[Bug 277107] mastodon 4.2.7 security fix now out
Date: Sat, 17 Feb 2024 07:33:43 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277107 Bug ID: 277107 Summary: mastodon 4.2.7 security fix now out Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: doctor@doctor.nl2k.ab.ca from https://github.com/mastodon/mastodon/releases/tag/v4.2.7 Warning This release is an important security release fixing a major security issue. Corresponding security releases are available for the 4.1.x branch, the 4.0.x branch and the 3.5.x branch. Note If you are using nightly builds, do not use this release but update to nightly.2024-02-17-security or newer instead. If you are on the main branch, update to the latest commit. Changelog Fixed Fix OmniAuth tests and edge cases in error handling (ClearlyClaire, ClearlyClaire) Fix new installs by upgrading to the latest release of the nsa gem, instead of a no longer existing commit (mjankowski) Security Fix insufficient checking of remote posts (GHSA-jhrq-qvrm-qr36) Upgrade notes To get the code for v4.2.7, use git fetch && git checkout v4.2.7. Note As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command might look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump Dependencies With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsearch and Redis versions are the same, that is: Ruby: 3.0 to 3.2 PostgreSQL: 10 or newer Elasticsearch (recommended, for full-text search): 7.x (OpenSearch should also work) LibreTranslate (optional, for translations): 1.3.3 or newer Redis: 4 or newer Node: 16 or newer ImageMagick: 6.9.7-7 or newer Tip If your uploaded images are broken after the upgrade, it means your installed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it on this page. -- You are receiving this mail because: You are the assignee for the bug.