Is it possible to fix the GHSA-3fjr-858r-92rw vulnerability with the patch in stable-3.4? #29251
-
Hello, I am a developer from one of the mastodon instances, and saw that there is this commit into the stable-3.4 branch, but I also saw that there is no release associated with the patch: -Would it be possible for us to use the stable-3.4 branch and still fix this vulnerability? Since we are using modified version of mastodon it is easier for us to merge with stable-3.4 latest commit. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
This commit has been added to the The only supported versions are 4.1 and 4.2. We recently published security fixes for the end-of-life 3.5 and 4.0 branches, but do not expect us to continue doing this for further versions. I strongly suggest you to work on upgrading your fork to be based on a recent Mastodon version, or to port any security patch we publish yourself. |
Beta Was this translation helpful? Give feedback.
This commit has been added to the
3.4-stable
branch to help backport it into a fork. But this branch is no longer maintained and we will not update it anymore.The only supported versions are 4.1 and 4.2. We recently published security fixes for the end-of-life 3.5 and 4.0 branches, but do not expect us to continue doing this for further versions.
I strongly suggest you to work on upgrading your fork to be based on a recent Mastodon version, or to port any security patch we publish yourself.