On Saturday, 26 November 2022, at approximately 13:00 EST (18:00 UTC) we'll be doing a minor upgrade of types.pl's Glitchsoc fork from v3.5.3 to v3.5.5. This is a relatively small upgrade, mostly for security patches, so in the ideal scenario where everything goes perfectly there shouldn't be any significant downtime. (If things don't go smoothly you'll be able to tell.)
For now, we're holding off of on upgrading to v4 since it introduces a lot of undesirable features, but mostly because we don't currently have the time to properly test and tweak this bigger upgrade, especially during this ongoing influx of users
— ionchy
It is done! We're on v3.5.5+types now. This exploit has now been patched: https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
- Tue, 8 Nov, 18:38 - Reported HTML filter bypass to Mastodon
- Tue, 8 Nov, 19:47 - Report acknowledged
- Thu, 10 Nov, 07:37 - Glitch patched
- Mon, 14 Nov, 19:48 - Mastodon patched
- Tue, 15 Nov, 08:00 - Confirmed infosec.exchange had applied the patch
- Tue, 15 Nov, 14:00 - Blog published
Just imagine getting that sort of response time from a commercial service.
@systemf Can I ask what the features are that types.pl isn't interesting in taking? (The linked GitHub post doesn't specify)
@aaroneline back when v4 was released I heard a lot of grumbling about various frontend changes to the UI, so we'll have to look through those more carefully and see if there's anything we can tweak to avoid forcing them onto people (one that comes to mind is toots always opening in the web interface when you're logged in instead of being separate pages I believe?)
post editing was also introduced in v4, and we'll have to discuss this first
but above all it's just a very big upgrade with a lot of features that takes time to deal with
— ionchy
@systemf Thanks for the info!
@systemf @aaroneline (fwiw i think recent versions of mastodon 3 display post edits, you just can't edit them yourself)
If for some reason you're interested in seeing what's being upgraded: https://github.com/ralsei/types.pl/issues/7
— ionchy