Conversation
Notices
-
Oneesan succubus (lain@pleroma.soykaf.com)'s status on Friday, 04-Aug-2023 20:30:34 JST 
Oneesan succubus
A new Pleroma security release is out that you should install immediately. If you can not do so for some reason, activate filename anonymization.
Thanks to @feld and @lanodan for handling this so quickly!
https://pleroma.social/announcements/2023/08/04/pleroma-security-release-2.5.3/-
(mint@ryona.agency)'s status on Friday, 04-Aug-2023 20:30:32 JST 
@lain @feld @lanodan Why the fuck is emoji pack even a thing? Were just putting them in emoji dir not enough? -
(mint@ryona.agency)'s status on Friday, 04-Aug-2023 20:41:00 JST
Agency updated, btw. -
(mint@ryona.agency)'s status on Friday, 04-Aug-2023 20:42:41 JST
https://git.pleroma.social/pleroma/pleroma/-/commit/8cc8100120abdbf26cfe4cdac2c0a012d7919e05
This shit sperged out at my config.exs despite the fact it's owned by root:root, so it shouldn't even be able to write to it either way. -
(mint@ryona.agency)'s status on Friday, 04-Aug-2023 20:49:45 JST
@feld @lain @lanodan Just zip them up and upload them somewhere, or maybe make a git repo in case it gets updated frequently. -
feld (feld@bikeshed.party)'s status on Friday, 04-Aug-2023 20:49:46 JST 
feld
People begged for a way to share packs and we provided -
(mint@ryona.agency)'s status on Friday, 04-Aug-2023 20:59:09 JST
@feld @lain @lanodan Anyway, if deduplication (which, I assume, is responsible for upload URLS being /media/<hash>.ext?name=<name>.ext instead of /media/<uuid>/<name>.ext) is enabled, is the server still vulnerable? -
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 04-Aug-2023 21:05:23 JST 
Haelwenn /элвэн/ :triskell:
@mint @feld @lain As put in the OP, <hash>.ext should be safe but best is updating. likes this. -
(mint@ryona.agency)'s status on Friday, 04-Aug-2023 21:08:10 JST
@lanodan @feld @lain Terminology is confusing a bit as the OP explicitly mentions filename anonymization.
-
All 076萌SNS content and data are available under the