Delete This Post

This action will delete this post on this instance and on all federated instances, and it cannot be undone. Are you certain you want to delete this post?

No
Yes
Block This Actor

This action will block this actor and hide all of their past and future posts. Are you certain you want to block this actor?

No
Yes
Block This Object

This action will block this object. Are you certain you want to block this object?

No
Yes
Delete OAuth Client

Are you sure you want to delete the OAuth client [Client Name]? This action cannot be undone and will revoke all access tokens for this client.

No
Yes
Revoke OAuth Token

Are you sure you want to revoke the OAuth token [Token ID]? This action cannot be undone and will immediately revoke access for this token.

No
Yes
Todd Sundsted
Todd Sundsted posted 10:50am
Release v3.3.9 of Ktistec

Release v3.3.9 of Ktistec continues the security hardening work from recent releases, with further progress on the Mastodon-compatible API.

Of note: all network connections now go through a new Ktistec::Network module. This allows Ktistec to limit the size of HTTP bodies it reads, on both inbound and outbound requests, and ensures it only opens connections to valid remote IP addresses.

Here's the full changelog:

Added

  • New Mastodon-compatible APIs.

Fixed

  • Close DNS rebinding window for outbound HTTP requests.
  • Limit the size of HTTP bodies the server reads.
  • Sanitize RSS feed output to prevent CDATA breakout.
  • Destroy all sessions and access tokens on account termination.

Changed

  • Ensure all GET and POST requests utilize Ktistec::Network.
  • Process local recipients in-process in inbox/outbox activity processors.

As always, it's worth upgrading for the security fixes!

#ktistec #crystallang #activitypub #fediverse