Calyhre@lemmy.worldtoLemmy.World Announcements@lemmy.world•Lemmy.world (and some others) were hacked
10·
1 year agoFrom the fix, I believe the custom emojis were not double checked after a user submits a post. The post data was used to display the emojis, and thus allowing injection.
The fix now is to search the emojis in the custom emojis list from the backend rather than the user post.
I live in Montpellier. It’s free for the whole metropole, meaning Montpellier and the 30 cities around it