#Hollo

So Hollo gets stuck after 10 minutes and this is all I have left all I have left in the logs:

mars 04 23:48:19 hollo pnpm[3640]: 22:48:19.853 INF fedify·federation·http: 'OPTIONS' '/api/v1/timelines/home?limit=20': 204
mars 04 23:48:35 hollo pnpm[3640]: 22:48:35.110 INF fedify·federation·http: 'OPTIONS' '/api/v1/timelines/home?limit=20': 204
mars 04 23:48:50 hollo pnpm[3640]: 22:48:50.251 INF fedify·federation·http: 'OPTIONS' '/api/v1/timelines/home?limit=20': 204
mars 04 23:49:05 hollo pnpm[3640]: 22:49:05.584 INF fedify·federation·http: 'OPTIONS' '/api/v1/timelines/home?limit=20': 204
mars 04 23:49:19 hollo pnpm[3640]: 22:49:19.747 INF fedify·federation·http: 'OPTIONS' '/api/v1/timelines/home?limit=20': 204
mars 04 23:49:34 hollo pnpm[3640]: 22:49:34.867 INF fedify·federation·http: 'OPTIONS' '/api/v1/timelines/home?limit=20': 204
mars 04 23:52:40 hollo pnpm[3640]: 22:52:40.282 INF fedify·federation·http: 'OPTIONS' '/api/v1/timelines/home?limit=20': 204

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

Hmm, Hollo's frozen again. The server's still running, but it's impossible to reach it.
I should take the time to go check the logs, but I think I saw a message saying it failed because it ran out of RAM ​​

#Hollo

Today I found

• Stegodon #stegodon
• Hollo #hollo #hollosocial
• snac2 #snac2

Hey @yunohost j'ai contacté les devs de #hollo #hollosocial et #snac2 (respectivement @hongminhee et @grunfink ) et le dev de snac2 à dit qu'il serait plus que content d'aider à la mise en place de l'app dans yunohost, et pour hollo le dev m'a donné le lien d'une issue GitHub
Je serais moi aussi plus que content de voir ces apps dans le catalogue et apparemment je ne serai pas le seul.
Prospérité sur vous parce que vous faites un boulot exceptionnel ❤️

Edit: est-ce qu'un traducteur serait disponible pour traduire en français les settings de Gotosocial sur l'interface web svp ? :)

#selfhosting #selfhost #autohebergement #yunohost

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

Today I found

• Stegodon #stegodon
• Hollo #hollo #hollosocial
• snac2 #snac2

Today I found

• Stegodon #stegodon
• Hollo #hollo #hollosocial
• snac2 #snac2

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Introducing #Hollo. Hollo is an #ActivityPub-enabled single-user microblogging software. Although it's for a single user, it also supports creating and running multiple accounts for different topics.

It's headless, meaning you can use existing #Mastodon client apps instead, with its Mastodon-compatible APIs. It has most feature parity with Mastodon. Two big differences with Mastodon is that you can use #Markdown in the content of your posts and you can quote another post.

Oh, and Hollo is built using #Bun and #Fedify.

https://github.com/dahlia/hollo

#fedidev

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Oh okay Moshidon crashed when adding my Hollo account and now crashes right at launch

#Moshidon #Hollo

Hollo 0.7.0 🎉

#Hollo

Hollo 0.7.0 🎉

#Hollo

Avec Hollo ça fonctionne bien visiblement pour le moment je vois pas de problème 👍

#Hollo #Mitra

「@fedify」や「@hollo」や「@botkit」の開発を支援したい方は、GitHubでスポンサーになってください！

https://github.com/sponsors/dahlia

#ActivityPub #fediverse #フェディバース #Fedify #Hollo #BotKit #スポンサー

제 프로젝트인 @fedify, @hollo, @botkit 等(등)의 開發(개발)을 後援(후원)하고 싶으신 분들께서는, GitHub에서 제 스폰서가 되어 주세요!

https://github.com/sponsors/dahlia

#ActivityPub #fediverse #페디버스 #聯合宇宙(연합우주) #연합우주 #Fedify #Hollo #BotKit #스폰서 #후원

「@fedify」や「@hollo」や「@botkit」の開発を支援したい方は、GitHubでスポンサーになってください！

https://github.com/sponsors/dahlia

#ActivityPub #fediverse #フェディバース #Fedify #Hollo #BotKit #スポンサー

If you'd like to support the development of @fedify or @hollo or @botkit, you can sponsor me on GitHub!

