GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    val (val@oc.todon.fr)'s status on Sunday, 10-Sep-2023 18:09:48 JST val val
    • M. Hamzah Khan
    • Thomas Lemarchand

    @sheogorath @thomas @mhamzahkhan By default, Mastodon *executes* code from the *runtime-writeable* tmp/ dir in its source code.
    They know it can potentially be exploited for RCE (and it was, in CVE-2023-36460), but chose not to fix it by default: https://github.com/mastodon/mastodon/issues/4625#issuecomment-431602474

    In conversation 2 years ago from oc.todon.fr permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
      Mastodon requires write access to tmp/ after a system update · Issue #4625 · mastodon/mastodon
      Hi, I recently restarted my server to apply a kernel upgrade. This was not a Mastodon update. After the restart, mastodon-web crashes with the following error: [1386] ! Unable to load application: ...
    • clacke likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.

Embed this notice