Hollo :hollo:
@hollo.hollo.social.ap.brid.gy
:hollo: A federated single-user microblogging software.
[bridged from https://hollo.social/@hollo on the fediverse by https://fed.brid.gy/ ]
[bridged from https://hollo.social/@hollo on the fediverse by https://fed.brid.gy/ ]
### Security Update: Hollo 0.6.19 Released
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability […]
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability […]
Original post on hollo.social
hollo.social
December 20, 2025 at 12:00 PM
### Security Update: Hollo 0.6.19 Released
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability […]
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability […]
#hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse […]
Original post on hollo.social
hollo.social
November 15, 2025 at 10:38 AM
#hollo 0.7 brings a redesigned #notification system with much better performance. We've moved from generating #notifications on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse […]
### Security update: Hollo 0.6.12 is now available
We've released #hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private […]
We've released #hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private […]
Original post on hollo.social
hollo.social
October 3, 2025 at 3:28 PM
### Security update: Hollo 0.6.12 is now available
We've released #hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private […]
We've released #hollo 0.6.12 to fix a critical privacy #vulnerability where direct messages were being exposed in the replies section of public posts. Please update your instances immediately to ensure your private conversations remain private […]
Hollo 0.6.11 significantly improves Bluesky interoperability via BridgyFed! Fixed AT Protocol URI parsing issues that were affecting various cross-platform interactions—not just likes, but overall federation with Bluesky users. 🌉
Like activity not receive from brid.gy · Issue #217 · fedify-dev/hollo
version : Hollo 0.6.10 reproduction procedure Post something on Hollo Once the post is bridged to the bluesky side, add it to your favorites Not receiving like notification on Hollo remarks On Mast...
github.com
September 17, 2025 at 8:05 AM
Hollo 0.6.11 significantly improves Bluesky interoperability via BridgyFed! Fixed AT Protocol URI parsing issues that were affecting various cross-platform interactions—not just likes, but overall federation with Bluesky users. 🌉
We've released #security updates for #hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.
We strongly recommend all Hollo instance administrators update to the […]
We strongly recommend all Hollo instance administrators update to the […]
Original post on hollo.social
hollo.social
August 8, 2025 at 3:06 AM
We've released #security updates for #hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.
We strongly recommend all Hollo instance administrators update to the […]
We strongly recommend all Hollo instance administrators update to the […]
🚨 **Security Update:Hollo 0.6.5 Released**
We've released #hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.
**Please#update immediately** to protect your instance from potential phishing and XSS attacks.
**How to […]
We've released #hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.
**Please#update immediately** to protect your instance from potential phishing and XSS attacks.
**How to […]
Original post on hollo.social
hollo.social
July 17, 2025 at 2:22 AM
🚨 **Security Update:Hollo 0.6.5 Released**
We've released #hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.
**Please#update immediately** to protect your instance from potential phishing and XSS attacks.
**How to […]
We've released #hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.
**Please#update immediately** to protect your instance from potential phishing and XSS attacks.
**How to […]
Just dropped Hollo 0.6.4 with a minor bug fix.
Release Hollo 0.6.4 · fedify-dev/hollo
Released on July 7, 2025. Fixed a regression bug where follower-only posts were returning 404 Not Found errors when accessed through conversation threads. This was caused by improper OAuth scope ...
github.com
July 7, 2025 at 6:06 AM
Just dropped Hollo 0.6.4 with a minor bug fix.
🚨 **Known Issue** : Elk (@elk) login may fail on Hollo instances upgraded from 0.5.x to 0.6.x with `401 Unauthorized` errors. Fresh 0.6.x installs work fine. Other clients (Phanpy, Moshidon) are unaffected.
We're investigating: https://github.com/fedify-dev/hollo/issues/167
Workaround: Use […]
We're investigating: https://github.com/fedify-dev/hollo/issues/167
Workaround: Use […]
Original post on hollo.social
hollo.social
June 7, 2025 at 8:30 AM
🚨 **Known Issue** : Elk (@elk) login may fail on Hollo instances upgraded from 0.5.x to 0.6.x with `401 Unauthorized` errors. Fresh 0.6.x installs work fine. Other clients (Phanpy, Moshidon) are unaffected.
We're investigating: https://github.com/fedify-dev/hollo/issues/167
Workaround: Use […]
We're investigating: https://github.com/fedify-dev/hollo/issues/167
Workaround: Use […]
We're excited to announce Hollo 0.6.0, a significant release that brings enhanced security, better user experience, and important infrastructure improvements to your single-user microblogging setup.
