this post was submitted on 14 May 2026
109 points (100.0% liked)

Selfhosted

60542 readers
964 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Update your nginx instances

cross-posted from: https://lemmy.world/post/46851448


CVE - Common Vulnerabilities and Exposures system
RCE - Remote Code Execution
PoC - Proof of Concept

you are viewing a single comment's thread
view the rest of the comments
[–] skankhunt42@lemmy.ca 5 points 1 month ago (3 children)

Yep. I wasn't affected thankfully. Didn't realise I was flexing, sorry. Just happy most of my stack is automated and it's quite low maintenance at this point.

Where do I draw the line then? Serious question. If updating every couple hours is bad, then what's safe?

[–] GreenKnight23@lemmy.world 3 points 1 month ago

for corporate services we do every 30 days. which is standard. emergency patches get direct support and resolved quickly.

[–] JaddedFauceet@lemmy.world 2 points 1 month ago

idk, also it is not about the frequency you update, it is usually about how long has it been since package is published to the internet

see concept of min release age https://pnpm.io/blog/releases/10.16

i wonder if other package manager have similar thing or not

[–] pinhead77@piefed.social 1 points 1 month ago* (last edited 1 month ago)

You can use pnpm instead of npm. pnpm has a "Delay dependency updates" feature where you can install package versions that are x old only.
See https://pnpm.io/supply-chain-security#delay-dependency-updates

Edit: I just found out, that this can also be specified in npm and yarn: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e93104