Reddit - The heart of the internet
www.reddit.com

See this comment for the latest update: https://lemmy.ca/post/58815307/21337921

Original title: BentoPDF urgent security notice: do not pull or update

Original Post:

See the post in the link for the latest details. As of me making this post

Due to an error during an organization migration, we have temporarily lost control of the bentopdf namespace on Docker Hub. The bentopdf username/namespace may currently be in a released state, meaning it could potentially be registered by a third party.

    • alam@lemmy.worldEnglish
      0·
      8 days ago

      Thank you for sharing this, and apologies for not posting it here sooner. I will update it as soon as I receive any responses.

      • Otter@lemmy.caOPEnglish
        0·
        4 days ago

        I see the original post got removed by moderators to prevent panic. Would you have an update that you can share in this thread? I’m happy to edit the title of this post too :)

        • alam@lemmy.worldEnglish
          2·
          11 hours ago

          Hello!

          Our issue has been resolved. Our new version 1.16.1 now uses bentopdfteam/bentopdf and is the official account, and bentopdf/bentopdf is deprecated and not maintained anymore. GHCR is now the recommended source, and we have also added Podman Quadlet support.

          Since I don’t want to spam by making another post I’d be happy if you could please edit this post. Thank you (:

          • Otter@lemmy.caOPEnglish
            2·
            10 hours ago

            Great to hear! I’ve updated the post title and linked to this comment

  • kumi@feddit.onlineEnglish
    0·
    9 days ago

    I guess they now have large enough number of users that it would be wise to shift some focus to supply-chain security from growth-hacking.

    This is growing pains.