Hi everyone.

Lemmy had an XSS vulnerability and we were one of the instances attacked through this vulnerability. We had our homepage replaced by a youtube video.

The lemmy devs were quick to create a PR for this issue and we have patched our instance to fix it,

Also while I do not believe any login tokens were compromised, we have taken the additional measure of rotating our secret key, so everyone will have to login to the site again as your existing credentials will no longer be valid.

If login fails to work properly, you may have to clear your cookies for the site… it seems to get confused about whether you’re logged in or not.

Sorry that this happened, if you have any questions please contact @[email protected] or myself.

blobcat, heart

  • NaN
    link
    fedilink
    English
    51 year ago

    Something still seems broken on the home page. Multiple browsers, clearing cookies, private mode, etc have the same error message. Voyager is also unable to log in. Memmy working ok.

    Home page and almost every link from the home page look the same.

    • Kaity AOPM
      link
      fedilink
      English
      101 year ago

      Sorry about this. It was caused by an erroneous emojo making the site info endpoint fail to load. Issue is fixed now.

      • NaN
        link
        fedilink
        English
        51 year ago

        I noticed right away, thanks for the hard work!