In all, Mastodon’s Thursday patch batch fixed five vulnerabilities. One of the bugs, tracked as CVE-2023-36459, also carried a critical severity rating. Mastodon’s bare-bones writeup described the flaw as an “XSS through oEmbed preview cards.”

Patched today on moth.social. Safe and sound. 🔒