this post was submitted on 10 Jul 2023
1 points (100.0% liked)

Meta

85 readers
1 users here now

A community to discuss CompuVerse itself!

founded 1 year ago
MODERATORS
 

TLDR;

CompuVerse was unaffected by this issue, as we did not have any custom emoji.

Your accounts are safe, and no information has been leaked from this instance.

Long-Form

It's recently been brought to my attention that Lemmy had a bug in regarding the handling of custom emoji. More information can be found at this link, however the key takeaways are that the exploit relied on custom emoji. CompuVerse does not have (and has not had) any custom emoji. So thankfully our instance has been unaffected.

Out of an abundance of caution, I have rotated the JWT secret, so if you needed to login again, this is why, and I apologise for the inconvenience!

Custom emoji which were federated over from other servers apparently do not cause the same issue, so we are safe on this front also.

I have also updated the instance to the latest available version of Lemmy to patch the bug properly.

Unfortunately, this has the side effect of breaking our custom CSS theme, so I have reset to the default theme for the time being. I am working on updating the theme to suit as we speak.

So, as a quick recap:

  • CompuVerse was unaffected by this issue
  • We have rotated JWT secrets as a precaution
  • We have updated the instance to a version with this security flaw removed
  • The update has broken the custom CSS theme. I am working on updating this as quickly as I can!
no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here