Replying to Avatar Alex Gleason

Pleroma is full of security vulnerabilities because OnlyFans paid people on Upwork to implement a bunch of features nobody wants.

Have you ever tried downloading an emoji pack from a server? No? Well that's the vulnerable code.

Anyway, hopefully everyone is using s3 for uploads by now and has the dedupe filter enabled.

Patch is being merged into Rebased now: https://gitlab.com/soapbox-pub/rebased/-/merge_requests/263

A patch was ready yesterday but I figured I'd wait til after it landed upstream first.

nostr:note1ch09jq7ywc26h8jdprrd3k67ufllqy7fm5t3qd2lxeud9kvtrwnsc7p442

Avatar
dog's best friend 2y ago

also Elixir is memory/thread safe, so no it's not "full of vulnerabilities".

Reply to this note

Please Login to reply.

Discussion

No replies yet.