102
submitted 1 year ago by Shadow@lemmy.ca to c/main@lemmy.ca

Heads up that we've bumped the UI up to 0.18.2-rc.1, which should resolve the current exploit that was seen on lemmy.world.

We've also logged out all currently logged in users as part of it, so you'll need to login again.

top 30 comments
sorted by: hot top controversial new old
[-] grte@lemmy.ca 12 points 1 year ago

Thanks for all your hard work, admin team.

[-] Mongostein@lemmy.ca 10 points 1 year ago* (last edited 1 year ago)

I was having trouble figuring out how to sign out and back in with mlemmy. Did it work?

Edit: looks like yes. For anyone else having this problem, I went to the profile button, opened the gear in the top right corner, then “accounts” -> “edit account” then didn’t change anything and just hit “save.” It must have worked to log me out and back in.

[-] nbailey@lemmy.ca 7 points 1 year ago

Very impressive incident response and patch turnaround time -- Kudos to the admins, devs, and sysadmins!!

Thank you for your hard work.

[-] Borgzilla@lemmy.ca 6 points 1 year ago

Fail fast, fail often. They have handled the issue like bosses. This project is going places.

[-] CorruptBuddha@lemmy.ca 5 points 1 year ago

For anyone having issues logging into Jerboa, I had to clear my cache before it would work.

[-] mantorok@lemmy.ca 2 points 1 year ago

The comment I was looking for!

[-] mp3@lemmy.ca 4 points 1 year ago

Ah so that's why Connect for Lemmy was unable to display my frontpage despite being "logged in". Signin out of the account and signing back in fixed it

[-] dan80@lemmy.ca 2 points 1 year ago

Same problem on Memmy. Signed out than back in, everything worked properly.

[-] Aceofspades@lemmy.ca 4 points 1 year ago

That explains why I had to sign in again. I was thinking it was a bug in the Connect app. Good to know it wasn't.

[-] TableCoffee@lemmy.ca 3 points 1 year ago

Thanks for doing that. I was wondering why my multiple Lemmy apps weren't loading my account. Then saw the news.

I appreciate you going ahead and logging out all users anyway. Just needed to remove and add accounts again in the various apps (using so many until one feels like the best for me!). But thanks for taking those steps!

[-] neb@lemmy.ca 3 points 1 year ago

I went looking to re-attempt 2FA setup. After enabling it in the options, the link that for 0.18.0 would trigger an event to add it to AndOTP (instead of just providing the secret) isn't showing up at all. (If that makes any sense in my current decaffeinated state)

[-] n2burns@lemmy.ca 4 points 1 year ago

FYI, andOTP is no longer maintained, so I'd recommend switching to an alternative and there are many options. My transition to Aegis was very smooth.

[-] neb@lemmy.ca 2 points 1 year ago

Yeah, it's not my primary, I just happen to still have it installed.

[-] Shadow@lemmy.ca 3 points 1 year ago* (last edited 1 year ago)

I'll take a look in a bit but might be a new bug.

Edit: I can see the link just fine, even without deactivating it first. Can you try clearing your browser cache?

[-] neb@lemmy.ca 2 points 1 year ago

Weird, opening in my browser now, it's there. (And I've finally figured out how to make bitwarden handle sha256.) In any case, I'm all good and properly using 2FA.

[-] durablenapkin@lemmy.ca 3 points 1 year ago

It's currently a little awkward, after you enable + save the first time you need to refresh the page in order to see the button which contains the otpauth:// link.

[-] TheMadIrishman@sh.itjust.works 2 points 1 year ago

Same. Click the link button and nothing happens.

[-] mp3@lemmy.ca 6 points 1 year ago* (last edited 1 year ago)

The link starts with otpauth://, which will likely do nothing on desktop. Either click on it from a mobile device, or on desktop you can use an addon like Offline QR Code Generator (Firefox), then right-click the link and select QR code from link. This will show a QR code you'll be able to enroll in any TOTP app. Hopefully they'll add an option to display a QR code when using the desktop interface in newer versions of Lemmy.

[-] TheMadIrishman@sh.itjust.works 2 points 1 year ago

Can I copy the link it generates and put it directly into my app that handles 2FA? (1password). Thought about trying it, but I didn’t see any recovery codes and am not keen on getting locked out.

[-] durablenapkin@lemmy.ca 8 points 1 year ago* (last edited 1 year ago)

This worked for me in Bitwarden: note since Lemmy 2FA uses SHA256 you have to copy/paste the entire link and not just the secret token. If you copy/paste just the secret token most password managers with TOTP generation have it defaulted to SHA1.

[-] TheMadIrishman@sh.itjust.works 3 points 1 year ago

Good shit. Appreciate ya.

[-] grte@lemmy.ca 1 points 1 year ago

Worth noting that turning on 2FA doesn't log you out of your current session so you have the opportunity to turn it back off again if you can't copy it over in this way.

[-] alien@lemm.ee 3 points 1 year ago

There was an exploit?! Where, what?

[-] Gestrid@lemmy.ca 7 points 1 year ago
[-] Mereo@lemmy.ca 2 points 1 year ago

Thank you admin team!

[-] Greg@lemmy.ca 2 points 1 year ago

Thanks Shadow!

[-] BeigeAgenda@lemmy.ca 1 points 1 year ago* (last edited 1 year ago)

Just FYI I had to delete data on Jerboa before I could vote and write comments, otherwise it just logged me out again.

[-] ramplay@lemmy.ca 2 points 1 year ago

Yup just did similar excersise. Jerboa was getting confused until I unintentionally removed my old account.

Readding then worked like a charm.

load more comments
view more: next ›
this post was submitted on 10 Jul 2023
102 points (99.0% liked)

Lemmy.ca's Main Community

2758 readers
2 users here now

Welcome to lemmy.ca's c/main!

Since everyone on lemmy.ca gets subscribed here, this is the place to chat about the goings on at lemmy.ca, support-type items, suggestions, etc.

Announcements can be found at https://lemmy.ca/c/meta

For support related to this instance, use https://lemmy.ca/c/lemmy_ca_support

founded 3 years ago
MODERATORS