this post was submitted on 17 Apr 2025
16 points (100.0% liked)

Blahaj Lemmy Meta

2573 readers
9 users here now

Blåhaj Lemmy is a Lemmy instance attached to blahaj.zone. This is a group for questions or discussions relevant to either instance.

founded 2 years ago
MODERATORS
 

This release fixes a security vulnerability which allows an attacker to delete images uploaded by other users. You can read the details in the security advisory. Thanks to @Nothing4You for discovering and fixing it.

An improper uploaded media ownership check can result in inadvertent deletion of media when a user is banned with content removal or purged. This can lead to deletion of media that was not uploaded by the banned/purged user. This also applies to purged communities, in which case all media posted in that community will get deleted without proper ownership check. This is limited to media with an image/* content-type returned by pict-rs.

In addition to the fun changelog:

https://join-lemmy.org/news/2025-04-08_-_Lemmy_Release_v0.19.11

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 4 days ago