| ▲ | scubakid 3 days ago | |
> outdated software with known vulnerabilities Maybe I missed it, but was it ever established that these general vulnerabilities are actually relevant to this specific system/implementation? | ||
| ▲ | frenchtoast8 3 days ago | parent [-] | |
The author says "it might be trivial for anyone to hack your server." "Might" is doing way too much heavy lifting here. Actually, the author has no idea if there is any actual exploitable vulnerability on the server. They just Googled a version number and fired off a "vulnerability report," which "might" be worth as much as the dozens of emails I get a month about "huge vulnerabilities" related to my SPF record, or those CVEs that boil down to "if someone has root on the machine they could do something bad on the machine." I can't help but feel that the author's motivation was to get some sort of reaction, and now they've gotten it. If this vulnerability was so vital to be patched, why would it be bundled into a "by the way" DM on Twitter along with a post heavily criticizing the app developer? Both people involved can be idiots here. | ||