Conversation
Notices
-
Embed this notice
Oneesan succubus (lain@pleroma.soykaf.com)'s status on Sunday, 31-Mar-2024 14:38:17 JST Oneesan succubus The fine folks at akkoma released a security update that fixes some things with the diverse ways of putting stuff on your domain (uploads, stolen emoji, mediaproxy). Some of those patches will make it into Pleroma too, but for now:
RUN UPLOADS AND MEDIA PROXY ON A DIFFERENT SUBDOMAIN. That prevents any impersonation issues.
We will drop any support for same-domain setups in the near future, it's just not worth the risk.
Check out the information provided by akkoma for details and more fine grained mitigation steps: https://meta.akkoma.dev/t/akkoma-stable-2024-03-securer-i-barely-know-her/681- twl, Linux Walt Alt (@lnxw37a2) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} and gidi like this.
-
Embed this notice
Zergling_man (zergling_man@sacred.harpy.faith)'s status on Saturday, 06-Apr-2024 09:03:50 JST Zergling_man @lain >We will drop any support for same-domain setups in the near future, it's just not worth the risk.
How about fuck you, I have them on the same domain with 0 risk.In conversation permalink ✙ dcc :pedomustdie: :phear_slackware: likes this.