@dansup no offense, but you're saying to update asap, but they you're saying that you want to give admins time to update? i kinda find that rather inconsistent
Top-level
4 comments
Emelia πΈπ»
@dansup @mdwalters this is actually consistent with best practices: update immediately / as soon as possible, but we're aware people may take some time to upgrade, so we're allowing two weeks before releasing details. Here's the advisory: https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf
Yaksh Bariya
@thisismissem @dansup @mdwalters doesn't the git commit history already reveal everything? I'm not familiar with pixelfed's codebase, but it wont take me a lot of time to figure it out.
Emelia πΈπ»
@CodingThunder @dansup @mdwalters not necessarily, but if you do go looking, we ask that you keep anything you learn to yourself & wait for the official information on the 25th February. |
@mdwalters We want to give admins time to update before disclosing more info about the security vulnerability. This is common practice
Cc @thisismissem