We just released Mastodon 4.5.10, 4.4.17, and 4.3.23.
These versions contain several medium and high severity security fixes.
Also, please note that this marks the final Mastodon v4.3 update, this branch is now unsupported. If you are still using it, please move to a newer version as soon as possible.
Full release notes and update instructions are available on the GitHub releases page.
@MastodonEngineering heya, the linked security advisories 404.
This has happened a few times recently, may I suggest adding that to your release checklist ?
@niklaskorz it usually isnt no
The advisories are intended to give enough context so you can appropriately chose when to update and such.
Mostly because from fixes reverse engineering the vulnerability is usually very simple
This is destinct from e.g. proof of concept code, which often is not published right away.
@MastodonEngineering @4censord oh wow, they're not supposed to 404???
I assumed that was desired (but also super frustrating to me, because I want to find out what they're about).
This has been the case for like.. every release, forever.
Well, if not, look forward to your checklists being updated so this step is no longer missed.
Mastodon Engineering
4censord 
Niklas Korz
Colin