GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    val (val@oc.todon.fr)'s status on Sunday, 10-Sep-2023 18:09:48 JST val val
    • M. Hamzah Khan
    • Thomas Lemarchand

    @sheogorath @thomas @mhamzahkhan By default, Mastodon *executes* code from the *runtime-writeable* tmp/ dir in its source code.
    They know it can potentially be exploited for RCE (and it was, in CVE-2023-36460), but chose not to fix it by default: https://github.com/mastodon/mastodon/issues/4625#issuecomment-431602474

    In conversation about a year ago from oc.todon.fr permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
      Mastodon requires write access to tmp/ after a system update · Issue #4625 · mastodon/mastodon
      Hi, I recently restarted my server to apply a kernel upgrade. This was not a Mastodon update. After the restart, mastodon-web crashes with the following error: [1386] ! Unable to load application: ...
    • clacke likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.