@TootSweet@lemmy.world because it’s specifically software that is about opening and processing arbitrary payloads.

@nazokiyoubinbou@urusai.social supply chain attacks are the favorite these days :/

@devans143@phpc.social CVE indicates 24.08 was the patched version

@Arotrios @readbeanicecream @daredevil and it answers my question: it is not the full server firehose, just the posts already known to the kbin server

@Arotrios @readbeanicecream @daredevil now I’m really curious how it works when you subscribe to a server. Is it pulling in that server’s public and local feeds? Or is it only showing you posts from users on that server that your instance already knows about

@Arotrios @readbeanicecream @daredevil this sounds very plausible. Unexpected, but it would make sense that kbin’s /d/ path is showing you the directory of content from your server’s local cache and not querying the target server.

Which kinda makes sense, honestly: since that feature is trying to list everything kbin knows about from the target server, populating it for the first time would definitely cause a significant load on that instance

@Arotrios @readbeanicecream @daredevil fwiw I can confirm that URUSAI! does not have any restrictions on kbin.social. And I’m able to load your kbin profiles from our Mastodon instance without issue.

I’d need to look into how the /d/ implementation in kbin works to know more.

But if you toss me the URL of a mastodon instance that DOES show up there without issue I might be able to learn something :)