Conversation

IMPORTANT UPDATE, BOOST THIS POST

A critical vulnerability has been found in Sharkey Twitter imports that can lead to arbitrary code execution, we urge all instance admins to IMMEDIATELY update or to disable Note Imports via roles for the time being, steps are being taken to prevent such events in the future.

NOTE:

this happened during our git migration please update your repos and docker images to the following to update to the latest version

Git Users:
run the following in the sharkey folder
git remote set-url origin https://activitypub.software/TransFem-org/Sharkey.git
then do a git pull
Docker Users:
replace the image: part of your docker compose with
image: registry.activitypub.software/transfem-org/sharkey:latest
Note replace latest with develop if u used that branch, also replace stable with latest if u used that tag

after this announcement was made the all affected docker images will be deleted to prevent users from using them and the old git repo will be redirected to the new one


Thanks to @ChaosKitsune@woem.men and @sugar@transfem.social for Reporting and Fixing the issue