## Enhanced OAuth Security with Modern Standards
This release prioritizes security with […]
## Enhanced OAuth Security with Modern Standards
This release prioritizes security with […]
Original post on hollo.social
hollo.social
June 5, 2025 at 7:55 AM
We're excited to announce Hollo 0.6.0, a significant release that brings enhanced security, better user experience, and important infrastructure improvements to your single-user microblogging setup.
## Enhanced OAuth Security with Modern Standards
This release prioritizes security with […]
## Enhanced OAuth Security with Modern Standards
This release prioritizes security with […]
Reposted by Hollo :hollo:
@hongminhee something else I'm bringing to @hollo is my experience building with Node.js (which is something like 16 years at this point), but I also get to cross-pollinate ideas between the various projects I work on (e.g., bringing S3 storage to Hollo via the same storage adapter model as […]
Original post on hachyderm.io
hachyderm.io
June 5, 2025 at 5:40 AM
@hongminhee something else I'm bringing to @hollo is my experience building with Node.js (which is something like 16 years at this point), but I also get to cross-pollinate ideas between the various projects I work on (e.g., bringing S3 storage to Hollo via the same storage adapter model as […]
Reposted by Hollo :hollo:
Oh yeah, this quietly happened the other day:
https://hollo.social/@hollo/01973e37-2969-754a-b8c6-4cf20531bad5
https://hollo.social/@hollo/01973e37-2969-754a-b8c6-4cf20531bad5
Exciting news for the #Hollo project! We're thrilled to announce that **Emelia Smith** (@thisismissem) has joined as a co-maintainer alongside Hong Minhee (@hongminhee).
Emelia brings extensive experience in the #fediverse ecosystem, having been a long-time contributor to Mastodon and a leading expert in trust & safety tooling for decentralized social networks. She's dedicated years to improving moderation systems and security across #ActivityPub platforms.
Her recent contributions to Hollo have been substantial—implementing the reporting/flagging system and making significant improvements to OAuth and security features. These valuable contributions naturally led to her joining as a co-maintainer.
This collaboration marks an important milestone for Hollo as we continue building better single-user microblogging software for the fediverse. Welcome aboard, Emelia! 🚀
hollo.social
June 5, 2025 at 5:13 AM
Oh yeah, this quietly happened the other day:
https://hollo.social/@hollo/01973e37-2969-754a-b8c6-4cf20531bad5
https://hollo.social/@hollo/01973e37-2969-754a-b8c6-4cf20531bad5
Reposted by Hollo :hollo:
@hollo @hongminhee happy to be involved!
I think I'm probably most pleased with getting the OAuth functionality pretty much 100% covered by tests.
At some point, we'll definitely want to integrate test coverage into PR workflows
I think I'm probably most pleased with getting the OAuth functionality pretty much 100% covered by tests.
At some point, we'll definitely want to integrate test coverage into PR workflows
June 5, 2025 at 5:12 AM
@hollo @hongminhee happy to be involved!
I think I'm probably most pleased with getting the OAuth functionality pretty much 100% covered by tests.
At some point, we'll definitely want to integrate test coverage into PR workflows
I think I'm probably most pleased with getting the OAuth functionality pretty much 100% covered by tests.
At some point, we'll definitely want to integrate test coverage into PR workflows
Reposted by Hollo :hollo:
June 5, 2025 at 4:55 AM
Exciting news for the #hollo project! We're thrilled to announce that **Emelia Smith** (@thisismissem) has joined as a co-maintainer alongside Hong Minhee (@hongminhee).
Emelia brings extensive experience in the #fediverse ecosystem, having been a long-time contributor to Mastodon and a leading […]
Emelia brings extensive experience in the #fediverse ecosystem, having been a long-time contributor to Mastodon and a leading […]
Original post on hollo.social
hollo.social
June 5, 2025 at 3:52 AM
Exciting news for the #hollo project! We're thrilled to announce that **Emelia Smith** (@thisismissem) has joined as a co-maintainer alongside Hong Minhee (@hongminhee).
Emelia brings extensive experience in the #fediverse ecosystem, having been a long-time contributor to Mastodon and a leading […]
Emelia brings extensive experience in the #fediverse ecosystem, having been a long-time contributor to Mastodon and a leading […]
#hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
### Enhanced #oauth #security
* RFC 8414 (OAuth metadata discovery)
* RFC 7636 (#pkce support)
* Improved authorization flows following RFC 9700 best […]
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
### Enhanced #oauth #security
* RFC 8414 (OAuth metadata discovery)
* RFC 7636 (#pkce support)
* Improved authorization flows following RFC 9700 best […]
Original post on hollo.social
hollo.social
June 3, 2025 at 3:57 AM
Reposted by Hollo :hollo:
Following on from today's earlier PR to @hollo, I've gone ahead and implemented PKCE for OAuth in Hollo
So now they too can have more security for OAuth authorization code grant flows.
