It is just a week since I upgraded my Mastodon from 4.2.3 to v4.2.4. Today, I saw this critical update notice when I checked the Maston instance this morning.
So, I went to the official release v4.2.5 notes to see what exactly happened on it.
⚠️ This release is an important security release fixing a critical security issue (CVE-2024-23832).
Corresponding security releases are available for the 4.1.x branch, the 4.0.x branch and the 3.5.x branch.
If you are using nightly builds, do not use this release but update to nightly.2024-02-02-security or newer instead. If you are on the main branch, update to the latest commit.
Yes, it is very important. I should upgrade it immediately.
SSH to the server. Run the following command:
sudo su -mastodon cd live git fetch --tags git checkout v4.2.5 bundle install yarn install --frozen-lockfile exit sudo systemctl restart mastodon-sidekiq sudo systemctl reload mastodon-web sudo systemctl restart mastodon-streaming
Now, it is OK.