Between 19:45 UTC and 19:50 UTC, there was a mistake in how information was stored temporarily (cached) on Beehaw. This mistake could have allowed some people to see and use other people’s accounts without permission.

If you were using the website during that time, please check that your account settings and email address are still correct. Also, make sure that any posts or actions you made during that time are still connected to your account.

It’s important to note that we don’t have any proof that this error was actually used by anyone to do anything bad during the short time it happened.

  • Helix 🧬@feddit.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    was this a problem with an nginx configuration option?

    Basically, this was proxy_cache_key being configured incorrectly. If you don’t use the proxy_cache you should be fine.

    The only thing we changed from the norm is ulimits and some nginx settings. If we figure out what works well, we’ll probably create a post about how to host lemmy. If you stick to the defaults, you’ll be mostly fine if your instance isn’t as big as Beehaw’s.

      • Helix 🧬@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Not yet. Session tracking in Lemmy is pretty hard to proxy, I’ll have to dive into the code to figure out why.