Looks like the instance is on the latest RC which includes the fix for the vulnerability.

Oops indeed. Lemmy needs a security audit 😬

I’d wager you’re likely fine if you’re using a mobile app when the affected image loads. Also, it appears they’re stealing auth tokens… not passwords or anything. At worst they could impersonate you until your token expires… but you’re not a high value target unless you’re an admin of an instance.

What kind of terrible markdown editor allows adding onload scripts to images though… it’s insane.

If it’s onload then simply viewing the image runs that script. Yikes.

Try searching for https://lemdro.id/c/askandroid from vlemmy. You might be the first subscriber on that instance.

Connect is ridiculously stable and feature-complete for how new it is. Definitely deserves to be mentioned.

Perhaps they meant president 🤔

Anxiously waits in anticipation

That’s a professional portrait! A colleague of the famous business cat. 😸

To be fair, most apps other than Jerboa didn’t exist a few weeks ago 😅

Connect has been my favorite Lemmy app as of late. Jerboa is my old reliable one though 😅

Neat! Gonna have to give it a shot, looks polished.

It’s a pretty old video, I wonder if El paquete is still a thing.

Deep in thought 🤔

Torguard supports port forwarding. I’m not sure how it ranks in privacy though.

Jerboa and Connect. The former has been a bit unstable recently so Connect has been my go-to most recently.

I would also like to know. Will keep an eye on this 😅

That’s a “don’t mess with me” look 😅 She’s a cute weirdo.

Amazing 👏