Shared by: 🚨 **Security Update: [Hollo 0…

@hollo@hollo.social

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

Railway: Go to deployments → click three dots → Redeploy
Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
Manual: git pull origin stable && pnpm install and restart server

github.com

Posts received with form elements are rendered allow submission

### Summary When an incoming post has form elements included, the elements are rendered and are submittable. Other platforms normally remove such elements before rendering. Please note that I a...

8 shares

Kazuky Akayashi ฅ^•ﻌ•^ฅ
@KazukyAkayashi@social.zarchbox.fr
Fait de la photo, touche à tout, Fediversien depuis le début, sysadmin du dimanche, fait pousser des trucs sur mon balcon, humain de Meow et Lily.

Post surtout des photos, du jeux vidéo et des trucs lié aux logiciels libre.

#Photography #Photographie #FujiGW690III #SonyA7II #VoigtlanderBessaR2 #MamiyaRB67 #OlympusOM2n #SigmaSDQuattro #FujifilmXT1 #SigmaSD1Merril #SigmaDP3Merrill #Mamiya645 #Foveon #CaptureOne #Gaming #Archlinux #FLOSS #Privacy #Gaming #ESport #TeamFortress2 #ProjectDiablo2 #fedi22
Yohan Yukiya Sese Cuneta 사요한🦣
@youronlyone@c.im
♾️ #AutisticActually
✨ Appeared: Sports Seoul; The Daily Report Arirang
©️ #CCBySA4
🐬 only me
🇵🇭 #Philippines #Filipino
🛖 https://im.youronly.one
🆔 https://iam.youronly.one
📚 https://wiki.youronly.one
SNS:
💫 @youronlyone
🦋 @youronly.one
🖼️ @youronlyone
👉🏽 https://woosh.link/youronly.one
#YourOnlyOne #fedi22
Ufal Salman
@ufal@misskey.id
translator, writer, musician / bukan ordal hypergryph / anotomo no.1 / caffeine-deprived person / fedora user / indonesian / open for commission / my songs are on bandcamp

Work at Retrospective Klaten. Owner at Touhou Project Indonesia. Manager at Kebuli Musthofa. Writer at Centraverse, Summary of The Week, and Jalan Salaf. Musician as ritokatsuga.
Jeff - "Just Gay Enough"
@box464@mastodon.social
Coder, dog dad. Tech tinkering is my joy. Be kind.
fedicat
@fedicat@pc.cafe
The official account for the Fedicat fediverse iOS client available on TestFlight. I try to include other fediverse stuff to keep it interesting.
@reiver ⊼ (Charles)
@reiver@mastodon.social
I make things for #Fediverse #smallNet
Talk about #ActivityPub #FediDev #FediverseUX #P2P #Privacy #SpreadFediverse
I post #SciFiArt
Vlog at #AllYourBases #FinalForm
Work on #AssetFlow #FediCon #FediverseAcademy #FediverseCity #FingerProtocol #GreatApe #Microdon #ProToGo #SpaceMonkey
Life-cast at @reiver
Code in #golang
I like to understand things. I like to make things.
The meaning of life — first survive, then reproduce 🌞
Formal b/g: comp sci, math, ai. Pro b/g: soft eng, ml, research
S.H.@Haloはいいぞ
@S_H_@gamelinks007.net
Creatodonの鯖缶です
時々Rubyにパッチを投げてます
洪民憙 (Hong Minhee)
@hongminhee@hollo.social
An intersectionalist, feminist, and socialist living in Seoul (UTC+09:00). @tokolovesme's spouse. Who's behind @fedify, @hollo, and @botkit. Write some free software in #TypeScript, #Haskell, #Rust, & #Python. They/them.
서울에 사는 交叉女性主義者이자 社會主義者. 金剛兔(@tokolovesme)의 配偶者. @fedify, @hollo, @botkit 메인테이너. #TypeScript, #Haskell, #Rust, #Python 等으로 自由 소프트웨어 만듦.
#國漢文混用體 #한국어 (#朝鮮語) #English #日本語