Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking
Open link in next tab
Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking
https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/
Most critical of the bugs allowed attackers to root federated instances.
It looks like SDF's Mastodon instance (v4.0.2) is vulnerable, and requires patching to either 4.1.3 or 4.0.5. I don't want to back-seat admin, but I know the SDF crew have a lot on their plate. Are they aware of this vulnerability?
EDIT: The instance has now been updated to v4.0.5!