[Meta] Lemmy.world (and some others) were hacked - LemmyWorld (lemmy.world)

submitted 1 year ago by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

There is some information about a vulnerability in the Lemmy frontend.

So I have questions for the SDF mods and admins.

Has this affected our instance in any way?
Has the fix been applied to our frontend?

Or is our instance like the Elusive Joe, and we're not so big yet that we're worth hacking?

top 5 comments

sorted by: hot top controversial new old

[-] [email protected] 12 points 1 year ago

Earlier this morning all four lemmy (lemmy.sdf.org, lemmy.sdfeu.org lemmy.sdfjp.org and lemmy.sdfcn.org) instances were updated to UI: 0.18.2-rc.1 BE: 0.18.1-10-g9c2490d4f.

[-] [email protected] 5 points 1 year ago

Oh, exactly! There's a pinned post in the community that reports Lemmy version updates on the server.

[-] [email protected] 3 points 1 year ago* (last edited 1 year ago)

This seems like a rather new situation. The Github links below seem to mention that other instances were also suffering problems.

https://github.com/LemmyNet/lemmy-ui/issues/1895

https://github.com/LemmyNet/lemmy-ui/pull/1897

It appears like a fix was only made available about an hour ago.

https://github.com/LemmyNet/lemmy-ui/issues/1895#issuecomment-1629219976

[-] [email protected] 3 points 1 year ago* (last edited 1 year ago)

changing your settings (which shows your e-mail)

Do some instances require an email address? SDF didn't when I signed up, which I thought was awesome.

[-] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Some do. E.g. lemmy.world.

For some instances, email can be filled and isn't mandatory. E.g. beehaw.org.

load more comments

this post was submitted on 10 Jul 2023

27 points (100.0% liked)

sdfpubnix

1299 readers

1 users here now

Fans of SDF

founded 1 year ago

MODERATORS

[email protected]