• AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    1
    ·
    10 months ago

    This is the best summary I could come up with:


    Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers.

    Mastodon is a decentralized social network, meaning it runs on separate servers, independently owned and operated by their respective administrators.

    For this reason, each instance of Mastodon requires an economy-of-scale to support its operations, including people to manage infrastructure and security engineering.

    The good news for Mastodon users is that more than half of all active servers have already upgraded to the latest version in the space of a day, according to data from fediverse network stat collector FediDB.

    Not only was Rochko’s advisory shared across different instances rapidly, but as screenshots of admin panels show, the platform itself also plastered clear warnings, making it fairly difficult to escape the urgent need to update.

    “This introduces a vector for Cross-site-scripting (XSS) payloads that can be rendered in the user’s browser when a preview card for a malicious link is clicked through,” the advisory reads.


    The original article contains 660 words, the summary contains 167 words. Saved 75%. I’m a bot and I’m open source!