Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.
We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.
| Field | Details |
|---|---|
| CVE | CVE-2025-68475 |
| Severity | High (CVSS 7.5) |
| Action | Upgrade to Hollo 0.6.19 |
Shoutout to the amazing mod team here at mastodon.social ❤️
Karma is real 🤣
Fedify의 HTML 파싱 코드에서 발견된 보안 취약점을 수정한 Hollo 0.6.19를 릴리스했습니다.
이 취약점(CVE-2025-68475)은 ReDoS(정규 표현식 서비스 거부) 문제로, 공격자가 연합 작업 중 특수하게 조작된 HTML 응답을 보내 서비스 장애를 유발할 수 있습니다. 악성 페이로드는 작지만(약 170바이트), Node.js 이벤트 루프를 장시간 차단할 수 있습니다.
모든 Hollo 운영자분들께 즉시 버전 0.6.19로 업그레이드하실 것을 강력히 권고드립니다.
| 항목 | 상세 |
|---|---|
| CVE | CVE-2025-68475 |
| 심각도 | 높음 (CVSS 7.5) |
| 조치 | Hollo 0.6.19로 업그레이드 |
FedifyのHTMLパースコードにおけるセキュリティ脆弱性に対応したHollo 0.6.19をリリースしました。
この脆弱性 (CVE-2025-68475) は ReDoS (正規表現によるサービス拒否) の問題であり、攻撃者がフェデレーション操作中に特別に細工されたHTMLレスポンスを送信することで、サービス停止を引き起こす可能性があります。悪意のあるペイロードは小さい (約170バイト) ですが、Node.jsのイベントループを長時間ブロックする可能性があります。
すべてのHollo運営者の皆様には、直ちにバージョン 0.6.19 へのアップグレードを強くお勧めします。
| 項目 | 詳細 |
|---|---|
| CVE | CVE-2025-68475 |
| 深刻度 | 高 (CVSS 7.5) |
| 対応 | Hollo 0.6.19 にアップグレード |
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.
We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.
| Field | Details |
|---|---|
| CVE | CVE-2025-68475 |
| Severity | High (CVSS 7.5) |
| Action | Upgrade to Hollo 0.6.19 |
Fedify의 HTML 파싱 코드에서 발견된 보안 취약점을 수정한 Hollo 0.6.19를 릴리스했습니다.
이 취약점(CVE-2025-68475)은 ReDoS(정규 표현식 서비스 거부) 문제로, 공격자가 연합 작업 중 특수하게 조작된 HTML 응답을 보내 서비스 장애를 유발할 수 있습니다. 악성 페이로드는 작지만(약 170바이트), Node.js 이벤트 루프를 장시간 차단할 수 있습니다.
모든 Hollo 운영자분들께 즉시 버전 0.6.19로 업그레이드하실 것을 강력히 권고드립니다.
| 항목 | 상세 |
|---|---|
| CVE | CVE-2025-68475 |
| 심각도 | 높음 (CVSS 7.5) |
| 조치 | Hollo 0.6.19로 업그레이드 |
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.
We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.
| Field | Details |
|---|---|
| CVE | CVE-2025-68475 |
| Severity | High (CVSS 7.5) |
| Action | Upgrade to Hollo 0.6.19 |
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.
We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.
| Field | Details |
|---|---|
| CVE | CVE-2025-68475 |
| Severity | High (CVSS 7.5) |
| Action | Upgrade to Hollo 0.6.19 |
Over 91% There! We're making great progress, please help us get there!
윈도 태블릿의 장점
원격 데스크톱으로 해상도 확장 가능
#misskey写真部 #photography
これは入曽に来て飲むべし!
となるものの一つのように感じた。
紙コップパッケージもう少しどうにかならんかなあ。
堀兼の石田園さんの抹茶だそう。
#大垣書店入曽店
7年以上前の記事だけど、「 #Vivaldi 
は結局 Chrome/Chromium だから」という話が最近 Firefox のバタバタの絡みで出てくるのを目にしてついこの記事を思い出した
VivaldiブラウザはChromiumで開発していますが、Chromeではありません | Vivaldi Browser
https://vivaldi.com/ja/blog/vivaldi-different-from-chrome/
Driving myself crazy trying to remember the name of a social media reader project. Things I (think I) remember about it:
1. Conceptually, it was basically an RSS reader but had the ability to aggregate social media sites that didn't use RSS.
2. It ran as a browser plugin, not a standalone app or website.
3. It had a very "a trans catgirl wrote this" name and aesthetic, that did not make it obvious what the project actually was. Think like "pink robot kitten explosion" except, like. Not that, obviously.
