Recent searches
Search options
Hi #hometown admins! To keep us up to date with this morning's Mastodon security patches I have released Hometown v1.1.1+4.0.6:
https://github.com/hometown-fork/hometown/releases/tag/v4.0.6%2Bhometown-1.1.1
(This is a second release in two days, containing further bugfixes released by the Mastodon team.)
I'll have a backport for people running the older Hometown version 1.0.8+3.5.5 later today when I'm not stuck on my phone at an airport. Thank you @jasmin and @misty for your help!!
Hello again #hometown admins -- there was a bug in Mastodon's security patch that caused issues in the admin panel when viewing remote accounts. They released a fix about 15 minutes ago and I am working to get a Hometown release with that fix very soon.
Okay, here is the #Hometown v1.1.1 (Mastodon 4.0.6) release:
https://github.com/hometown-fork/hometown/releases/tag/v4.0.6%2Bhometown-1.1.1
It should be pretty simple to patch your 4.0.5 installation if you did that yesterday! (I have updated my original post in this thread to point to the new release.)
If you are on a Mastodon v3-compatible version of #Hometown (v3.5.5+hometown-1.0.8 is the only one I support) here is the patched Hometown version, v3.5.10+hometown-1.0.8:
https://github.com/hometown-fork/hometown/releases/tag/v3.5.10%2Bhometown-1.0.8
@darius @jasmin @misty Thank you so much for your fast work! Our diligent host (@CobaltVelvet) is no doubt on it.
@darius Some of those CVEs are absolutely vicious. I thought log4j was bad!
@darius got the update running well on niagara.social. Really quite lost on how to actually find the nginx config file that to add those hardening lines to though (using proxyed external object storage). Any ideas #mastoadmin ?
@kostyn @darius See discussion at https://mastodon.scot/@gunchleoc/110667501611817208 for the file location.
Make a backup of the config file first though, in case you mess up your configuration.
@gunchleoc @darius thanks for this! I'll see to it when I get home again this evening.
@nerd thanks for this! I'm pretty sure I found it last night, but the two lines that it says to add were already in the file? So does that mean I don't need to change anything?
@kostyn I think so, yeah! Congrats 
@nerd omg lol thanks!
@Nikoh Sorry, it is difficult for me to keep up with correspondence sometimes. How can I help?
@darius Nothing special, I have a mastodon istance ad I would want switch to hometown, I wrote to you just to know if you can help me if I need
@Nikoh Oh, I'm sorry but I can't. I try my best to provide documentation but I don't have the time to help individual server operators (I wish I did)
@darius do you want to highlight the API streaming restart in the release notes? It's not the usual, and it might be missed otherwise.
@pronoiac Doesn't "restart all mastodon processes" cover that? I will highlight it specifically though. I changed the wording:
> Restart all Mastodon processes (yes really all processes - specifically the streaming API process needs restarting so if you are trying to be clever to retain uptime... just restart it all)
@pronoiac (please let me know if I'm being bone-headed and missed something)
@darius it does cover it if they're paying attention!
@darius I'd recently read the Mastodon release notes, and they highlighted it, for the ops peeps who might be skimming / not fully paying attention. Which is sorta fair, for daily updates.
@darius installed with no issues, tysm : )
@darius thank you Darius!
@darius Hi Darius, can you point me to an example of a long-form <Article> object on any #hometown instance?
I filed an issue in @neet's masto.js for supporting <Article> so that this can eventually come to #activitypub clients like @elk
