Email or username:

Password:

Forgot your password?
Mastodon

⚠️ We are planning to release important security fixes for #Mastodon on July 6th, between 13:00 and 15:00 UTC. They will be available for the 4.1, 4.0 and 3.5 versions as well as a nightly release, to make the upgrade as small and painless for everyone as possible. Be ready to upgrade!

105 comments
Heraclio Mantegazzi 🚈🇨🇱🌳🇵🇹

@mndflayr @Mastodon jokes aside, some rate limiting function might have helped back in November, when lots of people were coming and many servers weren't able to cope with it.

Mikhail Paulyshka

@Mastodon

In case I'm running the server from the main branch, did I already get the fix or do I still need to update on July 6?

ɑᴢıᴍ

@Mastodon i got 503 error when i publish my post
but it sent it

Nie 🏳️‍🌈 :fuck_verify:

@Mastodon Is it available to change this? It will improve comfort of using mastodon

j.r

@Nie_6969 @Mastodon this is more or less "by design" in the way how ActivityPub works. So it will most probably never be fixed...

Erik Uden :verified:

You can fetch the follower count, you can fetch the people who participated in polls, but you can’t fetch likes & boost statistics as well as posts made in the past on another server?

Excuses! It’s easily possible. Even on a client basis.

Bucker Fuskyote

@Mastodon Will it include a fix for blocked and muted accounts showing up in Home and Search?

Apicultor 🐝

@Mastodon Why a two-hour release window? Drop it at a fixed time!

TopKnot

@Mastodon
Realize I am really ignorant of this stuff ... as a person on a Windows computer using Mastodon in a browser, do I need to do anything?

Can I also assume my android app will also auto-update like all other apps on my phone?

Did I mention that I'm ignorant on all aspect of this issue?

DELETED

@TopKnot @Mastodon hi topknot, you won’t need to do anything if you are using mastodon through your browser, and the app will update on your phone like other apps. Hope this helps!

Sander Meijer

@TopKnot @Mastodon This is an update that the administrators of the Mastodon instances will need to do. No interaction from users needed.

PorkrollPosadist

@TopKnot @Mastodon Nothing needed on your end. This is an update for the Mastodon server software. It will be applied by the server administrators.

Dylan :heart_nb:

@TopKnot I’m pretty sure this update is just for server admins, you’re in the clear!

Marco :verified:

@TopKnot @Mastodon no. It is for server admins who run a Mastodon server.

njamster :godot:

@TopKnot No, you don't need to do anything! Mastodon is the software that's running on the server which is hosting your instance. So the android app is not affected by this at all (but yes, would auto-update like any other app if there was an update for it). Depending on what this update actually changes and if applying it requires restarting the instance, as a user you may not even notice this update at all.

Seb :verified:

@TopKnot as a user you dont need to do anything. you just may not be able to use mastodon at that time

Heraclio Mantegazzi 🚈🇨🇱🌳🇵🇹

@TopKnot @Mastodon no, this is an announcement for instance administrators, they are the ones that need to update.

For us regular users this means that probably some hours after this our instance might have a bit of downtime while it is being updated, which will depend on your local administrator's time availability (keep in mind that most admins are volunteers with their own jobs and such, so the time can be away from office hours)

Tobias Hellgren

@TopKnot It's for the server application. Normal users probably won't have to do anything.

@Mastodon

warrows

@TopKnot you don't have to do anything, your server admins will have to update the server software

Sérgio Machado

@Mastodon will this new real ease support Debian Bookworm?
Meaning: nodejs 18 and libidn12 icu72?
Is Ruby 3.2.2 also full supported ?

Arun Shah™

@Mastodon waiting for quote post & direct message feature

Heraclio Mantegazzi 🚈🇨🇱🌳🇵🇹

@arunshah240 @Mastodon direct message does exist as a privacy option for each message, alongside public, unlisted and followers-only.

Quote-posting isn't in plans for Mastodon, but exists in other compatible options, like Calckey, which some instances use.

Erik Uden :verified:

You can already direct message people on Mastodon!

