Skip to content

hollo

v0.9.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 14d Communication & Email
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

activitypub fediverse microblog

Affected surfaces

auth

Summary

AI summary

Fixed CVE-2026-42462 security vulnerability in Linked Data Signature verification.

Changes in this release

Security Medium

Upgraded Fedify to 2.2.3 fixing CVE-2026-42462 in Linked Data Signature verification.

Upgraded Fedify to 2.2.3 fixing CVE-2026-42462 in Linked Data Signature verification.

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: low
Full changelog

Released on May 21, 2026.

  • Upgraded Fedify to 2.2.3 to fix a security vulnerability in Linked Data Signature verification that could allow certain signed activities to be interpreted differently than intended. [CVE-2026-42462]

Security Fixes

  • CVE-2026-42462 — Linked Data Signature verification vulnerability allowing misinterpretation of signed activities
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track hollo

Get notified when new releases ship.

Sign up free

About hollo

Federated single-user microblogging software

All releases →

Related context

Related CVEs

Beta — feedback welcome: [email protected]