trashserver.net was also affected by this security issue: https://github.com/ThomasLeister/prosody-filer/security/advisories/GHSA-qmfx-75ff-8mw6
The bug was fixed a few minutes ago, and an up to date version was deloyed on trashserver.net.
If you use OMEMO encrypted conversations, there's nothing to worry about.
If you didn't, there's a (low) probability that someone could have checked out which files you uploaded / shared.
Please use OMEMO whenever possible to prevent any software bugs on the server side to be effective.
Security advisory regarding Prosody-Filer (XMPP server upload server):
Please update to version 1.0.1 as son as possible!
Previous versions are affected by a bug that can lead to information leak and expose a list of previous uploaded files of any user.
Ejabberd server config and Webchat are updated in Git. If you're interested in running your own server, have a peek!
Ejabberd server config: https://github.com/ThomasLeister/trashserver.net-xmpp
@mike @trashserver almost - we are 1 test short, see https://compliance.conversations.im/server/tigase.im/
The thing missing are avatars in MUC rooms (specific subset of XEP-0153: vCard-Based Avatar, which is supported in itself)
Upcoming 8.1.0 will have 100% :-)
Sending pictures is now fixed at
I wrote a short article about the server migration:
Professionalität ist alles.
Bald ist alles erledigt bzgl. Migration. #trashserver
Statusmeldungen zum XMPP-Server trashserver.net
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!