We just released Mastodon 4.3.6, 4.2.19 and 4.1.24. They contain important security fixes.
We recommend server administrators to update as soon as possible if they use SAML, or are on the development version.
If you are using our nightly releases, a container image with the fix has been published with the nightly.2025-03-14-security tag.
Full release notes and update instructions are available on our GitHub release page:
If you are running Mastodon 4.1 and use SAML, we encourage you to update to a newer Mastodon version as soon as possible. We also want to remind you that Mastodon 4.1 will no longer receive patches (including for security issues) after 2025-04-08 and we strongly encourage you to update to a newer Mastodon version.
If you have a fediverse account, you can quote this note from your own instance. Search https://mastodon.social/users/MastodonEngineering/statuses/114155827168153734 on your instance and quote it. (Note that quoting is not supported in Mastodon.)
