Glitch on Nostr: for anyone wondering, the mastodon security advisories got posted. ...
for anyone wondering, the mastodon security advisories got posted.
https://github.com/mastodon/mastodon/security
in summary:
OEmbed preview parsing could lead to XSS.
A bug that allowed users to upload files anywhere the Mastodon app could write to was squashed.
It was possible to read-timeout the HTTP workers by constantly delaying requests.
Something about how it’s possible to craft a misleading verified URL using formatting. (I don’t quite think this is a security issue, more a user issue but fine, whatever).
https://github.com/mastodon/mastodon/security
in summary:
OEmbed preview parsing could lead to XSS.
A bug that allowed users to upload files anywhere the Mastodon app could write to was squashed.
It was possible to read-timeout the HTTP workers by constantly delaying requests.
Something about how it’s possible to craft a misleading verified URL using formatting. (I don’t quite think this is a security issue, more a user issue but fine, whatever).