Embed Notice
HTML Code
Corresponding Notice
- Embed this notice
Oneesan succubus (lain@pleroma.soykaf.com)'s status on Sunday, 31-Mar-2024 14:38:17 JSTOneesan succubus The fine folks at akkoma released a security update that fixes some things with the diverse ways of putting stuff on your domain (uploads, stolen emoji, mediaproxy). Some of those patches will make it into Pleroma too, but for now:
RUN UPLOADS AND MEDIA PROXY ON A DIFFERENT SUBDOMAIN. That prevents any impersonation issues.
We will drop any support for same-domain setups in the near future, it's just not worth the risk.
Check out the information provided by akkoma for details and more fine grained mitigation steps: https://meta.akkoma.dev/t/akkoma-stable-2024-03-securer-i-barely-know-her/681