Notices where this attachment appears
-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Sunday, 14-Aug-2022 06:19:44 JST 
Alex Gleason
I fixed some security issues, here are a few examples:
If you created an account called “verify_credentials” people who viewed your profile would see their own profile. https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2857
A bug in the media proxy was causing it to impersonate googlebot causing my ISP to almost shut me down: https://git.pleroma.social/pleroma/pleroma/-/commit/1dc5794e2996d09dee22f0156c4a442c8338aa8d
Prevented a DoS caused by hammering the public search API: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3563
Ironically lanodan accused me of introducing security vulnerabilities into Soapbox BE, but wouldn’t tell me where. So he was fine with receiving my help, but wanted to hold it over my head and blackmail me with it when it was the other way around. Of course the real reason is because no such vulnerability exists.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.