Mastodon Engineering1d ago

We just released Mastodon 4.5.10, 4.4.17, and 4.3.23.

These versions contain several medium and high severity security fixes.

Also, please note that this marks the final Mastodon v4.3 update, this branch is now unsupported. If you are still using it, please move to a newer version as soon as possible.

Full release notes and update instructions are available on the GitHub releases page.

https://github.com/mastodon/mastodon/releases

#MastoAdmin

Show threadTanguy Fardet1d ago
@MastodonEngineering is there a plan to onboard admins so they can know in advance when such releases will occur?
I know some admins who where not aware they needed to keep their eyes open today 😕
Show threadRenaud Chaput
@tfardet We do announce releases in advance when they contain critical security fixes, not when the fixes of a lower severity.
May 20 at 2:18pmWeb
Show threadTanguy Fardet1d ago
@renchap ok, from the way other projects talked about a "major security release", I imagined the vulnerability was more severe than that.
Is it a difference linked to implementation details or a difference in appreciation?
Show threadRenaud Chaput1d ago
@tfardet Mastodon is less impacted than other projects. We spent a lot of time coordinating this release after researching it and discovering that other projects were much more impacted than us by it (or a similar one that we fixed years ago)
Show threadTanguy Fardet1d ago
@renchap ok, that's reassuring, I was a bit worried by the absence on announcement despite other projects advertising that the issue was also affecting mastodon 😅