An critical security vulnerability has been found on the unreleased master version of Mastodon. If your instance is running code from the tag v2.3.3 or older, it is not affected. If you are running a newer version that includes commit ca42f9b, it’s urgent that you upgrade and change your passwords stored in .env.production immediately!

See https://github.com/tootsuite/mastodon/releases/tag/v2.4.0rc3 for more details.