Skip to content

Known

v1.6.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 3mo Productivity & Wikis
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

cms cms-framework indieweb php social-network

Summary

AI summary

Security fix improves image import and template validation.

Full changelog

What's Changed

  • Remove notifications system by @benwerd in https://github.com/idno/idno/pull/3317
  • Fix undefined variable reference in IndiePub Revoke.php by @benwerd in https://github.com/idno/idno/pull/3318
  • Fix webmention parsing for plain strings and photo alt text by @benwerd in https://github.com/idno/idno/pull/3319
  • Fix webmention self-mention detection to compare URL paths by @benwerd in https://github.com/idno/idno/pull/3320
  • Add async event queue setup documentation to README by @benwerd in https://github.com/idno/idno/pull/3321
  • Fix webmention processing to handle mf2 data types correctly by @benwerd in https://github.com/idno/idno/pull/3322
  • Rebrand Known to Idno with backwards compatibility by @benwerd in https://github.com/idno/idno/pull/3323
  • Fix export memory issues, error handling, and add WXR format support by @benwerd in https://github.com/idno/idno/pull/3325
  • Webfinger fix for ActivityPub by @benwerd in https://github.com/idno/idno/pull/3327
  • Fix follow acceptance, enable Mastodon quoting, clarify queue docs by @benwerd in https://github.com/idno/idno/pull/3328
  • Update copyright holder in README.md by @benwerd in https://github.com/idno/idno/pull/3329
  • Fixes async queue failures by @benwerd in https://github.com/idno/idno/pull/3330
  • Fix ActivityPub follow tracking and auto-accept by @benwerd in https://github.com/idno/idno/pull/3331
  • Fixing ActivityPub transactions by @benwerd in https://github.com/idno/idno/pull/3332
  • Adding AP logging, further improvements to endpoint by @benwerd in https://github.com/idno/idno/pull/3334
  • Fix ActivityPub test suite errors: inbox GET, outbox POST, empty hand… by @benwerd in https://github.com/idno/idno/pull/3335
  • Hopeful fix for 500 errors. by @benwerd in https://github.com/idno/idno/pull/3336
  • Fixing infinite loop on follow acceptance by @benwerd in https://github.com/idno/idno/pull/3337
  • Fix infinite queue loop: dispatch save was silently failing by @benwerd in https://github.com/idno/idno/pull/3338
  • Support ActivityPub quote posts via FEP-044f by @benwerd in https://github.com/idno/idno/pull/3339
  • Add AGENTS.md for AI coding agent guidance by @benwerd in https://github.com/idno/idno/pull/3340
  • Improve ActivityPub Follow acceptance with synchronous delivery by @benwerd in https://github.com/idno/idno/pull/3341
  • Fix ActivityPub Accept activity JSON-LD compatibility by @benwerd in https://github.com/idno/idno/pull/3342
  • Security: Improve image import and template validation by @benwerd in https://github.com/idno/idno/pull/3344
  • Fix CSRF bypass enabling unauthenticated SSRF via URL unfurl endpoint by @benwerd in https://github.com/idno/idno/pull/3345

Full Changelog: https://github.com/idno/idno/compare/1.6.3...1.6.4

Security Fixes

  • Security: Improve image import and template validation
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Known

Get notified when new releases ship.

Sign up free

About Known

Collaborative social publishing platform.

All releases →

Related context

Related tools

Beta — feedback welcome: [email protected]