trashserver.net was also affected by this security issue: https://github.com/ThomasLeister/prosody-filer/security/advisories/GHSA-qmfx-75ff-8mw6
The bug was fixed a few minutes ago, and an up to date version was deloyed on trashserver.net.
If you use OMEMO encrypted conversations, there's nothing to worry about.
If you didn't, there's a (low) probability that someone could have checked out which files you uploaded / shared.
Please use OMEMO whenever possible to prevent any software bugs on the server side to be effective.
Security advisory regarding Prosody-Filer (XMPP server upload server):
Please update to version 1.0.1 as son as possible!
Previous versions are affected by a bug that can lead to information leak and expose a list of previous uploaded files of any user.
The .onion Tor service is available again!
@mike @trashserver almost - we are 1 test short, see https://compliance.conversations.im/server/tigase.im/
The thing missing are avatars in MUC rooms (specific subset of XEP-0153: vCard-Based Avatar, which is supported in itself)
Upcoming 8.1.0 will have 100% :-)
Sending pictures is now fixed at
I wrote a short article about the server migration:
I redesigned the "technics" page: https://trashserver.net/en/technics/
Ich habe mal die "Technik" Seite überarbeitet: https://trashserver.net/technik/
Statusmeldungen zum XMPP-Server trashserver.net
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!