This release includes major improvements to performance, specifically optimizations of database queries. Special thanks to @phiresky, @ruud, @sunaurus and many others for investigating these.

Love to see the community coming together to improve things !

yup pretty sure

$ cat /etc/passwd
fox:hunter2:1000:1000::/home/fox:/usr/bin/zsh

😉

you don’t need to be root to read /etc/passwd

following a recipe is like executing an algorithm, except there is no segmentation fault. whats not to like.

However, the two Jumpsec Red Team members found that they could go around the restriction by changing the internal and external recipient ID in the POST request of a message, thus fooling the system into treating an external user as an internal one.

so they only do the check on client side. classic.