**v8.1.8 Important security upgrade**
-
**v8.1.8 Important security upgrade**
We have learned that the SQL injection vulnerability fixed in v8.1.6 has been exploited at scale since at least May 18, 2026 and so before the v8.1.6 release.
We released a new version that remove all user token access gained before v8.1.6. We also explain the attack in the changelog and the countermeasures taken by this release.
**Please upgrade to v8.1.8 as soon as possible.**
-
**v8.1.8 Important security upgrade**
We have learned that the SQL injection vulnerability fixed in v8.1.6 has been exploited at scale since at least May 18, 2026 and so before the v8.1.6 release.
We released a new version that remove all user token access gained before v8.1.6. We also explain the attack in the changelog and the countermeasures taken by this release.
**Please upgrade to v8.1.8 as soon as possible.**
@peertube
What is the first vulnerable version? -
@peertube
What is the first vulnerable version?@John_Livingston All versions < 8.1.6 are vulnerable
-
**v8.1.8 Important security upgrade**
We have learned that the SQL injection vulnerability fixed in v8.1.6 has been exploited at scale since at least May 18, 2026 and so before the v8.1.6 release.
We released a new version that remove all user token access gained before v8.1.6. We also explain the attack in the changelog and the countermeasures taken by this release.
**Please upgrade to v8.1.8 as soon as possible.**
@peertube Who's been affected by this and how did you learn about this?
-
**v8.1.8 Important security upgrade**
We have learned that the SQL injection vulnerability fixed in v8.1.6 has been exploited at scale since at least May 18, 2026 and so before the v8.1.6 release.
We released a new version that remove all user token access gained before v8.1.6. We also explain the attack in the changelog and the countermeasures taken by this release.
**Please upgrade to v8.1.8 as soon as possible.**
@peertube thanks for the transparent and precise report
and the quick and efficient reaction
a pleasure
-
**v8.1.8 Important security upgrade**
We have learned that the SQL injection vulnerability fixed in v8.1.6 has been exploited at scale since at least May 18, 2026 and so before the v8.1.6 release.
We released a new version that remove all user token access gained before v8.1.6. We also explain the attack in the changelog and the countermeasures taken by this release.
**Please upgrade to v8.1.8 as soon as possible.**
@peertube hey @funfacts_de, security release für peertube ^
-
@gunchleoc You can delete existing tokens on /admin/settings/system/runners/registration-tokens-list
If you didn't enable remote runners, you don't need to do this.