https://github.com/sponsors/dahlia

#ActivityPub #fedidev #Fedify #Hollo #BotKit #sponsor

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

セキュリティアップデート: Hollo 0.6.19 リリース

FedifyのHTMLパースコードにおけるセキュリティ脆弱性に対応したHollo 0.6.19をリリースしました。

この脆弱性 (CVE-2025-68475) は ReDoS (正規表現によるサービス拒否) の問題であり、攻撃者がフェデレーション操作中に特別に細工されたHTMLレスポンスを送信することで、サービス停止を引き起こす可能性があります。悪意のあるペイロードは小さい (約170バイト) ですが、Node.jsのイベントループを長時間ブロックする可能性があります。

すべてのHollo運営者の皆様には、直ちにバージョン 0.6.19 へのアップグレードを強くお勧めします。

#Hollo #セキュリティ #fediverse #ActivityPub

セキュリティアップデート: Hollo 0.6.19 リリース

FedifyのHTMLパースコードにおけるセキュリティ脆弱性に対応したHollo 0.6.19をリリースしました。

この脆弱性 (CVE-2025-68475) は ReDoS (正規表現によるサービス拒否) の問題であり、攻撃者がフェデレーション操作中に特別に細工されたHTMLレスポンスを送信することで、サービス停止を引き起こす可能性があります。悪意のあるペイロードは小さい (約170バイト) ですが、Node.jsのイベントループを長時間ブロックする可能性があります。

すべてのHollo運営者の皆様には、直ちにバージョン 0.6.19 へのアップグレードを強くお勧めします。

#Hollo #セキュリティ #fediverse #ActivityPub

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

セキュリティアップデート: Hollo 0.6.19 リリース

FedifyのHTMLパースコードにおけるセキュリティ脆弱性に対応したHollo 0.6.19をリリースしました。

この脆弱性 (CVE-2025-68475) は ReDoS (正規表現によるサービス拒否) の問題であり、攻撃者がフェデレーション操作中に特別に細工されたHTMLレスポンスを送信することで、サービス停止を引き起こす可能性があります。悪意のあるペイロードは小さい (約170バイト) ですが、Node.jsのイベントループを長時間ブロックする可能性があります。

すべてのHollo運営者の皆様には、直ちにバージョン 0.6.19 へのアップグレードを強くお勧めします。

#Hollo #セキュリティ #fediverse #ActivityPub

보안 업데이트: Hollo 0.6.19 릴리스

Fedify의 HTML 파싱 코드에서 발견된 보안 취약점을 수정한 Hollo 0.6.19를 릴리스했습니다.

이 취약점(CVE-2025-68475)은 ReDoS(정규 표현식 서비스 거부) 문제로, 공격자가 연합 작업 중 특수하게 조작된 HTML 응답을 보내 서비스 장애를 유발할 수 있습니다. 악성 페이로드는 작지만(약 170바이트), Node.js 이벤트 루프를 장시간 차단할 수 있습니다.

모든 Hollo 운영자분들께 즉시 버전 0.6.19로 업그레이드하실 것을 강력히 권고드립니다.

#Hollo #보안 #페디버스 #연합우주 #ActivityPub

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

セキュリティアップデート: Hollo 0.6.19 リリース

FedifyのHTMLパースコードにおけるセキュリティ脆弱性に対応したHollo 0.6.19をリリースしました。

この脆弱性 (CVE-2025-68475) は ReDoS (正規表現によるサービス拒否) の問題であり、攻撃者がフェデレーション操作中に特別に細工されたHTMLレスポンスを送信することで、サービス停止を引き起こす可能性があります。悪意のあるペイロードは小さい (約170バイト) ですが、Node.jsのイベントループを長時間ブロックする可能性があります。

すべてのHollo運営者の皆様には、直ちにバージョン 0.6.19 へのアップグレードを強くお勧めします。

#Hollo #セキュリティ #fediverse #ActivityPub

보안 업데이트: Hollo 0.6.19 릴리스

Fedify의 HTML 파싱 코드에서 발견된 보안 취약점을 수정한 Hollo 0.6.19를 릴리스했습니다.

이 취약점(CVE-2025-68475)은 ReDoS(정규 표현식 서비스 거부) 문제로, 공격자가 연합 작업 중 특수하게 조작된 HTML 응답을 보내 서비스 장애를 유발할 수 있습니다. 악성 페이로드는 작지만(약 170바이트), Node.js 이벤트 루프를 장시간 차단할 수 있습니다.

