@botkit@hollo.social
🔒 Security Update for BotKit Users
We've released #security patch versions BotKit 0.1.2 and 0.2.2 to address CVE-2025-54888, a security #vulnerability discovered in #Fedify. These updates incorporate the latest patched version of Fedify to ensure your bots remain secure.
We strongly recommend all #BotKit users update to the latest patch version immediately. Thank you for keeping the #fediverse safe! 🛡️
github.com
Improper Authentication and Incorrect Authorization in @fedify/fedify
### Summary An authentication bypass vulnerability allows any unauthenticated attacker to impersonate any ActivityPub actor by sending forged activities signed with their own keys. Activities are...