#Hollo

What client apps do you use with #Hollo?

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.

We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.

Update Instructions:

• Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
• Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
• Manual installations: Run git pull to get the latest code, then pnpm install and restart your service

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

Hollo 0.7.0 🎉

#Hollo

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

After reading about the many people who self host their own fediverse instance, I wanted to give it a shot as well!

I won't be migrating this account, but you will see a follow request from one of my new accounts, @navi@hey.pomnavi.net

I'm trying out #Hollo

After reading about the many people who self host their own fediverse instance, I wanted to give it a shot as well!

I won't be migrating this account, but you will see a follow request from one of my new accounts, @navi@hey.pomnavi.net

I'm trying out #Hollo

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Hollo 0.7.0 🎉

#Hollo

セキュリティアップデート: Hollo 0.6.19 リリース

FedifyのHTMLパースコードにおけるセキュリティ脆弱性に対応したHollo 0.6.19をリリースしました。

この脆弱性 (CVE-2025-68475) は ReDoS (正規表現によるサービス拒否) の問題であり、攻撃者がフェデレーション操作中に特別に細工されたHTMLレスポンスを送信することで、サービス停止を引き起こす可能性があります。悪意のあるペイロードは小さい (約170バイト) ですが、Node.jsのイベントループを長時間ブロックする可能性があります。

すべてのHollo運営者の皆様には、直ちにバージョン 0.6.19 へのアップグレードを強くお勧めします。

#Hollo #セキュリティ #fediverse #ActivityPub

보안 업데이트: Hollo 0.6.19 릴리스

Fedify의 HTML 파싱 코드에서 발견된 보안 취약점을 수정한 Hollo 0.6.19를 릴리스했습니다.

이 취약점(CVE-2025-68475)은 ReDoS(정규 표현식 서비스 거부) 문제로, 공격자가 연합 작업 중 특수하게 조작된 HTML 응답을 보내 서비스 장애를 유발할 수 있습니다. 악성 페이로드는 작지만(약 170바이트), Node.js 이벤트 루프를 장시간 차단할 수 있습니다.

모든 Hollo 운영자분들께 즉시 버전 0.6.19로 업그레이드하실 것을 강력히 권고드립니다.

#Hollo #보안 #페디버스 #연합우주 #ActivityPub

Security Update: Hollo 0.6.19 Released

We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.

This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.

We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.

#Hollo #Security #Fediverse #ActivityPub

#Hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).

More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in #Mastodon 4.3) will show cleaner, more organized notifications automatically.

Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!

Security update: Hollo 0.6.12 is now available

We've released #Hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private.

#security

为了解决底层 Fedify 框架的安全漏洞，我们发布了 Hollo 安全更新。（0.4.12、0.5.7 和 0.6.6）这些更新包含了修复 CVE-2025-54888 的最新 Fedify 安全补丁。

我们强烈建议所有 Hollo 实例管理员尽快更新到相应发布分支的最新版本。

更新方法：

• Railway 用户：进入项目仪表板，选择您的 Hollo 服务，点击部署中的三点菜单，然后选择"Redeploy"
• Docker 用户：使用 docker pull ghcr.io/fedify-dev/hollo:latest 拉取最新镜像并重启容器
• 手动安装用户：运行 git pull 获取最新代码，然后执行 pnpm install 并重启服务

#Hollo #安全更新 #安全补丁 #漏洞修复 #Fedify

Fedify 프레임워크의 #보안 #취약점을 해결하기 위해 #Hollo 보안 업데이트를 릴리스했습니다 (0.4.12, 0.5.7, 0.6.6). 이번 업데이트는 CVE-2025-54888을 수정하는 최신 Fedify 보안 패치를 포함합니다.

모든 Hollo 인스턴스 관리자분들께서는 가능한 한 빨리 해당 릴리스 브랜치의 최신 버전으로 업데이트하시기를 강력히 권장합니다.

업데이트 방법:

• Railway 사용자: 프로젝트 대시보드에서 Hollo 서비스를 선택하고, deployments의 점 세 개 메뉴를 클릭한 후 “Redeploy”를 선택하세요
• Docker 사용자: docker pull ghcr.io/fedify-dev/hollo:latest로 최신 이미지를 받고 컨테이너를 재시작하세요
• 수동 설치 사용자: git pull로 최신 코드를 받은 후 pnpm install을 실행하고 서비스를 재시작하세요

We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.

We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.

Update Instructions:

• Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
• Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
• Manual installations: Run git pull to get the latest code, then pnpm install and restart your service

🚨 安全更新：Hollo 0.6.5 发布

我们发布了 #Hollo 0.6.5，修复了 CVE-2025-53941 关键安全漏洞，解决了联邦帖子中的 HTML 注入漏洞。

请立即更新以保护您的实例免受潜在的钓鱼和 XSS 攻击。

更新方法：

• Railway：转到部署 → 点击三个点 → Redeploy
• Docker：docker pull ghcr.io/fedify-dev/hollo:latest 然后重启
• 手动：git pull origin stable && pnpm install 然后重启服务器

#安全 #更新

🚨 セキュリティアップデート：Hollo 0.6.5 リリース

CVE-2025-53941のセキュリティ脆弱性を修正したHollo 0.6.5をリリースしました。連合投稿のHTMLインジェクション脆弱性が修正されています。

フィッシングやXSS攻撃からインスタンスを保護するため、今すぐアップデートしてください。

アップデート方法:

• Railway：デプロイメント → 縦3点クリック → Redeploy
• Docker：docker pull ghcr.io/fedify-dev/hollo:latest して再起動
• 手動：git pull origin stable && pnpm install してサーバー再起動

#Hollo #セキュリティ #アップデート

🚨 보안 업데이트: Hollo 0.6.5 릴리스

CVE-2025-53941 #보안 취약점을 해결하는 #Hollo 0.6.5를 릴리스했습니다. 연합 게시물의 HTML 주입 취약점이 수정되었습니다.

피싱 및 XSS 공격으로부터 인스턴스를 보호하기 위해 즉시 업데이트해 주세요.

업데이트 방법:

• Railway: 배포 탭 → 점 세 개 클릭 → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest 후 재시작
• 수동: git pull origin stable && pnpm install 후 서버 재시작

#업데이트

🚨 Security Update: Hollo 0.6.5 Released

We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.

Please #update immediately to protect your instance from potential phishing and XSS attacks.

How to update:

• Railway: Go to deployments → click three dots → Redeploy
• Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
• Manual: git pull origin stable && pnpm install and restart server

What client apps do you use with #Hollo?

You can get started with your own Hollo in just a few clicks with the official #Hollo template for #Railway:

https://railway.app/template/eopPyH?referralCode=qeEK5G

Introducing #Hollo. Hollo is an #ActivityPub-enabled single-user microblogging software. Although it's for a single user, it also supports creating and running multiple accounts for different topics.

It's headless, meaning you can use existing #Mastodon client apps instead, with its Mastodon-compatible APIs. It has most feature parity with Mastodon. Two big differences with Mastodon is that you can use #Markdown in the content of your posts and you can quote another post.

Oh, and Hollo is built using #Bun and #Fedify.

https://github.com/dahlia/hollo

#fedidev