I just updated my Mastodon server to the latest version due to a security vulnerability. I got a 500 page and error:0308010C:digital envelope routines::unsupported in the logs from mastodon-web.
I could reproduce by running bin/webpack from the command line. Some searching led me to try Node 16 LTS, but then I get an apparently blank page when I load the site and call to eval() blocked by CSP in the browser console.
The API works normally; this only affects the website.
Md4…? Uh, even MD5 has been considered bad for literally decades