Emelia Smith

> We'd probably need guidance that this applies not just to Activities and Objects, and fetching said resources from remote servers, but also to media files from Image / Video...

@nightpool right, I'm saying, I know mastodon has a mitigation for SSRF in their code; I'm not sure if there was an incident that lead to this being added, or...

Here's a longer write up of this vulnerability for Fedify: https://github.com/dahlia/fedify/security/advisories/GHSA-p9cg-vqcc-grcx

Might be a dupe of #433

@jernst Claire from the Mastodon team linked me to this security advisory: https://github.com/mastodon/mastodon/security/advisories/GHSA-hcqf-fw2r-52g4 stating, > the proof of concept for the vulnerability above basically used HTTP request smuggling to target...

It's worth noting that in the linked data world, the go-to solution recommended for filtering and sorting datasets is to implement a SPARQL endpoint, however, I do believe we'd be...

For now, a work-around might be using a tool like [Buffer](https://buffer.com/mastodon) or similar to manage posting.

So it'd be something like: > Filter `bto` and `bcc` property values to actors that share the same inbox before delivery to each inbox i.e., if I `bto` some actors...

You shouldn't actually need to use `./streaming` instead of `./streaming/index.js` due to node.js's module loading algorithm. Though I do recommend using the full path, since it saves searching for the...

I knew I was probably somewhere involved in this change 😂😂