System F: "It is done! We're on v3.5.5+types now. This explo…" - types.pl

Nov 25, 2022, 17:35

System F @systemf@types.pl

On Saturday, 26 November 2022, at approximately 13:00 EST (18:00 UTC) we'll be doing a minor upgrade of types.pl's Glitchsoc fork from v3.5.3 to v3.5.5. This is a relatively small upgrade, mostly for security patches, so in the ideal scenario where everything goes perfectly there shouldn't be any significant downtime. (If things don't go smoothly you'll be able to tell.)

For now, we're holding off of on upgrading to v4 since it introduces a lot of undesirable features, but mostly because we don't currently have the time to properly test and tweak this bigger upgrade, especially during this ongoing influx of users

— ionchy

Nov 25, 2022, 17:35

System F @systemf@types.pl

If for some reason you're interested in seeing what's being upgraded: https://github.com/ralsei/types.pl/issues/7
— ionchy

System F @systemf@types.pl

It is done! We're on v3.5.5+types now. This exploit has now been patched: https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

Nov 26, 2022, 18:09 · · · ·

Nov 26, 2022, 18:52

trystimuli @trystimuli@types.pl

Tue, 8 Nov, 18:38 - Reported HTML filter bypass to Mastodon
Tue, 8 Nov, 19:47 - Report acknowledged
Thu, 10 Nov, 07:37 - Glitch patched
Mon, 14 Nov, 19:48 - Mastodon patched
Tue, 15 Nov, 08:00 - Confirmed infosec.exchange had applied the patch
Tue, 15 Nov, 14:00 - Blog published

Just imagine getting that sort of response time from a commercial service.

Sign in to participate in the conversation