There has been a vulnerability discovered in Lemmy. I have no reason to believe lemmy.cafe itself has been breached. We do no have any custom emojis, which appears to have been the culprit of some XSS attack.
As a safety precaution, however, I have applied the suggested fix and rotated the JWT token, which will have invalidated everyone’s session.
You must log in or register to comment.
Thank you for taking necessary step to ensure security for all of us, i just re login.
