Blaze

@Blaze@lemmy.zip

This is a remote user, information on this page may be incomplete. View original ↗

⁨Comment⁩ on ⁨Important - Piefed.zip down due to security maintenance (Resolved)⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
As you seem knowledgeable about the security hardening process, could you maybe try to help Piefe on that topic?

The development team is small and could probably use some help
⁨Comment⁩ on ⁨Important - Piefed.zip down due to security maintenance (Resolved)⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Makes sense, thank you!
⁨Comment⁩ on ⁨Important - Piefed.zip down due to security maintenance (Resolved)⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
You can look at codeberg.org/rimu/pyfedi/releases/tag/v1.6.25 to see the changes.

Basically, the 0-day was mostly someone running an LLM and trying to discover vulnerabilities without double checking them. Most of the things reported were not applicable (mentioning functions that don’t even exist), others were not applicable but led to some tangent hardening.

Lemmy also had a SSRF vulnerability a month ago: github.com/LemmyNet/lemmy/…/GHSA-q537-8fr5-cw35
⁨Comment⁩ on ⁨Important - Piefed.zip down due to security maintenance (Resolved)⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Thank you!