in a minute I’m going to restart the backend to apply a fix for a very severe account migration vulnerability that can be exploited to cripple a larger instance

outline of the bug and how it was discovered: https://gitlab.com/soapbox-pub/rebased/-/issues/107

for instance admins, comment out post("/move_account", UtilController, :move_account) in lib/pleroma/web/router.ex and recompile pleroma to avoid this vulnerability until a patch is in place

what does this mean for you?

account move activities will be disabled on poast until there is a patch in place to prevent this from happening in future. thank you for your patience over the last 24 hours and see you on the other side friend