Hi everyone!
We've just pushed a very important security bugfix release for #GoToSocial v0.17.3 and below:
github.com/superseriousbusines…
If you are running on GoToSocial v0.17.3 or below, you should update to v0.17.4 as soon as possible. It's a very small update from v0.17.3 -> v0.17.4 as it contains only some code logic changes, and no database migrations.
In short, when a dereferencing bug is triggered under a specific set of circumstances it can cause loss of account data on affected instances. It's a rare thing to be triggered, but when it does happen it really, really stinks, and necessitates restoring from backup or manually editing the database to get things working again. (It's not possible to access or tamper with data by triggering the bug, only destroy it.)
We'll release a proper CVE for this in a couple of days when admins and packagers have had a chance to update.
Please note that folks who are already on v0.18.0-rc1 or latest snapshots are unaffected and do not need to do anything, as the bug occurs specifically in v0.17.3 and below. This means if you prefer to update straight from v0.17.3 to v0.18.0-rc1 then that's also an option; you can follow the release notes for v0.18.0-rc1 in this case.
So! If you know folks on GtS v0.17.3 or below, please let them know that they should take action! Link them to this post if you want! And please boost for visibility :)
Thank you everyone! ❤ Computers!
Release v0.17.4 The Most Selective Sloth You've Ever Seen · superseriousbusiness/gotosocial
Here's version 0.17.4 of GoToSocial. This is a very important security bugfix release that addresses a dereferencing bug which, when triggered under a specific set of circumstances, can cause loss ...GitHub
reshared this