In case you’re not aware, multiple Lemmy instances suffered hacks recently that allowed the hackers to gain admin privileges and deface the instances and/or redirect users to other sites. Luckily, midwest.social was not a victim of this from what I can tell. To mitigate any more issues I have deleted the single custom emoji that had been uploaded and rotated the JWT which means you will have to log in again on all your devices.

Update: The devs have released 0.18.2 with a security fix for this and I’ve upgraded to it.

    • SaintWacko
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Oh. Wow, was that bit about the JWT always there? Did I just completely gloss over it?