LemmyNet/joinlemmy-site
2
0
Fork 0
mirror of https://github.com/LemmyNet/joinlemmy-site.git synced 2024-11-21 20:01:16 +00:00
Code Issues Projects Releases Wiki Activity

fix

Browse source
This commit is contained in:
Nutomic 2023-07-11 11:02:06 +02:00 committed by GitHub
parent 95c248e35a
commit 0654ff7bb4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/assets/news/2023-07-11 - Lemmy Release v0.18.2.md
View file

@ -6,7 +6,7 @@ Lemmy is a self-hosted social link aggregation and discussion platform. It is co
## Major Changes
This is an emergency release to fix the cross-site scripting vulnerability that was exploited earlier today. The attack used a bug in custom emoji code in order to exfiltrate admin login tokens. This release fixes the bug. Additionally it disallows inline Javascript using [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP). This should ensure that XSS vulnerabilities are impossible from now on.
This is an emergency release to fix the cross-site scripting vulnerability that was exploited yesterday. The attack used a bug in custom emoji code in order to exfiltrate admin login tokens. This release fixes the bug. Additionally it disallows inline Javascript using [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP). This should ensure that XSS vulnerabilities are impossible from now on.
Special thanks to @makotech222 and @sunaruas for these fixes.