We have just released important security fixes for the #Mastodon server software. Versions 4.1.3, 4.0.5, 3.5.9, as well as a new nightly are available now to make upgrading quick and painless. Please upgrade as soon as possible!
@Mastodon What does this mean for a common user? Is the user vulnerable if some instances aren't patched and how would I know if I'm part of a server that's not patched?
@Bouncing1981 @Mastodon You can see the version on the home page of your server, bottom left.
@Bouncing1981 @Mastodon I understand you don't run your own server, your account is on mastodon.social. So if you open this link https://mastodon.social/about in a browser, even on your phone, you will see the version. If it is one of the versions in original post, it means the server is patched.
@Bouncing1981 @Mastodon No worries!
And this might answer your other question (I was actually also curios about the vulnerabilities they patched)
https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/
I think the important part in this context is:
> There’s no action individual Mastodon users need to take other than to ensure that the instance they’re subscribed to has installed the updates.
@Bouncing1981 @Mastodon I'd also like to know this