🚨🚨 Update your Kbin instance now! 🚨🚨

updates·Mbin Blog Updatesbymelroy

🚨🚨 Update your Kbin instance now! 🚨🚨

Dear kbin server owners, upgrade your Kbin instance now! Ernest just merged a critical hot fix into the develop branch.

If you don't update, your Kbin instance is vulnerable for HTML/JS injection. Which allows bad actors to do very nasty things on your instance and attack your visitors on your site.

Commit: https://codeberg.org/Kbin/kbin-core/commit/8ee87ba9fbb3192865dfebb054bec3da56b9493e

View original on kbin.melroy.org

Comments10

sarsaparilyptus

lemmy.fmhy.ml

Thanks the hot tip, I'm attacking eveny kbin instance while I still can!

melroy reply

kbin.melroy.org

Thanks you for your compassion.

melroy reply

kbin.melroy.org

@sarsaparilyptus Lemmy got hacked..

sarsaparilyptus reply

lemmy.fmhy.ml

That wasn't me, I was in the comfort of my living room jacking it to Sonic R34 all night last night

melroy reply

kbin.melroy.org

@sarsaparilyptus too much info

Mic_Check_One_Two

lemmy.world

Honestly, the fact that kbin was open to injection attacks in the first place is hilarious. That’s like day 1 cybersecurity training.

Anyone have the Bobby Tables xkcd handy?

Edit: Found it.

melroy reply

kbin.melroy.org

@Mic_Check_One_Two Actually it was just since recently the case. Kbin used to escape the content, of course.. But after an upgrade to a newer Markdown parser version, it was overlooked in a PR.

We are recently approved for the Codeberg CI, hopefully allowing us to setup a good CI/CD pipeline. Avoiding these kind of regressions in the first place. Kbin is still in beta.

melroy reply

kbin.melroy.org

@Mic_Check_One_Two Oopsy.. now lemmy.world is hacked.

Putykat

lemmy.world