this post was submitted on 13 Sep 2021
33 points (90.2% liked)

Matrix

3284 readers
1 users here now

An open network for secure, decentralized communication

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
33
If you are using Element (Web/Desktop/Android), FluffyChat, Nheko, Cinny, and SchildiChat, update your client ASAP, since there's a security vulnerability (matrix.org)
submitted 3 years ago by gary_host_laptop@lemmy.ml to c/matrix@lemmy.ml
15 comments fedilink hide all child comments
top 15 comments
sorted by: hot top controversial new old
[–] pingveno@lemmy.ml 16 points 3 years ago

This issue was discovered during an internal audit by Denis Kasak, a security researcher at Element.

A major thank you to Denis Kasak. It's good to know we have talented people like him watching out for the community.

[–] xenith@lemmy.ml 7 points 3 years ago

F-Droid has been updated now.

[–] je_vv@lemmy.ml 4 points 3 years ago (2 children)

Nheko hadn't gotten new releases for quite some time. Perhaps this time...

[–] the_tech_beast@lemmy.ml 4 points 3 years ago* (last edited 3 years ago) (1 children)

https://github.com/Nheko-Reborn/nheko/issues/723#issuecomment-918396951

Edit: Old comment is not correct. Updated this comment with correct information

[–] SloppilyFloss@lemmy.ml 1 points 3 years ago (1 children)

How do you switch to the nightly build on Flatpak?

[–] the_tech_beast@lemmy.ml 1 points 3 years ago (1 children)

There is a download flatpak nightly button in the readme file. You can download the flatpak from here https://github.com/Nheko-Reborn/nheko

[–] SloppilyFloss@lemmy.ml 1 points 3 years ago (1 children)

I get this error when I try to install the Flatpak nightly file

Warning: Can't pull from untrusted non-gpg verified remote

[–] the_tech_beast@lemmy.ml 1 points 3 years ago (1 children)

Hello. I dont know too much about this. Can you post this in the nheko matrix room? You will get the response from the developer. https://matrix.to/#/#nheko:nheko.im

[–] the_tech_beast@lemmy.ml 1 points 3 years ago

For more information: https://github.com/Nheko-Reborn/nheko/issues/723#issuecomment-918396951

Please read this post from the developer of Nheko.

[–] vis4valentine@lemmy.ml 3 points 3 years ago (4 children)

I just installed it today from fdroid. Am i safe?

[–] poVoq@lemmy.ml 7 points 3 years ago* (last edited 3 years ago)

You need to check the actual build date. Fdroid builds tend to be a bit behind, but maybe they specifically made a new build because of the pre-disclosure.

[–] lonnez@lemmy.ml 7 points 3 years ago* (last edited 3 years ago)

Looks like the f-droid version hasn't been updated yet. I'm on 1.2.0, whereas the fix is 1.2.2. I'm hoping they'll push a release soon.

EDIT: they've pushed an update

[–] gary_host_laptop@lemmy.ml 4 points 3 years ago

I assume yes, usually the F-droid application takes a little bit more to be released, but I'm sure they made some stuff to release it quicker, that was the case with the flatpak package, which tends to do the same. I would still check the latest released version on GitHub just to be sure, though.

[–] dreeg_ocedam@lemmy.ml 2 points 3 years ago

They released the updated version recently: https://mastodon.technology/@fdroidorg/106930341765221275