Lemmy 0.18.2 Security Release | BE ➡ 0.18.2 | UI ➡ 0.18.2

2y 11mon ago by lemmy.world/u/necropola in meta@lemmy.wtf

Security and Performance Improvements

https://join-lemmy.org/news/2023-07-11_-_Lemmy_Release_v0.18.2

Latest Backend (BE) Release ~~Candidate (RC)~~

Latest Release ~~Candidate~~:
https://github.com/LemmyNet/lemmy/releases/tag/0.18.2
Compare with previous Release:
https://github.com/LemmyNet/lemmy/compare/0.18.1...0.18.2
Compare with release/v0.18:
https://github.com/LemmyNet/lemmy/compare/0.18.2...release/v0.18

Latest Frontend (UI) Release ~~Candidate (RC)~~

Latest Release ~~Candidate~~:
https://github.com/LemmyNet/lemmy-ui/releases/tag/0.18.2
Compare with previous Release:
https://github.com/LemmyNet/lemmy-ui/compare/0.18.1...0.18.2
Compare with release/v0.18:
https://github.com/LemmyNet/lemmy-ui/compare/0.18.2...release/v0.18

BE ➡ 0.18.2-rc.2 | UI ➡ 0.18.2-rc.2

Now using release branches (release/v0.18) for BE and UI

BE ➡ 0.18.2 | UI ➡ 0.18.2

@meldrik@lemmy.wtf
Probably does not hurt to upgrade, despite the fact that we didn't have any custom emojis.

Additionally it disallows inline Javascript using Content Security Policy. This should ensure that XSS vulnerabilities are impossible from now on.

@meldrik@lemmy.wtf If lemmy.wtf is using custom emojis, you should probably update to the latest UI Release Candidate, i. e. the latest lemmy-ui docker image.

It is not, so we are safe.