Conversation

Notices

1. Alex Gleason (alex@gleasonator.com)'s status on Sunday, 28-May-2023 05:46:13 JST Alex Gleason
   Fun fact, Rebased is not vulnerable to the rich media vuln because the MR I proposed 2 years ago (and merged into Rebased) sanitizes the HTML: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3401/diffs#21b5f6a680dc114e2d13c5405e9f12aa00a7f29c_0_40
   • Token likes this.
   • Token (coin@asimon.org)'s status on Sunday, 28-May-2023 05:46:12 JST Token

     in reply to
     @alex So we were protected from this if we had rebased as backend?
     Machismo repeated this.
   • Alex Gleason (alex@gleasonator.com)'s status on Sunday, 28-May-2023 06:58:30 JST Alex Gleason

     in reply to

     • Token
     @coin No, this is one specific bug. I wish I had specified that in the OP. There are about 3 or 4 separate vulnerabilities being discussed. If you're on Rebased/Pleroma/Akkoma you NEED to move your media uploads and proxy to a subdomain or it's only a matter of time.
     Token likes this.
   • Matty-kun :Christmas_kitty_bell: (matty@nicecrew.digital)'s status on Sunday, 28-May-2023 07:45:28 JST Matty-kun :Christmas_kitty_bell:

     in reply to
     What is rich media?
     Machismo repeated this.
   • :btrfly: anime graf mays 🛰️🪐 (graf@poa.st)'s status on Sunday, 28-May-2023 07:45:28 JST :btrfly: anime graf mays 🛰️🪐

     in reply to

     • Matty-kun :Christmas_kitty_bell:
     @matty @alex the kind of media you see in connecticut