Announcements

714 readers

138 users here now

lemmy.zip annoucements

The same rules as the main instance apply here.

founded 2 years ago

MODERATORS

Demigodrick@lemmy.zip

Sami@lemmy.zip

v4ld1z@lemmy.zip

117

Important - Piefed.zip down due to security maintenance (Updated) (lemmy.zip)

submitted 1 day ago* (last edited 1 day ago) by Demigodrick@lemmy.zip to c/announcements@lemmy.zip

28 comments fedilink hide all child comments

Edit: see pinned comment for update

Hello All,

Due to the incredibly irresponsible disclosure of a security vulnerability for Piefed, we've had to take Piefed.zip offline until a fix can be put in place.

I'll update more once I have more information.

Many thanks

Demigodrick

you are viewing a single comment's thread
view the rest of the comments

[–] Blaze@piefed.social -4 points 1 day ago

You can look at https://codeberg.org/rimu/pyfedi/releases/tag/v1.6.25 to see the changes.

Basically, the 0-day was mostly someone running an LLM and trying to discover vulnerabilities without double checking them. Most of the things reported were not applicable (mentioning functions that don't even exist), others were not applicable but led to some tangent hardening.

Lemmy also had a SSRF vulnerability a month ago: https://github.com/LemmyNet/lemmy/security/advisories/GHSA-q537-8fr5-cw35