Conversation

Notices

1. Embed this notice
   Renaud Chaput (renchap@oisaur.com)'s status on Friday, 02-Feb-2024 02:18:09 JST Renaud Chaput

   • Kevin Beaumont

   @GossiTheDog this is my favorite 4.2 feature. First time we are using it, but the feedback is very positive so far.
   An email notification should also have been sent to any admin btw.

   • Embed this notice
     Stanislav Ochotnický (drizzy@cyberplace.social)'s status on Friday, 02-Feb-2024 21:41:29 JST Stanislav Ochotnický

     • Daniel Supernault
     • Kevin Beaumont

     @GossiTheDog @dansup knowing that a broken update will only impact your little part of the fediverse probably helps too. The bigger the instance the higher risk of updating etc. It's still nice seeing the speed of updates on average

   • Embed this notice
     feld (feld@bikeshed.party)'s status on Friday, 02-Feb-2024 22:40:58 JST feld

     • Kevin Beaumont
     @GossiTheDog
     
     > TBA. This advisory will be edited with more details on 2024/02/15, when admins have been given some time to update, as we think any amount of detail would make it very easy to come up with an exploit.
     
     what is this bullshit? We can just dig through the commits.
     
     I'm guessing this change is related because it seems like "redirect confirmation" not being done correctly would allow you to takeover an account and the "I'll add tests later" seems like they're hiding something.
     
     https://github.com/mastodon/mastodon/pull/28902
   • Embed this notice
     feld (feld@bikeshed.party)'s status on Saturday, 03-Feb-2024 03:45:27 JST feld

     • Kevin Beaumont
     @GossiTheDog do more than what?