Conversation

Notices

1. Embed this notice
   Alex Gleason (alex@gleasonator.com)'s status on Sunday, 28-May-2023 02:22:04 JST Alex Gleason
   Fun fact, Rebased is not vulnerable to the rich media vuln because the MR I proposed 2 years ago (and merged into Rebased) sanitizes the HTML: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3401/diffs#21b5f6a680dc114e2d13c5405e9f12aa00a7f29c_0_40
   • Fediverse Contractor and Seahorses are horses like this.
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Sunday, 28-May-2023 02:28:39 JST Fediverse Contractor

     in reply to
     Good work Alex! Keep it up! :blobcatthumbsup:
   • Embed this notice
     Alex Gleason (alex@gleasonator.com)'s status on Sunday, 28-May-2023 06:57:45 JST Alex Gleason

     in reply to

     • Token
     @coin No, this is one specific bug. I wish I had specified that in the OP. There are about 3 or 4 separate vulnerabilities being discussed. If you're on Rebased/Pleroma/Akkoma you NEED to move your media uploads and proxy to a subdomain or it's only a matter of time.
   • Embed this notice
     Token (coin@asimon.org)'s status on Sunday, 28-May-2023 06:57:46 JST Token

     in reply to
     @alex So we were protected from this if we had rebased as backend?
   • Embed this notice
     Kirino Kousaka (kirino@seal.cafe)'s status on Sunday, 28-May-2023 07:58:08 JST Kirino Kousaka

     in reply to
     Alex I wanna actktually take time to thank you and everyone else for working on free open source software
     
     u are acktually amazing coder and kind of one of my idols :ablobcatheartsqueeze:
     
     thank u for making cool shtuff for everyone
     Alex Gleason likes this.