Update The upgrade was done, DB migrations took around 5 minutes. We’ll keep an eye out for (new) issues but for now it seems to be OK.

Original message We will upgrade lemmy.world to 0.18.3 today at 20:00 UTC+2 (Check what this isn in your timezone). Expect the site to be down for a few minutes. ““Edit”” I was warned it could be more than a few minutes. The database update might even take 30 minutes or longer.

Release notes for 0.18.3 can be found here: https://github.com/LemmyNet/lemmy/blob/main/RELEASES.md

(This is unrelated to the downtimes we experienced lately, those are caused by attacks that we’re still looking into mitigating. Sorry for those)

  • afoutopatisa
    link
    English
    51 year ago

    Any idea if 18.3 will be able to provide more security?

    • @[email protected]
      link
      fedilink
      English
      15
      edit-2
      1 year ago

      in some ways: they now sanitize input so things like the xss attack a while ago is much much harder.

      will it solve the ddos attacks they’re experiencing? nope.

      • Redjard
        link
        fedilink
        English
        61 year ago

        Doesn’t it drastically improve performance? I’d say that will help with ddos, more requests can slip through before it affects performance

      • Nato Boram
        link
        fedilink
        English
        71 year ago

        This version brings major optimizations to the database queries, which significantly reduces CPU usage. There is also a change to the way federation activities are stored, which reduces database size by around 80%. Special thanks to @phiresky for their work on DB optimizations.

        The federation code now includes a check for dead instances which is used when sending activities. This helps to reduce the amount of outgoing POST requests, and also reduce server load.

        In terms of security, Lemmy now performs HTML sanitization on all messages which are submitted through the API or received via federation. Together with the tightened content-security-policy from 0.18.2, cross-site scripting attacks are now much more difficult.