Gregory's Server⚠️ We are planning to release important security fixes for #Mastodon on July 6th, between 13:00 and 15:00 UTC. They will be available for the 4.1, 4.0 and 3.5 versions as well as a nightly release, to make the upgrade as small and painless for everyone as possible. Be ready to upgrade!
 108 comments
Heraclio Mantegazzi 🚈🇨🇱🌳🇵🇹
Mikhail Paulyshka
In case I'm running the server from the main branch, did I already get the fix or do I still need to update on July 6? 
Nie 🏳️🌈 :fuck_verify:
@Mastodon Is it available to change this? It will improve comfort of using mastodon 
Aranjedeath
@Nie_6969 @Mastodon part of the problem is here, you can subscribe to this bug for updates: https://github.com/mastodon/mastodon/issues/34 
Erik Uden :verified:
You can fetch the follower count, you can fetch the people who participated in polls, but you can’t fetch likes & boost statistics as well as posts made in the past on another server? Excuses! It’s easily possible. Even on a client basis.
Bucker Fuskyote
@Mastodon Will it include a fix for blocked and muted accounts showing up in Home and Search?  
TopKnot
@Mastodon Can I also assume my android app will also auto-update like all other apps on my phone? Did I mention that I'm ignorant on all aspect of this issue? 
Sander Meijer
PorkrollPosadist
Dylan :heart_nb:
@TopKnot I’m pretty sure this update is just for server admins, you’re in the clear!
njamster :godot:
@TopKnot No, you don't need to do anything! Mastodon is the software that's running on the server which is hosting your instance. So the android app is not affected by this at all (but yes, would auto-update like any other app if there was an update for it). Depending on what this update actually changes and if applying it requires restarting the instance, as a user you may not even notice this update at all.
Seb :verified:
@TopKnot as a user you dont need to do anything. you just may not be able to use mastodon at that time
Heraclio Mantegazzi 🚈🇨🇱🌳🇵🇹
@TopKnot @Mastodon no, this is an announcement for instance administrators, they are the ones that need to update. For us regular users this means that probably some hours after this our instance might have a bit of downtime while it is being updated, which will depend on your local administrator's time availability (keep in mind that most admins are volunteers with their own jobs and such, so the time can be away from office hours) 
Tobias Hellgren
@TopKnot It's for the server application. Normal users probably won't have to do anything. 
Sérgio Machado
@Mastodon will this new real ease support Debian Bookworm? 
Clem 🌍🌻⏚
@arunshah240 @Mastodon Have a good day :ablobattention:
Heraclio Mantegazzi 🚈🇨🇱🌳🇵🇹
@arunshah240 @Mastodon direct message does exist as a privacy option for each message, alongside public, unlisted and followers-only. Quote-posting isn't in plans for Mastodon, but exists in other compatible options, like Calckey, which some instances use.
Erik Uden :verified:
You can already direct message people on Mastodon! But I agree, it needs an WebRTC-esque chat that’s compatible with Pleroma, Akkoma, and all the other Fedi platforms that have already implemented it. 
Darius Kazemi
Purple :verified:
@Mastodon Could you please give us a CVE Score indication of what to expect? Right now I have no idea if I have to rush as an admin to merge the fix, or if this is something that can be done with scheduled maintenance later that day
☀️ Princess Celestia ☀️
@Mastodon are you guys going to have a message icon so that I can send DM’s with my followers? 😊😊😊
Heraclio Mantegazzi 🚈🇨🇱🌳🇵🇹
@CelestiaSunButt @Mastodon it would be a good idea to make the function more evident, but currently you can send DMs by changing the privacy of a message to "direct" instead of public, unlisted or followers-only. Keep in mind that, as on most other social networks, DMs aren't encrypted 
botvolution
Hey @SDF this looks like a great opportunity to upgrade the mastodon.sdf.org instance to the latest version .... plz 
Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:
@compuguy thanks. I am aware and glitch will get the update too
Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:
@nomadgeek @compuguy I don’t, but it is serious and everyone should plan on patching shortly after the patches are made available.
Compuguy, Lover of Cats 😸😼
@jerry @nomadgeek I agree. I will be updating my instance as soon as the new containers are posted!
Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:
@compuguy @nomadgeek the mastodon team is doing a good job of coordinating the availability of patches, so containers should be ready at the same time.
Elephantidae
@Mastodon I'd kindly ask that you improve your language for future updates and specifically direct the text to administrators. If you imagine your text popping up in the feed of an ordinary user I think you can see how this would cause confusion. Would you be willing to do that in the future? And thank you for all your hard work!  
Stevie Cat, Daisy Dog & Betty
@Mastodon What does this mean, upgrade? Where are the instructions for upgrading?  
MOHANNAD :verified:
@Mastodon The application needs more development, especially in the user interface, it should be easy and elegant 
Clairement crevée
I haven't communicated about it, but the plan is to have this ready for glitch-soc, and reach out to other large forks as well
Mark Smith
Sandro :nixos: :verified_gay:
@Mastodon and #nixos merged the update within 35 minutes into master https://github.com/NixOS/nixpkgs/pull/241924 , it will be on nixos-unstable within 2 to 4 days presumable.
Marian
@Mastodon @Gargron @ClearlyClaire Are you pushing the Docker image, too? v4.1.3 is missing so far. |
@tedomum