모든 Hollo 운영자분들께 즉시 버전 0.6.19로 업그레이드하실 것을 강력히 권고드립니다.

#Hollo #보안 #페디버스 #연합우주 #ActivityPub

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

早晩間(조만간) 몇 個月(개월)만의 새 #Hollo 마이너 릴리스(v0.7.0)이 나올 것 같다.

早晩間(조만간) 몇 個月(개월)만의 새 #Hollo 마이너 릴리스(v0.7.0)이 나올 것 같다.

It looks like a new minor release of #Hollo (v0.7.0) will be out soon, the first in several months.

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

Introducing #Hollo. Hollo is an #ActivityPub-enabled single-user microblogging software. Although it's for a single user, it also supports creating and running multiple accounts for different topics.

It's headless, meaning you can use existing #Mastodon client apps instead, with its Mastodon-compatible APIs. It has most feature parity with Mastodon. Two big differences with Mastodon is that you can use #Markdown in the content of your posts and you can quote another post.

Oh, and Hollo is built using #Bun and #Fedify.

https://github.com/dahlia/hollo

#fedidev

Introducing #Hollo. Hollo is an #ActivityPub-enabled single-user microblogging software. Although it's for a single user, it also supports creating and running multiple accounts for different topics.

It's headless, meaning you can use existing #Mastodon client apps instead, with its Mastodon-compatible APIs. It has most feature parity with Mastodon. Two big differences with Mastodon is that you can use #Markdown in the content of your posts and you can quote another post.

Oh, and Hollo is built using #Bun and #Fedify.

https://github.com/dahlia/hollo

#fedidev

Hollo 0.6.14 🎉

#Hollo #Fediverse

Hollo 0.6.14 🎉

#Hollo #Fediverse

#Hollo 쓰시는 분들은 可能(가능)한 限(한) 빨리 0.6.12 버전으로 올리시기 바랍니다. DM이 公開(공개) 揭示物(게시물) 페이지에서 露出(노출)되는 深刻(심각)한 保安(보안) 脆弱點(취약점)이 패치되었습니다.

https://hollo.social/@hollo/0199aaaf-7979-7da3-9509-73c9e487de05

#보안 #취약점

Security update: Hollo 0.6.12 is now available

We've released #Hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private.

#security

Security update: Hollo 0.6.12 is now available

We've released #Hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private.

#security

#Hollo 쓰시는 분들은 可能(가능)한 限(한) 빨리 0.6.12 버전으로 올리시기 바랍니다. DM이 公開(공개) 揭示物(게시물) 페이지에서 露出(노출)되는 深刻(심각)한 保安(보안) 脆弱點(취약점)이 패치되었습니다.

https://hollo.social/@hollo/0199aaaf-7979-7da3-9509-73c9e487de05

#보안 #취약점

Holloをお使いの方は、できるだけ早く0.6.12バージョンにアップデートしてください。DMが公開投稿ページで露出する深刻なセキュリティ脆弱性が修正されました。

https://hollo.social/@hollo/0199aaaf-7979-7da3-9509-73c9e487de05

#Hollo #セキュリティ #脆弱性

Holloをお使いの方は、できるだけ早く0.6.12バージョンにアップデートしてください。DMが公開投稿ページで露出する深刻なセキュリティ脆弱性が修正されました。

https://hollo.social/@hollo/0199aaaf-7979-7da3-9509-73c9e487de05

#Hollo #セキュリティ #脆弱性

Security update: Hollo 0.6.12 is now available

We've released #Hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private.

#security

Security update: Hollo 0.6.12 is now available

We've released #Hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private.

#security

Holloをお使いの方は、できるだけ早く0.6.12バージョンにアップデートしてください。DMが公開投稿ページで露出する深刻なセキュリティ脆弱性が修正されました。

https://hollo.social/@hollo/0199aaaf-7979-7da3-9509-73c9e487de05

#Hollo #セキュリティ #脆弱性

Holloをお使いの方は、できるだけ早く0.6.12バージョンにアップデートしてください。DMが公開投稿ページで露出する深刻なセキュリティ脆弱性が修正されました。

https://hollo.social/@hollo/0199aaaf-7979-7da3-9509-73c9e487de05

#Hollo #セキュリティ #脆弱性

Security update: Hollo 0.6.12 is now available

We've released #Hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private.

