Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://gleasonator.com/objects/2d1c69ef-0243-4e1a-958b-98b43a9d19ad">Alex Gleason (alex@gleasonator.com)'s status on Sunday, 14-Aug-2022 06:19:44 JST</a><a href="https://gleasonator.com/users/alex" title="alex@gleasonator.com"><img src="https://gnusocial.jp/avatar/1712-48-20220726020642.webp" width="48" height="48" alt="Alex Gleason" style="position: absolute; left: 0; top: 0;">Alex Gleason</a><div><a href="https://rdrama.cc/objects/b7fc46b4-34d7-44c5-bfb8-c75056cf65d6" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/1000" title="e@masochi.st">ew</a></li><li><a href="https://gnusocial.jp/user/1758" title="realcaseyrollins@social.teci.world">realcaseyrollins ✝️</a></li></ul></div></section><article><p>I fixed some security issues, here are a few examples:</p><ul><li><p>If you created an account called “verify_credentials” people who viewed your profile would see their own profile. <a href="https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2857">https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2857</a> </p></li><li><p>A bug in the media proxy was causing it to impersonate googlebot causing my ISP to almost shut me down: <a href="https://git.pleroma.social/pleroma/pleroma/-/commit/1dc5794e2996d09dee22f0156c4a442c8338aa8d">https://git.pleroma.social/pleroma/pleroma/-/commit/1dc5794e2996d09dee22f0156c4a442c8338aa8d</a></p></li><li><p>Prevented a DoS caused by hammering the public search API: <a href="https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3563">https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3563</a></p></li></ul><p>Ironically lanodan accused me of introducing security vulnerabilities into Soapbox BE, but wouldn’t tell me where. So he was fine with receiving my help, but wanted to hold it over my head and blackmail me with it when it was the other way around. Of course the real reason is because no such vulnerability exists.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/59860#notice-95633">In conversation</a><time datetime="2022-08-14T06:19:44+09:00" title="Sunday, 14-Aug-2022 06:19:44 JST">Sunday, 14-Aug-2022 06:19:44 JST</time> <span>from <span><a href="https://gleasonator.com/objects/2d1c69ef-0243-4e1a-958b-98b43a9d19ad" rel="external" title="Sent from gleasonator.com via ActivityPub">gleasonator.com</a></span></span><a href="https://gleasonator.com/objects/2d1c69ef-0243-4e1a-958b-98b43a9d19ad">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/34911">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/34912">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Sunday, 14-Aug-2022 06:19:44 JSTAlex Gleason
in reply to
I fixed some security issues, here are a few examples:
- If you created an account called “verify_credentials” people who viewed your profile would see their own profile. https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2857
- A bug in the media proxy was causing it to impersonate googlebot causing my ISP to almost shut me down: https://git.pleroma.social/pleroma/pleroma/-/commit/1dc5794e2996d09dee22f0156c4a442c8338aa8d
- Prevented a DoS caused by hammering the public search API: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3563
Ironically lanodan accused me of introducing security vulnerabilities into Soapbox BE, but wouldn’t tell me where. So he was fine with receiving my help, but wanted to hold it over my head and blackmail me with it when it was the other way around. Of course the real reason is because no such vulnerability exists.
In conversationSunday, 14-Aug-2022 06:19:44 JST from gleasonator.compermalink
Attachments
1. Untitled attachment
2. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice