Hey there, in case you had not noticed it, we released Friendica 2024.02-rc on Wednesday. Among the unlisted things in the release note are bug fixes for two security/privacy related bugs that have been found in 2023.12.
If you have not yet updated to the 2024.03-RC, personally I would encourage you to do so (or to the latest development branch, there the fixes are included as well). The RC branch is pretty stable and we aim for a release as early in March as possible.
In case you have not installed Friendica using git, but with the archive files, please have a look at the 2023.12 release notes and pick the latest archives from files.friendi.ca (there is already a friendica-full-2024.03-rc archive, but for the addons you need to take the friendica-addons-2024.03-dev archive as the RC branch had not seen any commits for the addons so far).
reshared this
Andy H3
in reply to Tobias • •Thanks for the heads-up, Tobias!
@Tobias
Friendica Admins reshared this.
Sarah Brown
in reply to Tobias • • •Kana Kana
in reply to Sarah Brown • • •If you are using Docker, the 2024.03-dev tag seems to contain the fix already (still not sure that the other fix though), so probably you can try that. (However, 2024.03-dev may be less stable than 2024.03-rc.)
Sarah Brown
in reply to Kana Kana • • •Tobias
in reply to Sarah Brown • • •Sarah Brown
in reply to Tobias • • •utopiArte
in reply to Tobias • • •> in the release note are bug fixes for two security/privacy related bugs that have been found in 2023.12
Are these security issues specific to 2023.12 or do they date back to older versions?
If so:
Some way to know when this security issue came up?
Some easy fix inside existing older installations to fix those security/privacy bugs?
Friendica Admins reshared this.
utopiArte
in reply to utopiArte • • •I found this issue description on github:
Fix several vulnerabilities (#13927)
https://github.com/friendica/friendica/commit/5c5d7eb04fbacbe5987bd83022b158e095d13f13
Are these the mentioned problems?
Are they only relevant/exploitable by users that have a profile on the server?
Friendica Admins reshared this.