NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.
  • GreenKnight23@lemmy.worldEnglish
    0·
    21 hours ago

    All my publicly accessible servers update every 6 hours and reboot after whenever they need to. It’s rare I need to step in and fix something. I checked a few hours ago and I’m not at risk.

    not the flex you think it is.

    didn’t npm have a worm problem a few days ago?

    • skankhunt42@lemmy.caEnglish
      0·
      16 hours ago

      Yep. I wasn’t affected thankfully. Didn’t realise I was flexing, sorry. Just happy most of my stack is automated and it’s quite low maintenance at this point.

      Where do I draw the line then? Serious question. If updating every couple hours is bad, then what’s safe?

      • GreenKnight23@lemmy.worldEnglish
        0·
        15 hours ago

        for corporate services we do every 30 days. which is standard. emergency patches get direct support and resolved quickly.