Piero Bosio Social Web Site Personale

Hollo 0.9.0 is out. https://github.com/fedify-dev/hollo/discussions/496 The biggest change this release is a complete redesign of every server-rendered page. Pico CSS is replaced by a new design system built on UnoCSS, and your chosen theme color now tints your profile and dashboard pages throughout. Other highlights: Passkey (WebAuthn) authentication: sign in with a biometric or PIN gesture, which counts as MFA so there's no separate TOTP step Full FEP-044f quote authorization: QuoteRequest/Accept/Reject federation, quote policy enforcement, and dereferenceable QuoteAuthorization objects A configurable media proxy (MEDIA_PROXY=proxy or cache) that re-serves remote avatars, attachments, and preview images from Hollo's own origin Optional split-domain WebFinger via HANDLE_HOST + WEB_ORIGIN Public followers/following pages and per-post reaction list pages (likes, boosts, emoji reactions, quotes) There were also several serious database performance fixes: profile page queries that were taking hundreds of seconds on cold caches, a NodeInfo endpoint doing a full table scan on every request, and a handful of timeline pagination bugs. #Hollo #ActivityPub #Fediverse

Today I foundStegodon #stegodon Hollo #hollo #hollosocialsnac2 #snac2

@hongminhee@hollo.social ah yes, implements would be a good thing to support. It would allow you to cache the value temporarily (maybe a quick recheck every 7 days or so) so as to avoid needing a double knock at all. Caching based on first knock success also works. I wonder if sending HTTP 426 is doable too... 🤔 https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/426

👋 @hongminhee@hollo.social maybe @admin@spark.box464.social can provide an account? @mayel@sunbeam.city ​@_elena@mastodon.social

セキュリティアップデート: Hollo 0.6.19 リリース FedifyのHTMLパースコードにおけるセキュリティ脆弱性に対応したHollo 0.6.19をリリースしました。 この脆弱性 (CVE-2025-68475) は ReDoS (正規表現によるサービス拒否) の問題であり、攻撃者がフェデレーション操作中に特別に細工されたHTMLレスポンスを送信することで、サービス停止を引き起こす可能性があります。悪意のあるペイロードは小さい (約170バイト) ですが、Node.jsのイベントループを長時間ブロックする可能性があります。 すべてのHollo運営者の皆様には、直ちにバージョン 0.6.19 へのアップグレードを強くお勧めします。 項目 詳細 CVE CVE-2025-68475 深刻度 高 (CVSS 7.5) 対応 Hollo 0.6.19 にアップグレード #Hollo #セキュリティ #fediverse #ActivityPub

近いうちに数ヶ月ぶりの新しいHolloのマイナーリリース（v0.7.0）が出そうだね。

#Hollo 저장소가 @dahlia/hollo에서 @fedify-dev/hollo로 이전되었습니다. 이에 따라 #Docker 이미지 레지스트리도 ghcr.io/dahlia/hollo에서 ghcr.io/fedify-dev/hollo로 이전되었습니다. 기존 이미지 레지스트리는 계속 접근 가능하지만, 새로운 태그는 더 이상 추가되지 않을 예정입니다. Hollo를 사용 중이신 모든 분들은 새로운 레지스트리 주소로 업데이트해 주시기 바랍니다. Docker 설정을 다음과 같이 변경해 주세요: 기존 이미지 주소: ghcr.io/dahlia/hollo:latest 새 이미지 주소: ghcr.io/fedify-dev/hollo:latest 이번 이전은 프로젝트의 더 나은 운영과 지속적인 개발을 위해 진행되었습니다. 원활한 전환에 협조해 주셔서 감사합니다. <img class="not-responsive emoji" src="https://media.social.fedify.dev/emojis/hollo.png" title=":hollo:" /> #fediverse #페디버스 #연합우주 #도커 https://hollo.social/@fedify/0194a851-581d-779c-b777-dc39e753ef14

The #Hollo repository has moved from @dahlia/hollo to @fedify-dev/hollo! Along with this move, our #Docker image registry has also been relocated from ghcr.io/dahlia/hollo to ghcr.io/fedify-dev/hollo. While the old image registry will remain accessible, it won't receive any new tags. We recommend all Hollo users to update their Docker image references to the new registry address. To update your Docker configurations, please change: From: ghcr.io/dahlia/hollo:latest To: ghcr.io/fedify-dev/hollo:latest The migration ensures better project organization and continued development. Thank you for your understanding and cooperation in making this transition smooth! <img class="not-responsive emoji" src="https://media.social.fedify.dev/emojis/hollo.png" title=":hollo:" /> #fediverse https://hollo.social/@fedify/0194a851-581d-779c-b777-dc39e753ef14