BentoPDF urgent security notice: do not pull or update
(www.reddit.com)
from otter@lemmy.ca to selfhosted@lemmy.world on 18 Jan 03:34
https://lemmy.ca/post/58815307
from otter@lemmy.ca to selfhosted@lemmy.world on 18 Jan 03:34
https://lemmy.ca/post/58815307
See the post in the link for the latest details. As of me making this post
Due to an error during an organization migration, we have temporarily lost control of the bentopdf namespace on Docker Hub. The bentopdf username/namespace may currently be in a released state, meaning it could potentially be registered by a third party.
threaded - newest
@alam@lemmy.world is also on the threadiverse, and may post updates about this as it develops
Thank you for sharing this, and apologies for not posting it here sooner. I will update it as soon as I receive any responses.
Thank you!
I see the original post got removed by moderators to prevent panic. Would you have an update that you can share in this thread? I’m happy to edit the title of this post too :)
Wuh oh
I guess they now have large enough number of users that it would be wise to shift some focus to supply-chain security from growth-hacking.
This is growing pains.
Called it.
https://feddit.online/post/1372107/comment/6758185
No one listen grug til chicken come to roost
I don’t read anything related in your linked post…
Honestly, you just come across as a self important jackass lol
Both can be true.
I think such character assessment and calling names is unnecessary and off-topic here though. Better engage with substance than judging by vibes and doing ad-hominem.
.
Unless said software has any components that may be network-accessible in which case make sure the software is up to date (although you should also make sure you trust the source)
That moment you are so sarcastic everyone think you’re 1st degree…
That was supposed to be a joke.
Poe’s law…
This is supposed to be a place for people to learn about self hosting, not for experts to joke about poor practices that real people actually have. Use /s for clarity.