4. I've seen the engine (?) of it repackaged as a plugin/extension for other feed reader apps.
And yes I am aware the above sounds like a fever dream but I swear to gods this was (is?) real and did (does?) exist and, fedi, if there's one place on the internet that may be able to remember this for me wholesale, I believe it to be you. Halp?
Edit: Found it! Knew you'd come through, fedi!
Making great progress on the new #Pixelfed web redesign!
Nuxt is so heckin awesome 👏
A terminal emulator that runs in your terminal. Powered by Turbo Vision
Link: https://github.com/magiblot/tvterm
Discussion: https://news.ycombinator.com/item?id=46301847
speaking of shoulds, I've been occasionally tempted by the prospect of buying a Playdate. i'm sure some of you have been paying attention to it more than I am - is it a good gimmicky small game handheld?
maybe it should be whichever word instagram uses
Q: 누카-콜라에 한 표를 던집니다 #neo_quesdon
神戸関電ビル
2025/11/16 撮影
FUJIFILM X-A5+XC50-230mmF4.5-6.7OISⅡ
maybe “login” is another one
진귀한 것을 샀습니다
얼탱이가 없어서 기자사진도 지우고 링크도 안겁니다 ㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋ -_- 이 색기들이 진짜.
Women on the right are learning a hard truth. They are lionized when supporting the patriarch and obeying the party line.
But as soon as there’s any mold-breaking, the turn is incredibly rapid and vicious. There is no tolerance for disagreement.
https://www.nytimes.com/2025/12/13/opinion/gop-women-misogyny-problem.html?context=audio&smid=nytcore-ios-share
들인가...
One of my favorite OpenBSD features is its WiFi interface. No wpa_supplicant, etc. Just ifconfig. Once you learn how it works, it is almost second nature. Coffee shop or whereveer, it usually just works.
Fun fact: you can use the command "camcontrol inquiry" on FreeBSD to to find out the model and serial number of a connected hard drive
'소설은 AI가 썼다'
프롬프트는 뭐 조상님이 넣어 주셨대요?
RE: https://bsky.app/profile/did:plc:uabkr6tn7ru4b4e5e6udleuf/post/3mafzowcfyk2w
あと望遠で撮影できる機材が整ったので、オリオン座も撮ってみました。
#Misskey写真部
I read a post on the other blue hellsite about a migration from AWS to Hetzner. They now spend 48k instead of 420k. Nice.
But wait a minute. They say 200 concurrent users!
I don't know what that company does with those 200 users, but 4k a month at Hetzner? Even if we assume you could get away with 2k if you remove the redundancy, that's 30 really beefy bare metal machines. What work load do you have that you need to have a beefy bare metal machine for 7 users?
That's 3 cores per user!
家飲みのなにがいいかってゼロ秒で家に帰れるとこなんだよな(?)
New on Instagram: イシイさんで、買ってきたばかりの『マインド・エベレスト』を眺める。飲んでいるのは、Let’s Beer Worksのon my way to the moon。 https://instagr.am/p/DSe9kxuj6xQ/
早寝早起き民は そろそろ 寝る支度を始めます 
の 皆様も 
今日も 
では また明日ね 
유리히메 잡지 전자책 이전 시대는 나모리 정도 빼고는 표지 모아서 볼 기회가 없었는데 누가 블로그 글로 모아주지 않았을까~ 하고 검색하니까 마침 화보집이 나왔다.
color tools have such fun content to work with
今年のインフルエンザ、2日くらい謎の体調不良を経たあといきなりバカ発熱したのでお気をつけて
💡 CSS Tip!
Two circles, one arrow, and CSS magic. 🪄
A cool demo packed with modern features (anchor positioning, attr(), container queries, shape(), and more!) 🤩
https://css-tip.com/connected-circles/
The shape and position of the arrow are fully controlled using CSS (Yes, there is a collision detection).
#매일전력한시간 토요일
어쩐지 요일 주제가 나오는 때마다 이 두사람으로 글을 쓰게 되는 것 같아요
비록 두번째지만...
*Dx3rd 「Storming Fairy」 PC2 시나리오 로이스 언급이 있습니다.
https://posty.pe/680dhx
@daily_1hour@uri.life매일_전력_1시간
Andreas Freise
시오
洪 民憙 (Hong Minhee) 
GENKI
JAYO♪ - Jaeyul Lee
Stefano Marinelli
かぼぷ
kazuhito
とるねど
🕊️
