Reddit - The heart of the internet
www.reddit.com

See this comment for the latest update: https://lemmy.ca/post/58815307/21337921

Original title: BentoPDF urgent security notice: do not pull or update

Original Post:

See the post in the link for the latest details. As of me making this post

Due to an error during an organization migration, we have temporarily lost control of the bentopdf namespace on Docker Hub. The bentopdf username/namespace may currently be in a released state, meaning it could potentially be registered by a third party.

  • kumi@feddit.onlineEnglish
    462·
    8 days ago

    I guess they now have large enough number of users that it would be wise to shift some focus to supply-chain security from growth-hacking.

    This is growing pains.

    • alam@lemmy.worldEnglish
      11·
      8 days ago

      Thank you for sharing this, and apologies for not posting it here sooner. I will update it as soon as I receive any responses.

      • Otter@lemmy.caOPEnglish
        2·
        3 days ago

        I see the original post got removed by moderators to prevent panic. Would you have an update that you can share in this thread? I’m happy to edit the title of this post too :)

        • alam@lemmy.worldEnglish
          2·
          2 hours ago

          Hello!

          Our issue has been resolved. Our new version 1.16.1 now uses bentopdfteam/bentopdf and is the official account, and bentopdf/bentopdf is deprecated and not maintained anymore. GHCR is now the recommended source, and we have also added Podman Quadlet support.

          Since I don’t want to spam by making another post I’d be happy if you could please edit this post. Thank you (:

          • Otter@lemmy.caOPEnglish
            1·
            1 hour ago

            Great to hear! I’ve updated the post title and linked to this comment

    • ipp0@sopuli.xyzEnglish
      14·
      8 days ago

      Unless said software has any components that may be network-accessible in which case make sure the software is up to date (although you should also make sure you trust the source)

      • borokov@lemmy.worldEnglish
        22·
        8 days ago

        That moment you are so sarcastic everyone think you’re 1st degree…

        That was supposed to be a joke.

        • ipp0@sopuli.xyzEnglish
          61·
          8 days ago

          This is supposed to be a place for people to learn about self hosting, not for experts to joke about poor practices that real people actually have. Use /s for clarity.