To be posted as one of our instance’s announcements:
"For users of protected/private accounts: please be aware that a Pixelfed vulnerability currently affects the Fediverse, its impact being that all users in an affected Pixelfed instance with at least one legitimate mutual might gain access to your private posts. We are exploring options to limit impact, including defederating with instances which don’t upgrade within some timeframe. In the meantime, we have identified three Pixelfed instances that we federate with that are still affected by the vulnerability and reached out to the instance admins and the specific social.coop users which could be affected by their vulnerability. For more information, please refer to the original vulnerability announcement at https://fokus.cool/2025/03/25/pixelfed-vulnerability.html or reach out."