Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, including a critical one that allows hackers to create arbitrary files on instance-hosting servers using specially crafted media files.
IMHO Mastodon needs to have some kind of automatic update scheme to roll out bugfixes to these kinds of problems quickly … if there are enough instances out there vulnerable to this or any subsequent issues like it, we could end up with a situation where someone starts coopting Mastodon servers as part of botnets and costing their owners a ton of money in bandwidth bills, getting them IP-banned in various places, etc. The only way to fix this is fast automatic updating.
IMHO Mastodon needs to have some kind of automatic update scheme to roll out bugfixes to these kinds of problems quickly … if there are enough instances out there vulnerable to this or any subsequent issues like it, we could end up with a situation where someone starts coopting Mastodon servers as part of botnets and costing their owners a ton of money in bandwidth bills, getting them IP-banned in various places, etc. The only way to fix this is fast automatic updating.