• Deebster
    link
    fedilink
    English
    191 year ago

    Thursday’s patch is the product of recent penetration testing work that the Mozilla Foundation funded, Mastodon cofounder and CTO Renaud Chaput told Ars. He said a firm called Cure53 performed the pentesting and that the code fixes were developed by the several-person team inside the Mastodon nonprofit.

    This is good to see, although it’s worrying that such a serious vulnerability went unspotted for this long. At least, I hope it wasn’t spotted; maybe some bad actor’s made subtle use and all our bases are belong to them.