#security

#Hollo 쓰시는 분들은 可能(가능)한 限(한) 빨리 0.6.12 버전으로 올리시기 바랍니다. DM이 公開(공개) 揭示物(게시물) 페이지에서 露出(노출)되는 深刻(심각)한 保安(보안) 脆弱點(취약점)이 패치되었습니다.

https://hollo.social/@hollo/0199aaaf-7979-7da3-9509-73c9e487de05

#보안 #취약점

Security update: Hollo 0.6.12 is now available

We've released #Hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private.

#security

If you're running #Hollo, please update to version 0.6.12 as soon as possible. A critical #security #vulnerability has been fixed where direct messages were being exposed on public post pages.

https://hollo.social/@hollo/0199aaaf-7979-7da3-9509-73c9e487de05

Security update: Hollo 0.6.12 is now available

We've released #Hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private.

#security

Security update: Hollo 0.6.12 is now available

We've released #Hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private.

#security

Security update: Hollo 0.6.12 is now available

We've released #Hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private.

#security

New compatibility table at funfedi.dev: JSON-LD @context

https://funfedi.dev/support_tables/generated/context/

6 out of 9 implementations accept any @context value. But Mastodon, Hollo and Friendica reject activity entirely if https://www.w3.org/ns/activitystreams is not included in @context. Mastodon probably does this for no reason, but what about #Friendica and #Hollo?

#ActivityPub specification, section 3. Objects:

Implementers SHOULD include the ActivityPub context in their object definitions. Implementers MAY include additional context as appropriate.

ActivityPub context is recommended, but not required.

New compatibility table at funfedi.dev: JSON-LD @context

https://funfedi.dev/support_tables/generated/context/

6 out of 9 implementations accept any @context value. But Mastodon, Hollo and Friendica reject activity entirely if https://www.w3.org/ns/activitystreams is not included in @context. Mastodon probably does this for no reason, but what about #Friendica and #Hollo?

#ActivityPub specification, section 3. Objects:

Implementers SHOULD include the ActivityPub context in their object definitions. Implementers MAY include additional context as appropriate.

ActivityPub context is recommended, but not required.

Fort intéressant donc puisque suite à ça, je suis aller faire un ticket sur le Git de Hollo, et surprise, c'est visiblement dans le pipe 👌 à voir quand cela sera mis en place bien sûr, mais au moins ça y est.

#Activiitypub #Fediverse #Hollo #Mitra

Introducing #Hollo. Hollo is an #ActivityPub-enabled single-user microblogging software. Although it's for a single user, it also supports creating and running multiple accounts for different topics.

It's headless, meaning you can use existing #Mastodon client apps instead, with its Mastodon-compatible APIs. It has most feature parity with Mastodon. Two big differences with Mastodon is that you can use #Markdown in the content of your posts and you can quote another post.

Oh, and Hollo is built using #Bun and #Fedify.

https://github.com/dahlia/hollo

#fedidev

We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.

We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.

Update Instructions:

• Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
• Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
• Manual installations: Run git pull to get the latest code, then pnpm install and restart your service

Fedify 프레임워크의 #보안 #취약점을 해결하기 위해 #Hollo 보안 업데이트를 릴리스했습니다 (0.4.12, 0.5.7, 0.6.6). 이번 업데이트는 CVE-2025-54888을 수정하는 최신 Fedify 보안 패치를 포함합니다.

모든 Hollo 인스턴스 관리자분들께서는 가능한 한 빨리 해당 릴리스 브랜치의 최신 버전으로 업데이트하시기를 강력히 권장합니다.

업데이트 방법:

• Railway 사용자: 프로젝트 대시보드에서 Hollo 서비스를 선택하고, deployments의 점 세 개 메뉴를 클릭한 후 “Redeploy”를 선택하세요
• Docker 사용자: docker pull ghcr.io/fedify-dev/hollo:latest로 최신 이미지를 받고 컨테이너를 재시작하세요
• 수동 설치 사용자: git pull로 최신 코드를 받은 후 pnpm install을 실행하고 서비스를 재시작하세요

We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.

We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.

Update Instructions:

• Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
• Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
• Manual installations: Run git pull to get the latest code, then pnpm install and restart your service

Fedify 프레임워크의 #보안 #취약점을 해결하기 위해 #Hollo 보안 업데이트를 릴리스했습니다 (0.4.12, 0.5.7, 0.6.6). 이번 업데이트는 CVE-2025-54888을 수정하는 최신 Fedify 보안 패치를 포함합니다.

