ilja/akkoma
1
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Projects Releases Packages Wiki Activity
akkoma/lib
History
Oneric d6d838cbe8 StealEmoji: check remote size before downloading 
To save on bandwith and avoid OOMs with large files.
Ofc, this relies on the remote server
 (a) sending a content-length header and
 (b) being honest about the size.

Common fedi servers seem to provide the header and (b) at least raises
the required privilege of an malicious actor to a server infrastructure
admin of an explicitly allowed host.

A more complete defense which still works when faced with
a malicious server requires changes in upstream Finch;
see https://github.com/sneako/finch/issues/224
2024-03-18 22:33:10 -01:00
..
mix Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
phoenix/transports/web_socket Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
pleroma StealEmoji: check remote size before downloading 2024-03-18 22:33:10 -01:00