Thank you very much for the heads-up! Without this warning I would’ve gone into my day without patching this…
I’ve looked looked into it and it turns out that Mander was indeed vulnerable to the exploit, but I can confirm that the exploit was not used here. I’ve taken the steps that make us no longer vulnerable to this attack. It is best not to release more specific information here because of the nature of the exploit, but if an admin reads this and doesn’t know where to find this information they can send me a private message. It is Lemmy-specific, and affects versions >= 0.18.0
EDIT: The details of the vulnerability have now been more publicly released. You can find the details here: https://mander.xyz/post/1080833
Thank you very much for the heads-up! Without this warning I would’ve gone into my day without patching this…
I’ve looked looked into it and it turns out that Mander was indeed vulnerable to the exploit, but I can confirm that the exploit was not used here. I’ve taken the steps that make us no longer vulnerable to this attack. It is best not to release more specific information here because of the nature of the exploit, but if an admin reads this and doesn’t know where to find this information they can send me a private message. It is Lemmy-specific, and affects versions >= 0.18.0
EDIT: The details of the vulnerability have now been more publicly released. You can find the details here: https://mander.xyz/post/1080833
Thanks as always for your attentiveness and good work!
Thank you for being a responsible and responsive admin!
Thanks for being so responsive!