모든 Hollo 인스턴스 관리자분들께서는 가능한 한 빨리 해당 릴리스 브랜치의 최신 버전으로 업데이트하시기를 강력히 권장합니다.

업데이트 방법:

• Railway 사용자: 프로젝트 대시보드에서 Hollo 서비스를 선택하고, deployments의 점 세 개 메뉴를 클릭한 후 “Redeploy”를 선택하세요
• Docker 사용자: docker pull ghcr.io/fedify-dev/hollo:latest로 최신 이미지를 받고 컨테이너를 재시작하세요
• 수동 설치 사용자: git pull로 최신 코드를 받은 후 pnpm install을 실행하고 서비스를 재시작하세요

为了解决底层 Fedify 框架的安全漏洞，我们发布了 Hollo 安全更新。（0.4.12、0.5.7 和 0.6.6）这些更新包含了修复 CVE-2025-54888 的最新 Fedify 安全补丁。

我们强烈建议所有 Hollo 实例管理员尽快更新到相应发布分支的最新版本。

更新方法：

• Railway 用户：进入项目仪表板，选择您的 Hollo 服务，点击部署中的三点菜单，然后选择"Redeploy"
• Docker 用户：使用 docker pull ghcr.io/fedify-dev/hollo:latest 拉取最新镜像并重启容器
• 手动安装用户：运行 git pull 获取最新代码，然后执行 pnpm install 并重启服务

#Hollo #安全更新 #安全补丁 #漏洞修复 #Fedify

Fedify 프레임워크의 #보안 #취약점을 해결하기 위해 #Hollo 보안 업데이트를 릴리스했습니다 (0.4.12, 0.5.7, 0.6.6). 이번 업데이트는 CVE-2025-54888을 수정하는 최신 Fedify 보안 패치를 포함합니다.

모든 Hollo 인스턴스 관리자분들께서는 가능한 한 빨리 해당 릴리스 브랜치의 최신 버전으로 업데이트하시기를 강력히 권장합니다.

업데이트 방법:

• Railway 사용자: 프로젝트 대시보드에서 Hollo 서비스를 선택하고, deployments의 점 세 개 메뉴를 클릭한 후 “Redeploy”를 선택하세요
• Docker 사용자: docker pull ghcr.io/fedify-dev/hollo:latest로 최신 이미지를 받고 컨테이너를 재시작하세요
• 수동 설치 사용자: git pull로 최신 코드를 받은 후 pnpm install을 실행하고 서비스를 재시작하세요

We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.

We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.

Update Instructions:

• Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
• Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
• Manual installations: Run git pull to get the latest code, then pnpm install and restart your service

为了解决底层 Fedify 框架的安全漏洞，我们发布了 Hollo 安全更新。（0.4.12、0.5.7 和 0.6.6）这些更新包含了修复 CVE-2025-54888 的最新 Fedify 安全补丁。

我们强烈建议所有 Hollo 实例管理员尽快更新到相应发布分支的最新版本。

更新方法：

• Railway 用户：进入项目仪表板，选择您的 Hollo 服务，点击部署中的三点菜单，然后选择"Redeploy"
• Docker 用户：使用 docker pull ghcr.io/fedify-dev/hollo:latest 拉取最新镜像并重启容器
• 手动安装用户：运行 git pull 获取最新代码，然后执行 pnpm install 并重启服务

#Hollo #安全更新 #安全补丁 #漏洞修复 #Fedify

We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.

We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.

Update Instructions:

• Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
• Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
• Manual installations: Run git pull to get the latest code, then pnpm install and restart your service

We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.

We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.

Update Instructions:

• Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
• Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
• Manual installations: Run git pull to get the latest code, then pnpm install and restart your service

We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.

We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.

Update Instructions:

• Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
• Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
• Manual installations: Run git pull to get the latest code, then pnpm install and restart your service

We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.

We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.

Update Instructions:

• Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
• Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
• Manual installations: Run git pull to get the latest code, then pnpm install and restart your service

Fedify 프레임워크의 #보안 #취약점을 해결하기 위해 #Hollo 보안 업데이트를 릴리스했습니다 (0.4.12, 0.5.7, 0.6.6). 이번 업데이트는 CVE-2025-54888을 수정하는 최신 Fedify 보안 패치를 포함합니다.

모든 Hollo 인스턴스 관리자분들께서는 가능한 한 빨리 해당 릴리스 브랜치의 최신 버전으로 업데이트하시기를 강력히 권장합니다.

