**v8.1.8 Important security upgrade**
We have learned that the SQL injection vulnerability fixed in v8.1.6 has been exploited at scale since at least May 18, 2026 and so before the v8.1.6 release.
We released a new version that remove all user token access gained before v8.1.6. We also explain the attack in the changelog and the countermeasures taken by this release.
**Please upgrade to v8.1.8 as soon as possible.**
@peertube You done fucked up.
@peertube hey @funfacts_de, security release für peertube ^
@peertube Updated, thanks!
How do I "Generate new tokens for your runners"? Do I need to do this if I am not using any remote runners?
@gunchleoc You can delete existing tokens on /admin/settings/system/runners/registration-tokens-list
If you didn't enable remote runners, you don't need to do this.
@peertube Merci beaucoup! All set now 🙂
@peertube thanks for the transparent and precise report
and the quick and efficient reaction
<3
a pleasure <3
@peertube Who's been affected by this?
@peertube
What is the first vulnerable version?
@John_Livingston All versions < 8.1.6 are vulnerable
Install bonfire.cafe
Get the full app experience
