Hollo :hollo:'s avatar

Hollo :hollo:

@hollo@hollo.social · 197 following · 628 followers

:hollo: A federated single-user microblogging software.

WebsiteGitHubFedify

https://hollo.social/

https://github.com/fedify-dev/hollo

https://fedify.dev/

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

Introducing . Hollo is an -enabled single-user microblogging software. Although it's for a single user, it also supports creating and running multiple accounts for different topics.

It's headless, meaning you can use existing client apps instead, with its Mastodon-compatible APIs. It has most feature parity with Mastodon. Two big differences with Mastodon is that you can use in the content of your posts and you can quote another post.

Oh, and Hollo is built using and .

https://github.com/dahlia/hollo

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social · Reply to Woojin Kim's post

@me 보고 감사합니다!

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social · Reply to Hollo :hollo:'s post

@me GitHub에 이슈도 생성해 두었습니다.

https://github.com/dahlia/hollo/issues/98

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social · Reply to Woojin Kim's post

@me 410 응답을 주는 서버에 대한 요청을 하다가 오류가 나는 것으로 보이네요. 조만간 패치를 릴리스하겠습니다!

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social · Reply to Woojin Kim's post

@me 보고 감사합니다! 혹시 원래 쓰시던 계정 서버를 셧다운하셨나요?

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social · Reply to Björn Þór Jónsson's post

@bthj Sorry, we currently don't support split-domain configuration yet.

SorairoLake's avatar
SorairoLake

@sorairolake@misskey.io

Holloの公式サイトって日本語のページもあるんだ

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social · Reply to Fedify: an ActivityPub server framework's post

Okay, since we couldn't get in touch with the @fedify account owner, we need a new name for our GitHub organization. Which alternative do you prefer?

Your suggestions for other names are welcome in the comments! We'll make the final decision based on your feedback.

OptionVoters
fedify-js16 (11%)
fedify-sdk14 (10%)
fedify-framework15 (11%)
fedify-dev48 (34%)
fedify-org48 (34%)
newflow's avatar
newflow

@newflow@uri.life

1인용 연합우주 소프트웨어
hollo.social/@hollo

やまのく's avatar
やまのく

@yamanoku@mastodon.social

Holloアカウント作ってみた
hollo.yamanoku.net/@yamanoku

ストレージ周りの連携が失敗してるっぽく連合ができない状態なのでまだ完了ではない…

치즈군★ 🧀's avatar
치즈군★ 🧀

@cheesekun@ppiy.ac

hollo 인스턴스를 세울까 싶은데 아직 자세히 알아보진 않아서 모르겠지만 플레로마처럼 마스토돈 FE를 사용하거나 할 수는 없을려나...

やまのく's avatar
やまのく

@yamanoku@mastodon.social

画像投稿ができるようになったので本格的にHolloで活動していこうと思います

Buachi's avatar
Buachi

@b@techniclip.com

Hollo、気になってる

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

Once we have a @fedify org account, we'll be moving 's repository there as well.

https://hollo.social/@fedify/01949657-262f-78f4-a9a0-97643682ea70

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

We're planning to move our GitHub repository to an organization account for better project management. We've requested GitHub support to help us acquire the inactive @fedify username for this purpose. (The attached screenshot is our formal request to GitHub support.)

If we successfully acquire @fedify, that will be our new organization name. If not, we'll choose an alternative name. We'll keep you updated on the progress!

In any case, we'll ensure a smooth transition with proper redirects from the current repository. Stay tuned for updates!

