Is Boost for Lemmy vulnerable to the webp exploit? - eviltoast

What version of libwebp does Boost use and if it is currently vulnerable, when can we expect an update to fix this issue? The affected versions of libwebp are 0.5.0 to 1.3.1.

  • DungFu@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Not really, just temporarily not using apps where random people can post images that are not re-encoded. Turns out this is very few apps, but sadly every lemmy app falls under this category.