data.coop/ansible
8
3
Fork 7
Code Issues 49 Pull requests 9 Projects 1 Releases Wiki Activity

New and shiny Mastodon 4.1.x #154

New issue
Closed
opened 2023-02-16 09:32:25 +00:00 by benjaoming · 5 comments
benjaoming commented 2023-02-16 09:32:25 +00:00
Owner
Copy link

Release notes:

https://github.com/mastodon/mastodon/releases/tag/v4.1.0

Release notes look relevant. However, I haven't studied if there is some huge new bug in this release that we should be aware of.

Release notes: https://github.com/mastodon/mastodon/releases/tag/v4.1.0 Release notes look relevant. However, I haven't studied if there is some huge new bug in this release that we should be aware of.
👍 1
samsapti added the
Existing Service
 label 2023-02-16 16:28:08 +00:00
valberg commented 2023-04-09 08:01:00 +00:00
Owner
Copy link

I've just got a update notification from https://social.data.coop/@update_notifications@mastodon.social with the following content:

Dear @valberg,
your server is running Mastodon 4.0.2, which is susceptible to an LDAP injection vulnerability that allows an attacker to read arbitrary attributes from the configured LDAP database.
Updating to a patched version is recommended if you are using LDAP for authentication.

Security advisory: https://github.com/mastodon/mastodon/security/advisories/GHSA-38g9-pfm9-gfqv

The latest version is 4.1.2 but the fix has also been backported to the 4.0.x branch.
Changelog: https://github.com/mastodon/mastodon/releases/tag/v4.0.4

Have a nice day! :)

So yeah, we should probably update soon.

I've just got a update notification from https://social.data.coop/@update_notifications@mastodon.social with the following content: > Dear @valberg, > your server is running Mastodon 4.0.2, which is susceptible to an LDAP injection vulnerability that allows an attacker to read arbitrary attributes from the configured LDAP database. > Updating to a patched version is recommended if you are using LDAP for authentication. > > Security advisory: https://github.com/mastodon/mastodon/security/advisories/GHSA-38g9-pfm9-gfqv > > The latest version is 4.1.2 but the fix has also been backported to the 4.0.x branch. > Changelog: https://github.com/mastodon/mastodon/releases/tag/v4.0.4 > > Have a nice day! :) So yeah, we should probably update soon.
samsapti commented 2023-04-09 16:59:17 +00:00
Owner
Copy link

Oh yeah, indeed we should! Good thing we don't have LDAP enabled on Mastodon :D

Oh yeah, indeed we should! Good thing we don't have LDAP enabled on Mastodon :D
samsapti added the
Security Hardening
 label 2023-04-09 16:59:32 +00:00
samsapti commented 2023-07-06 16:12:04 +00:00
Owner
Copy link

CVE-2023-36460!

CVE-2023-36460!
samsapti added
Security Issue
 and removed
Security Hardening
 labels 2023-07-06 16:16:52 +00:00
valberg was assigned by samsapti 2023-07-06 16:22:58 +00:00
valberg was unassigned by samsapti 2023-07-06 23:54:58 +00:00
samsapti removed the
Security Issue
 label 2023-07-06 23:55:09 +00:00
samsapti commented 2023-07-06 23:55:28 +00:00
Owner
Copy link

CVE fixed.

CVE fixed.
samsapti changed title from New and shiny Mastodon 4.1.0 to New and shiny Mastodon 4.1.x 2023-07-06 23:57:52 +00:00
samsapti commented 2023-07-07 00:08:27 +00:00
Owner
Copy link

@valberg wanna take this one?

@valberg wanna take this one?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
reynir-patch-1
proxmox
diun
use_sudo
woodpeckerci
linting
mailman
listmonk
sshd-password
No results found.
Labels
Clear labels   
Blocked

Something is blocking progress

  
Existing Service

Issues/improvements regarding existing services

  
Infrastructure Issue

Infrastructure issue that needs investigation or time to fix

  
Refactor

Refactoring of files / file structure or other improvements

  
Security Hardening

Non-verified / non-critical security improvements

  
Security Issue

Urgent security issue that needs to be fixed ASAP

  
Service Idea

Ideas for new services

  
Service Removal

Removal of services for one reason or another

  
Upgrade service
No labels
Blocked
Existing Service
Infrastructure Issue
Refactor
Security Hardening
Security Issue
Service Idea
Service Removal
Upgrade service
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: data.coop/ansible#154
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?