TLDR;
CompuVerse was unaffected by this issue, as we did not have any custom emoji.
Your accounts are safe, and no information has been leaked from this instance.
Long-Form
It’s recently been brought to my attention that Lemmy had a bug in regarding the handling of custom emoji. More information can be found at this link, however the key takeaways are that the exploit relied on custom emoji. CompuVerse does not have (and has not had) any custom emoji. So thankfully our instance has been unaffected.
Out of an abundance of caution, I have rotated the JWT secret, so if you needed to login again, this is why, and I apologise for the inconvenience!
Custom emoji which were federated over from other servers apparently do not cause the same issue, so we are safe on this front also.
I have also updated the instance to the latest available version of Lemmy to patch the bug properly.
Unfortunately, this has the side effect of breaking our custom CSS theme, so I have reset to the default theme for the time being. I am working on updating the theme to suit as we speak.
So, as a quick recap:
- CompuVerse was unaffected by this issue
- We have rotated JWT secrets as a precaution
- We have updated the instance to a version with this security flaw removed
- The update has broken the custom CSS theme. I am working on updating this as quickly as I can!
Good to know this instance was unaffected!
Excellent work. Super fast. I didn’t even see the default theme.
⭐⭐⭐⭐Oh, that was why the app I was using suddenly stopped working, I just had to log out and log in again.
Good thing though, better safe than sorry. Thanks.