Security release: Talkyard v0.2025.014
By KajMagnus @KajMagnus2026-03-27 06:06:52.090Z
Temporarily removes Nginx' module ngx_http_mp4_module because of vulnerability CVE-2026-32647, https://my.f5.com/manage/s/article/K000160366. So, viewing mp4 videos won't work, for a while.
a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution ... only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module
This new version was released yesterday, so if you've enabled auto upgrades, it has upgraded itself already or within a few hours.