General Lemmy.Cafe

This addresses the issue some instances had today with the XSS attack.

This addresses the issue some instances had today with the XSS attack.

There has been a vulnerability discovered in Lemmy. I have no reason to believe lemmy.cafe itself has been breached. We do no have any custom emojis, which appears to have been the culprit of some XSS attack.

As a safety precaution, however, I have applied the suggested fix and rotated the JWT token, which will have invalidated everyone's session.

There has been a vulnerability discovered in Lemmy. I have no reason to believe lemmy.cafe itself has been breached. We do no have any custom emojis, which appears to have been the culprit of some XSS attack.

As a safety precaution, however, I have applied the suggested fix and rotated the JWT token, which will have invalidated everyone's session.

It looks like several Lemmy instances were exploited last night. It doesn't appear that much damage has been done, but users may have to log out and back in if they use mobile apps.

@[email protected] have you found any indication that lemmy.cafe may have been targeted too?

It looks like several Lemmy instances were exploited last night. It doesn't appear that much damage has been done, but users may have to log out and back in if they use mobile apps.

@[email protected] have you found any indication that lemmy.cafe may have been targeted too?

Right now there appears to be a bug where if english is the only language selected in the instance settings, Jerboa will never succeed posting, commenting, messaging, etc.

Adding undetermined back to the list has fixes it.

Right now there appears to be a bug where if english is the only language selected in the instance settings, Jerboa will never succeed posting, commenting, messaging, etc.

Adding undetermined back to the list has fixes it.

Backend 0.18.1-rc.10 UI: 0.18.1-rc.11

Backend 0.18.1-rc.10 UI: 0.18.1-rc.11

I have added threads to the blocklist. It does not show up on instance list, yet as I believe the server is simply unreachable due to disabled federation on Threads' end.

As for the reason - I don't feel comfortable providing data to Meta. At the moment Lemmy software is very trusting and every instance syncs quite a bit of data about users from other instances.

I have added threads to the blocklist. It does not show up on instance list, yet as I believe the server is simply unreachable due to disabled federation on Threads' end.

As for the reason - I don't feel comfortable providing data to Meta. At the moment Lemmy software is very trusting and every instance syncs quite a bit of data about users from other instances.

Due to lemmy.world DoSing us whenever their servers decide it's our turn to get all their data I started looking into ways to create headroom for Lemmy Cafe without increasing the bill as under normal circumstances there are plenty of resources.

This has lead me to the blocklist that blackholes all kinds of scrapers and known bad actors.

Due to lemmy.world DoSing us whenever their servers decide it's our turn to get all their data I started looking into ways to create headroom for Lemmy Cafe without increasing the bill as under normal circumstances there are plenty of resources.

This has lead me to the blocklist that blackholes all kinds of scrapers and known bad actors.

This is a new domain on an IP that was fairly recently assigned to it. All main email providers blacklist anything that is not gmail, outlook or aws by default. Nothing I can do about it, other than becoming part of the problem and paying them to host this instance's email.

This is a new domain on an IP that was fairly recently assigned to it. All main email providers blacklist anything that is not gmail, outlook or aws by default. Nothing I can do about it, other than becoming part of the problem and paying them to host this instance's email.

Both backend and frontend. Also updated pict-rs to 0.4.0-rc.10

Both backend and frontend. Also updated pict-rs to 0.4.0-rc.10