π¨ Security Update: Hollo 0.6.5 Released
We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.
Please #update immediately to protect your instance from potential phishing and XSS attacks.
How to update:
docker pull ghcr.io/fedify-dev/hollo:latest and restartgit pull origin stable && pnpm install and restart serverπ¨ 보μ μ λ°μ΄νΈ: Hollo 0.6.5 릴리μ€
CVE-2025-53941 #보μ μ·¨μ½μ μ ν΄κ²°νλ #Hollo 0.6.5λ₯Ό 릴리μ€νμ΅λλ€. μ°ν© κ²μλ¬Όμ HTML μ£Όμ μ·¨μ½μ μ΄ μμ λμμ΅λλ€.
νΌμ± λ° XSS 곡격μΌλ‘λΆν° μΈμ€ν΄μ€λ₯Ό 보νΈνκΈ° μν΄ μ¦μ μ λ°μ΄νΈν΄ μ£ΌμΈμ.
μ λ°μ΄νΈ λ°©λ²:
docker pull ghcr.io/fedify-dev/hollo:latest ν μ¬μμgit pull origin stable && pnpm install ν μλ² μ¬μμIf you have a fediverse account, you can quote this note from your own instance. Search https://hollo.social/@hollo/01981631-7d3b-7f25-8e0b-98eda768052c on your instance and quote it. (Note that quoting is not supported in Mastodon.)