This issue is already quite widely publicized and quite frankly “we’re handling it and removing this” is a much more harmful response than I would hope to see. Especially as the admins of that instance have not yet upgraded the frontend version to apply the urgent fix.

It’s not like this was a confidential bug fix, this is a zero day being actively exploited. Please be more cooperative and open regarding these issues in your own administration if you’re hosting an instance. 🙏

  • exu@feditown.com
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    From what I found digging through some posts, this exploit only works if your instance uses custom emoji. Federated custom emoji are apparently harmless.

    • andrew@lemmy.stuart.funOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Yes, if you have no custom emoji on your instance, you should not be vulnerable. A valid workaround before the fix is also to just remove all custom emoji, from what I’ve also read.