We are pleased to announce the release of Fedify 1.6.1. This version is the first release in the 1.6 series following the withdrawal of 1.6.0. This release significantly expands Fedify's deployment options and introduces important new features that improve security compatibility across the fediverse.

🌐 Cloudflare Workers Support

Fedify 1.6 introduces official support for Cloudflare Workers, enabling ActivityPub applications to run serverless in edge environments.

New Components

• WorkersKvStore: A key-value store implementation that provides persistent storage in Workers environments using the Cloudflare KV API
• WorkersMessageQueue: A message queue implementation that leverages Cloudflare Queues to enable reliable message processing

Key Features

• Seamless integration with Cloudflare's serverless runtime
• Automatic queue message processing via Workers' queue() method
• Support for the Node.js compatibility flag required for Fedify's cryptographic operations
• Manual queue processing via the Federation.processQueuedTask() method

For a complete working example, see the Cloudflare Workers sample implementation in the Fedify repository.

🏗️ Federation Builder Pattern

Fedify 1.6 introduces the FederationBuilder class and createFederationBuilder() function to support lazy federation instantiation. This pattern offers the following benefits:

• Lazy Instantiation: Set up dispatchers and listeners before creating the federation object
• Improved Code Organization: Avoid circular dependencies and improve project structure
• Cloudflare Workers Compatibility: Support for binding-based architecture where resources are passed as arguments
• Modular Setup: Build complex federations incrementally before instantiation

This builder pattern is particularly useful for large applications or environments like Cloudflare Workers where configuration data is dynamically retrieved at runtime.

🔐 HTTP Message Signatures (RFC 9421)

Fedify 1.6 implements the official HTTP Message Signatures standard (RFC 9421) specification, which is the final version of the HTTP Signatures specification.

Double-Knock Mechanism

To ensure maximum compatibility across the fediverse, Fedify 1.6 introduces an intelligent double-knock mechanism:

1. First Attempt: RFC 9421 (HTTP Message Signatures) for modern implementations
2. Fallback: Draft cavage version for legacy compatibility
3. Adaptive Caching: Remembers which version each server supports to optimize future requests

This approach ensures smooth communication with both modern and legacy ActivityPub implementations while positioning Fedify at the forefront of security standards.

Interoperability Testing

The RFC 9421 implementation has been thoroughly tested for interoperability with existing ActivityPub implementations that support RFC 9421 signature verification:

• Mitra 4.4.0: Successfully verified RFC 9421 signatures generated by Fedify
• Mastodon 4.4.0 development version: Tested Fedify's RFC 9421 signature verification implementation (see Mastodon PR #34814, though Mastodon 4.4.0 has not yet been released)

These tests confirm that other ActivityPub implementations can successfully verify RFC 9421 signatures generated by Fedify, ensuring proper federation as the ecosystem gradually adopts the official specification. While these implementations currently support verification of RFC 9421 signatures, they are not yet generating RFC 9421 signatures themselves. Fedify is one of the first ActivityPub implementations to support both generation and verification of this modern standard.

🔍 WebFinger Enhancements

Dedicated WebFinger Lookups

The new Context.lookupWebFinger() method enables direct access to WebFinger data. This provides developers with finer control over account discovery and resource resolution that isn't possible with the higher-level Context.lookupObject() method.

🛠 Context API Improvements

Context Data Replacement

The new Context.clone() method enables dynamic context data replacement, providing greater flexibility in request processing and data flow management. This is particularly useful when implementing middleware or handling complex request routing.

🚀 Migration Considerations

Backward Compatibility

Fedify 1.6 maintains full backward compatibility with existing applications. The new HTTP Message Signatures and double-knock mechanism work transparently without code changes.

Node.js Version Requirements

Important: Fedify 1.6 requires Node.js 22.0.0 or later in Node.js environments. This change does not affect applications using Deno or Bun runtimes. If you're currently using Node.js, please verify that your environment meets this requirement before upgrading.

New Deployment Options

For new deployments, consider leveraging the Cloudflare Workers support for:

• Low-latency global edge deployments
• Serverless scaling and automatic resource management
• Integration with the Cloudflare services ecosystem

🎯 Future Outlook

Fedify 1.6 represents a significant expansion of deployment options while maintaining the framework's commitment to broad compatibility across the fediverse. The addition of Cloudflare Workers support opens new architectural patterns for federated applications, while the RFC 9421 implementation ensures Fedify continues to address new ActivityPub security standards.

---

For detailed migration guides, API documentation, and examples, please visit the Fedify documentation. For support and discussions, join our community on Matrix or Discord.