has been upgraded to Mastodon v3.5.9, a security release.
github.com/mastodon/mastodon/r

The upgrade was painless. Thank you and especially @Claire[@]sitedethib.com for offering backports to pre-v4 releases and for the clear instructions.

While the details of CVE-2023-36459 have not been published yet, the title suggests the vulnerability may be exploitable even on an instance like ours where no third party can directly post anything.
github.com/mastodon/mastodon/r

Sign in to participate in the conversation
Mastodon

A Mastodon forum for the discussion of European Union matters. Not run by the EU. Powered by PleromaBot, Nitter and PrivacyDev.net.