PSA: If you are running a Matrix homeserver written in Rust, you'll need to upgrade NOW

stratself@lemdro.id to

Self-hosting@slrpnk.netEnglish · 7 hours ago

There is a recently discovered critical vulnerability that affects all Matrix homeservers of the Conduit lineage. If you’re using a Rust-based Matrix server (which are basically Conduit and forks), please urgently upgrade to the following versions:

continuwuity: version 0.5.0
tuwunel: version 1.4.8
grapevine: commit 9a50c24
conduit: v0.10.10
conduwuit: upgrade to the latest version of either tuwunel or continuwuity

If you’re not able to upgrade right now, you should urgently implement this workaround in your reverse proxy.

Attackers exploiting this flaw can arbitrarily kick any user out of a room, join rooms unauthorized on the same server, and can also ban same-server users. They effectively constitute a severe denial of service from an unauthenticated party, and it has been exploited in the wild.

You must log in or register to comment.

Chat

Self-hosting@slrpnk.net

selfhosting@slrpnk.net

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosting@slrpnk.net

Hosting your own services. Preferably at home and on low-power or shared hardware.

Also check out:

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

88 users / day
133 users / week
235 users / month
1.22K users / 6 months
82 local subscribers
3.93K subscribers
307 Posts
1.31K Comments
Modlog