this post was submitted on 15 May 2026
58 points (100.0% liked)

Announcements

711 readers
78 users here now

lemmy.zip annoucements

The same rules as the main instance apply here.

founded 2 years ago
MODERATORS
Demigodrick@lemmy.zip
Sami@lemmy.zip
v4ld1z@lemmy.zip
58
Important - Piefed.zip down due to security maintenance (lemmy.zip)
submitted 9 hours ago* (last edited 8 hours ago) by Demigodrick@lemmy.zip to c/announcements@lemmy.zip
10 comments fedilink hide all child comments
 

Hello All,

Due to the incredibly irresponsible disclosure of a security vulnerability for Piefed, we've had to take Piefed.zip offline until a fix can be put in place.

I'll update more once I have more information.

Many thanks

Demigodrick

top 10 comments
sorted by: hot top controversial new old
[–] fiat_lux@lemmy.zip 12 points 5 hours ago

A few months ago I mentioned in a thread about Piefed there were questionable system design choices that indicated that other parts of the system should be carefully examined for how they’re handling and sanitizing input. I'm assuming someone discovered one of the places that this was actively exploitable.

From what I've seen of the code, although Python is not my specialty, it might be worth delaying reactivation until it can demonstrate that it is at least somewhat resistant to the OWASP Top 10, especially Injection.

Irresponsible disclosure is annoying, but vastly better than discovery and exploitation by those who aren't going to disclose at all.

[–] sirxdaemon@lemmy.ca 1 points 4 hours ago

Appreciate the email on this. I don't think I got an email from Piefed.social either. Heck I don't remember getting any from Lemmy.ca for Lemmy downtime. But perhaps they haven't ran into a similar situation.

[–] FrederikNJS@lemmy.zip 3 points 6 hours ago* (last edited 6 hours ago) (1 children)

Thank you for taking proactive measures. I hope it gets resolved soon.

Are there any information around the nature of the vulnerability or the status of a fix?

[–] huppakee@lemmy.world 1 points 6 hours ago (1 children)

According to this comment https://piefed.social/comment/11352527 fix is expected to take a day.

[–] TachyonTele@piefed.social 1 points 5 hours ago

It was like 40 minutes in the end.

[–] YoiksAndAway@lemmy.zip 9 points 8 hours ago

Thanks, as always, Demigodrick. I'll use my lemmy.zip alt until things are sorted.

[–] rumba@lemmy.zip 5 points 7 hours ago

GOAT

Most admins would stick their head in the sand. Thank you!

[–] Blaze@lemmy.zip 6 points 8 hours ago

Thank you!

[–] Schwim@lemmy.zip 6 points 8 hours ago

Hi there @Demigodrick@lemmy.zip , is there any way to use the piefed.zip export to import to lemmy.zip? I tried since it was mentioned in the email but it just states that the import failed when I try.

Just wondering if I can modify or remove some elements of the file so I can use it to get the blocks and subs imported from my piefed account.

Thanks!

[–] RickyRigatoni@retrolemmy.com 0 points 7 hours ago