As some have pointed out, there was a serious xss vulnerability in lemmy disclosed yesterday. The Lemmy team released a fix a bit ago and I’ve since patched infosec.pub.

  • br3ad@infosec.pub
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 year ago

    Thank you!

    What is the responsible way for testing Lemmy security? Is there currently any effort by users of this instance and other infosec related instances (if any) for finding and reporting security vulnerabilities?