Notices where this attachment appears
-
jejune :abunhdhappy: (kaniini@pleroma.site@pleroma.site)'s status on Thursday, 23-Aug-2018 01:44:36 UTC 
jejune :abunhdhappy:
pleroma folks: update your instances NOW.
there is a serious denial of service vulnerability that is trivial to leverage: if an attacker sends an otherwise valid Activity to us without a valid ID, pleroma will wind up inserting a node into it's object graph with an empty ID.
if you cannot rebase your tree on latest, the necessary patches are here: https://git.pleroma.social/pleroma/pleroma/merge_requests/286.
Bobinas P4G is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.
All Bobinas P4G content and data are available under the Creative Commons Attribution 3.0 license.