(Also added a tonne of extra test coverage)
https://github.com/fedify-dev/hollo/pull/155
So now they too can have more security for OAuth authorization code grant flows.
(Also added a tonne of extra test coverage)
https://github.com/fedify-dev/hollo/pull/155
Implement OAuth PKCE by ThisIsMissEm · Pull Request #155 · fedify-dev/hollo
This implements OAuth PKCE for the code challenge method S256 (we don't support plain because it's simply insecure). Additionally, I've added test coverage for GET /oauth/authorize usin...
github.com
May 26, 2025 at 12:15 AM
Following on from today's earlier PR to @hollo, I've gone ahead and implemented PKCE for OAuth in Hollo
So now they too can have more security for OAuth authorization code grant flows.
(Also added a tonne of extra test coverage)
https://github.com/fedify-dev/hollo/pull/155
So now they too can have more security for OAuth authorization code grant flows.
(Also added a tonne of extra test coverage)
https://github.com/fedify-dev/hollo/pull/155
Reposted by Hollo :hollo:
So I was getting really misleading code coverage results from c8 / tsx in the tests for @hollo, so after some discussion, we decided to migrate to vitest, and now we have accurate code coverage output!
But my gosh that was a sizeable chunk of work!
https://github.com/fedify-dev/hollo/pull/154
But my gosh that was a sizeable chunk of work!
https://github.com/fedify-dev/hollo/pull/154
Migrate to vitest to improve coverage reporting by ThisIsMissEm · Pull Request #154 · fedify-dev/hollo
c8 was giving misleading coverage reports for files containing jsx, which made assessing where we were at with test coverage difficult. I also tried using nyc, one-double-zero and borp, but all the...
github.com
May 25, 2025 at 7:30 PM
So I was getting really misleading code coverage results from c8 / tsx in the tests for @hollo, so after some discussion, we decided to migrate to vitest, and now we have accurate code coverage output!
But my gosh that was a sizeable chunk of work!
https://github.com/fedify-dev/hollo/pull/154
But my gosh that was a sizeable chunk of work!
https://github.com/fedify-dev/hollo/pull/154
Reposted by Hollo :hollo:
Just ended up implementing much greater test coverage for @hollo as well as access token revocation: https://github.com/fedify-dev/hollo/pull/147
Sometimes I end up doing more than expected in pull requests 🙃
Sometimes I end up doing more than expected in pull requests 🙃
Add support for more client authentication methods by ThisIsMissEm · Pull Request #147 · fedify-dev/hollo
This adds support for client authentication using: client_secret_basic client_secret_post none (public clients, though it's not possible to create a public client yet) This also adds the noti...
github.com
May 24, 2025 at 6:34 PM
Just ended up implementing much greater test coverage for @hollo as well as access token revocation: https://github.com/fedify-dev/hollo/pull/147
Sometimes I end up doing more than expected in pull requests 🙃
Sometimes I end up doing more than expected in pull requests 🙃
Reposted by Hollo :hollo:
If you're wondering why I'm doing tonnes of OAuth implementation work in @hollo, it's because it allows me to more quickly ship prototypes of things like:
- Client ID Metadata Documents
- Expiring Access Tokens & Refresh Tokens
- Public Clients
Both of those are planned for Mastodon, but I'm […]
- Client ID Metadata Documents
- Expiring Access Tokens & Refresh Tokens
- Public Clients
Both of those are planned for Mastodon, but I'm […]
Original post on hachyderm.io
hachyderm.io
May 11, 2025 at 4:56 AM
If you're wondering why I'm doing tonnes of OAuth implementation work in @hollo, it's because it allows me to more quickly ship prototypes of things like:
- Client ID Metadata Documents
- Expiring Access Tokens & Refresh Tokens
- Public Clients
Both of those are planned for Mastodon, but I'm […]
- Client ID Metadata Documents
- Expiring Access Tokens & Refresh Tokens
- Public Clients
Both of those are planned for Mastodon, but I'm […]
Reposted by Hollo :hollo:
In between working on FIRES yesterday, I also finished up a rather substantial contribution to @hollo that I'd been working on.
https://github.com/fedify-dev/hollo/pull/130
It's an OAuth thing, which to end users shouldn't really change anything, but internally it helps pave the way for […]
https://github.com/fedify-dev/hollo/pull/130
It's an OAuth thing, which to end users shouldn't really change anything, but internally it helps pave the way for […]
Original post on hachyderm.io
hachyderm.io
May 11, 2025 at 4:04 AM
In between working on FIRES yesterday, I also finished up a rather substantial contribution to @hollo that I'd been working on.
https://github.com/fedify-dev/hollo/pull/130
It's an OAuth thing, which to end users shouldn't really change anything, but internally it helps pave the way for […]
https://github.com/fedify-dev/hollo/pull/130
It's an OAuth thing, which to end users shouldn't really change anything, but internally it helps pave the way for […]
We're pleased to announce that #hollo has been included in the Nivenly Fediverse Security Fund program!
