GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Chudbere (Clairebere) :duckjam: (chudbere@chudbuds.lol)'s status on Wednesday, 16-Nov-2022 00:00:21 JST Chudbere (Clairebere) :duckjam: Chudbere (Clairebere) :duckjam:
    • Alex Gleason
    Is this same vulnerability possible on pleroma or soapbox? @alex

    RT: https://infosec.exchange/users/jerry/statuses/109348246444608881
    In conversation Wednesday, 16-Nov-2022 00:00:21 JST from chudbuds.lol permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: media.infosec.exchange
      Jerry Bell :verified_paw: (@jerry@infosec.exchange)
      from Jerry Bell :verified_paw:
      This message for everyone on the fediverse: First, please ensure you go into your account settings and enable two/multi factor authentication. No, I mean do it right now. I’ll wait till you’re done. … … Ok, thank you. Now, if you are the admin of a mastodon instance, please go upgrade to 4.0.2 ASAP. Background: https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
    • Embed this notice
      Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 16-Nov-2022 00:00:20 JST Alex Gleason Alex Gleason
      in reply to
      @chudbere If you're running Soapbox with an outdated GlitchSocial backend, almost certainly yes. In Pleroma/Reased, unconfirmed (we should probably remove HTML posting). I'm patching it in Soapbox shortly to be safe.
      In conversation Wednesday, 16-Nov-2022 00:00:20 JST permalink
    • Embed this notice
      dia (dia@kurosawa.moe)'s status on Wednesday, 16-Nov-2022 03:41:26 JST dia dia
      in reply to
      • Alex Gleason
      looks like the patch was landed an hour ago: https://gitlab.com/soapbox-pub/soapbox/-/commit/b5393b531b26913dda36e3cf6d90df6df8959f5d
      In conversation Wednesday, 16-Nov-2022 03:41:26 JST permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: gitlab.com
        Merge branch 'fix-emoji-vuln' into 'develop' (b5393b53) · Commits · Soapbox / Soapbox · GitLab
        Patch emoji parsing from upstream Closes #1179 See merge request soapbox-pub/soapbox!1893
      Alex Gleason likes this.
    • Embed this notice
      Chudbere (Clairebere) :duckjam: (chudbere@chudbuds.lol)'s status on Wednesday, 16-Nov-2022 03:41:27 JST Chudbere (Clairebere) :duckjam: Chudbere (Clairebere) :duckjam:
      in reply to
      • Alex Gleason
      I have not run an update on Soapbox since our initial install in September, will you announce when the patch is ready? And is there a guide anywhere on how to pull an update once it is ready?
      In conversation Wednesday, 16-Nov-2022 03:41:27 JST permalink
      Alex Gleason repeated this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.