See this issue on their github repo: here
Basically from what I understand there’s loads of unauthenticated api calls, so someone can very easily exploit that.
If they just supported mTLS in their clients it wouldn’t be an issue but oh well :(
See this issue on their github repo: here
Basically from what I understand there’s loads of unauthenticated api calls, so someone can very easily exploit that.
If they just supported mTLS in their clients it wouldn’t be an issue but oh well :(
Oof was looking to start selfhosting this but it has no client Linux support and has a subscription 😬😬
Librewolf (privacy focused firefox fork) syncing the user folders with Syncthing maybe?