The @nivenly Foundation has launched a security bounty fund to support contributors who identify and help fix #security vulnerabilities in popular #fediverse software. Both Hollo and @fedify […]
The @nivenly Foundation has launched a security bounty fund to support contributors who identify and help fix #security vulnerabilities in popular #fediverse software. Both Hollo and @fedify […]
Original post on hollo.social
hollo.social
April 29, 2025 at 11:55 PM
We're pleased to announce that #hollo has been included in the Nivenly Fediverse Security Fund program!
The @nivenly Foundation has launched a security bounty fund to support contributors who identify and help fix #security vulnerabilities in popular #fediverse software. Both Hollo and @fedify […]
The @nivenly Foundation has launched a security bounty fund to support contributors who identify and help fix #security vulnerabilities in popular #fediverse software. Both Hollo and @fedify […]
Reposted by Hollo :hollo:
おひとり様サーバーで見るHolloとMitra :: rettuce
rettuce.page/posts/fediverse-hollo-and-mitra/
3ヶ月くらいあたためていた日記を書きました
rettuce.page/posts/fediverse-hollo-and-mitra/
3ヶ月くらいあたためていた日記を書きました
おひとり様サーバーで見るHolloとMitra
前提条件 2025/04末時点 Google Cloud Engine の e2-micro インスタンスで動作させる Docker は未使用 おひとり様想定 (利用者が自分1人) また、単純に当方が機能の全容を把握していないため、誤った情報を含む可能性があることにご留意ください。
rettuce.page
April 27, 2025 at 2:32 PM
おひとり様サーバーで見るHolloとMitra :: rettuce
rettuce.page/posts/fediverse-hollo-and-mitra/
3ヶ月くらいあたためていた日記を書きました
rettuce.page/posts/fediverse-hollo-and-mitra/
3ヶ月くらいあたためていた日記を書きました
We just released Hollo 0.5.6, a patch release after a month, which fixes a minor bug and updates Fedify.
Release Hollo 0.5.6 · fedify-dev/hollo
Released on April 29, 2025. Fixed a bug where voting to a poll which had been shared (boosted) had not been sent to the correct recipient. [#142] Upgrade Fedify to 1.4.10.
github.com
April 28, 2025 at 4:26 PM
We just released Hollo 0.5.6, a patch release after a month, which fixes a minor bug and updates Fedify.
Reposted by Hollo :hollo:
포인트리스 연합우주 소프트웨어 호스팅 서비스
- 완전 관리형: 구독기간 중 업그레이드를 포함한 서버 유지보수가 무료입니다.
- 데이터베이스와 웹서버를 분리한 구조로 성능이 높습니다.
- 마스토돈, 미스키, Hollo 를 지원합니다.
- 방화벽: Cloudflare Zero Trust 를 구성해드립니다.
수익금은 포인트리스 서버비로 사용됩니다.
- 완전 관리형: 구독기간 중 업그레이드를 포함한 서버 유지보수가 무료입니다.
- 데이터베이스와 웹서버를 분리한 구조로 성능이 높습니다.
- 마스토돈, 미스키, Hollo 를 지원합니다.
- 방화벽: Cloudflare Zero Trust 를 구성해드립니다.
수익금은 포인트리스 서버비로 사용됩니다.
April 2, 2025 at 10:49 AM
포인트리스 연합우주 소프트웨어 호스팅 서비스
- 완전 관리형: 구독기간 중 업그레이드를 포함한 서버 유지보수가 무료입니다.
- 데이터베이스와 웹서버를 분리한 구조로 성능이 높습니다.
- 마스토돈, 미스키, Hollo 를 지원합니다.
- 방화벽: Cloudflare Zero Trust 를 구성해드립니다.
수익금은 포인트리스 서버비로 사용됩니다.
- 완전 관리형: 구독기간 중 업그레이드를 포함한 서버 유지보수가 무료입니다.
- 데이터베이스와 웹서버를 분리한 구조로 성능이 높습니다.
- 마스토돈, 미스키, Hollo 를 지원합니다.
- 방화벽: Cloudflare Zero Trust 를 구성해드립니다.
수익금은 포인트리스 서버비로 사용됩니다.