Update for recent vulnerability

ubergeek77 / Lemmy-Easy-Deploy

Deploy Lemmy the easy way!

MIT License

133 stars 14 forks source link

Update for recent vulnerability #42

Closed nealhead closed 1 year ago

nealhead commented 1 year ago

Has this script been updated to reflect the vulnerability from yesterday that allowed stealing tokens from custom emoji?

ubergeek77 commented 1 year ago

Hello!

No Lemmy-Easy-Deploy update is necessary, LED already lets you update to any custom rc version.

A fix was tagged in the UI repo as 0.18.2-rc.1, so you just need to force an update to that tag:

./deploy.sh -w 0.18.2-rc.1 -f

As of right now, there are no new backend tags, but if you take a look at the --help page (or the README), you can learn how to update to backend RC versions in the same way.

nealhead commented 1 year ago

Awesome! Thank you for the quick response!

ubergeek77 commented 1 year ago

You're welcome! If I heard right, this vulnerability also doesn't effect you unless you have custom emojis.