Dear kbin server owners, upgrade your Kbin instance now! Ernest just merged a critical hot fix into the develop branch.
If you don’t update, your Kbin instance is vulnerable for HTML/JS injection. Which allows bad actors to do very nasty things on your instance and attack your visitors on your site.
Commit: https://codeberg.org/Kbin/kbin-core/commit/8ee87ba9fbb3192865dfebb054bec3da56b9493e
Thanks the hot tip, I’m attacking eveny kbin instance while I still can!
Thanks you for your compassion.
@sarsaparilyptus Lemmy got hacked…
That wasn’t me, I was in the comfort of my living room jacking it to Sonic R34 all night last night
@sarsaparilyptus too much info
Honestly, the fact that kbin was open to injection attacks in the first place is hilarious. That’s like day 1 cybersecurity training.
Anyone have the Bobby Tables xkcd handy?
Edit: Found it.
@Mic_Check_One_Two Actually it was just since recently the case. Kbin used to escape the content, of course… But after an upgrade to a newer Markdown parser version, it was overlooked in a PR.
We are recently approved for the Codeberg CI, hopefully allowing us to setup a good CI/CD pipeline. Avoiding these kind of regressions in the first place. Kbin is still in beta.
@Mic_Check_One_Two Oopsy… now lemmy.world is hacked.
deleted by creator
