This issue is already quite widely publicized and quite frankly “we’re handling it and removing this” is a much more harmful response than I would hope to see. Especially as the admins of that instance have not yet upgraded the frontend version to apply the urgent fix.

It’s not like this was a confidential bug fix, this is a zero day being actively exploited. Please be more cooperative and open regarding these issues in your own administration if you’re hosting an instance. 🙏

  • 𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I think the authoritative source should be the GitHub repo. A security advisory should be posted there with references to outside resources as necessary.

    • fuser@quex.cc
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      checks all the boxes - authoritative (authenticated user accounts), central location, not on fediverse, already relatively well-known by lemmy users and provides visibility to remediation. It’s a good idea.