{"id":5238,"date":"2025-04-15T10:08:52","date_gmt":"2025-04-15T08:08:52","guid":{"rendered":"https:\/\/fediverset.dk\/?p=5238"},"modified":"2025-04-15T10:16:05","modified_gmt":"2025-04-15T08:16:05","slug":"sikkerhedsopdateringer-til-peertube","status":"publish","type":"post","link":"https:\/\/fediverset.dk\/en\/sikkerhedsopdateringer-til-peertube\/","title":{"rendered":"Sikkerhedsopdateringer til Peertube"},"content":{"rendered":"<p>Hvis du k\u00f8rer en Peertube-instans og den er offentligt tilg\u00e6ngelig, s\u00e5 b\u00f8r du opdatere til den seneste 7.1.1-udgivelse snarest, da den rummer en del sikkerhedsforbedringer.<\/p>\n<p>Her er et f\u00f8lger et uddrag fra \u00e6ndringsloggen:<\/p>\n<ul>\n<li><strong>High severity<\/strong> Fix DoS and blind SSRF on ActivityPub playlist creation <a href=\"https:\/\/research.jfrog.com\/vulnerabilities\/peertube-activitypub-playlist-creation-blind-ssrf-dos\/\" rel=\"nofollow\">CVE-2025-32948<\/a><\/li>\n<li><strong>High severity<\/strong> Prevent infinite loop DoS when crawling ActivityPub data <a href=\"https:\/\/research.jfrog.com\/vulnerabilities\/peertube-activitypub-crawl-dos\/\" rel=\"nofollow\">CVE-2025-32947<\/a><\/li>\n<li><strong>Medium severity<\/strong> Prevent an attacker from adding playlists to a another user&#8217;s channel using the ActivityPub <a href=\"https:\/\/research.jfrog.com\/vulnerabilities\/peertube-arbitrary-playlist-creation-activitypub\/\" rel=\"nofollow\">CVE-2025-32946<\/a><\/li>\n<li><strong>Medium severity<\/strong> Prevent an attacker from adding playlists to a another user&#8217;s channel using the REST API <a href=\"https:\/\/research.jfrog.com\/vulnerabilities\/peertube-arbitrary-playlist-creation-rest\/\" rel=\"nofollow\">CVE-2025-32945<\/a><\/li>\n<li><strong>Medium severity<\/strong> Add protection against <a href=\"https:\/\/en.wikipedia.org\/wiki\/Zip_bomb\" rel=\"nofollow\">ZIP bomb<\/a> on user import <a href=\"https:\/\/research.jfrog.com\/vulnerabilities\/peertube-archive-resource-exhaustion\/\" rel=\"nofollow\">CVE-2025-32949<\/a><\/li>\n<li><strong>Medium severity<\/strong> Prevent crash on user import with a ZIP containg an illegal filename <a href=\"https:\/\/research.jfrog.com\/vulnerabilities\/peertube-archive-persistent-dos\/\" rel=\"nofollow\">CVE-2025-32944<\/a><\/li>\n<li><strong>Low severity<\/strong> Do not leak private HLS playlists (<code>.m3u8<\/code> files) <a href=\"https:\/\/research.jfrog.com\/vulnerabilities\/peertube-hls-path-traversal\/\" rel=\"nofollow\">CVE-2025-32943<\/a><\/li>\n<\/ul>\n<p>L\u00e6s den fulde <a href=\"https:\/\/github.com\/Chocobozzz\/PeerTube\/releases\/tag\/v7.1.1\" target=\"_blank\" rel=\"noopener\">changelog<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Hvis du k\u00f8rer en Peertube-instans og den er offentligt tilg\u00e6ngelig, s\u00e5 b\u00f8r du opdatere til den seneste 7.1.1-udgivelse snarest, da den rummer en del sikkerhedsforbedringer. &hellip; <\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"federated","footnotes":""},"categories":[1],"tags":[74,172,163,102,173,171],"class_list":["post-5238","post","type-post","status-publish","format-standard","hentry","category-nyheder","tag-dkfedi","tag-dkfediverse","tag-dkmastodon","tag-fediverset","tag-foediverset","tag-thefediverse"],"acf":[],"_links":{"self":[{"href":"https:\/\/fediverset.dk\/en\/wp-json\/wp\/v2\/posts\/5238","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fediverset.dk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fediverset.dk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fediverset.dk\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fediverset.dk\/en\/wp-json\/wp\/v2\/comments?post=5238"}],"version-history":[{"count":0,"href":"https:\/\/fediverset.dk\/en\/wp-json\/wp\/v2\/posts\/5238\/revisions"}],"wp:attachment":[{"href":"https:\/\/fediverset.dk\/en\/wp-json\/wp\/v2\/media?parent=5238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fediverset.dk\/en\/wp-json\/wp\/v2\/categories?post=5238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fediverset.dk\/en\/wp-json\/wp\/v2\/tags?post=5238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}