Email or username:

Password:

Forgot your password?
All posts dansup's posts Post Back to profile
Top-level
Max

@dansup no offense, but you're saying to update asap, but they you're saying that you want to give admins time to update? i kinda find that rather inconsistent

10 February at 5:49 | Wall-to-wall | Open on furry.engineer
4 comments
dansup

@mdwalters We want to give admins time to update before disclosing more info about the security vulnerability. This is common practice

Cc @thisismissem

10 February at 5:50 | Open on mastodon.social
Emelia πŸ‘ΈπŸ»

@dansup @mdwalters this is actually consistent with best practices: update immediately / as soon as possible, but we're aware people may take some time to upgrade, so we're allowing two weeks before releasing details.

Here's the advisory: github.com/pixelfed/pixelfed/s

10 February at 5:54 | Open on hachyderm.io
Yaksh Bariya

@thisismissem @dansup @mdwalters doesn't the git commit history already reveal everything? I'm not familiar with pixelfed's codebase, but it wont take me a lot of time to figure it out.

10 February at 9:29 | Open on mastodon.social
Emelia πŸ‘ΈπŸ»

@CodingThunder @dansup @mdwalters not necessarily, but if you do go looking, we ask that you keep anything you learn to yourself & wait for the official information on the 25th February.

10 February at 11:22 | Open on hachyderm.io
Go Up