We've discovered an issue in 2.3.2 that, in rare cases, allowed users to create accounts with the same username as existing accounts. If you have already upgraded to v2.3.2, it is recommended to upgrade to v2.3.3 as soon as possible.
v2.3.3 is a small patch and requires no extra steps, only getting the new code and restarting Mastodon.
A new rake task is included to troubleshoot/clean-up.
@kaniini I think I managed to do a same-account-name registration bug with MediaWiki, like, a decade ago; you just appended an _ to the username and it let you assume that account without the _
(no idea if it got patched)
🔞
@Mastodon @AstroProfundis 特么我刚升级 又来- -
@Showfom 这次还好,不用重新编译东西233333
@AstroProfundis 例行上来检查一下是否更新- -
@Showfom 还是没有233333
@AstroProfundis 日常人肉检查 还没更新
@Showfom 貌似开了新坑所以作者精力分到那边去了233
@AstroProfundis 要他慢慢来吧 是 oauth 么?
@Showfom 看错了,不是一个人,我说的新坑是这个 https://github.com/nolanlawson/pinafore
@Mastodon I don't have any tag for 2.3.3, is it normal ? As I don't update the code, I don't have the new rake take either ! Thx for help
@seb_vallee @Mastodon do: git fetch --tags
It will download the tag.
@Gargron Many thanks ! Everything's good now. And sorry for that (I should have think of that, but don't know why, I didn't !)
@seb_vallee @Mastodon A "git pull --tags" helped for me. Maybe you could try that out.
@lukas Yes, Gargron answer me that too, I just forgot that point ! :) Thanks !
@seb_vallee I still have to get used to mastodon. As I am hosting my own instance, I somehow only see direct responses to the original toot and no responses to your question.
@Mastodon Is closing registrations a reasonable mitigation until the instance can get upgraded to 2.3.3?
