this post was submitted on 10 Jul 2023
49 points (98.0% liked)

Meta (slrpnk.net)

602 readers
3 users here now

Here we can discuss anything about this Lemmy instance/server itself.

Our XMPP support chat: Movim or XMPP client.

Please also refer to our Wiki

founded 2 years ago
MODERATORS
49
submitted 1 year ago* (last edited 1 year ago) by poVoq to c/meta
 

As you might have heard several Lemmy instances have been attacked via a security vulnerability in the browser frontend related to custom emoji.

While SLRPNK was vulnerable to it, we seem to have not been actively targeted and I took the instance down as a precaution as soon as I learned about it.

I have applied all the currently known mitigations, which means that everyone got logged out of their account and needs to log back in manually.

As of writing this the API is working again and can be used with apps like Jerboa safely.

I am still contemplating if I want to re-enable the web frontend now or wait for a release that fixes the issues found.

Edit: the main issue was fixed and I restarted the web ui with it.

you are viewing a single comment's thread
view the rest of the comments
[–] poVoq 1 points 1 year ago* (last edited 1 year ago) (1 children)

Did you try logging off manually from the apps and logging in again?

Edit: sorry I didn't want it to sound like a snarky tech support comment. But the apps seem to have issues with being logged out forcibly by the server.

As for the web-ui. No idea. nothing changed substantially.

[–] SteveKLord 1 points 1 year ago (1 children)

Not yet, I would need to stop testing them and then reset the testflight, that however doesn’t seem like it would explain the constant logging off from the web ui as I’ve had to log back in to respond to this

[–] poVoq 2 points 1 year ago (1 children)

The only thing I can think of is that you still have problems with cached JS code from pre-0.18.0 times. Try force reloading the page via CTRL+F5 and see if that helps.

For me the web-ui is not showing any issues in Firefox, so I have no idea how to reproduce or try to fix it.

[–] SteveKLord 1 points 1 year ago

I’m currently not at home using the mobile web ui on Brave which ordinarily doesn’t give me these issues. I’ll see about deleting the cache in the apps and troubleshoot more when I get a chance. I’m sure it’s not an issue caused by your work but does seem like the latest update could be a little buggy so I’ll try resetting things asap