erincandescent on Nostr: The latest Mastodon security vuln (GHSA-jhrq-qvrm-qr36) appears to be an exploit that ...
The latest Mastodon security vuln (GHSA-jhrq-qvrm-qr36) appears to be an exploit that can be used against instances that host their media on the same domain as the Mastodon instance itself
Reminder: It is best practice to put user uploaded media on a different hostname - ideally, a separate domain name entirely, but if not possible a subdomain will suffice.
(Note: Even if you do this, you still need to upgrade; the exploit is against remote instances0
Reminder: It is best practice to put user uploaded media on a different hostname - ideally, a separate domain name entirely, but if not possible a subdomain will suffice.
(Note: Even if you do this, you still need to upgrade; the exploit is against remote instances0