Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking
Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking
arstechnica.com Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking
Most critical of the bugs allowed attackers to root federated instances.
It looks like SDF's Mastodon instance (v4.0.2) is vulnerable, and requires patching to either 4.1.3 or 4.0.5. I don't want to back-seat admin, but I know the SDF crew have a lot on their plate. Are they aware of this vulnerability?
EDIT: The instance has now been updated to v4.0.5!
2
comments
Looks like both mastodon.sdf.org and social.sdf.org are now on patched versions.
I'd just like to say that that name is amazing.