this post was submitted on 02 Feb 2024
240 points (99.6% liked)
Technology
59589 readers
3376 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is the best summary I could come up with:
Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers.
Mastodon is a decentralized social network, meaning it runs on separate servers, independently owned and operated by their respective administrators.
For this reason, each instance of Mastodon requires an economy-of-scale to support its operations, including people to manage infrastructure and security engineering.
The good news for Mastodon users is that more than half of all active servers have already upgraded to the latest version in the space of a day, according to data from fediverse network stat collector FediDB.
Not only was Rochko's advisory shared across different instances rapidly, but as screenshots of admin panels show, the platform itself also plastered clear warnings, making it fairly difficult to escape the urgent need to update.
"This introduces a vector for Cross-site-scripting (XSS) payloads that can be rendered in the user's browser when a preview card for a malicious link is clicked through," the advisory reads.
The original article contains 660 words, the summary contains 167 words. Saved 75%. I'm a bot and I'm open source!