Mastodon EngineeringWe just released security patches for versions 3.5, 4.0, 4.1 and 4.2. If you are using nightly, you can upgrade to 4.2.0-rc2 safely. We strongly suggest you upgrade to one of those versions in the coming days.
Please note that Mastodon 3.5 will reach end-of-life at the end of the year, and 4.0 at the end of October. We strongly suggest you upgrade to 4.1 or 4.2 by that point! Mastodon 4.2 will be released this Thursday.
WXFanatic@MastodonEngineering Hey @ai6yr it looks like Mastodon 4.2 is coming out this Thursday.
FinchHaven sfbaIt does appear that v4.2.0-rc2 does have some fine print that needs reading, however
"⚠️ This is a pre-release! This has not been as widely tested as regular releases, although it is still tested on mastodon.social and some other servers. If you update to this release, you will not be able to safely downgrade to the existing stable releases. You will, however, be able to upgrade to later nightly releases as well as the upcoming 4.2.0 stable release"
Here: https://github.com/mastodon/mastodon/releases/tag/v4.2.0-rc2
@FinchHaven @MastodonEngineering @ai6yr
Good catch. Especially the "you will not be able to safely downgrade to the existing stable releases" part.
The good news is that it does fix some major CVE's: (CVE-2023-42451, CVE-2023-42452, CVE-2023-42450)
Edit: Actually maybe the CVE's are just bundled in: "Corresponding security releases are available for the 4.1.x branch, the 4.0.x branch and the 3.5.x branch."
Damned if you do and damned if you don't kinda thing lol.
"Especially the "you will not be able to safely downgrade to the existing stable releases" part."
Yeah, that caught me too (not that I'm an admin: I'm not)
Gargron does use these on Mastodon dot Social and dot Online
Wonder if all the users he got signed up there knew they'd be beta testing distros...