Hollo :hollo:
@hollo@hollo.social ยท Reply to Hollo :hollo:

๐Ÿšจ ๋ณด์•ˆ ์—…๋ฐ์ดํŠธ: Hollo 0.6.5 ๋ฆด๋ฆฌ์Šค

CVE-2025-53941 ์ทจ์•ฝ์ ์„ ํ•ด๊ฒฐํ•˜๋Š” 0.6.5๋ฅผ ๋ฆด๋ฆฌ์Šคํ–ˆ์Šต๋‹ˆ๋‹ค. ์—ฐํ•ฉ ๊ฒŒ์‹œ๋ฌผ์˜ HTML ์ฃผ์ž… ์ทจ์•ฝ์ ์ด ์ˆ˜์ •๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

ํ”ผ์‹ฑ ๋ฐ XSS ๊ณต๊ฒฉ์œผ๋กœ๋ถ€ํ„ฐ ์ธ์Šคํ„ด์Šค๋ฅผ ๋ณดํ˜ธํ•˜๊ธฐ ์œ„ํ•ด ์ฆ‰์‹œ ์—…๋ฐ์ดํŠธํ•ด ์ฃผ์„ธ์š”.

์—…๋ฐ์ดํŠธ ๋ฐฉ๋ฒ•:

  • Railway: ๋ฐฐํฌ ํƒญ โ†’ ์  ์„ธ ๊ฐœ ํด๋ฆญ โ†’ Redeploy
  • Docker: docker pull ghcr.io/fedify-dev/hollo:latest ํ›„ ์žฌ์‹œ์ž‘
  • ์ˆ˜๋™: git pull origin stable && pnpm install ํ›„ ์„œ๋ฒ„ ์žฌ์‹œ์ž‘

github.com

Posts received with form elements are rendered allow submission

### Summary When an incoming post has form elements included, the elements are rendered and are submittable. Other platforms normally remove such elements before rendering. Please note that I a...

1 reply

Hollo :hollo:
@hollo@hollo.social ยท Reply to Hollo :hollo:

๐Ÿšจ ใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃใ‚ขใƒƒใƒ—ใƒ‡ใƒผใƒˆ๏ผšHollo 0.6.5 ใƒชใƒชใƒผใ‚น

CVE-2025-53941ใฎใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃ่„†ๅผฑๆ€งใ‚’ไฟฎๆญฃใ—ใŸHollo 0.6.5ใ‚’ใƒชใƒชใƒผใ‚นใ—ใพใ—ใŸใ€‚้€ฃๅˆๆŠ•็จฟใฎHTMLใ‚คใƒณใ‚ธใ‚งใ‚ฏใ‚ทใƒงใƒณ่„†ๅผฑๆ€งใŒไฟฎๆญฃใ•ใ‚Œใฆใ„ใพใ™ใ€‚

ใƒ•ใ‚ฃใƒƒใ‚ทใƒณใ‚ฐใ‚„XSSๆ”ปๆ’ƒใ‹ใ‚‰ใ‚คใƒณใ‚นใ‚ฟใƒณใ‚นใ‚’ไฟ่ญทใ™ใ‚‹ใŸใ‚ใ€ไปŠใ™ใใ‚ขใƒƒใƒ—ใƒ‡ใƒผใƒˆใ—ใฆใใ ใ•ใ„ใ€‚

ใ‚ขใƒƒใƒ—ใƒ‡ใƒผใƒˆๆ–นๆณ•:

  • Railway๏ผšใƒ‡ใƒ—ใƒญใ‚คใƒกใƒณใƒˆ โ†’ ็ธฆ3็‚นใ‚ฏใƒชใƒƒใ‚ฏ โ†’ Redeploy
  • Docker๏ผšdocker pull ghcr.io/fedify-dev/hollo:latest ใ—ใฆๅ†่ตทๅ‹•
  • ๆ‰‹ๅ‹•๏ผšgit pull origin stable && pnpm install ใ—ใฆใ‚ตใƒผใƒใƒผๅ†่ตทๅ‹•

github.com

Posts received with form elements are rendered allow submission

### Summary When an incoming post has form elements included, the elements are rendered and are submittable. Other platforms normally remove such elements before rendering. Please note that I a...