Suboptimal ways to respond to a public security incident
This issue is already quite widely publicized and quite frankly "we're handling it and removing this" is a much more harmful response than I would hope to see. Especially as the admins of that instance have not yet upgraded the frontend version to apply the urgent fix.
It's not like this was a confidential bug fix, this is a zero day being actively exploited. Please be more cooperative and open regarding these issues in your own administration if you're hosting an instance. 🙏
You are viewing a single comment
Ahh, ok. That's helpful, thanks!
This is going to seem silly in the context of such a severe exploit but one quirk about our instance is that we literally do not have a "general discussion" /c/. The biggest one is scoped to Star Trek and so a Lemmy exploit is obviously outside the scope of ... Star Trek. I would wager that's the main reason the mod removed the post, but I will admit that just pointing this out, I feel like the forum mod from the short story Wikihistory.
I'm in contact with the admins who manage the hosting, they are coordinating an update 0.18.2-rc1 as we speak. Also, there's already been some discussion about setting up a general discussion /c/ on our instance and so I'll include instance security in the scope of that /c/.
You mentioned elsewhere in this thread there is a Lemmy admins Matrix room. Is my instance big enough for my admins to be invited? If yes, who can I point them at to get in?
That's definitely good to hear! Timely upgrades for the bigger communities will be important.
Afaik the Lemmy Matrix rooms are all public. I wasn't invited myself; just found them via Matrix search and jumped in.
And we're updated! Thank you for your advice, we really appreciate it.