| 24 Jan 2025 |
 Niklas Korz | In reply to @niklaskorz:korz.dev
Matomo 5.2.2 has "several high-impact security fixes": https://github.com/NixOS/nixpkgs/pull/376385
PR for release-24.11 following in a moment, automatic backport won't work atm because the package has been refactored in master and I'm still working on manually backporting those changes as well (also non-trivial because we dropped matomo 4 in unstable and renamed matomo_5 to matomo) Manual backport: https://github.com/NixOS/nixpkgs/pull/376389 | 13:50:44 |
| 25 Jan 2025 |
|  @mlieberman85:matrix.org left the room. | 04:30:20 |
|  aloisw changed their profile picture. | 10:22:09 |
 hexa | https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0 | 13:48:24 |
| hexa | dotlambda Sandro š§ | 13:48:30 |
 Sandro | Well do in an hour or two | 14:14:19 |
 dotlambda | I'm on it. The webvault update requires some manual work | 16:42:43 |
| dotlambda | https://github.com/NixOS/nixpkgs/pull/376765 | 18:08:26 |
| 27 Jan 2025 |
|  Brisingr joined the room. | 02:51:21 |
| Niklas Korz | Backport of a high severity fix, accepted by original PR author a week ago: https://github.com/NixOS/nixpkgs/pull/375532#issuecomment-2605160183 | 16:18:24 |
| 28 Jan 2025 |
|  tomf joined the room. | 00:23:57 |
| tomf | FYI, I see the Woodpecker CI plugin for Nix that's advertised on their site has the author's key in extra-trusted-public-keys. I've raised this as https://github.com/woodpecker-ci/woodpecker/issues/4785 | 00:25:06 |
| tomf | If Woodpecker is popular, it might be nice if that project ends up in nix-community. | 00:26:30 |
 adamcstephens | Thatās a third party project and not really something for us to fix.Ā You already reported in their repo so I guess thatās all to be done? Itās a pretty simple plugin if you look through the code, and woodpecker can also run with a local backend allowing access to nix without dockerĀ | 00:30:43 |
| tomf | Yes, I mentioned it as an FYI to the channel, rather than email to security team because I see it's outside of the team's control/responsibility. I'll keep on top of the issues. | 00:31:29 |
| adamcstephens | Having woodpecker remove it from their list seems reasonableĀ | 00:31:48 |
