~sircmpwn/sr.ht-admins

Security vulnerability requires updates to meta, git, hg, todo

Details
Message ID
<CKD3EXDSZA0X.3BBPVWKN58UEJ@taiga>
DKIM signature
missing
Download raw message
An error was discovered in the GraphQL APIs for meta.sr.ht, git.sr.ht,
hg.sr.ht, and todo.sr.ht, which allowed users to view or delete
arbitrary webhooks, including those owned by other users.

Disclosure of private data is only possible if you had configured
GraphQL webhooks for your resources. sr.ht users are not affected, as no
one has configured such webhooks for this relatively new feature yet.

To mitigate this vulnerability, upgrade your instance to the following
software versions, or newer:

meta.sr.ht: 0.58.17
git.sr.ht:  0.78.20
hg.sr.ht:   0.31.3
todo.sr.ht: 0.72.2
Reply to thread Export thread (mbox)