Max Maass
hacksilon's profile header
Max Maass :donor:

@hacksilon@infosec.exchange

Sr. Security Specialist at iteratec //

@seemoo
 alumni // Member of CCC // Crypto means cryptography.

tfr.

For the #selfhosted / #homelab people running #Hister (github.com/asciimoo/hister): you should update to version v0.4.0 ASAP. I reported a vulnerability in the previous version that allows any website to download your entire database due to missing CORS enforcement. The author responded very quickly to the disclosure and had a new release ready within a few hours, excellent work on his part.

Sadly, Hister is currently not packaged and does not auto-update, so people will have to manually download a new release, or be vulnerable.

CC

@shollyethan
, since he included it as a spotlight in this week's newsletter.

GitHub

GitHub - asciimoo/hister: Web history on steroids

Web history on steroids. Contribute to asciimoo/hister development by creating an account on GitHub.

Elk Logo

Elk is in Preview!

Thanks for your interest in trying out Elk, our work-in-progress Mastodon web client!

Expect some bugs and missing features here and there. we are working hard on the development and improving it over time.

Elk is Open Source. If you'd like to help with testing, giving feedback, or contributing, reach out to us on GitHub and get involved.

To boost development, you can sponsor the Team through GitHub Sponsors. We hope you enjoy Elk!

Anthony FuPatak三咲智子 Kevin DengDaniel Roe

The Elk Team