The admin of lemmy.world, mastodon.world, and calckey.world says the site has been hacked. For details, here you can find his post and this for the recap.

What does all this have to do with the backup community?

Lemmy instance administrators must take into account that any backups of previous versions of their instance may be affected by this vulnerability.

While updates to Lemmy instances are progressive in a future timeline (meaning they tend to update to newer versions and not older versions), there is a chance that administrators, for some reason, need to use an old backup. In this case, the use of previous versions must necessarily eliminate the problem of custom emojis and rotate the JWT secret.

Do I have to change my password?

The administrator of lemmy.world, mastodon.world, and calckey.world says that passwords are not compromised, but to “sleep peacefully” it’s preferable to change your password.