Self-hosting

3958 readers

1 users here now

Hosting your own services. Preferably at home and on low-power or shared hardware.

Also check out:

founded 3 years ago

MODERATORS

poVoq@slrpnk.net

sam_uk@slrpnk.net

PSA: If you are running a Matrix homeserver written in Rust, you'll need to upgrade NOW (see updates in comments) (lemdro.id)

submitted 2 weeks ago* (last edited 1 week ago) by stratself@lemdro.id to c/selfhosting@slrpnk.net

1 comments fedilink hide all child comments

There is a recently discovered critical vulnerability that affects all Matrix homeservers of the Conduit lineage. If you're using a Rust-based Matrix server (which are basically Conduit and forks), please urgently upgrade to the following versions:

continuwuity: version 0.5.0
tuwunel: version 1.4.8
grapevine: commit 9a50c24
conduit: v0.10.10
conduwuit: upgrade to the latest version of either tuwunel or continuwuity

If you're not able to upgrade right now, you should urgently implement this workaround in your reverse proxy.

Attackers exploiting this flaw can arbitrarily kick any user out of a room, join rooms unauthorized on the same server, and can also ban same-server users. They effectively constitute a severe denial of service from an unauthenticated party, and it has been exploited in the wild.

you are viewing a single comment's thread
view the rest of the comments

[–] stratself@lemdro.id 1 points 1 week ago* (last edited 1 week ago)

YOU WILL NEED TO UPDATE AGAIN!

There is another vulnerability making the rounds with details pending embargo. Please update to the latest version (again)

continuwuity: v0.5.1
tuwunel: v1.4.9
conduit: v0.10.11
grapevine: commit 0aae932