Mastodon security update 4.1.3

nichu42

"️ We are planning to release important security fixes for #Mastodon on July 6th, between 13:00 and 15:00 UTC. They will be available for the 4.1, 4.0 and 3.5 versions as well as a nightly release, to make the upgrade as small and painless for everyone as possible. Be ready to upgrade!"
https://mastodon.social/@Mastodon/110644992947398414

nomadgeek

@nichu42 came here to share. this.
Hope we get packages quickly with my thanks.

redegelde

Just received this mail from join Mastodon.

As you may be aware, we are going to release critical security updates on July 6th, between 13:00 UTC and 15:00 UTC.

These updates will be available as 4.1.3, 4.0.5, and 3.5.9, and the fixes will also be merged into the main branch and in a Docker build tagged nightly-2023-07-06-security.

Those updates address critical security issues that were uncovered during a security audit, and we have no reason to believe have been exploited in the wild.

If your server is managed by masto.host, fedi.monster, or Spacebear, you have nothing to do, as we are already in contact with them

nichu42

Here we go
https://github.com/mastodon/mastodon/releases/tag/v4.1.3

alwynispat

@nichu42 tagging @nebulon

nomadgeek

Has anyone @Cloudron acknowledged this? Do we have an ETA on the update?

girish

You can always track https://git.cloudron.io/cloudron/mastodon-app/

(but yes, it's getting updated as we speak)

nomadgeek

Awesome! Thanks for the update.

nichu42

Thanks @girish - it'll be funny to see if Cloudron or the official Docker image will be completed first. You can still win the race
Mastodon announced that they will publish details about the security issues after they have released the Docker image.

girish

It's out now.

edit: did I win ?

nichu42

@girish Yes, you did!
Thanks for the excellent work!

nomadgeek

Yep! All updated here. Thanks for your quick push.

doodlemania2

@girish totally won!

nichu42

@girish next one
https://github.com/mastodon/mastodon/releases/tag/v4.1.4