

It has been fixed, thanks!

copylefty@lemmy.fosshost.com · 1 year ago

Sensational bot

cwagner@lemmy.cwagner.me · edit-2 1 year ago

deleted by creator

wakest ⁂@social.wake.st · 1 year ago

@cwagner oh no some admin who didn’t add custom emojos might get alerted that their is a bad bug and not have anything to do!

cwagner@lemmy.cwagner.me · edit-2 1 year ago

deleted by creator

MaybeItWorks@sh.itjust.works · 1 year ago

OP was unnecessarily rude to you. I’m waiting for my mod ban for calling them out. This place can’t be that different than reddit.

MaybeItWorks@sh.itjust.works · 1 year ago

It is generally a good practice to be specific when describing vulnerabilities. Further, people tend to just read headlines and we know this. You don’t need to be a snarky jerk when someone points that out. Heaven forbid people learn something, sheesh.

mondoman712@lemmy.ml · 1 year ago

This would be more relevant in !lemmy@lemmy.ml, although there’s already a post about it there.

wakest ⁂@social.wake.st · 1 year ago

@mondoman712 lemmy is part of the fediverse so it is relevant

Randoom@lemmy.ml · 1 year ago

cross-post it to !lemmy_support@lemmy.ml too.

wakest ⁂@social.wake.st · 1 year ago

@randoom go for it!

Randoom@lemmy.ml · 1 year ago

You do it. It’s your post.

wakest ⁂@social.wake.st · 1 year ago

@randoom You do it. It’s your desire.

Randoom@lemmy.ml · 1 year ago

You do it. You should have posted it there.

wakest ⁂@social.wake.st · 1 year ago

@randoom Please fuck off

notsofunnycomment@mander.xyz · 1 year ago

@sal@mander.xyz we ok?

notsofunnycomment@mander.xyz · 1 year ago

Ah, just seeing this: https://mander.xyz/comment/987556

Salamander@mander.xyz · 1 year ago

Yeah, thank you! Only had to sacrifice our custom emojis for now :)

Muddybulldog@mylemmy.win · 1 year ago

Waiting on patches to propagate to the container registries.

alternative_be✅🖖🏻@todon.nl · 1 year ago

@liaizon @fediverse I only joined a few days ago. I suppose this means I have to alter my password?

BlueÆther@no.lastname.nz · 1 year ago

The attack shouldn’t have exposed passwords or hashes, only the JWT cookie. The secret on the server has been changed so all old cookies should no longer work.

There is a very small possibility that email address may have been able to be seen if they logged is as you, but they were looking for admin accounts

Valmond@lemmy.ml · 1 year ago

Anyone knows what maintainers should do to patch the vulnerability?

BlueÆther@no.lastname.nz · 1 year ago

Been patched already in release 0.18.2-rc’s

CommunityLinkFixerBot@lemmings.world · 1 year ago

Hi there! Looks like you linked to a Lemmy community using an URL instead of its name, which doesn’t work well for people on different instances. Try fixing it like this: !fediverse@lemmy.ml