It looks like SDF’s Mastodon instance (v4.0.2) is vulnerable, and requires patching to either 4.1.3 or 4.0.5. I don’t want to back-seat admin, but I know the SDF crew have a lot on their plate. Are they aware of this vulnerability?

EDIT: The instance has now been updated to v4.0.5!