업데이트 방법:

• Railway 사용자: 프로젝트 대시보드에서 Hollo 서비스를 선택하고, deployments의 점 세 개 메뉴를 클릭한 후 “Redeploy”를 선택하세요
• Docker 사용자: docker pull ghcr.io/fedify-dev/hollo:latest로 최신 이미지를 받고 컨테이너를 재시작하세요
• 수동 설치 사용자: git pull로 최신 코드를 받은 후 pnpm install을 실행하고 서비스를 재시작하세요

We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.

We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.

Update Instructions:

• Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
• Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
• Manual installations: Run git pull to get the latest code, then pnpm install and restart your service

Migration de la VM proxmox vers le nouveau serveur (Proxmox), fingers in the nose

#Hollo #Proxmox

Migration de la VM proxmox vers le nouveau serveur (Proxmox), fingers in the nose

#Hollo #Proxmox

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私（ #fediqb #fediverseプロフ帳 開発者 #FediLUG 運営者）のほか、
#fedibird 運営者でありMastodonコントリビュータの @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
#ActivityPub を中心とした #Fediverse の今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
本日の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！
東海道らぐさんのセミナーのオンラインURLでの同時配信もします！！
https://tokaidolug.connpass.com/event/361666/

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
本日の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！
東海道らぐさんのセミナーのオンラインURLでの同時配信もします！！
https://tokaidolug.connpass.com/event/361666/

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
本日の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！
東海道らぐさんのセミナーのオンラインURLでの同時配信もします！！
https://tokaidolug.connpass.com/event/361666/

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
本日の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！
東海道らぐさんのセミナーのオンラインURLでの同時配信もします！！
https://tokaidolug.connpass.com/event/361666/

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
本日の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！
東海道らぐさんのセミナーのオンラインURLでの同時配信もします！！
https://tokaidolug.connpass.com/event/361666/

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
本日の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！
東海道らぐさんのセミナーのオンラインURLでの同時配信もします！！
https://tokaidolug.connpass.com/event/361666/

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
本日の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！
東海道らぐさんのセミナーのオンラインURLでの同時配信もします！！
https://tokaidolug.connpass.com/event/361666/

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
本日の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！
東海道らぐさんのセミナーのオンラインURLでの同時配信もします！！
https://tokaidolug.connpass.com/event/361666/

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
本日の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！
東海道らぐさんのセミナーのオンラインURLでの同時配信もします！！
https://tokaidolug.connpass.com/event/361666/

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
本日の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！
東海道らぐさんのセミナーのオンラインURLでの同時配信もします！！
https://tokaidolug.connpass.com/event/361666/

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

Bon je reçois mon MP60 (mini PC que je vais foutre en petit serveur) mercredi, maintenant la question ... c'est quoi je fais ? Parce que je migrerais bien sur Hollo mais y a des trucs tellement pratique sur Misskey/Firefish/Iceshrimp, comme le Drive (qui permet un max d'économie de place surtout pour les .gif/.mp4 et j'adore vous polluer avec), le fait de pouvoir rebooster les posts déjà boostés indéfiniment (et donc sans avoir a virer le boost et le remettre), la recherche, mais ça reste lourd puis la migration depuis Misskey/Firefish/Iceshrimp ne fonctionne pas (a priori) ​​

#Hollo #Iceshrimp #Fediverse #Migration

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

🚨 보안 업데이트: Hollo 0.6.5 릴리스

CVE-2025-53941 #보안 취약점을 해결하는 #Hollo 0.6.5를 릴리스했습니다. 연합 게시물의 HTML 주입 취약점이 수정되었습니다.

피싱 및 XSS 공격으로부터 인스턴스를 보호하기 위해 즉시 업데이트해 주세요.

업데이트 방법:

• Railway: 배포 탭 → 점 세 개 클릭 → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest 후 재시작
• 수동: git pull origin stable && pnpm install 후 서버 재시작

#업데이트

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

🚨 セキュリティアップデート：Hollo 0.6.5 リリース

CVE-2025-53941のセキュリティ脆弱性を修正したHollo 0.6.5をリリースしました。連合投稿のHTMLインジェクション脆弱性が修正されています。

フィッシングやXSS攻撃からインスタンスを保護するため、今すぐアップデートしてください。

アップデート方法:

• Railway：デプロイメント → 縦3点クリック → Redeploy
• Docker：docker pull ghcr.io/fedify-dev/hollo:latest して再起動
• 手動：git pull origin stable && pnpm install してサーバー再起動

