Hey there, in case you had not noticed it, we released Friendica 2024.02-rc on Wednesday. Among the unlisted things in the release note are bug fixes for two security/privacy related bugs that have been found in 2023.12.
If you have not yet updated to the 2024.03-RC, personally I would encourage you to do so (or to the latest development branch, there the fixes are included as well). The RC branch is pretty stable and we aim for a release as early in March as possible.
In case you have not installed Friendica using git, but with the archive files, please have a look at the 2023.12 release notes and pick the latest archives from files.friendi.ca (there is already a friendica-full-2024.03-rc archive, but for the addons you need to take the friendica-addons-2024.03-dev archive as the RC branch had not seen any commits for the addons so far).
转发了
Andy HΞ3
回复Tobias • • •Thanks for the heads-up, Tobias!
@Tobias
Sarah Brown
回复Tobias • • •Kana Kana
回复Sarah Brown • •If you are using Docker, the 2024.03-dev tag seems to contain the fix already (still not sure that the other fix though), so probably you can try that. (However, 2024.03-dev may be less stable than 2024.03-rc.)
Friendica Admins转发了
Sarah Brown
回复Kana Kana • • •Tobias
回复Sarah Brown • • •Sarah Brown
回复Tobias • • •utopiArte
回复Tobias • • •> in the release note are bug fixes for two security/privacy related bugs that have been found in 2023.12
Are these security issues specific to 2023.12 or do they date back to older versions?
If so:
Some way to know when this security issue came up?
Some easy fix inside existing older installations to fix those security/privacy bugs?
Friendica Admins转发了
utopiArte
回复utopiArte • • •I found this issue description on github:
Fix several vulnerabilities (#13927)
github.com/friendica/friendica…
Are these the mentioned problems?
Are they only relevant/exploitable by users that have a profile on the server?
Friendica Admins转发了