We have little information currently, but we may at least lock the site down for preemptive safety reasons. There seems to be a serious XSS vulnerability within lemmys code. We have disabled community creation temporarily and are contemplating taking the site down temporarily as well. Please find us below and stay safe, ya’ll.
https://mastodon.world/@lemmynsfw https://matrix.to/#/#lemmynsfw:matrix.org
EDIT: For the time being we have disabled federation, new user sign ups, and community creation.
Good luck. The real problem is that bugs like this in your code that lead to easy XSS script loads like this tend to point to a bigger problem.
I agree. There needs to be an audit of lemmy entire source.
This is on top of the privacy concerns and huge potential for vote manipulation.
What are these concerns and are they unique to Lemmy vs other fediverse type software like Mastodon?
Thanks for the heads up! Sounds serious. Keeping fingers crossed that it will get fixed quickly.
deleted by creator
huh, same as my luggage
Damn. I thought my password of 1234 was solid but you guys took it to the next level with FIVE characters!
hunter2
Upvoting for spaceballs
Everyone should be using a password manager like 1password, bitwarden, etc. I personally use 1password after using LastPass for years. I’m not going to debate the merits of each, all that matters is to pick one that works for you and use it.
