⚠️ We have just released important security fixes for the #Mastodon server software. Versions 4.1.3, 4.0.5, 3.5.9, as well as a new nightly are available now to make upgrading quick and painless. Please upgrade as soon as possible!
53 comments
Olaf Kolkman
this may be useful for some here:
sbug
@Mastodon May I suggest you include the hashtag #MastoAdmin in that post since many admins follow that
Zoe
Dear readers of social.animeprincess.net: I will upgrade my website to fix this this weekend. You have until then to hax me. GLHF.
GunChleoc
@Mastodon Thanks for the new version! The upgrade instructions still need some TLC though https://mastodon.scot/@gunchleoc/110667501611817208
Bouncing1981
@Mastodon What does this mean for a common user? Is the user vulnerable if some instances aren't patched and how would I know if I'm part of a server that's not patched?
Felix Urbasik
@Mastodon For the lazy:
Ben CG 🕊️
.@Mastodon Is this for servers to upgrade, or for users? (hi i'm new.)
kaitou
@Mastodon Your upgrade process is lacking. The upgrade page says "check the release notes on the git page" but doesn't say where to find them. Adding the link with a <fill in the version here> would help. Also, mine didn't start because the ruby gems needed upgrading (no mention of that); adding a "bundle install" command in the generic upgrade instructions wouldn't hurt. (I had to run the sidekiq command by hand to find this out.)
Сандер (прошу, поправляйте мя)
@Mastodon трумбета буде кус офлайн тота вечер жебы мушу робити апдейт.
Mikaela Caron
@Mastodon I have absolutely no idea how to update my server 😅 I built it kinda for fun, if anyone has any guides I’d love to see them thanks! https://www.linode.com/docs/guides/install-mastodon-on-ubuntu-2004/
Jeroen Habets
@Mastodon updated https://mastodon.habets.dev/ to 4.1.3. As always: upgrade went smooth as a whistle! Thanks!
Maarten Steenhagen
@Mastodon I've seen this. This is just a sneaky way to make sure we can't vote in our own polls any longer. Tsssss 😉
Steve Hill 🏴🇪🇺
@Mastodon getting "Module parse failed: Unexpected token" when running assets:precompile :(
Littlekitten13
@Mastodon hope this gets rid of the pedos posting irl loli and links hate the stuff makes this site suck
☆ Tყα 2️⃣ Ⓣⓨⓐ :welp:
@Mastodon I came back to this space using a new account. Everything here has been improved. What a nice comeback surprise♡ :patcat:
Jeroen Habets
@Mastodon I just noticed 4.1.4 on github and upgraded (smooth as a whistle) No post though...or did I miss it? "This release addresses a few issues that were missed in the last security update and includes changelogs for both updates. ⚠️ It is a follow-up to the important 4.1.3 security release fixing multiple critical security issues (CVE-2023-36460, CVE-2023-36459)." |
@Mastodon three servers all upgraded.
Seamless on all of them! Thanks.