Blahaj Lemmy Meta

2619 readers

1 users here now

Blåhaj Lemmy is a Lemmy instance attached to blahaj.zone. This is a group for questions or discussions relevant to either instance.

founded 2 years ago

MODERATORS

[email protected]

Update to 0.19.11 needed - Purging users or communities or banning users can delete images they didn't upload/exclusively use (github.com)

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

This release fixes a security vulnerability which allows an attacker to delete images uploaded by other users. You can read the details in the security advisory. Thanks to @Nothing4You for discovering and fixing it.

An improper uploaded media ownership check can result in inadvertent deletion of media when a user is banned with content removal or purged. This can lead to deletion of media that was not uploaded by the banned/purged user. This also applies to purged communities, in which case all media posted in that community will get deleted without proper ownership check. This is limited to media with an image/* content-type returned by pict-rs.

In addition to the fun changelog:

https://join-lemmy.org/news/2025-04-08_-_Lemmy_Release_v0.19.11

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 month ago

Great!