This may impact lemmy.nz as well as it’s a breaking change.

  • z2k_@lemmy.nz
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Didn’t know about the admin lockout bug, that sounds serious.

    • Dave@lemmy.nzM
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      The steps to reproduce don’t seem to have been tested but the current theory is that if a user is federated to a server that has an admin with the same name, and then that user is banned, then it may cause the admin to be un-admined I guess due to an update that doesn’t correctly distinguish the local and remote users.

      Honestly, it’s annoying but may not be a showstopper for upgrading to 0.18

      You can fix it by changing the flag in the database, and it’s not giving the admin permissions to another user which would be a big security problem.

      • sylverstream@lemmy.nzOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Hi @Dave@lemmy.nz my Jerboa app (Android) has auto updated overnight and now I can no longer log in that way as it requires 0.18. Guess I’m not the only one. Did you decide yet if you want to upgrade to 0.18?

        • Dave@lemmy.nzM
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          I did not know that! Thanks for letting me know. I will make upgrading a priority, though we will probably need to turn on registration applications as the cloudflare bot detection doesn’t seem to be working

          • sylverstream@lemmy.nzOP
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Yeah it’s a bit annoying that they didn’t deprecate it instead of just ripping it out. Anyway, I see you’ve updated it to 0.18 :) Hopefully all goes well!

            • Dave@lemmy.nzM
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              There was a technical reason. This version removes websockets, which has performance improvements and solves a lot of outstanding issues.

              Unfortunately the current captcha relies on websockets. The option is actually still there, it just causes an error on the registration page, stops registration from showing, and still doesn’t actually show a captcha.

              Long story short, it’s just broken rather than deliberately removed (though originally they planned on dropping it which is why no effort went into solving the issues.