With this version user badges are always shown next to usernames. There are also various bug fixes, and again security fixes

• Display UserBadges for Bot, Banned and Deleted users in all PersonListings by @MrKaplan-lw in #4035
• Increase timeouts for db pool by @nutomic in #6441
• Add private IP check for webmention by @nutomic in #6444
• Proper fix for nested comment fetch by @nutomic in #6451

Security

• Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controlled link target. The submitted URL is checked for syntax and scheme, but the audited code path does not reject loopback, private, or link-local destinations before the Webmention request is issued. This lets a normal user trigger server-side HTTP requests toward internal services. https://github.com/LemmyNet/lemmy/security/advisories/GHSA-3jvj-v6w2-h948
• Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ranges, the extracted og:image URL is not subject to the same restriction. As a result, an authenticated low-privileged user can submit an attacker-controlled public page whose Open Graph image points to an internal image endpoint. Lemmy will fetch that internal image server-side and store a local thumbnail that can then be served back to users. https://github.com/LemmyNet/lemmy/security/advisories/GHSA-h6hf-9846-xwrq

Changes

This release addresses another security advisory related to internal host access. You can now bypass these checks for federation, in order to federate with instances over the local network by setting environment variable DANGER_FEDERATION_ALLOW_LOCAL_IP=1. There are also some bug fixes, and lemmy-ui now logs file requests.

• Improve IP checks by @nutomic in #6411
• Allow to bypass federation IP checks with env var DANGER_FEDERATION_ALLOW_LOCAL_IP by @nutomic in #158
• Fix Arabic user/community names by @nutomic in #3968
• Fix removing post.url by @nutomic in #3984
• Add lemmy-ui request logs by @MrKaplan-lw in #3933

https://www.dailymail.co.uk/news/article-15685877/kristi-noem-husband-bryon-crossdressing-pictures-south-dakota.html

cross-posted from: https://lemmy.world/post/44995751

This is delicious and will only surprise their base, who love to paint those of us in the queer community as sexually perverted fetishists who shouldn't be trusted with children.

Credit /u/Heroheenie

pc users only (sorry console players, i wish i knew a better solution for you guys)

this won't work unless you own the game (obviously)

TOP PRIORITY i would recommend backing up your save file as this guide has a possibility of overwriting it and there's been issues with save files and the new update. you can do this by going to "C:\Users(yourname)\AppData\Roaming\TRX" and copying the contents to another location. after that you can copy them back if your saves stop registering in the game for whatever reason

open the windows run program. you can do this by pressing the windows button + R on your keyboard. after that you want to put in the command "steam://open/console" and it'll open the steam console.

when the steam console is open you will want to put in the command "download_depot 2478970 2478971 5075321733709810017", this is the command to download the last version before patch 5. it includes the game id, depot id, and manifest id gotten from steamdb. after you put this command in, steam will start downloading that version to a separate file location. when it's done it'll tell you the directory, but it's usually located somewhere like "C:\Program Files (x86)\Steam\steamapps\content". i would recommend you move the contents of the folder to another place on your computer so that you have a backup.

to play the game (assuming your steam copy is updated already) go into steam, right click on tomb raider 1-3, go to manage, and then click browse local files. after that you want to delete everything in Tomb Raider I-III Remastered. then you want to copy the backup you made earlier into this folder.

to prevent it from updating back, i'd recommend going into properties and turning off steam cloud, then going into updates and setting automatic updates to "wait until i launch the game". if you REALLY want to be sure you can also go into your steamapps folder and scroll until you find "appmanifest_2478970". then right click, go to properties, and set the file to read only.

REALLY hope this helps some of you guys

https://xcancel.com/playeroldskool/status/2032133432189296787

Can blahaj commit to either blocking all of the ips on the tor exit list, or white listing them. This "block only a few" makes for a dice roll for tor users. Specifically the pictrs service just doesn't serve photos to banned ips but lemmy still works so it just partially breaks.

Asking for a friend.

This release mitigates a potential security issue with the image endpoint. In short, an attacker can inject query parameters and make proxied requests to arbitrary URLs. See the security advisory for details.

Also there are fixes for the database connection pool. The pool size is now at least two, as a lower size can result in deadlocks. Additionally there are now connection timeouts added. If your server logs show pool timeout errors, you should increase database.pool_size in the Lemmy config.

• Fix for image proxy filetypes by @dessalines in #6357
• Enable DB connection timeout by @Nutomic in #6355
• Use min database pool size of 2. by @dessalines in #6345

https://github.com/LemmyNet/lemmy/security/advisories/GHSA-jvxv-2jjp-jxc3