July 10th 12:45PM - We we’re alerted to a new XSS vulnerability: https://sh.itjust.works/post/923025
July 10th 12:47PM - We decide to shut down lemmy.perthchat.org immediately and wait for a patch, we made an announcement to our users on Matrix: https://matrix.to/#/!zqxQRlJmlkwGhNnGBM:perthchat.org/$jKSuVTMj00MAkTTYyBMBe6wnITa0db7aS3pC2W4MbdQ?via=matrix.org&via=perthchat.org&via=t2bot.io
Today we looked into this further and it turns out we were not effected by this recent security bug. This was due to me having no time to upgrade the service to the vulnerable version! xD
pcadmin@lemmy:~$ sudo docker exec -it lemmy_postgres_1 /bin/bash
968768e0d9fa:/# su - postgres
968768e0d9fa:~$ psql -U lemmy lemmy
psql (15.3)
Type "help" for help.
lemmy=# SELECT * FROM custom_emoji;
ERROR: relation "custom_emoji" does not exist
LINE 1: SELECT * FROM custom_emoji;
^
lemmy=# SELECT * FROM custom_emoji_keyword;
ERROR: relation "custom_emoji_keyword" does not exist
LINE 1: SELECT * FROM custom_emoji_keyword;
^
The latest 0.18.2 update has now been applied to this service and we’re open for business again. Thanks for choosing Perthchat.org!