Date: Sat, 17 Feb 2024 07:33:43 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 277107] mastodon 4.2.7 security fix now out Message-ID: <bug-277107-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277107 Bug ID: 277107 Summary: mastodon 4.2.7 security fix now out Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: doctor@doctor.nl2k.ab.ca from https://github.com/mastodon/mastodon/releases/tag/v4.2.7 Warning This release is an important security release fixing a major security issue. Corresponding security releases are available for the 4.1.x branch, the 4.0= .x branch and the 3.5.x branch. Note If you are using nightly builds, do not use this release but update to nightly.2024-02-17-security or newer instead. If you are on the main branch, update to the latest commit. Changelog Fixed Fix OmniAuth tests and edge cases in error handling (ClearlyClaire, ClearlyClaire) Fix new installs by upgrading to the latest release of the nsa gem, ins= tead of a no longer existing commit (mjankowski) Security Fix insufficient checking of remote posts (GHSA-jhrq-qvrm-qr36) Upgrade notes To get the code for v4.2.7, use git fetch && git checkout v4.2.7. Note As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command mig= ht look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump Dependencies With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsea= rch and Redis versions are the same, that is: Ruby: 3.0 to 3.2 PostgreSQL: 10 or newer Elasticsearch (recommended, for full-text search): 7.x (OpenSearch shou= ld also work) LibreTranslate (optional, for translations): 1.3.3 or newer Redis: 4 or newer Node: 16 or newer ImageMagick: 6.9.7-7 or newer Tip If your uploaded images are broken after the upgrade, it means your install= ed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it on this page. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277107-7788>