💾 Archived View for gemi.dev › gemlog › 2022-01-31-psa-security-vuln.gmi captured on 2022-06-03 at 23:05:55. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2022-03-01)

➡️ Next capture (2022-07-16)

-=-=-=-=-=-=-

Public Service Announcement: Security vulnerability in gemini server software

2022-01-26 | #security

I stumbled on a serious security vulnerability in a widely used gemini server. I am being deliberately vague because I don't want to enable malicious users to exploit the vulnerability until a fix is available.

I was able to contact the developer of the gemini server. They understand the seriousness of the issue and they are working on a fix which they plan to be available in the next week or so.

I did a scan of all known capsules and there are ~50 capsules with this security vulnerability. Once a fixed version has been released I will provide more information about the security issue.

For now, I suggest anyone running their own server:

I am confident this issue will be resolved and I believe it can serve as a catalyst to discuss many positive things such as: