@astra Can always just do a Rails console command or DB query I guess
wielder of digital duct tape. toots about politics and techie things 👩🏻💻. this is my personal account, you can follow my professional account @effye. i run https://relay.gay too. toots my own.
@astra Can always just do a Rails console command or DB query I guess
@astra if the API is working that should be easy enough
@fractum Added to the allowlist now, sorry for the delay.
I really need to find someone to take over running relay.gay because I am not managing to find the time/energy to respond to join requests.
@astra apparently
#mastoadmin people: how safe is it to include headers in `tootctl media remove`? I noticed it's not in the default, and my server is building up a huge collection.
blugh, never fixed the issue where certbot renewal doesn't reload nginx, and both my masto instance and relay.gay have had an invalid cert for weeks bc I'm never on fedi these days to notice
test toot
@adra testing
test toot
No mention of the "cyber guns" this time.
@0x4d6165 Should be allowlisted now :)
Australia's Minister for Cyber Security Clare O'Neil making a recent announcement of Cyber Sanctions.
Yikes, this is incredibly bad. CVSS 9.4 / 10 account takeover vuln in Mastodon. If you run a Mastodon instance, update like, right now. https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw
We just released critical security patches for versions 4.1, 4.2, nightly, and the already discontinued 3.5 and 4.0.
If you are using nightly, you can upgrade to the `4.3.0-nightly.2024-02-02-security` tag to get the patch.
Please upgrade as soon as possible!
IMPORTANT UPDATE, BOOST THIS POST
A critical vulnerability has been found in Sharkey Twitter imports that can lead to arbitrary code execution, we urge all instance admins to IMMEDIATELY update or to disable Note Imports via roles for the time being, steps are being taken to prevent such events in the future.
NOTE:
this happened during our git migration please update your repos and docker images to the following to update to the latest version
Git Users:
run the following in the sharkey foldergit remote set-url origin https://activitypub.software/TransFem-org/Sharkey.git
then do a git pull
Docker Users:
replace the image: part of your docker compose withimage: registry.activitypub.software/transfem-org/sharkey:latest
Note replace latest with develop if u used that branch, also replace stable with latest if u used that tag
after this announcement was made the all affected docker images will be deleted to prevent users from using them and the old git repo will be redirected to the new one
Thanks to @ChaosKitsune@woem.men and @sugar@transfem.social for Reporting and Fixing the issue
Still needs a bunch of work but I'm happy with where I got to tonight. https://dalekfacts.enchanting.dev
Faced with a choice of paying $20 or *sending a letter*, and it's... a difficult decision.