#Hollo #セキュリティ #アップデート

🚨 セキュリティアップデート：Hollo 0.6.5 リリース

CVE-2025-53941のセキュリティ脆弱性を修正したHollo 0.6.5をリリースしました。連合投稿のHTMLインジェクション脆弱性が修正されています。

フィッシングやXSS攻撃からインスタンスを保護するため、今すぐアップデートしてください。

アップデート方法:

• Railway：デプロイメント → 縦3点クリック → Redeploy
• Docker：docker pull ghcr.io/fedify-dev/hollo:latest して再起動
• 手動：git pull origin stable && pnpm install してサーバー再起動

#Hollo #セキュリティ #アップデート

🚨 安全更新：Hollo 0.6.5 发布

我们发布了 #Hollo 0.6.5，修复了 CVE-2025-53941 关键安全漏洞，解决了联邦帖子中的 HTML 注入漏洞。

请立即更新以保护您的实例免受潜在的钓鱼和 XSS 攻击。

更新方法：

• Railway：转到部署 → 点击三个点 → Redeploy
• Docker：docker pull ghcr.io/fedify-dev/hollo:latest 然后重启
• 手动：git pull origin stable && pnpm install 然后重启服务器

#安全 #更新

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

🚨 보안 업데이트: Hollo 0.6.5 릴리스

CVE-2025-53941 #보안 취약점을 해결하는 #Hollo 0.6.5를 릴리스했습니다. 연합 게시물의 HTML 주입 취약점이 수정되었습니다.

피싱 및 XSS 공격으로부터 인스턴스를 보호하기 위해 즉시 업데이트해 주세요.

업데이트 방법:

• Railway: 배포 탭 → 점 세 개 클릭 → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest 후 재시작
• 수동: git pull origin stable && pnpm install 후 서버 재시작

#업데이트

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

🚨 セキュリティアップデート：Hollo 0.6.5 リリース

CVE-2025-53941のセキュリティ脆弱性を修正したHollo 0.6.5をリリースしました。連合投稿のHTMLインジェクション脆弱性が修正されています。

フィッシングやXSS攻撃からインスタンスを保護するため、今すぐアップデートしてください。

アップデート方法:

• Railway：デプロイメント → 縦3点クリック → Redeploy
• Docker：docker pull ghcr.io/fedify-dev/hollo:latest して再起動
• 手動：git pull origin stable && pnpm install してサーバー再起動

#Hollo #セキュリティ #アップデート

🚨 安全更新：Hollo 0.6.5 发布

我们发布了 #Hollo 0.6.5，修复了 CVE-2025-53941 关键安全漏洞，解决了联邦帖子中的 HTML 注入漏洞。

请立即更新以保护您的实例免受潜在的钓鱼和 XSS 攻击。

更新方法：

• Railway：转到部署 → 点击三个点 → Redeploy
• Docker：docker pull ghcr.io/fedify-dev/hollo:latest 然后重启
• 手动：git pull origin stable && pnpm install 然后重启服务器

#安全 #更新

🚨 セキュリティアップデート：Hollo 0.6.5 リリース

CVE-2025-53941のセキュリティ脆弱性を修正したHollo 0.6.5をリリースしました。連合投稿のHTMLインジェクション脆弱性が修正されています。

フィッシングやXSS攻撃からインスタンスを保護するため、今すぐアップデートしてください。

アップデート方法:

• Railway：デプロイメント → 縦3点クリック → Redeploy
• Docker：docker pull ghcr.io/fedify-dev/hollo:latest して再起動
• 手動：git pull origin stable && pnpm install してサーバー再起動

#Hollo #セキュリティ #アップデート

🚨 보안 업데이트: Hollo 0.6.5 릴리스

CVE-2025-53941 #보안 취약점을 해결하는 #Hollo 0.6.5를 릴리스했습니다. 연합 게시물의 HTML 주입 취약점이 수정되었습니다.

피싱 및 XSS 공격으로부터 인스턴스를 보호하기 위해 즉시 업데이트해 주세요.

