I think I noticed a security concern in the speakeasy site, can I contact you by mail or any other tool?
alexlehm
obviously I do not want to post it here
m15o
yes, thanks for looking into it! You can contact me on m15o@posteo.net
eaplmx
Hey!
I want to create an instance this weekend, but perhaps it could wait. How serious that concern could be alexehm?
m15o
wow I'm so glad eaplmx! Let me know if you need any help :) The code is available on https://hg.sr.ht/~m15o/mebo. I haven't written any guide yet, but will do so tomorrow!
alexlehm
the issue is not very serious, it is almost more of an "annoyance" than real security
alexlehm
I cannot find the issue tracker on sourcehut, it looks like the url parsing pattern includes a dot at the end of the url like in your post above
m15o
Thanks a ton, alexlehm! The security issue has been fixed. I've added a csrf token to each form. Good tach for the url that also includes the final '.' -- I'll work on that one soon! Let me know if you find other bugs!
alexlehm
great, it looks like it is fixed now
i am wondering if you use a issue tracker or it we just should write here in the forum
alexlehm
<p>like the favicon is missing, but that is not really a bug<p>
alexlehm
I have done a few more tests with reply/edit/delete and it all looks secure now
m15o
thank you alexlehm! Let's move the discussions around the software to https://mebo.m15o.net/ :)