This issue is already quite widely publicized and quite frankly “we’re handling it and removing this” is a much more harmful response than I would hope to see. Especially as the admins of that instance have not yet upgraded the frontend version to apply the urgent fix.
It’s not like this was a confidential bug fix, this is a zero day being actively exploited. Please be more cooperative and open regarding these issues in your own administration if you’re hosting an instance. 🙏
From what I found digging through some posts, this exploit only works if your instance uses custom emoji. Federated custom emoji are apparently harmless.
Yes, if you have no custom emoji on your instance, you should not be vulnerable. A valid workaround before the fix is also to just remove all custom emoji, from what I’ve also read.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
From what I found digging through some posts, this exploit only works if your instance uses custom emoji. Federated custom emoji are apparently harmless.
Yes, if you have no custom emoji on your instance, you should not be vulnerable. A valid workaround before the fix is also to just remove all custom emoji, from what I’ve also read.