Kevin Beaumont on Nostr: Mastodon has a few structural weakness when it comes to security vulnerabilities: - ...
Mastodon has a few structural weakness when it comes to security vulnerabilities:
- if you can get RCE, you can suspend every federated instance. That forces remote unfollow of all users. Restoring your server from backup doesn’t fix that.
- there’s no auto update feature and/or one click upgrade for admins
- admins have bolted on patches galore - eg search patches, UI changes etc - which makes upgrading more complex
- if you can get RCE, you can suspend every federated instance. That forces remote unfollow of all users. Restoring your server from backup doesn’t fix that.
- there’s no auto update feature and/or one click upgrade for admins
- admins have bolted on patches galore - eg search patches, UI changes etc - which makes upgrading more complex