Notices where this attachment appears
-
Alex Gleason (alex@gleasonator.com)'s status on Friday, 04-Aug-2023 23:40:38 JST 
Alex Gleason
Pleroma is full of security vulnerabilities because OnlyFans paid people on Upwork to implement a bunch of features nobody wants.
Have you ever tried downloading an emoji pack from a server? No? Well that's the vulnerable code.
Anyway, hopefully everyone is using s3 for uploads by now and has the dedupe filter enabled.
Patch is being merged into Rebased now: https://gitlab.com/soapbox-pub/rebased/-/merge_requests/263
A patch was ready yesterday but I figured I'd wait til after it landed upstream first.
RT: https://pleroma.soykaf.com/objects/c655af15-7632-41e6-86f3-d06ab5bbb84a
076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.
All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.