• canpolat
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    1 year ago

    Here is my understanding:

    Recently, a security vulnerability of Lemmy has been exploited by some malicious actors. This lead to some instances going down. The vulnerability has been fixed with version 0.18.2-rc.1 of lemmy-ui. But due to the way Lemmy issues and uses access tokens, the sessions has been invalidated in the database. So, the admins are recommending the users to log out and log back in if they haven’t done so after the upgrade to version 0.18.2-rc.1 of lemmy-ui.

    But I may be wrong. Perhaps others can provide a more accurate description.

    • jormaig
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I’m in jerboa but everything seems to continue working. Is this normal?

      • canpolat
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        To be honest, I cannot be sure that session invalidation actually worked. I could use the session from the day before as well. But the vulnerability was in lemmy-ui, and people not using the web site directly should be fine, I guess. If you want to be on the safe side, you can log out and log back in. It takes only a few seconds.