-
Iceshrimp v2023.12.3
StableAll checks were successful/ test-build (push) Successful in 1m2szotan released this
2024-02-04 20:41:06 +01:00 | 54 commits to dev since this releaseThis is a stable release containing a critical security fix.
Upgrading is strongly recommended, as is adding an instance-wide announcement informing your users that if they previously imported posts from Mastodon, they should check their imported post history for DMs and follower-only posts that should not be public.
The Mastodon post import feature (that has been untouched since Iceshrimp was forked from Firefish last year) did not correctly validate/set post visibility on imported posts. Due to the nature of the vulnerability, it's impossible to reconstruct which posts have been imported, and therefore we cannot restrict access to them in an update.
Check out the full changelog for more information on this release.
Downloads