There’s plenty of posts on the topic about Lemmy.world being compromised, followed by the exploit being tracked back to an XSS exploit that I believe works on instances with custom emojis enabled. Many instances have been quick to jump on this such as feddit.uk and Behaw which took itself down temporarily.

Does this affect sh.itjust.works?

If so what are the admins doing about it?

Can we get some sort of admin post about this? Last update from them was some time ago.

Hopefully the admins have 2FA enabled on their accounts.

  • TheDude@sh.itjust.worksM
    link
    fedilink
    English
    arrow-up
    77
    ·
    1 year ago

    Hey all,

    As others mentioned we did not have custom emojis so we were not affected by this particular attack. I have since upgraded our UI to 0.18.2-rc.1 which mitigates this XSS vulnerability.

    • CannedTuna@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      1 year ago

      Hey, thanks Dude for your reply! I’m glad to hear this instance isn’t affected and y’all already pushed a fix. Thanks for all you do.

    • 🐱TheCat@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Good to know and a strong argument for not jumping to implement brand-new features (let the others be testers haha)

    • Artemis@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I love that you chose TheDude for your account name as the admin of this instance. It just fits so well

      • CannedTuna@sh.itjust.worksOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        The Dude abides.

        Edit: TheDude@sh.itjust.works instead of “buy me a coffee”, it should be “buy me a White Russian”