Summary
maxUsername value is not respected. Username max value is set to 100 as per schema.
Details
Sending a PATCH request to /api/users/@me with any username with length < 100 will be accepted, regardless of maxUsername value set in config.
Mitigation
The maxUsername config value is now respected as of commit a03f7c8.
However, the default value of maxUsername was previously 127. The default now is 32, which matches Discord.com.
We recommend existing instances change this value.
SamButNotSam Reporter
Summary
maxUsername value is not respected. Username max value is set to 100 as per schema.
Details
Sending a PATCH request to
/api/users/@mewith any username with length < 100 will be accepted, regardless of maxUsername value set in config.Mitigation
The maxUsername config value is now respected as of commit a03f7c8.
However, the default value of maxUsername was previously 127. The default now is 32, which matches Discord.com.
We recommend existing instances change this value.