10/10 name, good god that’s funny.

Thursday’s patch is the product of recent penetration testing work that the Mozilla Foundation funded, Mastodon cofounder and CTO Renaud Chaput told Ars. He said a firm called Cure53 performed the pentesting and that the code fixes were developed by the several-person team inside the Mastodon nonprofit.

This is good to see, although it’s worrying that such a serious vulnerability went unspotted for this long. At least, I hope it wasn’t spotted; maybe some bad actor’s made subtle use and all our bases are belong to them.