Post AdFpyWf6ZSt5rf0gNM by mima@makai.chaotic.ninja
 (DIR) More posts by mima@makai.chaotic.ninja
 (DIR) Post #AdFpyVl5vi5J3wnx4a by efertone@slippy.xyz
       2023-12-27T23:45:54.031Z
       
       0 likes, 1 repeats
       
       Heads up, #Misskey 2023.12.1 has some security fixes, but they are not marked as security fix in the patch notes, but I think they should be and they feel serious issue not just a  "yeah put it at the end of the list" kind of bugs:Fix: サードパーティアプリケーションがWebsocket APIに無条件にアクセスできる問題を修正Fix: サードパーティアプリケーションがユーザーの許可なしに非公開の情報を見ることができる問題を修正Google Translate:Fix: Fixed an issue where third-party applications could access the Websocket API unconditionally.Fix: Fixed an issue where third-party applications could view non-public information without user permissionSo if I understand correctly, everyone should apply this patch asap.There is a 2023.12.2 too, but that's only docs and docker related.
       
 (DIR) Post #AdFpyWf6ZSt5rf0gNM by mima@makai.chaotic.ninja
       2023-12-28T02:37:43.059Z
       
       0 likes, 0 repeats
       
       @efertone@slippy.xyz I'm assuming the necessity of those fixes apply only if you upgraded to #Misskey 2023.12.0? Because I think I'm gonna be stuck with 2023.11.1 due to incompatibility with my #FreeBSD box (misskey-dev/misskey#12764)Also if you're using #Docker you should skip straight away to 2023.12.2, because 2023.12.1 broke Docker setups.