• Max-P@lemmy.max-p.me
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    As for the version, my instance reports it as

    0.18.1-2-ga6cc12afe
    

    So it seems to be using some extra patches, but I can’t find that commit on GitHub which indicates it might not be public, or cherry-picked locally.

    So with this in mind, either it’s just innocent performance patches, or someone potentially also introduced the markdown vulnerability.

    Although it’s also entirely possible I suck and wasn’t able to reproduce it correctly/had wrong quoting or something. Hopefully the devs can shine some light in the details.