Dear GitHub Support, I am writing to request the takeover of the inactive GitHub username “@fedify”. This username is currently held by an account that shows no activity since its creation—no repositories, contributions, or any other engagement. I am the maintainer of the Fedify project (https://github.com/dahlia/fedify), which is an open source ActivityPub server framework. We would like to use this username as an organization account to host our project and related repositories. The reasons for this request are: 1. The current “@fedify” account has been completely inactive with no public contributions or repositories 2. The name directly relates to our project's name and purpose 3. We need an organization account to better manage our growing open source project 4. The username would help us maintain consistent branding across different platforms (@fedify on npm, JSR, etc.) If possible, we would greatly appreciate if you could help us acquire this username. We believe this would benefit the GitHub community by putting the inactive username to active use for an open source project. Please let me know if you need any additional information to process this request. Thank you for your time and consideration. Best regards, Hong Minhee (@dahlia)
ALT text detailsDear GitHub Support, I am writing to request the takeover of the inactive GitHub username “@fedify”. This username is currently held by an account that shows no activity since its creation—no repositories, contributions, or any other engagement. I am the maintainer of the Fedify project (https://github.com/dahlia/fedify), which is an open source ActivityPub server framework. We would like to use this username as an organization account to host our project and related repositories. The reasons for this request are: 1. The current “@fedify” account has been completely inactive with no public contributions or repositories 2. The name directly relates to our project's name and purpose 3. We need an organization account to better manage our growing open source project 4. The username would help us maintain consistent branding across different platforms (@fedify on npm, JSR, etc.) If possible, we would greatly appreciate if you could help us acquire this username. We believe this would benefit the GitHub community by putting the inactive username to active use for an open source project. Please let me know if you need any additional information to process this request. Thank you for your time and consideration. Best regards, Hong Minhee (@dahlia)
Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

We're planning to move our GitHub repository to an organization account for better project management. We've requested GitHub support to help us acquire the inactive @fedify username for this purpose. (The attached screenshot is our formal request to GitHub support.)

If we successfully acquire @fedify, that will be our new organization name. If not, we'll choose an alternative name. We'll keep you updated on the progress!

In any case, we'll ensure a smooth transition with proper redirects from the current repository. Stay tuned for updates!

Dear GitHub Support, I am writing to request the takeover of the inactive GitHub username “@fedify”. This username is currently held by an account that shows no activity since its creation—no repositories, contributions, or any other engagement. I am the maintainer of the Fedify project (https://github.com/dahlia/fedify), which is an open source ActivityPub server framework. We would like to use this username as an organization account to host our project and related repositories. The reasons for this request are: 1. The current “@fedify” account has been completely inactive with no public contributions or repositories 2. The name directly relates to our project's name and purpose 3. We need an organization account to better manage our growing open source project 4. The username would help us maintain consistent branding across different platforms (@fedify on npm, JSR, etc.) If possible, we would greatly appreciate if you could help us acquire this username. We believe this would benefit the GitHub community by putting the inactive username to active use for an open source project. Please let me know if you need any additional information to process this request. Thank you for your time and consideration. Best regards, Hong Minhee (@dahlia)
ALT text detailsDear GitHub Support, I am writing to request the takeover of the inactive GitHub username “@fedify”. This username is currently held by an account that shows no activity since its creation—no repositories, contributions, or any other engagement. I am the maintainer of the Fedify project (https://github.com/dahlia/fedify), which is an open source ActivityPub server framework. We would like to use this username as an organization account to host our project and related repositories. The reasons for this request are: 1. The current “@fedify” account has been completely inactive with no public contributions or repositories 2. The name directly relates to our project's name and purpose 3. We need an organization account to better manage our growing open source project 4. The username would help us maintain consistent branding across different platforms (@fedify on npm, JSR, etc.) If possible, we would greatly appreciate if you could help us acquire this username. We believe this would benefit the GitHub community by putting the inactive username to active use for an open source project. Please let me know if you need any additional information to process this request. Thank you for your time and consideration. Best regards, Hong Minhee (@dahlia)
Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social · Reply to Markus 🌱:fosse:'s post

@markus We're looking into it! Thanks for reporting!

洪 民憙 (Hong Minhee)'s avatar
洪 民憙 (Hong Minhee)

@hongminhee@hollo.social

If you'd like to support the development of @fedify or @hollo or @botkit, you can sponsor me on GitHub!

https://github.com/sponsors/dahlia

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social · Reply to Hollo :hollo:'s post

この件に関連して、Holloもセキュリティアップデートをリリースしました。0.3.6または0.4.4バージョンに今すぐアップデートしてください!

https://hollo.social/@fedify/0194848e-7cac-7af3-941b-c93999a51274

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social · Reply to Fedify: an ActivityPub server framework's post

