Self-hosting

3979 readers

24 users here now

Hosting your own services. Preferably at home and on low-power or shared hardware.

Also check out:

founded 3 years ago

MODERATORS

poVoq@slrpnk.net

sam_uk@slrpnk.net

PSA: If you are running a Matrix homeserver written in Rust, you'll need to upgrade NOW (see updates in comments) (self.selfhosting)

submitted 3 weeks ago* (last edited 2 weeks ago) by stratself to c/selfhosting@slrpnk.net

1 comments fedilink hide all child comments

There is a recently discovered critical vulnerability that affects all Matrix homeservers of the Conduit lineage. If you're using a Rust-based Matrix server (which are basically Conduit and forks), please urgently upgrade to the following versions:

continuwuity: version 0.5.0
tuwunel: version 1.4.8
grapevine: commit 9a50c24
conduit: v0.10.10
conduwuit: upgrade to the latest version of either tuwunel or continuwuity

If you're not able to upgrade right now, you should urgently implement this workaround in your reverse proxy.

Attackers exploiting this flaw can arbitrarily kick any user out of a room, join rooms unauthorized on the same server, and can also ban same-server users. They effectively constitute a severe denial of service from an unauthenticated party, and it has been exploited in the wild.

top 1 comments

sorted by: hot top controversial new old

[–] stratself 1 points 2 weeks ago* (last edited 2 weeks ago)

YOU WILL NEED TO UPDATE AGAIN!

There is another vulnerability making the rounds with details pending embargo. Please update to the latest version (again)

continuwuity: v0.5.1
tuwunel: v1.4.9
conduit: v0.10.11
grapevine: commit 0aae932