Gregory's Server
PLEROMA ADMINS READ THIS, AKKOMA TOO
Another important pleroma security post: @alex and @graf found ANOTHER injection bug, and this one was probably used for the attack. I think that single user instances are probably not affected, but I wouldn't want to risk it. Move your media and proxy to a subdomain as alex initially recommended, it's not complicated and takes 15 minutes, and eliminates this whole class of bugs.
Fix is being worked on, but just do the media/proxy thing now so you'll never have to worry about this again.
https://webb.spiderden.org/2023/05/26/pleroma-mitigation/
Another important pleroma security post: @alex and @graf found ANOTHER injection bug, and this one was probably used for the attack. I think that single user instances are probably not affected, but I wouldn't want to risk it. Move your media and proxy to a subdomain as alex initially recommended, it's not complicated and takes 15 minutes, and eliminates this whole class of bugs.
Fix is being worked on, but just do the media/proxy thing now so you'll never have to worry about this again.
https://webb.spiderden.org/2023/05/26/pleroma-mitigation/