this post was submitted on 11 Jul 2023
245 points (100.0% liked)

Announcements

765 readers
121 users here now

Official announcements from the Lemmy project. Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates.

You can also find major news on join-lemmy.org

founded 5 years ago
MODERATORS
top 22 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 77 points 1 year ago (1 children)

Thanks for releasing it so quickly!

This "sunaruas" sounds like a cool guy ๐Ÿ˜›

[โ€“] [email protected] 9 points 1 year ago

Somebody should give that guy a raise!

[โ€“] startlefrenzy 38 points 1 year ago (1 children)

Glad to see Lemmy is responding quick to exploits. Does Lemmy have a plan to prevent any other exploits that may be lying around such as a routine security audit?

[โ€“] [email protected] 69 points 1 year ago (1 children)

All the code is open source, everyone is welcome to look through it for potential problems and report/fix them. we dont have any money to pay for a professional audit. Maybe there are some organizations which would do audits of open source projects for free, might be worth searching for.

[โ€“] Zeth0s 25 points 1 year ago (2 children)

We use sonarqube for code analysis that is pretty nice and has a community edition. It isn't a bullet proof solution, but it is pretty convenient for maintainers and reviewers of PRs. The only thing missing from the enterprise edition are useless flashy dashboards to show to people who don't understand computers

[โ€“] [email protected] 10 points 1 year ago (3 children)

I do have a Sonarqube server somewhere around. Is it considered an annoying behavior to scan an open source project and open issues for others to fix?

[โ€“] [email protected] 23 points 1 year ago (1 children)

That depends, it would be annoying if you open lots of issues for minor, unimportant issues. But if you find a few major problems its good to report them. Of course its always ideal if you submit fixes as well, because there are never enough devs.

[โ€“] [email protected] 7 points 1 year ago

I'm way too lazy to code when I'm off work

[โ€“] JoeKrogan 3 points 1 year ago

I think its better to detect something early even if there is not a fix as it at least can be triaged and others can fix it if the original reporter is unable to devote the time or whatever

[โ€“] Zeth0s 2 points 1 year ago

Better ask the lead developers... :)

[โ€“] [email protected] 2 points 1 year ago (1 children)
[โ€“] Zeth0s 1 points 1 year ago

No, you are right... Time to hire 3 PMOs per developer to copy and paste random numbers in well formatted tables on outlook, and send it around in the mailing list with CIO and directors.

And publicly shame developers if some meaningless number goes down

/s

[โ€“] [email protected] 16 points 1 year ago (1 children)

Given that the exploit was literally yesterday, you guys are damn fast!

[โ€“] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Yeah this was a fast turnaround, they did a great job. Autocorrect messed me up

[โ€“] [email protected] 9 points 1 year ago

Thanks for the prompt fixes

[โ€“] ulu_mulu 5 points 1 year ago

Thank you for reacting so quickly!

[โ€“] [email protected] 5 points 1 year ago

and docker images for arm64 are ready as well :)

[โ€“] [email protected] 3 points 1 year ago
[โ€“] [email protected] 1 points 1 year ago

is it me or front is broken?

[โ€“] [email protected] 1 points 1 year ago

Thanks for the quick update on this!

[โ€“] [email protected] 1 points 1 year ago (1 children)

Hey one quick question.. the Ansible playbook doesn't look like it's been updated to 0.18.2 or at least the instructions don't state how to pull it. Any chance this could get fixed/clarified in the release notes?

[โ€“] [email protected] 1 points 1 year ago

Its updated: https://github.com/LemmyNet/lemmy-ansible/blob/main/VERSION

You need to run git pull in the repo and then rerun ansible.

load more comments
view more: next โ€บ