Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking
It looks like SDF's Mastodon instance (v4.0.2) is vulnerable, and requires patching to either 4.1.3 or 4.0.5. I don't want to back-seat admin, but I know the SDF crew have a lot on their plate. Are they aware of this vulnerability?
EDIT: The instance has now been updated to v4.0.5!
https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/Open linkView original on lemmy.sdf.org
Looks like both mastodon.sdf.org and social.sdf.org are now on patched versions.
I'd just like to say that that name is amazing.