freeman

@freeman@lemmy.pub

This profile is from a federated server and may be incomplete. Browse more on the original instance.

What's the benefit of using Kbin over Lemmy?

I see a very small minority of people using Kbin, but I don’t understand why....

freeman, 2 years ago

Customizations brought vulns on Lemmy with the custom emojis introducing XSS vulns and a few takeovers in the recent weeks.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

freeman, 2 years ago

The custom emoji’s was a developed feature of Lemmy pushed out in their UI code. Even the project mainters instance was affected. Its why 0.18.2 was released.

join-lemmy.org/…/2023-07-11_-_Lemmy_Release_v0.18…

Thats not on server/infra operators. It was a vuln in the core UI code. Some operators DID patch it themselves (i think Beehaw is one), others were less affected (ie: My instance is closed and i dont use custom emjis anyhow), but those are features introduced by the maintainers and some of the bigger instances would get requests for them anyhow. So it was a problem.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...