CVE-2025-27399 Mastodon's domain blocks & rationales ignore user approval when visibility set as "users"

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...