This one is just a few bug fixes and small internal changes. As always, click the link attached to this post for more details, and if you're reading this it means the update was successful.

new lemmy update! If you're reading this, it means the update was successful, and this instance is running the new version. You can click the link attached to this post to read more about what this update has changed.

You can read the full release notes here, but I'll highlight some important information here

Previously 2FA was enabled in a single step which made it easy to lock yourself out. This is now fixed by using a two-step process, where the secret is generated first, and then 2FA is enabled by entering a valid 2FA token. It also fixes the problem where 2FA can be disabled without passing any 2FA token. As part of this change, 2FA is disabled for all users. This allows users who are locked out to get into their account again.

This update is also the reason you've been logged out of the web UI. Apologies for any inconvenience. /u/raymonf will be compensated in the form of rice.

/u/[email protected] said to post this so here it is!

https://photon.raymonf.me/

TL;DR: A recent security update required us to invalidate all active login sessions, causing users to be logged out. This was a precautionary measure, and you can securely log back in.

Dear Lemmy community members,

As you may have noticed, you were recently logged out of your account unexpectedly. We wanted to explain why this happened and assure you that your account is secure.

Our team identified a security issue related to custom emojis affecting several Lemmy instances. As part of the resolution process, it was necessary to invalidate all active login sessions - a process known as "rotating the JWT secret." This precaution ensures that any potential unauthorized access is immediately stopped.

Please note that this incident only potentially affected users who visited pages with malicious content during a specific timeframe. This issue does not impact your passwords, so there's no need to change them unless you choose to do so as an added precaution.

The security concern has been resolved, and you can securely log back into your account. The session invalidation means you'll need to log back into your account on all devices.

For more detailed information about this incident, please visit this recent post.

We sincerely apologize for any inconvenience this may have caused. The security of our user accounts is our top priority. We have taken comprehensive steps to address the situation and will continue to monitor it closely.

Please note: This announcement was written with the assistance of ChatGPT, an artificial intelligence developed by OpenAI.

If you have any questions or concerns, please don't hesitate to reach out.

Thank you for your understanding and your continued trust.