We've discovered an issue in 2.3.2 that, in rare cases, allowed users to create accounts with the same username as existing accounts. If you have already upgraded to v2.3.2, it is recommended to upgrade to v2.3.3 as soon as possible.
v2.3.3 is a small patch and requires no extra steps, only getting the new code and restarting Mastodon.
A new rake task is included to troubleshoot/clean-up.
@kaniini I think I managed to do a same-account-name registration bug with MediaWiki, like, a decade ago; you just appended an _ to the username and it let you assume that account without the _
(no idea if it got patched)
@AstroProfundis 例行上来检查一下是否更新- -
@AstroProfundis 日常人肉检查 还没更新
@AstroProfundis 要他慢慢来吧 是 oauth 么？
@Mastodon I don't have any tag for 2.3.3, is it normal ? As I don't update the code, I don't have the new rake take either ! Thx for help
@Gargron Many thanks ! Everything's good now. And sorry for that (I should have think of that, but don't know why, I didn't !)
@lukas Yes, Gargron answer me that too, I just forgot that point ! :) Thanks !
@seb_vallee I still have to get used to mastodon. As I am hosting my own instance, I somehow only see direct responses to the original toot and no responses to your question.
@Mastodon Is closing registrations a reasonable mitigation until the instance can get upgraded to 2.3.3?
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!