PLEROMA ADMINS READ THIS, AKKOMA TOO

Another important pleroma security post: @alex and @graf found ANOTHER injection bug, and this one was probably used for the attack. I think that single user instances are probably not affected, but I wouldn't want to risk it. Move your media and proxy to a subdomain as alex initially recommended, it's not complicated and takes 15 minutes, and eliminates this whole class of bugs.

Fix is being worked on, but just do the media/proxy thing now so you'll never have to worry about this again.

https://webb.spiderden.org/2023/05/26/pleroma-mitigation/