• Deebster@lemmy.ml
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    Thursday’s patch is the product of recent penetration testing work that the Mozilla Foundation funded, Mastodon cofounder and CTO Renaud Chaput told Ars. He said a firm called Cure53 performed the pentesting and that the code fixes were developed by the several-person team inside the Mastodon nonprofit.

    This is good to see, although it’s worrying that such a serious vulnerability went unspotted for this long. At least, I hope it wasn’t spotted; maybe some bad actor’s made subtle use and all our bases are belong to them.