FedifyのWebFinger実装における脆弱性CVE-2025-23221に対するセキュリティアップデート(1.0.141.1.111.2.111.3.4)をリリースいたしました。すべてのユーザー様におかれましては、お使いのバージョンに応じた最新版への速やかなアップデートを推奨いたします。

脆弱性の詳細

セキュリティ研究者により、FedifyのlookupWebFinger()関数において以下のセキュリティ上の問題が発見されました:

  • 無限リダイレクトループによるサービス拒否攻撃(DoS)の可能性
  • プライベートネットワークアドレスへのリダイレクトを利用したSSRF(サーバーサイドリクエストフォージェリ)攻撃の可能性
  • リダイレクト操作による意図しないURLスキームへのアクセスの可能性

修正されたバージョン

  • 1.3.xシリーズ:1.3.4へアップデート
  • 1.2.xシリーズ:1.2.11へアップデート
  • 1.1.xシリーズ:1.1.11へアップデート
  • 1.0.xシリーズ:1.0.14へアップデート

変更内容

本セキュリティアップデートでは、以下の修正が実施されました:

  1. 無限リダイレクトループを防ぐため、最大リダイレクト回数(5回)の制限を導入
  2. 元のリクエストと同じスキーム(HTTP/HTTPS)のみにリダイレクトを制限
  3. SSRFを防止するため、プライベートネットワークアドレスへのリダイレクトをブロック

アップデート方法

以下のコマンドで最新のセキュアバージョンにアップデートできます:

# npmユーザーの場合
npm update @fedify/fedify

# Denoユーザーの場合
deno add jsr:@fedify/fedify

この脆弱性を責任を持って報告していただいたセキュリティ研究者の方に感謝申し上げます。迅速な対応が可能となりました。

本脆弱性の詳細については、セキュリティ勧告をご参照ください。

ご質問やご懸念がございましたら、GitHub DiscussionsMatrixチャットスペース、またはDiscordサーバーまでお気軽にご連絡ください。

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social · Reply to Hollo :hollo:'s post

이와 관련하여, 역시 업데이트가 이뤄졌습니다. 0.3.6 또는 0.4.4 버전으로 바로 업데이트하시기 바랍니다!

https://hollo.social/@fedify/0194848b-3b9e-7da1-b631-c011db2f4c43

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social · Reply to Fedify: an ActivityPub server framework's post

프레임워크의 구현에서 발견된 보안 취약점 CVE-2025-23221을 해결하기 위한 보안 업데이트(1.0.14, 1.1.11, 1.2.11, 1.3.4)를 배포했습니다. 모든 사용자께서는 각자 사용 중인 버전에 해당하는 최신 버전으로 즉시 업데이트하시기를 권장합니다.

취약점 내용

보안 연구자가 Fedify의 lookupWebFinger() 함수에서 다음과 같은 보안 문제점들을 발견했습니다:

  • 무한 리다이렉트 루프를 통한 서비스 거부 공격 가능
  • 내부 네트워크 주소로의 리다이렉트를 통한 SSRF (서버측 요청 위조) 공격 가능
  • 리다이렉트 조작을 통한 의도하지 않은 URL 스킴 접근 가능

수정된 버전

  • 1.3.x 시리즈: 1.3.4로 업데이트
  • 1.2.x 시리즈: 1.2.11로 업데이트
  • 1.1.x 시리즈: 1.1.11로 업데이트
  • 1.0.x 시리즈: 1.0.14로 업데이트

변경 사항

이번 보안 업데이트에는 다음과 같은 수정 사항이 포함되어 있습니다:

  1. 무한 리다이렉트 루프를 방지하기 위해 최대 리다이렉트 횟수 제한(5회) 도입
  2. 원래 요청과 동일한 스킴(HTTP/HTTPS)으로만 리다이렉트 허용하도록 제한
  3. SSRF 공격 방지를 위해 내부 네트워크 주소로의 리다이렉트 차단

업데이트 방법

다음 명령어로 최신 보안 버전으로 업데이트하실 수 있습니다:

# npm 사용자의 경우
npm update @fedify/fedify

# Deno 사용자의 경우
deno add jsr:@fedify/fedify

이 취약점을 책임감 있게 보고해 주신 보안 연구자께 감사드립니다. 덕분에 신속하게 문제를 해결할 수 있었습니다.

