this post was submitted on 07 Jul 2023
62 points (98.4% liked)

Discussions related to Infosec.pub

1128 readers
35 users here now

founded 1 year ago
MODERATORS
 

As some have pointed out, there was a serious xss vulnerability in lemmy disclosed yesterday. The Lemmy team released a fix a bit ago and I've since patched infosec.pub.

top 8 comments
sorted by: hot top controversial new old
[–] wop@infosec.pub 11 points 1 year ago

Thank you Jerry!

[–] br3ad@infosec.pub 10 points 1 year ago* (last edited 1 year ago)

Thank you!

What is the responsible way for testing Lemmy security? Is there currently any effort by users of this instance and other infosec related instances (if any) for finding and reporting security vulnerabilities?

[–] brandon@infosec.pub 5 points 1 year ago

Thanks as always, Jerry!

[–] N7x@infosec.pub 4 points 1 year ago
[–] norb@infosec.pub 0 points 1 year ago* (last edited 1 year ago) (1 children)

Unsure if anyone else is having the same issue I am, but it looks like all of my subscribed communities got broken during this time. I see them as subscribed in the sidebar, but don't see any posts from them (nor do they appear in the communities page for the entire instance).

I'm not sure if unsub/resub-ing would fix it or not.

[–] jerry@infosec.pub 1 points 1 year ago (1 children)

it looks like something has been wrong with federation since I applied the patch to fix the vulnerability. I am investigating...

[–] norb@infosec.pub 1 points 1 year ago

I see more stuff now! Still can't tell if it's all the stuff I was subscribed to before but it looks better for sure.

Thanks, Jerry!