Email or username:

Password:

Forgot your password?
Darius's posts Post Back to profile
Darius Kazemi

This is embarrassing, but about an hour ago I was alerted to an issue where edited, local-only posts in #Hometown were being federated. Please update your Hometown servers ASAP.

More info at the security patch link:

github.com/hometown-fork/homet

Most servers ignore or throw away the leaked data because it's an edit to something that it never received (the original post).

Still, unacceptable, and I'm sorry for this trouble, esp on a Friday night. I will do my best to contact admins individually.

14 Jan 2023 at 1:10 | Open on friend.camp
25 comments
Darius Kazemi

(Hometown admins, if I see you faving this post I will assume you have seen it and I won't DM you!)

14 Jan 2023 at 1:13 | Open on friend.camp
lakelady

@darius could you please point me to something that helps me understand what hometown is and how it fits in the fediverse? Thank you.

14 Jan 2023 at 1:34 | Open on mstdn.social
christa

@darius thank you for quickly fixing it!

14 Jan 2023 at 1:14 | Open on friend.camp
Devine Lu Linvega
Rob Simmons

@darius Now I get to feel clever for waiting until this weekend to upgrade to 1.1 🙃 . (Seriously — thanks for quickly fixing and for all the care you take with Hometown!)

14 Jan 2023 at 1:16 | Open on social.wub.site
Tixie Salander
Wesley Aptekar-Cassels

@darius thanks for the quick fix! just updated.

do you know when this was introduced? was it with the 4.0 update?

14 Jan 2023 at 1:27 | Open on recurse.social
Darius Kazemi

@wesleyac Yes, it was introduced in v1.1.0 (I tried to get that across in the release notes but I see that it could be slightly clearer and will edit that)

14 Jan 2023 at 1:28 | Open on friend.camp
Wesley Aptekar-Cassels

@darius thanks! one more question — do you know why the version number displayed in the footer doesn't update? (i recompiled assets and restarted in case that was it, but no change)

not a big deal, but i don't want people to see the old version number and worry that it's insecure.

14 Jan 2023 at 1:34 | Open on recurse.social
Darius Kazemi
Darius Kazemi

@wesleyac release has been updated in-place, thanks for the notice.

14 Jan 2023 at 1:40 | Open on friend.camp
Misty
Darius Kazemi

@misty You're on an older Hometown so you should be fine, just make sure you update to whatever the latest version is when you do upgrade.

14 Jan 2023 at 1:43 | Open on friend.camp
Misty

@darius I realized after a reread it was specific to edits. I’ll upgrade soon anyway!

14 Jan 2023 at 1:50 | Open on digipres.club
Daneel Adrian Cayce

@darius Thanks so much for the quick fix, and for doing the work to keep us all in the loop. Appreciate it and you. 🌠

14 Jan 2023 at 4:00 | Open on argon.city
Ben Zanin

@darius you're a good and very conscientious developer, Darius.

14 Jan 2023 at 4:23 | Open on mastodon.social
Ben

@darius Thanks for sorting this so quickly. I was just in the weeds catching up on updates as it happened. Managed to get into trouble with unreported compile fails working on the v1.1.0 & 4.0.2 update but got there in end. The new patch was a breeze :)

14 Jan 2023 at 5:16 | Open on avantwhatever.org
Darius Kazemi

@benbyrne awesome. I tried to DM you but your server was down! Did you run out of memory on the compile updates? That's pretty common

14 Jan 2023 at 5:34 | Open on friend.camp
Ben

@darius Cheers. Yeah, and it took me a little while to get to the bottom of it. Always learning.

14 Jan 2023 at 5:46 | Open on avantwhatever.org
Tom
Alexander Bochmann

@darius Thanks for fixing this quickly.

Unrelated (other than I noticed a moment after restarting my Mastodon services following the update) - The "Hometown" - link on the error page on my instance ("We're sorry, but something went wrong on our end.") points to example.org instead of anything useful?

Is there some place where I can change that link?

15 Jan 2023 at 17:49 | Open on mastodon.infra.de
Darius Kazemi

@galaxis that shouldn't be happening. Can you open an issue for it? I'd like to look into this.

15 Jan 2023 at 17:56 | Open on friend.camp
Alexander Bochmann

@darius Ok, will do, after rechecking if I have some setup or config error somewhere.

15 Jan 2023 at 17:58 | Open on mastodon.infra.de
(((o))) Acoustic Mirror

@darius Ah, so that's what it was. @lurk was patched quickly yesterday if I remember correctly. Thank you for all the hard work!

16 Jan 2023 at 10:13 | Open on post.lurk.org
Go Up