Mastodon EngineeringWe just released security patches for versions 3.5, 4.0, 4.1 and 4.2. If you are using nightly, you can upgrade to 4.2.0-rc2 safely. We strongly suggest you upgrade to one of those versions in the coming days.
Please note that Mastodon 3.5 will reach end-of-life at the end of the year, and 4.0 at the end of October. We strongly suggest you upgrade to 4.1 or 4.2 by that point! Mastodon 4.2 will be released this Thursday.
corona 
Kai 'wusel' Siering
José Prous
WXFanatic@MastodonEngineering Hey @ai6yr it looks like Mastodon 4.2 is coming out this Thursday.
FinchHaven sfbaIt does appear that v4.2.0-rc2 does have some fine print that needs reading, however
"⚠️ This is a pre-release! This has not been as widely tested as regular releases, although it is still tested on mastodon.social and some other servers. If you update to this release, you will not be able to safely downgrade to the existing stable releases. You will, however, be able to upgrade to later nightly releases as well as the upcoming 4.2.0 stable release"
Here: https://github.com/mastodon/mastodon/releases/tag/v4.2.0-rc2
@FinchHaven @MastodonEngineering @ai6yr
Good catch. Especially the "you will not be able to safely downgrade to the existing stable releases" part.
The good news is that it does fix some major CVE's: (CVE-2023-42451, CVE-2023-42452, CVE-2023-42450)
Edit: Actually maybe the CVE's are just bundled in: "Corresponding security releases are available for the 4.1.x branch, the 4.0.x branch and the 3.5.x branch."
Damned if you do and damned if you don't kinda thing lol.
AI6YR Ben@WXFanatic @FinchHaven @MastodonEngineering Sounds good. I'll probably hold off on the 4.2 upgrade until two weeks from now, because I am slammed for time (including teaching multiple classes over the next two weekends, family business I have to take care of). Will definitely want to upgrade to 4.2 soon as it will let people opt into full text search if they want (will have to turn full text search on for all my bots, that will be a long day...)
@ai6yr @FinchHaven @MastodonEngineering That's a good way to let the mastodon update cook for a bit in-case there's some serious immediate issues, among giving yourself some time.
"Especially the "you will not be able to safely downgrade to the existing stable releases" part."
Yeah, that caught me too (not that I'm an admin: I'm not)
Gargron does use these on Mastodon dot Social and dot Online
Wonder if all the users he got signed up there knew they'd be beta testing distros...
Eric@MastodonEngineering I have a digital ocean server, will that still be accessible when this reaches EOL?
miss australiana@ericgtr @MastodonEngineering i would assume so. its just that the software version will no longer be receiving security updates which would put anyone using the server at risk.
NH6SPHow do we know what version a particular sever is running, e.g. mastodon.hams.social ?
ch0ccyra1n is leaving fedi soonCC: @admin you're running 3.1.3 which is absurdly out of date