So by complete luck I found a huge security bug in lemmy as far as I can understand.
How can I test it with the team and disclose it with them?
Edit: I thought it is weird that anyone can access lemmy.ml/setup but upon further investigation I found that no one can use it in anything other than the admins and that users can only signup a normal account from this page rather than admin account.
Which means that this is a feature not a bug.
overall I think admins should hide this page to future proof it from bugs.
You must log in or # to comment.
I would try to contact the head devs, @dessalines@lemmy.ml or @nutomic@lemmy.ml on Matrix, Lemmy have several offical rooms where they hang out.
I don’t have matrix account.
Thank you i opened an issue.