Closed jtracey closed 1 year ago
https://github.com/mastodon/mastodon/security/advisories/GHSA-38g9-pfm9-gfqv https://github.com/mastodon/mastodon/pull/24379
Normally I'd reach out privately, but this is a well-known fork and the upstream advisory has already been public for a while now.
You may also want to branch from the last release and make an emergency patch release.
@dariusk
It looks like this was applied in https://github.com/hometown-fork/hometown/releases/tag/v4.0.4%2Bhometown-1.1.1.
https://github.com/mastodon/mastodon/security/advisories/GHSA-38g9-pfm9-gfqv https://github.com/mastodon/mastodon/pull/24379
Normally I'd reach out privately, but this is a well-known fork and the upstream advisory has already been public for a while now.