But I agree, it needs an WebRTC-esque chat that’s compatible with Pleroma, Akkoma, and all the other Fedi platforms that have already implemented it.

alive

@Mastodon @darius do you expect to have a hometown release with this swiftly, or should i expect to have to pull in changes manually?

Darius Kazemi

@alive @Mastodon yes, I have been alerted to this although "swift" will mean "within 24 hours, hopefully 12" because I will be in the middle of airplane travel that day

alive

@darius good to know, thanks! i'm having a similar thing, was planning to be in the forest with no internet that whole week, but i guess i'm going to be doing at least a little sshing :/

Purple :verified:

@Mastodon Could you please give us a CVE Score indication of what to expect?

Right now I have no idea if I have to rush as an admin to merge the fix, or if this is something that can be done with scheduled maintenance later that day

Joan Albright

@Mastodon Any chance of the scheduler tool getting a CW option?

☀️ Princess Celestia ☀️

@Mastodon are you guys going to have a message icon so that I can send DM’s with my followers? 😊😊😊

Heraclio Mantegazzi 🚈🇨🇱🌳🇵🇹

@CelestiaSunButt @Mastodon it would be a good idea to make the function more evident, but currently you can send DMs by changing the privacy of a message to "direct" instead of public, unlisted or followers-only. Keep in mind that, as on most other social networks, DMs aren't encrypted

Çağdaş Topçu 般 :pika:

@Mastodon çalışın çalışın maşallah Allah çalışanı sever :mastodon: 🧿

botvolution

@Mastodon

Hey @SDF this looks like a great opportunity to upgrade the mastodon.sdf.org instance to the latest version .... plz

Compuguy, Lover of Cats 😸😼

@Mastodon Heads up @jerry Hopefully this is quickly pushed to the glitch branch quickly...

Elephantidae

@Mastodon I'd kindly ask that you improve your language for future updates and specifically direct the text to administrators. If you imagine your text popping up in the feed of an ordinary user I think you can see how this would cause confusion.

Would you be willing to do that in the future?

And thank you for all your hard work!

やぎ

@Mastodon

Translation by DeepL
⚠️ #マストドン の重要なセキュリティ修正を7月6日13:00から15:00(UTC)の間にリリースする予定です。4.1、4.0、3.5の各バージョンで利用可能で、ナイトリーリリースも予定しています。アップグレードの準備を!

DELETED

@Mastodon I don’t use the app. I sign in via website so no issue for me?

DELETED

@Mastodon maybe you should fix how explore works first, it's been one day and no changes. People had toot too much and newer post do not appear. This is flawed and should be fixed.

Stevie Cat, Daisy Dog & Betty

@Mastodon What does this mean, upgrade? Where are the instructions for upgrading?

Chookbot

@Mastodon What's that in Greenwich Mean Time, please, so we can work out the time in our own country?

Amadeus

@Mastodon
Dear developers, please fix the bug on the android application. Text and media files are superimposed as a screen saver in the profile, and when you scroll it is unclear what is displayed

Ammar Zaater

@Mastodon can you teach us how to do the upgrade in linux?

TZ

@Mastodon you need to give blue tick for those who use #mastodon in this year 🙏🏻

MOHANNAD :verified:

@Mastodon The application needs more development, especially in the user interface, it should be easy and elegant

Clairement crevée

#LastBoost

I haven't communicated about it, but the plan is to have this ready for glitch-soc, and reach out to other large forks as well

Mark Smith

@Mastodon Threads seems to have launched early. Is the security update related to Threads? @Gargron @stux

Sandro :nixos: :verified_gay:

@Mastodon and #nixos merged the update within 35 minutes into master github.com/NixOS/nixpkgs/pull/ , it will be on nixos-unstable within 2 to 4 days presumable.

Marian

@Mastodon @Gargron @ClearlyClaire Are you pushing the Docker image, too? v4.1.3 is missing so far.

Titi

@Mastodon in your next update, PLEASE make a desktop oled dark mode - not having the darkest possible dark mode hurts my eyes, at night even more - a lot of pleads

Titi

@Mastodon in your next update, PLEASE make a desktop oled dark mode - not having the darkest possible dark mode hurts my eyes, at night even more PLEASE PLEASE PLEASE

Go Up