업데이트 방법:

• Railway: 배포 탭 → 점 세 개 클릭 → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest 후 재시작
• 수동: git pull origin stable && pnpm install 후 서버 재시작

#업데이트

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

🚨 安全更新：Hollo 0.6.5 发布

我们发布了 #Hollo 0.6.5，修复了 CVE-2025-53941 关键安全漏洞，解决了联邦帖子中的 HTML 注入漏洞。

请立即更新以保护您的实例免受潜在的钓鱼和 XSS 攻击。

更新方法：

• Railway：转到部署 → 点击三个点 → Redeploy
• Docker：docker pull ghcr.io/fedify-dev/hollo:latest 然后重启
• 手动：git pull origin stable && pnpm install 然后重启服务器

#安全 #更新

🚨 セキュリティアップデート：Hollo 0.6.5 リリース

CVE-2025-53941のセキュリティ脆弱性を修正したHollo 0.6.5をリリースしました。連合投稿のHTMLインジェクション脆弱性が修正されています。

フィッシングやXSS攻撃からインスタンスを保護するため、今すぐアップデートしてください。

アップデート方法:

• Railway：デプロイメント → 縦3点クリック → Redeploy
• Docker：docker pull ghcr.io/fedify-dev/hollo:latest して再起動
• 手動：git pull origin stable && pnpm install してサーバー再起動

#Hollo #セキュリティ #アップデート

🚨 보안 업데이트: Hollo 0.6.5 릴리스

CVE-2025-53941 #보안 취약점을 해결하는 #Hollo 0.6.5를 릴리스했습니다. 연합 게시물의 HTML 주입 취약점이 수정되었습니다.

피싱 및 XSS 공격으로부터 인스턴스를 보호하기 위해 즉시 업데이트해 주세요.

업데이트 방법:

• Railway: 배포 탭 → 점 세 개 클릭 → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest 후 재시작
• 수동: git pull origin stable && pnpm install 후 서버 재시작

#업데이트

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

みなさん、こんにちは！

Holloの新しい計画について、みなさんのご意見をお聞かせください。

これまでHolloは、セルフホスティングを基本原則としてきました。これは今後も変わることなく維持され、ソースコードは引き続きAGPLv3ライセンスで公開されます。

最近、プロジェクトの持続可能な発展のため、Open Collective （@opencollective ）を通じて一定額以上を定期的にご支援いただいている方々向けに、ホスティングサービスの提供を検討しています。

これは、技術的な部分を気にすることなくHolloを利用したい方のための追加オプションとなります。もちろん、現在のように自身でインストールして運用することも引き続き可能です。

引用させていただいた英語の投稿のアンケートにご参加ください！📊

1. 良いアイデアです！ホスティングサービスを利用したいです。
2. いいですね！私はセルフホスティングを続けますが、応援しています。
3. 他の方法でサポートを増やすのが良いと思います。
4. 現状通り純粋なセルフホスティングのままが良いです。

💭 追加のご意見やご提案がございましたら、コメントでお寄せください！

#Hollo #アンケート #フェディバース

https://hollo.social/@hollo/01950344-1c55-7f43-8afc-b0a1ee8b4abf

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私（ #fediqb #fediverseプロフ帳 開発者 #FediLUG 運営者）のほか、
#fedibird 運営者でありMastodonコントリビュータの @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
#ActivityPub を中心とした #Fediverse の今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

【OSC京都で #Fediverse に関連したセミナーを開催します！】
2025年8月3日（日）の13:00〜 オープンソースカンファレンス京都 #osckyoto で「分散型SNSユーザー有志」として、

「Fediverseのつくりかた 〜開発者・管理者たちの現場から〜」

と題してセミナー講演を行います！
登壇者として私のほか、
#fedibird 運営者の @noellabo さん
#Fedify #Hollo 等の開発者である @hongminhee さん
京都のMastodon地域サーバー #マストどす 管理人の @7_nana さん
をお呼びして開催します。
ActivityPubを中心としたFediverseの今が知れるセミナーです。ぜひご参加ください！

会場：KRP ルーム2B（2階）
日時：2025年8月3日（日）13:00〜
参加費：無料
セミナー詳細：
https://event.ospn.jp/osc2025-kyoto/session/2211664

Introducing #Hollo. Hollo is an #ActivityPub-enabled single-user microblogging software. Although it's for a single user, it also supports creating and running multiple accounts for different topics.

It's headless, meaning you can use existing #Mastodon client apps instead, with its Mastodon-compatible APIs. It has most feature parity with Mastodon. Two big differences with Mastodon is that you can use #Markdown in the content of your posts and you can quote another post.

Oh, and Hollo is built using #Bun and #Fedify.

https://github.com/dahlia/hollo

#fedidev

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?

What client apps do you use with #Hollo?