An critical security vulnerability has been found on the unreleased master version of Mastodon. If your instance is running code from the tag
v2.3.3 or older, it is not affected. If you are running a newer version that includes commit ca42f9b, it’s urgent that you upgrade and change your passwords stored in
See https://github.com/tootsuite/mastodon/releases/tag/v2.4.0rc3 for more details.