Releases: fedify-dev/hollo
Releases · fedify-dev/hollo
Release list
Hollo 0.9.8
Released on July 11, 2026.
- Fixed a Mastodon API compatibility bug where accounts with Make following list public disabled could not view their own following list in clients. Authenticated account owners can now access their own following list while it remains hidden from everyone else. [#548]
Hollo 0.9.7
Released on July 9, 2026.
- Fixed a bug where locally-created quotes of remote posts that advertised an FEP-044f quote policy were marked as accepted immediately without first obtaining a
QuoteAuthorization, causing third-party servers to see the quote as unapproved. Hollo now keeps those quotes pending, sends aQuoteRequest, and publishes thequoteAuthorizationproperty after the remote server accepts the request. Remote posts without an FEP-044f quote policy are still treated as legacy quote targets and continue to publish thequoteproperty without aquoteAuthorization.
Hollo 0.9.6
Released on July 3, 2026.
- Fixed a Mastodon API compatibility bug where editing a post through
PUT /api/v1/statuses/:idignored updated media attachment descriptions, causing alt text changes from clients like Phanpy and Moshidon to appear successful without being saved. [#538]
Hollo 0.8.8
Released on July 3, 2026.
- Fixed a Mastodon API compatibility bug where editing a post through
PUT /api/v1/statuses/:idignored updated media attachment descriptions, causing alt text changes from clients like Phanpy and Moshidon to appear successful without being saved. [#538]
Hollo 0.9.5
Released on June 13, 2026.
- Fixed a bug where expired poll notifications appeared in
/api/v1/notificationsbut not in the grouped/api/v2/notificationsfeed, which could leave Mastodon-compatible clients such as Phanpy showing a permanent unread notification badge. Poll notifications are now materialized into thenotificationsandnotification_groupstables like other notification types, and existing expired polls are backfilled during migration. [#517]
Hollo 0.9.4
Released on June 4, 2026.
- Upgraded Fedify to 2.2.4 to address a security vulnerability in SSRF mitigation. [CVE-2026-50131]
Hollo 0.8.7
Released on June 4, 2026.
- Upgraded Fedify to 2.1.15 to address a security vulnerability in SSRF mitigation. [CVE-2026-50131]
Hollo 0.7.18
Released on June 4, 2026.
- Upgraded Fedify to 1.10.11 to address a security vulnerability in SSRF mitigation. [CVE-2026-50131]
Hollo 0.9.3
Released on June 3, 2026.
- Fixed a bug where some remote accounts' custom profile fields were rendered as per-character entries (field names
0,1,2, … with one character of HTML in each value) in Mastodon API responses and on profile pages. The affected rows had theirfield_htmls(and potentiallyemojisorfields) stored as double-encoded JSON strings by an older Drizzle ORM version; a data migration repairs them, and newCHECKconstraints enforce that these columns always hold JSON objects. [#504]
Hollo 0.9.2
Released on May 25, 2026.
- Fixed a bug where the media proxy returned
404 Not Foundfor remote media whose upstream server labeled the payload asapplication/octet-streamorbinary/octet-streameven though the bytes were valid image, video, or audio data. The proxy now sniffs magic bytes to recover the real MIME type in these cases. [#498]