this post was submitted on 17 Jun 2026
143 points (96.1% liked)

Fediverse

42499 readers
382 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, Mbin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 3 years ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
143
FYI, blahaj.zone is down for the next few hours (pen.blahaj.zone)
submitted 21 hours ago* (last edited 21 hours ago) by quill7513@anarchist.nexus to c/fediverse@lemmy.world
28 comments fedilink hide all child comments
 

Blahaj.zone experienced a security breach and is handling it to properly reduce the risk of harm to their users. the current eta for their reture is in about 7 hours.

you are viewing a single comment's thread
view the rest of the comments
[–] moonpiedumplings@programming.dev 1 points 5 hours ago* (last edited 5 hours ago)

except that because of the bug, anyone with query permission could have become postgres superuser.

If a user can't log in to a DBMS, they don't have query permission.

separate db server for each of the services is extreme. it brings much more resource consumption.

Yes. It consumes more resources. But it's not that much more, and you can make it fit easily. Many users using docker compose unwittingly do this since docker composes often bring their own database containers. When done consciously, you make a trade off for peace of mind.

the solution here is being subscribed to security releases and updating soon.

I addressed takes like these in the last part of my previous comment. The linked comment also elaborates on my opinions about manual updates, manually watching security releases, and other forms of security toil.