이 취약점에 대한 자세한 내용은 보안 권고문을 참고해 주시기 바랍니다.

문의 사항이나 우려 사항이 있으시다면 GitHub DiscussionsMatrix 채팅방, 또는 Discord 서버를 통해 언제든 연락해 주시기 바랍니다.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

In related news, has also released updates: 0.3.6 & 0.4.4. Update now!

https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

We have released updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a in 's implementation. We recommend all users update to the latest version of their respective release series immediately.

The Vulnerability

A security researcher identified multiple security issues in Fedify's lookupWebFinger() function that could be exploited to:

  • Perform denial of service attacks through infinite redirect loops
  • Execute server-side request forgery () attacks via redirects to private network addresses
  • Access unintended URL schemes through redirect manipulation

Fixed Versions

  • 1.3.x series: Update to 1.3.4
  • 1.2.x series: Update to 1.2.11
  • 1.1.x series: Update to 1.1.11
  • 1.0.x series: Update to 1.0.14

Changes

The security updates implement the following fixes:

  1. Added a maximum redirect limit (5) to prevent infinite redirect loops
  2. Restricted redirects to only follow the same scheme as the original request (HTTP/HTTPS)
  3. Blocked redirects to private network addresses to prevent SSRF attacks

How to Update

To update to the latest secure version:

# For npm users
npm update @fedify/fedify

# For Deno users
deno add jsr:@fedify/fedify

We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.

For more details about this vulnerability, please refer to our security advisory.

If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.

ココイ:role_bisyouzyo:'s avatar
ココイ:role_bisyouzyo:

@kokoi@n-kaiwai.work

Holloちょっとおもしろそうねのだ
https://docs.hollo.social/ja/

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social · Reply to Woojin Kim's post

@woojinkim 계정을 생성할 때 인스턴스의 도메인 이름이 고정되어서 나타나는 현상입니다. 계정을 새로 만드시면 해결될 것 같아요!

Kazuky Akayashi ฅ^•ﻌ•^ฅ's avatar
Kazuky Akayashi ฅ^•ﻌ•^ฅ

@KazukyAkayashi@social.zarchbox.fr

Une chose que je trouve intéressante sur Hollo et que j'ai vu nul par ailleurs :

## The number of recent public posts to fetch from remote actors when they are encountered first time.
REMOTE_ACTOR_FETCH_POSTS=10

Dans les faits ça fonctionne pas mal mais ça met un peu de temps a charger

꧁ wakest ꧂'s avatar
꧁ wakest ꧂

@liaizon@social.wake.st

excited to see that @sengi_app supports viewing ruby text (developer.mozilla.org/en-US/do) from @hollo accounts!

the fediverse is for everyone, so support for language features outside of Latin is very exciting to me

NTSK's avatar
NTSK

@ntek@hl.oyasumi.dev

Kubernetes上のHolloを自動更新する https://in-deep.blue/archives/1278

古道京紗's avatar
古道京紗

@schwarzewald@kodow.net · Reply to かとり's post

@katori_m ActivityPub実装だったらHolloとかですかね docs.hollo.social/ja/

paku ◉'s avatar
paku ◉

@paku@hollo.skyizwhite.dev

just setting up my hollo

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social · Reply to aliceif's post

@Tak Yeah, @aliceif did explain it accurately.

paku :himagine_icon:'s avatar
paku :himagine_icon:

@skyizwhite@himagine.club

HolloをCoolifyにデプロイできた
docsに載ってるdocker composeをベースにminio関連を削除してminioは別で建てるとよし

paku :himagine_icon:'s avatar
paku :himagine_icon:

@skyizwhite@himagine.club

Hollo, Nightfoxから使える
リアクションも

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

does not currently cache media attached to remote posts or avatars from remote accounts (except for thumbnails). Do you think we should cache them?

OptionVoters
It's fine the way it is.3 (9%)
They should be cached.6 (18%)
It would be nice to be configurable.24 (73%)
← Newer
Older →