#critical

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@fedify@hollo.social

All users must immediately update to the latest patched versions. A authentication bypass (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

Fedizen Fediverse News's avatar
Fedizen Fediverse News

@fedizen@mastodon.social

🇪🇺 is calling for a new (€350M) to support , highlighting its economic importance and the need for .

😏 While acknowledging the need for , there is concern about big offloading their and the potential for the fund to become a subsidy for them.

👉 omgubuntu.co.uk/2025/07/github

Fedizen Fediverse News's avatar
Fedizen Fediverse News

@fedizen@mastodon.social

🇪🇺 is calling for a new (€350M) to support , highlighting its economic importance and the need for .

😏 While acknowledging the need for , there is concern about big offloading their and the potential for the fund to become a subsidy for them.

👉 omgubuntu.co.uk/2025/07/github

Miguel Afonso Caetano's avatar
Miguel Afonso Caetano

@remixtures@tldr.nettime.org

"What philosophers sometimes call “political epistemology” is the area of intellectual inquiry that attempts to understand and evaluate these interactions between politics, knowledge, ignorance, and misperceptions. Most of my recent published research and articles on this blog fall within this area. For example, I’ve written about:

- How group allegiances distort political cognition (e.g., here, here, and here)

- How political tribes coordinate to promote, protect, and rationalise shared narratives (e.g., here, here, here, and here)

- In what ways political thought and communication are biased (e.g., here and here)

- The sources of political ignorance and misperceptions (and, more puzzlingly, knowledge) (here and here)

- Why many influential analyses of our political-epistemic problems in terms of “misinformation” and “disinformation” are confused and objectionable (e.g., here, here, here, and here)

Recently, I’ve also had the chance to design an advanced undergraduate course on ‘Politics, truth, and ideology’. The course only has seven weeks of content, meaning it must be highly selective in which topics it covers. Moreover, it’s intended for philosophy students, so it mostly ignores relevant empirical research in political psychology and social science. Nevertheless, I hope it provides a helpful introduction to some foundational issues and debates that might interest some readers.

In this post, I will briefly describe some core underlying themes of the course and the main topics and debates it covers. I will also provide the essential readings I’ve assigned."

conspicuouscognition.com/p/pol

Theory

Miguel Afonso Caetano's avatar
Miguel Afonso Caetano

@remixtures@tldr.nettime.org

"What philosophers sometimes call “political epistemology” is the area of intellectual inquiry that attempts to understand and evaluate these interactions between politics, knowledge, ignorance, and misperceptions. Most of my recent published research and articles on this blog fall within this area. For example, I’ve written about:

- How group allegiances distort political cognition (e.g., here, here, and here)

- How political tribes coordinate to promote, protect, and rationalise shared narratives (e.g., here, here, here, and here)

- In what ways political thought and communication are biased (e.g., here and here)

- The sources of political ignorance and misperceptions (and, more puzzlingly, knowledge) (here and here)

- Why many influential analyses of our political-epistemic problems in terms of “misinformation” and “disinformation” are confused and objectionable (e.g., here, here, here, and here)

Recently, I’ve also had the chance to design an advanced undergraduate course on ‘Politics, truth, and ideology’. The course only has seven weeks of content, meaning it must be highly selective in which topics it covers. Moreover, it’s intended for philosophy students, so it mostly ignores relevant empirical research in political psychology and social science. Nevertheless, I hope it provides a helpful introduction to some foundational issues and debates that might interest some readers.

In this post, I will briefly describe some core underlying themes of the course and the main topics and debates it covers. I will also provide the essential readings I’ve assigned."

conspicuouscognition.com/p/pol

Theory

Pete Orrall's avatar
Pete Orrall

@peteorrall@mastodon.social

is positively for intentionally denying care and services to autistic for . They know *exactly* what they are doing.

This damning article highlights UH's strategy via secret playbook to deny children care. Absolutely eye-opening.

As an who an , this is horrifying and utterly reprehensible.

propublica.org/article/unitedh

Library Juice Press's avatar
Library Juice Press

@LibraryJuicePress@glammr.us

Hi Everyone! This is our post!

We're a press focusing on theoretical and practical issues in from a perspective, for an audience of professional and of

So excited to be here!