GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Embed Notice

HTML Code

Corresponding Notice

  1. Embed this notice
    feld (feld@bikeshed.party)'s status on Friday, 02-Feb-2024 22:40:58 JSTfeldfeld
    • Kevin Beaumont
    @GossiTheDog

    > TBA. This advisory will be edited with more details on 2024/02/15, when admins have been given some time to update, as we think any amount of detail would make it very easy to come up with an exploit.

    what is this bullshit? We can just dig through the commits.

    I'm guessing this change is related because it seems like "redirect confirmation" not being done correctly would allow you to takeover an account and the "I'll add tests later" seems like they're hiding something.

    https://github.com/mastodon/mastodon/pull/28902
    In conversationFriday, 02-Feb-2024 22:40:58 JST from bikeshed.partypermalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
      Fix redirect confirmation for accounts by ClearlyClaire · Pull Request #28902 · mastodon/mastodon
      I will add tests in a follow-up PR.
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.