Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://shonk.social/notes/9p6xnnv96h6x055e">Sharkey - Official Account (sharkey@shonk.social)'s status on Friday, 02-Feb-2024 01:19:30 JST</a><a href="https://shonk.social/@Sharkey" title="sharkey@shonk.social"><img src="https://gnusocial.jp/avatar/219325-48-20231201200645.webp" width="48" height="48" alt="Sharkey - Official Account" style="position: absolute; left: 0; top: 0;">Sharkey - Official Account</a><div><ul><li></ul></div></section><article><p><i><i>IMPORTANT UPDATE, BOOST THIS POST</i></i><br><br>A critical vulnerability has been found in Sharkey Twitter imports that can lead to arbitrary code execution, we urge all instance admins to IMMEDIATELY update or to disable Note Imports via roles for the time being, steps are being taken to prevent such events in the future.<br><br>NOTE:<br><br>this happened during our git migration please update your repos and docker images to the following to update to the latest version<br><br>Git Users:<br>run the following in the sharkey folder<br>git remote set-url origin https://activitypub.software/TransFem-org/Sharkey.git<br>then do a git pull<br>Docker Users:<br>replace the image: part of your docker compose with<br>image: registry.activitypub.software/transfem-org/sharkey:latest<br>Note replace latest with develop if u used that branch, also replace stable with latest if u used that tag<br><br>after this announcement was made the all affected docker images will be deleted to prevent users from using them and the old git repo will be redirected to the new one<br><br><br>Thanks to <a href="https://woem.men/@ChaosKitsune">@ChaosKitsune@woem.men</a> and <a href="https://transfem.social/@sugar">@sugar@transfem.social</a> for Reporting and Fixing the issue</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2664632#notice-5280307">In conversation</a><time datetime="2024-02-02T01:19:30+09:00" title="Friday, 02-Feb-2024 01:19:30 JST">Friday, 02-Feb-2024 01:19:30 JST</time> <span>from <span><a href="https://shonk.social/notes/9p6xnnv96h6x055e" rel="external" title="Sent from shonk.social via ActivityPub">shonk.social</a></span></span><a href="https://shonk.social/notes/9p6xnnv96h6x055e">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: activitypub.software</div><h5><a href="https://activitypub.software/TransFem-org/Sharkey">TransFem.org / Sharkey · GitLab</a></h5><div></div></header><div>🌎 A Sharkish microblogging platform 🚀</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Sharkey - Official Account (sharkey@shonk.social)'s status on Friday, 02-Feb-2024 01:19:30 JSTSharkey - Official Account
- Sugar
IMPORTANT UPDATE, BOOST THIS POST

A critical vulnerability has been found in Sharkey Twitter imports that can lead to arbitrary code execution, we urge all instance admins to IMMEDIATELY update or to disable Note Imports via roles for the time being, steps are being taken to prevent such events in the future.

NOTE:

this happened during our git migration please update your repos and docker images to the following to update to the latest version

Git Users:
run the following in the sharkey folder
git remote set-url origin https://activitypub.software/TransFem-org/Sharkey.git
then do a git pull
Docker Users:
replace the image: part of your docker compose with
image: registry.activitypub.software/transfem-org/sharkey:latest
Note replace latest with develop if u used that branch, also replace stable with latest if u used that tag

after this announcement was made the all affected docker images will be deleted to prevent users from using them and the old git repo will be redirected to the new one

Thanks to @ChaosKitsune@woem.men and @sugar@transfem.social for Reporting and Fixing the issue
In conversationFriday, 02-Feb-2024 01:19:30 JST from shonk.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: activitypub.software
  TransFem.org / Sharkey · GitLab
  🌎 A Sharkish microblogging platform 🚀

Public

Embed Notice

HTML Code

Corresponding Notice