#Tag · bonfire.cafe

#Tag

anyone hosting on hetzner know why i would get a government message like this about security vulnerabilities in something i'm self-hosting? (i already updated the software even if it wasn't necessary)

i used @cloudron to install it but not sure if that matters

4 media

We have received a notification from the German Federal Office for Information Security (BSI) for (the IP address of) a server you have with us. We are automatically forwarding this notification on to you, for your information.
The original report has been included below. Additional information is provided with the how-to guides referenced in the report. Please note that we do not have any further information to share.
These notifications do not mean your server was involved in any abusive activity.
They are simply alerting you to a potential issue on your server, that could be exploited, and that is usually fairly easy to secure.
You do not need to send us, or the BSl, a response.
In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report — We have received a notification from the German Federal Office for Information Security (BSI) for (the IP address of) a server you have with us. We are automatically forwarding this notification on to you, for your information. The original report has been included below. Additional information is provided with the how-to guides referenced in the report. Please note that we do not have any further information to share. These notifications do not mean your server was involved in any abusive activity. They are simply alerting you to a potential issue on your server, that could be exploited, and that is usually fairly easy to secure. You do not need to send us, or the BSl, a response. In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report

Dear Sir or Madam,
n8n is an open-source workflow automation platform.
Multiple Critical vulnerabilities in n8n can be exploited by remote attackers to expose sensitive information or execute arbitrary code,
potentially resulting in a full system compromise.
All supported versions prior to 2.0.0 are affected.
Users should update n8n to a current version as soon as possible.
Additional information provided by the vendor:
CVE-2025-68613
https://github.com/n8n-io/n8n/security/.
advisories/GHSA-v98v-ff95-f3cp — Dear Sir or Madam, n8n is an open-source workflow automation platform. Multiple Critical vulnerabilities in n8n can be exploited by remote attackers to expose sensitive information or execute arbitrary code, potentially resulting in a full system compromise. All supported versions prior to 2.0.0 are affected. Users should update n8n to a current version as soon as possible. Additional information provided by the vendor: CVE-2025-68613 https://github.com/n8n-io/n8n/security/. advisories/GHSA-v98v-ff95-f3cp

Please find below a list of IP addresses of n8n systems on your networks
found to be running a version still affected by one or more of these
vulnerabilities. All timestamps are UTC.
We would like to ask you to take appropriate steps to secure affected systems
or notify your customers accordingly.
This message is digitally signed using
PGP.
Information on the signature key is available at:
<https://reports.cert-bund.de/en/digital-
signature>
Please note:
This is an automatically generated message. Replies to the
sender address <reports@reports.cert-bund.de> will NOT be read
but silently be discarded. — Please find below a list of IP addresses of n8n systems on your networks found to be running a version still affected by one or more of these vulnerabilities. All timestamps are UTC. We would like to ask you to take appropriate steps to secure affected systems or notify your customers accordingly. This message is digitally signed using PGP. Information on the signature key is available at: <https://reports.cert-bund.de/en/digital- signature> Please note: This is an automatically generated message. Replies to the sender address <reports@reports.cert-bund.de> will NOT be read but silently be discarded.

In case of questions, please contact <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...] of this message in the subject line.
Affected systems on your network:
Format: ASN | IP | Timestamp (UTC) | Port | Version | Status | Cve
24940 | ip address redacted | 2026-01-13
19:36:38 | 443 | 1.123.7 | vulnerable |
cve-2025-68668

Mit freundlichen Grüßen / Kind regards
Team CERT-Bund
Bundesamt für Sicherheit in der
Informationstechnik
Federal Office for Information Security (BSI)
CERT-Bund
Godesberger Allee 87, 53175 Bonn, Germany. — In case of questions, please contact <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...] of this message in the subject line. Affected systems on your network: Format: ASN | IP | Timestamp (UTC) | Port | Version | Status | Cve 24940 | ip address redacted | 2026-01-13 19:36:38 | 443 | 1.123.7 | vulnerable | cve-2025-68668 Mit freundlichen Grüßen / Kind regards Team CERT-Bund Bundesamt für Sicherheit in der Informationstechnik Federal Office for Information Security (BSI) CERT-Bund Godesberger Allee 87, 53175 Bonn, Germany.

cloudron

@cloudron@social.cloudron.io replied · 2 days ago

@rosano maybe just a friendly reminder, although would be interesting to know how they figured out, that you are running n8n via #cloudron there. But it seems they didn't actually check the version to see if your deployment is vulnerable.

