Carved logo

Vulnerabilities in LiveJournal fixed thanks to SECENTIS researchers

Umberto Morelli and Nicolas Dolgin, researchers from SECENTIS, the European industrial PhD focused on computer security, have recently discovered some Cross-Site Request Forgery (CSRF) vulnerabilities in LiveJournal, and have kindly pointed them out to LiveJournal Support Team.

We would like to publicly acknowledge the impact made by Umberto and Nicolas. Thanks to their prompt and thorough report, said vulnerabilities have been timely fixed by LiveJournal developers.

The Team reminds that bug-reports and security reports can be sent to We greatly appreciate your feedback!
  • markf

Support changes

Hi everyone! After careful consideration, support staff have decided that a few changes are needed to the support system in order to keep everything running as smoothly as possible given the current staffing & activity levels we have. Most of the changes are centered around the concept of removing barriers for support volunteers to help others, reducing the number of places support related information is, removing stale documentation that hasn't been maintained for awhile and isn't likely to be updated in the near future, and stripping out some of the rules that make participation in support a bit more difficult than it needs to be. So with that said, on with the specific changes & plans!


Privs have been greatly simplified! A base level of privs will be granted to anyone who has shown an effort to help others in a constructive and respectful manner. These will be given out on a support-wide basis rather than for individual categories. Anyone with these privs will be able to:

* Make internal comments to requests and see internal comments which have been left by others
* Use the stock answers system
* Move requests between categories
* Change the subject of requests
* See and edit tags on requests
* See all screened answers on a request

There will also be the SupportHelp level which will allow you to approve your own answers, as well as the screened answers of others. This priv level will be given out to those who have also demonstrated the ability to consistently answer requests accurately and shown good judgement in general. This will still be given out on a per-category basis.

Support Communities

We're doing a fresh start of the lj_support community! There's just too much information in the old one, and much of it is outdated and likely to cause confusion. We also wanted to make sure the membership list consists of people who are still actively involved with support on LiveJournal. The old lj_support community has been renamed and is now at support_archive so the information is all still there, but anything in or linked from the old community should not be considered current Support policy.

Many of the other support related communities are also being moved into read only mode for archiving purposes so we can reduce the number of places everyone needs to watch in order to keep up with what's going on in Support.

The full list of support related communities we plan to continue using are:

lj_support - Your one stop shop for support related things. It will be used for posting announcements relevant to doing support, questions about support, and your general portal to other support related documentation, policies, guidelines, etc.
lj_releases - For documenting changes to the site and running Beta testing of upcoming releases or features.
knownissues - For detailed explanations of any problems people are commonly reporting to Support. The point could be helping people troubleshoot issues, gathering information to help identify a problem with LJ, or to explain situations affecting many people that are caused by popular third party software or service providers.
howto - For posting detailed tutorials about how to do various things on LiveJournal that aren't quite appropriate for the FAQ system.
s2howto - Same concept as howto, but specific to doing neat things with the S2 style system.
lj_schools - For things related to the LiveJournal Schools project.
tlc_admin - The Admin community for all things schools related.
lj_userdoc - For discussing, editing, creating, and removing FAQs
lj_docadmin - Same concept as lj_userdoc, but for anything that needs to remain private. (This may be merged into the lj_userdoc community if we can find a good way to do so).

Other support related communities have been moved into a locked status; new entries and comments cannot be posted to them. The content in these communities has been preserved, but any information contained in these locked support communities should generally be considered to be outdated.

Support Categories

There will be a total of 6 public support categories we intend to keep using. Those categories are:

Russian Support - For requests in Russian.
General/Unknown - For answering general questions about how to do something, or things which do not fit in any other category.
Troubleshooting - For helping users troubleshoot issues, whether that's helping them with something causing problems on their end or handling anything related bugs with LiveJournal.
Styles - For anything related to styles/customization.
Scrapbook - For Scrapbook related requests.
Mobile - For requests about mobile features/apps/etc.

Other categories are considered closed, and it will not be possible to open new requests in them. They will, however, still appear in the dropdown menu as we don't have a good way to fully remove them right now, but requests should not be moved to these categories. The categories no longer in use are: Communities, Documentation, Entries, Images, Syndication (RSS), Schools.

In some cases, which category a request belongs in may not be completely clear; it might fit well into more than one category. In these cases, try to favor a more specific category (Styles, Scrapbook, or Mobile) if it fits in one of these than a more general one (General/Unknown or Troubleshooting). Beyond that, don't worry too much about which category a request should be in.


We're doing away with the formal review system. Staff will try and keep an eye out for when people should have more or less privs than they do, and you can always poke us if you have questions or think you should be at a different priv level than you are.

Writing style/tone

We're pretty relaxed about this as long as you're writing at a reasonable level and aren't being rude. The goal is to try and help the person writing in with whatever problem they're having, and if you're more comfortable doing that in a casual way than through a more formal tone, feel free to do so! As a general rule, it's usually best to try and match the tone of the person writing in, and failing that, you can always default to a formal tone if you're not sure whether or not they would be receptive to a more casual tone.

Support Wiki

This is an unmaintained project at this point, contains information that may or may not be out of date, much of it could cause confusion rather than help at this point, and we're planning on it going away in the near future. If there's any specific content from the Wiki you want to save, go forth and archive!

Stock answers

These are in a state of disrepair, and we know there's a lot of work to do to put these back in a more useable state. We intend to do a thorough review and pull any stocks that are still needed from dead categories and move them into the most appropriate categories that are still in use.

And that's pretty much everything I wanted to cover with this post; if you have any questions or concerns about any of this, please comment!