So by complete luck I found a huge security bug in lemmy as far as I can understand.
How can I test it with the team and disclose it with them?
Edit: I thought it is weird that anyone can access lemmy.ml/setup but upon further investigation I found that no one can use it in anything other than the admins and that users can only signup a normal account from this page rather than admin account.
Which means that this is a feature not a bug.
overall I think admins should hide this page to future proof it from bugs.
Support / questions about Lemmy.
I would try to contact the head devs, @firstname.lastname@example.org or @email@example.com on Matrix, Lemmy have several offical rooms where they hang out.
I don’t have matrix account.
Thank you i opened an issue.