Apparently not a massive deal? (I don't know, just linking someone who seems to have a clue)
good to know!
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| HTTP | Hypertext Transfer Protocol, the Web |
| LTS | Long Term Support software version |
| nginx | Popular HTTP server |
2 acronyms in this thread; the most compressed thread commented on today has 17 acronyms.
[Thread #290 for this comm, first seen 15th May 2026, 02:30] [FAQ] [Full list] [Contact] [Source code]
Seems to be specific to rewrites using an un-named capture.
grep -rnE "\$[0-9.*].*\?" /etc/ngnix
should show if you have any potentially vulnerable directives in your config.
It's days like this where I'm happy I'm unemployed. I have a group chat with a few friends and they're pushing out patches and it's a bit of a rush.
All my publicly accessible servers update every 6 hours and reboot after whenever they need to. It's rare I need to step in and fix something. I checked a few hours ago and I'm not at risk.
All my publicly accessible servers update every 6 hours and reboot after whenever they need to. It's rare I need to step in and fix something. I checked a few hours ago and I'm not at risk.
not the flex you think it is.
didn't npm have a worm problem a few days ago?
Yep. I wasn't affected thankfully. Didn't realise I was flexing, sorry. Just happy most of my stack is automated and it's quite low maintenance at this point.
Where do I draw the line then? Serious question. If updating every couple hours is bad, then what's safe?
for corporate services we do every 30 days. which is standard. emergency patches get direct support and resolved quickly.
For anyone else using SWAG, it looks like a fix is on its way but not available yet. This SWAG issue points to an upstream Alpine package dependency that needs to be updated first. Looking at the source, they just recently committed backported patches, so presumably a new version will be released soon; then the SWAG image can be updated.
I have an old Debian 11 "bullseye" installation running on one of my servers. It's stuck at nginx 1.18.0, but it should theoretically still be covered by Debian 11 LTS security updates, right? https://wiki.debian.org/LTS/Using
nginx/oldoldstable-security,now 1.18.0-6.1+deb11u5
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!