Javascript Insertion Media Vulnerability

YunoHost-Apps / akkoma_ynh

Social media based on ActivityPub, fork of Pleroma

https://akkoma.social/

GNU Affero General Public License v3.0

15 stars 6 forks source link

Javascript Insertion Media Vulnerability #29

Closed twizzayy closed 1 year ago

twizzayy commented 1 year ago

This vulnerability was discovered today.

05-25-2023_09:59%:29PM

lapineige commented 1 year ago

Thanks ! I don't know how to fix this, if anyone can help on this :pray:

twizzayy commented 1 year ago

@lapineige floatingGhost has applied a fix and released it.

https://akkoma.dev/AkkomaGang/akkoma/issues/547

lapineige commented 1 year ago

Fixed by #31

twizzayy commented 1 year ago

New patch was released for Oembeds.

lapineige commented 1 year ago

That's the patch from yesterday included in 3.9.3 ? (#34) Or is it a new one ?

twizzayy commented 1 year ago

3.9.3 is the correct version right now.

Can you remind me how to switch a YNH install to the testing branch? Its been a while since I had to do that.

Im trying to find a way to get these new merges.

The YNH updater has not shown any new versions available for a while...

lapineige commented 1 year ago

It was merged. It should show up quickly. If you want to upgrade faster : yunohost app upgrade akkoma -u https://github.com/YunoHost-Apps/akkoma_ynh