However, just to be sure, if you are on latest #n8n package via Cloudron you are fine.

pvergain (framapiaf) boosted

Sheena

@sheena@fosstodon.org · 3 weeks ago

I've been thinking about learning #n8n so I can automate a few things in my life. I keep hearing how cool it is. After poking around a bit, I think #Airflow is a better fit for me. It's way more flexible (because Python) and scalable.

I think people misunderstand what Airflow really is. It's not a data pipelining tool. It's a task orchestrator.

Sheena

@sheena@fosstodon.org · 3 weeks ago

I think people misunderstand what Airflow really is. It's not a data pipelining tool. It's a task orchestrator.

Hacker News

@h4ckernews@mastodon.social · last month

Sim – Apache-2.0 n8n alternative

https://github.com/simstudioai/sim

#HackerNews #Sim #n8n #alternative #Apache2 #0 #open #source #automation #tools #GitHub

GitHub

GitHub - simstudioai/sim: Open-source platform to build and deploy AI agent workflows.

Open-source platform to build and deploy AI agent workflows. - simstudioai/sim

informapirata ⁂ :privacypride:

@informapirata@mastodon.uno · 3 months ago

Google Safe Browsing è una potenziale macchina dello sterminio per il web libero: da inizio mese ha segnalato come pericolosi i siti di Immich

All'inizio di ottobre tutti i siti web di immich
sono stati contrassegnati come pericolosi e agli utenti è stata mostrata la temuta pagina "schermata rossa della morte".*.immich.cloud

https://immich.app/blog/google-flags-immich-as-dangerous

@informatica

informapirata ⁂ :privacypride:

@informapirata@mastodon.uno replied · 3 months ago

Sembra che Google Safe Browsing sia stato sviluppato senza considerare il software open source o self-hosted. Molti progetti popolari hanno riscontrato problemi simili, come:
- #Jellyfin: https://github.com/jellyfin/jellyfin-web/issues/4076
- #YunoHost: https://forum.yunohost.org/t/google-flags-my-sites-as-dangerous-deceptive-site-ahead/20361
- #n8n: https://community.n8n.io/t/deceptive-site-ahead-urgent/24152
- #NextCloud: https://www.reddit.com/r/NextCloud/comments/w3x0fs/google_marked_my_nextcloud_app_as_a_dangerous/
- altre implementazioni di #Immich: https://www.reddit.com/r/immich/comments/1ne5jbq/google_has_blocked_my_domain_due_to_immich/

@informatica

paulyd II - the wrath of caro-kann liked this activity

Jeromy

@jeromyokc@okla.social · 3 months ago

gave up on feed2toot and have migrated my rss2toot workflow to n8n. This was pretty fun to setup! Except I forgot to limit it to the most recent posts and it dumped 150 items to my bots timeline 😞

live and learn and test before deploying :)

#n8n #automation #rss

screenshot of a n8n workflow to post toots from rss to mastodon

Jeromy

@jeromyokc@okla.social · 3 months ago

gave up on feed2toot and have migrated my rss2toot workflow to n8n. This was pretty fun to setup! Except I forgot to limit it to the most recent posts and it dumped 150 items to my bots timeline 😞

live and learn and test before deploying :)

#n8n #automation #rss

YunoHost :disability_flag: boosted

GeoffreyA

@geoffreyA@mastodon.social · 3 months ago

@elena totally agree, last month I :

1. Installed #yunohost
2. Google photo freed myself
3. SelfHosted my blog with #pelican
4. Installed #FitTrackee to host my riding and hiking GPX to get free from komoot
5. Installed #Fusion as RSS server
6. Installed Peertube
7. #N8N to automate
8. and #listmonk to manage my side project

Self-hosting is so joyful...

And there is so much I want to do....

Elena Rossini on GoToSocial ⁂

@elena@aseachange.com · 3 months ago

My digital independence roadmap for the year ahead:

Phase 1: liberate my music and movie libraries with #Jellyfin (I just installed it YAY)

Phase 2: liberate my audiobook collection with #AudioBookshelf

Phase 3: liberate my photo and video libraries with #Immich / stop paying for iCloud

Phase 4: jailbreak my Kindle and liberate my eBook collection

Looks like I will be busy through the end of 2026 😅

Once you start #selfhosting, there is no way back 💪

#digitalsovereignty #BTfree

GeoffreyA

@geoffreyA@mastodon.social replied · 3 months ago

@elena totally agree, last month I :

Self-hosting is so joyful...

And there is so much I want to do....

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-beta.35 no JS en

Automatic federation enabled