We've published a blog post with all of the details of this morning's security bug in Librem Chat and our response. puri.sm/posts/underscoring-our

@kyle In light of this issue do you intend to continue to run master as production or stick to only released upstream dependencies in the future?

@downey As a general rule we only run stable released upstream versions of things. This was a special case because we needed specific functionality.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml