EDIT: BentoPDF version 1.16.1 now uses bentopdfteam/bentopdf and is the official account, and bentopdf/bentopdf is deprecated and not maintained anymore

EDIT: BentoPDF version 1.16.1 now uses bentopdfteam/bentopdf and is the official account, and bentopdf/bentopdf is deprecated and not maintained anymore (www.reddit.com)
from otter@lemmy.ca to selfhosted@lemmy.world on 18 Jan 03:34
https://lemmy.ca/post/58815307

See this comment for the latest update: lemmy.ca/post/58815307/21337921

Original title: BentoPDF urgent security notice: do not pull or update

Original Post:

See the post in the link for the latest details. As of me making this post

Due to an error during an organization migration, we have temporarily lost control of the bentopdf namespace on Docker Hub. The bentopdf username/namespace may currently be in a released state, meaning it could potentially be registered by a third party.

#selfhosted

threaded - newest

otter@lemmy.ca on 18 Jan 03:38 next collapse

@alam@lemmy.world is also on the threadiverse, and may post updates about this as it develops

alam@lemmy.world on 18 Jan 17:08 collapse

Thank you for sharing this, and apologies for not posting it here sooner. I will update it as soon as I receive any responses.

otter@lemmy.ca on 18 Jan 19:06 next collapse

Thank you!

otter@lemmy.ca on 23 Jan 10:27 collapse

I see the original post got removed by moderators to prevent panic. Would you have an update that you can share in this thread? I’m happy to edit the title of this post too :)

alam@lemmy.world on 26 Jan 11:58 collapse

Hello!

Our issue has been resolved. Our new version 1.16.1 now uses bentopdfteam/bentopdf and is the official account, and bentopdf/bentopdf is deprecated and not maintained anymore. GHCR is now the recommended source, and we have also added Podman Quadlet support.

Since I don’t want to spam by making another post I’d be happy if you could please edit this post. Thank you (:

otter@lemmy.ca on 26 Jan 12:30 collapse

Great to hear! I’ve updated the post title and linked to this comment

just_another_person@lemmy.world on 18 Jan 04:20 next collapse

Wuh oh

kumi@feddit.online on 18 Jan 07:48 next collapse

I guess they now have large enough number of users that it would be wise to shift some focus to supply-chain security from growth-hacking.

This is growing pains.

kumi@feddit.online on 18 Jan 13:58 collapse

Called it.

https://feddit.online/post/1372107/comment/6758185

No one listen grug til chicken come to roost

B0rax@feddit.org on 18 Jan 15:06 next collapse

I don’t read anything related in your linked post…

pentagon@lemmy.world on 18 Jan 17:32 next collapse

Honestly, you just come across as a self important jackass lol

kumi@feddit.online on 18 Jan 21:11 collapse

Both can be true.

I think such character assessment and calling names is unnecessary and off-topic here though. Better engage with substance than judging by vibes and doing ad-hominem.

Serinus@lemmy.world on 26 Jan 15:36 collapse

Called what? That you didn’t like their use of emojis?

What does that have to do with this? You didn’t call shit.

[deleted] on 18 Jan 12:36 next collapse

ipp0@sopuli.xyz on 18 Jan 12:43 collapse

Unless said software has any components that may be network-accessible in which case make sure the software is up to date (although you should also make sure you trust the source)

borokov@lemmy.world on 18 Jan 16:10 collapse

That moment you are so sarcastic everyone think you’re 1st degree…

That was supposed to be a joke.

KingOfSleep@lemmy.ca on 18 Jan 17:51 next collapse

Poe’s law…

ipp0@sopuli.xyz on 19 Jan 00:31 collapse

This is supposed to be a place for people to learn about self hosting, not for experts to joke about poor practices that real people actually have. Use /s for clarity.

dieTasse@feddit.org on 26 Jan 17:42 collapse

Does anyone know how it affects the people using Bento through TrueNAS apps?