@botkit@hollo.social
π Security Release: BotKit 0.3.1
We've released BotKit 0.3.1 with an important security fix.
This update addresses CVE-2025-68475 (High severity, CVSS 7.5), a ReDoS vulnerability in Fedify's HTML parsing that could cause denial of service.
If you're using BotKit 0.3.x, please upgrade to 0.3.1 as soon as possible.
- π¦ Release notes
- π Security advisory
github.com
ReDoS Vulnerability in HTML Parsing Regex
Hi Fedify team! π Thank you for your work on Fedifyβit's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Servic...