Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

๐Ÿšจ Security Update: Hollo 0.6.5 Released

We've released 0.6.5 with a critical fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please immediately to protect your instance from potential phishing and XSS attacks.

How to update:

  • Railway: Go to deployments โ†’ click three dots โ†’ Redeploy
  • Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
  • Manual: git pull origin stable && pnpm install and restart server
Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social ยท Reply to Hollo :hollo:'s post

๐Ÿšจ ๋ณด์•ˆ ์—…๋ฐ์ดํŠธ: Hollo 0.6.5 ๋ฆด๋ฆฌ์Šค

CVE-2025-53941 ์ทจ์•ฝ์ ์„ ํ•ด๊ฒฐํ•˜๋Š” 0.6.5๋ฅผ ๋ฆด๋ฆฌ์Šคํ–ˆ์Šต๋‹ˆ๋‹ค. ์—ฐํ•ฉ ๊ฒŒ์‹œ๋ฌผ์˜ HTML ์ฃผ์ž… ์ทจ์•ฝ์ ์ด ์ˆ˜์ •๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

ํ”ผ์‹ฑ ๋ฐ XSS ๊ณต๊ฒฉ์œผ๋กœ๋ถ€ํ„ฐ ์ธ์Šคํ„ด์Šค๋ฅผ ๋ณดํ˜ธํ•˜๊ธฐ ์œ„ํ•ด ์ฆ‰์‹œ ์—…๋ฐ์ดํŠธํ•ด ์ฃผ์„ธ์š”.

์—…๋ฐ์ดํŠธ ๋ฐฉ๋ฒ•:

  • Railway: ๋ฐฐํฌ ํƒญ โ†’ ์  ์„ธ ๊ฐœ ํด๋ฆญ โ†’ Redeploy
  • Docker: docker pull ghcr.io/fedify-dev/hollo:latest ํ›„ ์žฌ์‹œ์ž‘
  • ์ˆ˜๋™: git pull origin stable && pnpm install ํ›„ ์„œ๋ฒ„ ์žฌ์‹œ์ž‘