The “responsibility” part of responsible disclosure goes both ways

It absolutely does, it also means following up, not “They didn’t reply in a week so instead of trying other ways to contact them, I’m just going to post about it”. They didn’t even try to open an issue because they “don’t use github” all while coming here talking about how bad the vulnerability is.

It’s poor (lack of) judgement on OP’s part.

Typical reasonable disclosure is in terms months usually, not “nearly a week”. OP is being irresponsible at best by posting this before giving time to the developers to see, and act on it.

Thank you, I was going to write one up tonight for it. You emailed security @ correct? https://github.com/LemmyNet/lemmy/security/policy

OP doesn’t seem interested in that. They state they “sent a vulnerability a week ago” and didn’t hear back so they are being completely irresponsible and posting about it publicly on a community instead.

If you find a way to disclose vulnerabilities without being ghosted by Lemmy developers: update me.

How have you been “ghosted by Lemmy developers” especially if you “do not use GitHub”

lemmy.world is probably overloaded.

On my instance, everything from them floods through all at once, filling my first couple of pages with hours or even days worth of stuff, then I’ll get nothing from them for a while again.

I mean, maybe it’s because I’m not overly paranoid or live in the US, but this doesn’t seem like a big deal at all.

As for the “drama” of them telling someone they can unfollow, it’s true. It’s again, not a big deal.

This screams people trying to make a mountain out of a molehill.

What’s wrong with Ubuntu?

My favorite part is when it finally becomes somewhat less overloaded, and my instance gets flooded with a bunch of posts from there filling the entirety of my front page, and the second page…

Thank you I’ll look into it.

That’s great news! Hopefully it releases soonish.

l.dustybeer.com

I’m the only one here.

Not only annoyingly slow, but I tend to get a massive influx of posts from one community all at once. It fills my entire page with that single community. It’s been my biggest annoyance so far.

Sorry I’m just frustrated as a lot of communities have become nothing but the latest reddit drama. I’m just hoping that doesn’t happen with this one too.

This is great and all, but what does it have to do with /c/piracy ?

There are many other communities about whatever the latest reddit drama is, please don’t let this sub become like some others that are flooded with nothing but reddit drama

I’m using a cloudflare tunnel for it. I also have crowdsec installed, only allow ssh keys and only from my IP (I have a static from my ISP), and no ports open other than the ones needed.

I used the official docker image: https://hub.docker.com/r/matrixdotorg/synapse/

My compose file looks like this: https://pastebin.com/3JYzAPr2

Pretty sure I just followed the instructions there.

I host my own matrix instance for my wife, a few friends and I. It has worked great for us. They can either use a web app, or an app on their phone.

It’s been very flakey for me, I won’t get anything new then all the sudden I get a huge influx of posts from the past few weeks. This has been across multiple communities.

I tried upgrading my instance to .18 but boy was that a buggy mess. It seems to just be an issue with federation overall.

Thank you very much!