Site icon David Yin's Blog

Critical security Update of my Mastodon instance to v4.2.5

It is just a week since I upgraded my Mastodon from 4.2.3 to v4.2.4. Today, I saw this critical update notice when I checked the Maston instance this morning.

So, I went to the official release v4.2.5 notes to see what exactly happened on it.

⚠️ This release is an important security release fixing a critical security issue (CVE-2024-23832).

Corresponding security releases are available for the 4.1.x branch, the 4.0.x branch and the 3.5.x branch.

If you are using nightly builds, do not use this release but update to nightly.2024-02-02-security or newer instead. If you are on the main branch, update to the latest commit.

Yes, it is very important. I should upgrade it immediately.
SSH to the server. Run the following command:

sudo su -mastodon
cd live
git fetch --tags
git checkout v4.2.5
bundle install
yarn install --frozen-lockfile
exit
sudo systemctl restart mastodon-sidekiq
sudo systemctl reload mastodon-web
sudo systemctl restart mastodon-streaming

Now, it is OK.

Exit mobile version