Dear kbin server owners, upgrade your Kbin instance now! Ernest just merged a critical hot fix into the develop
branch.
If you don’t update, your Kbin instance is vulnerable for HTML/JS injection. Which allows bad actors to do very nasty things on your instance and attack your visitors on your site.
Commit: https://codeberg.org/Kbin/kbin-core/commit/8ee87ba9fbb3192865dfebb054bec3da56b9493e
@Mic_Check_One_Two Actually it was just since recently the case. Kbin used to escape the content, of course… But after an upgrade to a newer Markdown parser version, it was overlooked in a PR.
We are recently approved for the Codeberg CI, hopefully allowing us to setup a good CI/CD pipeline. Avoiding these kind of regressions in the first place. Kbin is still in beta.