Skip to content

Releases: fedify-dev/hollo

Hollo 0.6.10

25 Aug 15:24
@github-actions github-actions
0.6.10
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
5b1b343
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Hollo 0.6.10 Latest
Latest

Released on August 26, 2025.

  • Upgraded Fedifyh to 1.5.7 which fixes a bug where HTTP Signature verification failed for requests having created or expires fields in their Signature header, causing 500 Internal Server Error responses in inbox handlers.
Assets 2
Loading

Hollo 0.6.9

25 Aug 08:12
@github-actions github-actions
0.6.9
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
6d98103
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Hollo 0.6.9

Released on August 25, 2025.

  • Fixed a bug where ActivityPub Discovery failed to recognize XHTML self-closing <link> tags. The HTML/XHTML parser now correctly handles whitespace before the self-closing slash (/>), improving compatibility with XHTML documents that follow the self-closing tag format.

  • Upgraded Fedify to 1.5.6.

Loading

Hollo 0.6.8

21 Aug 03:00
@github-actions github-actions
0.6.8
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
047f856
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Hollo 0.6.8

Released on August 21, 2025.

  • Fixed a critical bug introduced in 0.6.7 where the search query would return too many results, causing out-of-memory errors and query timeouts. The issue was caused by incorrect logical operator precedence when filtering future-dated posts. [#207, #208 by aliceif]
Loading

Hollo 0.6.7

19 Aug 07:12
@github-actions github-actions
0.6.7
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
72d3a19
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Hollo 0.6.7

Released on August 19, 2025.

  • Fixed timeline pollution caused by future-dated posts from malicious or misconfigured remote instances. Posts with timestamps more than 5 minutes in the future are now filtered from all timeline endpoints while preserving them in the database for future display. [#199, #201 by Hyeonseo Kim]
Loading

Hollo 0.6.6

07 Aug 21:42
@github-actions github-actions
0.6.6
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
3beb236
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Hollo 0.6.6

Released on August 8, 2025.

  • Upgrade Fedify to 1.5.5, which includes a critical security fix CVE-2025-54888 that addresses an authentication bypass vulnerability allowing actor impersonation. [CVE-2025-54888]
Loading

Hollo 0.5.7

07 Aug 21:40
@github-actions github-actions
0.5.7
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
c571803
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Hollo 0.5.7

Released on August 8, 2025.

  • Upgrade Fedify to 1.4.13, which includes a critical security fix CVE-2025-54888 that addresses an authentication bypass vulnerability allowing actor impersonation. [CVE-2025-54888]
Loading

Hollo 0.4.12

07 Aug 21:37
@github-actions github-actions
0.4.12
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
0128b1b
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Hollo 0.4.12

Released on August 8, 2025.

  • Upgrade Fedify to 1.3.20, which includes a critical security fix CVE-2025-54888 that addresses an authentication bypass vulnerability allowing actor impersonation. [CVE-2025-54888]
Loading

Hollo 0.6.5

17 Jul 02:17
@github-actions github-actions
0.6.5
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
bf77736
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Hollo 0.6.5

Released on Juily 17, 2025.

  • Fixed an HTML injection vulnerability where form elements, scripts, and other potentially dangerous HTML tags in federated posts were not properly sanitized before rendering. This could allow malicious actors to inject forms for phishing, execute JavaScript, or perform CSRF attacks. The fix implements strict HTML sanitization using an allowlist approach to ensure only safe HTML elements and attributes are rendered. [CVE-2025-53941]
Loading

Hollo 0.6.4

07 Jul 05:51
@github-actions github-actions
0.6.4
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
855c815
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Hollo 0.6.4

Released on July 7, 2025.

  • Fixed a regression bug where follower-only posts were returning 404 Not Found errors when accessed through conversation threads. This was caused by improper OAuth scope checking that only accepted read:statuses scope but tokens contain read scope: [#169, #172]

    • GET /api/v1/statuses/:id
    • GET /api/v1/statuses/:id/context
Loading

Hollo 0.6.3

23 Jun 12:59
@github-actions github-actions
0.6.3
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
7ce79f1
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Hollo 0.6.3

Released on June 23, 2025.

  • Fixed a bug where remote posts mentioning the same user multiple times could not be retrieved due to database constraint violations.
Loading