Apparently proof-of-concept code has been published for CVE-2024-23832 (CVSS 9.8), but unless I missed something Purism hasn’t yet said anything about Librem Social being immune to this vulnerability or published an ETA for upgrading or patching the software.