MastodonJul 6, 2023
⚠️ We have just released important security fixes for the #Mastodon server software. Versions 4.1.3, 4.0.5, 3.5.9, as well as a new nightly are available now to make upgrading quick and painless. Please upgrade as soon as possible!
Show threadfuomag9Jul 6, 2023
@Mastodon Please improve the docker container building process though! It should not take 2h to get it built and pushed!
Show threadSvenJul 6, 2023
@fuomag9 @Mastodon My update took 1 minute. Without docker.
Show threadfuomag9
@sven @Mastodon deploying without docker complicates updating and worsens security. If my deployment got exploited they’d need to break out of docker to access my machine at all
Jul 6, 2023 at 6:58pmWeb
Show threadSvenJul 6, 2023
@fuomag9 @Mastodon Bottom line, I just secured an instance in a minute - it took you two hours. 🤷‍♂️
Show threadSvenJul 6, 2023
@fuomag9 @Mastodon I have a script where I just need to type in the new version number and run it - there's nothing complicated about that.
Show threadfuomag9Jul 6, 2023

@sven @Mastodon it’s the same about docker. The issue here is on the mastodon’s side on slow building of containers. Furthermore, on a bare metal machine in case a dependency changes (and it did change here as well, afaik minimum node version is now 18) a simple version number change is not enough for instantly updating.

The security impact of running without containers remains