Is the comment exploit still a vulnerability?
Is the comment exploit still a vulnerability?
Has reddthat.com had any issues with the recent hacks/exploit that some larger instances have dealt with? Were there any precautions that had to be made like rotating the jwt's and hiding the exploit (I don't have a lot of technical knowledge on the subject, so hopefully I'm making sense)? Are we waiting for lemmy devs to make a permanent fix, or is this already happening and I'm just behind on the times? Or does this not affect our instance due to the software version being upgraded? Just curious about if the security breach is something that can be widespread, or if it has already been mitigated around here. Thanks for all that you do for us regardless, I've really enjoyed calling reddthat my new home!
You beat me to making a post about it.
The XSS exploit was related to custom emoji. As we never got round to using the custom emoji in any real use it's a non issue.Also, yes we would have to wait for the devs for a real fix before we can safely go back to using the custom emoji.
I rotated my own jwt, but left everyone else's. :)
TiffI read through some of the "custom emoji exploit" updates earlier today, but wasn't sure if it was still "the latest (or only exploit)", and/or if it applied to our instance at all.
I appreciate your response! I can't even pretend to know what "rotating a jwt" truly entails, but I had read enough to know even less... and I appreciate the response because it helps things make more sense to me! Thanks again for all that y'all do here!