Post AXL9v1VP7UiswuR0XQ by Wander@packmates.org
 (DIR) More posts by Wander@packmates.org
 (DIR) Post #AXKhE4FuDpy0JFuk64 by GossiTheDog@cyberplace.social
       2023-07-03T22:52:47Z
       
       0 likes, 1 repeats
       
       #Mastoadmin, there’s a pretty serious security vulnerability due to be announced this week. Make sure you apply patches when released on Thursday.  If you’ve never patched, get the process down beforehand.
       
 (DIR) Post #AXKhE4xraP82VaTqc4 by tuxicoman@social.jesuislibre.net
       2023-07-03T23:40:14Z
       
       0 likes, 0 repeats
       
       @GossiTheDog If the vulnerability is about a RCE on thursday, let shutdown the instance and do the upgrade before someones starts automate nasty things. Not every admin is working full time on his mastodon server, we also have other occupation & sleep.
       
 (DIR) Post #AXKhE63DXz0PsTzdb6 by GossiTheDog@cyberplace.social
       2023-07-03T23:07:41Z
       
       0 likes, 0 repeats
       
       Mastodon has a few structural weakness when it comes to security vulnerabilities:- if you can get RCE, you can suspend every federated instance. That forces remote unfollow of all users. Restoring your server from backup doesn’t fix that. - there’s no auto update feature and/or one click upgrade for admins - admins have bolted on patches galore - eg search patches, UI changes etc - which makes upgrading more complex
       
 (DIR) Post #AXL9v1VP7UiswuR0XQ by Wander@packmates.org
       2023-07-03T23:43:36Z
       
       0 likes, 0 repeats
       
       @GossiTheDog apologies, but what is RCE?
       
 (DIR) Post #AXL9v2TfVQvdxod8TI by sowth@linuxrocks.online
       2023-07-04T05:02:10Z
       
       0 likes, 0 repeats
       
       @Wander Remote Code Execution