We've discovered an issue in 2.3.2 that, in rare cases, allowed users to create accounts with the same username as existing accounts. If you have already upgraded to v2.3.2, it is recommended to upgrade to v2.3.3 as soon as possible.
v2.3.3 is a small patch and requires no extra steps, only getting the new code and restarting Mastodon.
A new rake task is included to troubleshoot/clean-up.
@kaniini I think I managed to do a same-account-name registration bug with MediaWiki, like, a decade ago; you just appended an _ to the username and it let you assume that account without the _
(no idea if it got patched)
@Mastodon I don't have any tag for 2.3.3, is it normal ? As I don't update the code, I don't have the new rake take either ! Thx for help
@Gargron Many thanks ! Everything's good now. And sorry for that (I should have think of that, but don't know why, I didn't !)
@seb_vallee I still have to get used to mastodon. As I am hosting my own instance, I somehow only see direct responses to the original toot and no responses to your question.
@Mastodon Is closing registrations a reasonable mitigation until the instance can get upgraded to 2.3.3?
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!