Notices by Sharkey - Official Account (sharkey@shonk.social)

Hello everyone, the Sharkey project has been quiet due to our ongoing efforts to patch major security vulnerabilities in coordination with Firefish, Iceshrimp.js, and upstream Misskey. On Wednesday, November 20th, 2024, our efforts will be finalized with a security release for all affected projects. It is of upmost importance to update your instance(s) to the latest version if you utilize any of the aforementioned software once the patches are released.

We are aware of the current Misskey vulnerability, and are working on getting an update out asap

sorry, for this taking so long most of our team was asleep due to timezones

IMPORTANT UPDATE, BOOST THIS POST

A critical vulnerability has been found in Sharkey Twitter imports that can lead to arbitrary code execution, we urge all instance admins to IMMEDIATELY update or to disable Note Imports via roles for the time being, steps are being taken to prevent such events in the future.

NOTE:

this happened during our git migration please update your repos and docker images to the following to update to the latest version

Git Users:
run the following in the sharkey folder
git remote set-url origin https://activitypub.software/TransFem-org/Sharkey.git
then do a git pull
Docker Users:
replace the image: part of your docker compose with
image: registry.activitypub.software/transfem-org/sharkey:latest
Note replace latest with develop if u used that branch, also replace stable with latest if u used that tag

after this announcement was made the all affected docker images will be deleted to prevent users from using them and the old git repo will be redirected to the new one


Thanks to @ChaosKitsune@woem.men and @sugar@transfem.social for Reporting and Fixing the issue

The FireFish.Social and joinfirefish.org servers are completly down and don't even respond to pings anymore, this means #firefish is officially dead, the servers no longer run, the git server still runs but seems to be run by a different person than kainoa

We're sad to see firefish go down like this, and we're especially sad about all the users who's data is now gone due to both major instances going down

while this is a major blow to a lot of people, please don't start harassing any one that was involved in the firefish project harassing people isn't going to help, we should see firefish as something to learn from to see what went wrong and prevent something like that happening in the future

and a note be added, Sharkey is not a firefish fork, and does not intent feature parity with it, Sharkey is a misskey softfork its supposed to update with misskey, unlike other fork we will not do big actions like rewrites