Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://ijug.social/users/TobiasFrech/statuses/111941252172598592">Tobias Frech (tobiasfrech@ijug.social)'s status on Saturday, 17-Feb-2024 14:38:02 JST</a><a href="https://ijug.social/@TobiasFrech" title="tobiasfrech@ijug.social"><img src="https://gnusocial.jp/avatar/243230-48-20240217053802.webp" width="48" height="48" alt="Tobias Frech" style="position: absolute; left: 0; top: 0;">Tobias Frech</a><div><a href="https://were.social/objects/cfe6a3fd-17d5-439f-b81a-7d750baca280" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://were.social/users/arcanicanis">@arcanicanis</a> Previously I was under the impression 4.2.6 fixed this already. Now 4.2.7 has been released just 1-2 hours ago with a fix for this.<br><a href="https://github.com/mastodon/mastodon/releases/tag/v4.2.7" rel="nofollow noreferrer">https://github.com/mastodon/mastodon/releases/tag/v4.2.7</a><br>It seems to be fixed now. CVE-2024-23832 mentions up to 4.2.5 being vulnerable, not 4.2.6. Can you confirm this, please?</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2720016#notice-5409899">In conversation</a><time datetime="2024-02-17T14:38:02+09:00" title="Saturday, 17-Feb-2024 14:38:02 JST">about 9 months ago</time> <span>from <span><a href="https://ijug.social/@TobiasFrech/111941252172598592" rel="external" title="Sent from ijug.social via ActivityPub">ijug.social</a></span></span><a href="https://ijug.social/@TobiasFrech/111941252172598592">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/mastodon/mastodon/releases/tag/v4.2.7">Release v4.2.7 · mastodon/mastodon</a></h5><div></div></header><div>WarningThis release is an important security release fixing a major security issue.
Corresponding security releases are available for the 4.1.x branch, the 4.0.x branch and the 3.5.x branch.NoteI...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Tobias Frech (tobiasfrech@ijug.social)'s status on Saturday, 17-Feb-2024 14:38:02 JSTTobias Frech
in reply to
- arcanicanis
@arcanicanis Previously I was under the impression 4.2.6 fixed this already. Now 4.2.7 has been released just 1-2 hours ago with a fix for this.
https://github.com/mastodon/mastodon/releases/tag/v4.2.7
It seems to be fixed now. CVE-2024-23832 mentions up to 4.2.5 being vulnerable, not 4.2.6. Can you confirm this, please?
In conversationabout 9 months ago from ijug.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  Release v4.2.7 · mastodon/mastodon
  WarningThis release is an important security release fixing a major security issue. Corresponding security releases are available for the 4.1.x branch, the 4.0.x branch and the 3.5.x branch. NoteI...

Public

Embed Notice

HTML Code

Corresponding Notice