mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

354K
active users

⚠️ We have just released important security fixes for the server software. Versions 4.1.3, 4.0.5, 3.5.9, as well as a new nightly are available now to make upgrading quick and painless. Please upgrade as soon as possible!

Bouncing1981

@Mastodon What does this mean for a common user? Is the user vulnerable if some instances aren't patched and how would I know if I'm part of a server that's not patched?

@Bouncing1981 @Mastodon You can see the version on the home page of your server, bottom left.

@nicu @Mastodon Can't see it on my phone. To be clear I am not running a server.

@Bouncing1981 @Mastodon I understand you don't run your own server, your account is on mastodon.social. So if you open this link mastodon.social/about in a browser, even on your phone, you will see the version. If it is one of the versions in original post, it means the server is patched.

@nicu @Mastodon Thanks, this makes sense. I am able to now see the about page on a web browser and get the details however it would be very convenient if we could go to the setttings->about and find this information. I am part of 10 servers, this will be a manual task 🙃🙃

@Bouncing1981 @Mastodon No worries! 🙂

And this might answer your other question (I was actually also curios about the vulnerabilities they patched)
arstechnica.com/security/2023/

I think the important part in this context is:
> There’s no action individual Mastodon users need to take other than to ensure that the instance they’re subscribed to has installed the updates.

Ars Technica · Mastodon fixes critical “TootRoot” vulnerability allowing node hijackingMost critical of the bugs allowed attackers to root federated instances.