<p>quote posts are supported on platforms that support quote posts ( <a href="/tags/akkoma/" rel="tag">#Akkoma</a> <a href="/tags/mitra/" rel="tag">#Mitra</a> <a href="/tags/pleroma/" rel="tag">#Pleroma</a> <a href="/tags/iceshrimp/" rel="tag">#IceShrimp</a> <a href="/tags/hollo/" rel="tag">#Hollo</a> <a href="/tags/sharkey/" rel="tag">#Sharkey</a> )</p>
hollo
<p><a href="/tags/hollo/" rel="tag">#Hollo</a> 0.7 brings a redesigned <a href="/tags/notification/" rel="tag">#notification</a> system with much better performance. We've moved from generating <a href="/tags/notifications/" rel="tag">#notifications</a> on-demand to storing them as they happen, which makes the notifications endpoint about 60% faster. We've also added response compression (though if you're using a reverse proxy, you probably had this already).</p><p>More notably, Hollo 0.7 implements Mastodon's v2 grouped notifications API. Notifications like favorites, follows, and reblogs targeting the same post or account are now grouped together server-side, reducing clutter. Clients that support the new API (introduced in <a href="/tags/mastodon/" rel="tag">#Mastodon</a> 4.3) will show cleaner, more organized notifications automatically.</p><p>Hollo 0.7 is still in development, but we're excited to share it with you when it's ready!</p>
<p>We're pleased to announce that <a href="/tags/hollo/" rel="tag">#Hollo</a> has been included in the Nivenly Fediverse Security Fund program!</p><p>The <span class="h-card"><a href="https://hachyderm.io/@nivenly" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nivenly</span></a></span> Foundation has launched a security bounty fund to support contributors who identify and help fix <a href="/tags/security/" rel="tag">#security</a> vulnerabilities in popular <a href="/tags/fediverse/" rel="tag">#fediverse</a> software. Both Hollo and <span class="h-card"><a href="https://hollo.social/@fedify" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fedify</span></a></span> are among the selected projects that meet their responsible security disclosure requirements.</p><p>This program will run from April–September 2025, with bounties of $250–$500 USD for high and critical security vulnerabilities.</p><p>We're honored to be recognized alongside other established fediverse projects like Mastodon, Misskey, and Lemmy. This further encourages our commitment to maintaining strong security practices.</p><p>If you're interested in contributing to Hollo's security, please follow our responsible disclosure process outlined in our <a href="https://github.com/fedify-dev/hollo/security/policy" rel="nofollow">SECURITY.md</a> file.</p><p>Learn more about the program:</p><p><a href="https://nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/" rel="nofollow" class="ellipsis" title="nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/"><span class="invisible">https://</span><span class="ellipsis">nivenly.org/blog/2025/04/01/ni</span><span class="invisible">venly-fediverse-security-fund/</span></a></p>
<p><a href="/tags/hollo/" rel="tag">#Hollo</a> finally has <a href="/tags/misskey/" rel="tag">#Misskey</a>/<a href="/tags/threads/" rel="tag">#Threads</a>-style quotes! It's easy to use. Just paste the link to the post you want to quote into your post! It will automatically recognize a link to an ActivityPub post (supports Article, Note, and Question) and turn it into a quote.</p><p>FYI, if you're using <a href="/tags/phanpy/" rel="tag">#Phanpy</a>, you can use the Quote button that appears when you press the boost icon!</p><p><a href="https://hollo.social/@fedify/0191d67c-a300-786e-8395-2020ac47ebc7" rel="nofollow" class="ellipsis" title="hollo.social/@fedify/0191d67c-a300-786e-8395-2020ac47ebc7"><span class="invisible">https://</span><span class="ellipsis">hollo.social/@fedify/0191d67c-</span><span class="invisible">a300-786e-8395-2020ac47ebc7</span></a></p>
<p><a href="https://github.com/dahlia/hollo/releases/tag/0.3.0" rel="nofollow">Hollo 0.3.0</a> released! <a href="/tags/hollo/" rel="tag">#Hollo</a> is a single-user federated microblogging software which is <a href="/tags/activitypub/" rel="tag">#ActivityPub</a>-enabled and powered by <a href="/tags/fedify/" rel="tag">#Fedify</a>.</p><p>The key changes of this release include:</p><p>Thanks to <a href="https://hachyderm.io/@joschi" rel="nofollow">@joschi</a>, Hollo now support local filesystem storage for media files. You can configure <a href="https://docs.hollo.social/install/env/#drive_disk" rel="nofollow">DRIVE_DISK=fs</a> and <a href="https://docs.hollo.social/install/env/#fs_asset_path" rel="nofollow">FS_ASSET_PATH</a> to store media files in the local filesystem. For users who've used S3, no further action is required—but, it's recommended to configure <a href="https://docs.hollo.social/install/env/#drive_disk" rel="nofollow">DRIVE_DISK=s3</a> as <a href="https://docs.hollo.social/install/env/#drive_disk" rel="nofollow">DRIVE_DISK</a> will be required in the future releases.<br>Added support for Sentry. If you want to see error reports and instrumented traces in Sentry, please configure <a href="https://docs.hollo.social/install/env/#sentry_dsn" rel="nofollow">SENTRY_DSN</a>.<br>Added pagination to the profile page.<br>Minor performance improvements and bug fixes due to upgrading Fedify to <a href="https://github.com/dahlia/fedify/discussions/194" rel="nofollow">1.3.0</a>.</p><p>You can upgrade to Hollo 0.3.0 using the following ways:</p><p>To Railway users: <a href="https://docs.hollo.social/install/railway/#upgrading" rel="nofollow">Just redeploy the Hollo service</a>!<br>To Docker users: Switch your Hollo image to <a href="https://github.com/users/dahlia/packages/container/hollo/314795469?tag=0.3.0" rel="nofollow">ghcr.io/dahlia/hollo:0.3.0</a> or simply <a href="https://github.com/users/dahlia/packages/container/hollo/314795469?tag=latest" rel="nofollow">latest</a>!<br>To manual installers: Fetch the <a href="https://github.com/dahlia/hollo/tree/stable" rel="nofollow">stable branch</a> and switch over to it!</p>
<p><a href="/tags/hollo/" rel="tag">#Hollo</a> is currently testing <a href="/tags/node/" rel="tag">#Node</a>.js instead of <a href="/tags/bun/" rel="tag">#Bun</a>. (In fact, the hollo.social server is already running on Node.js!) If this test is successful, starting with the next release, Hollo will be powered by Node.js instead of Bun.</p><p>The main reason for switching to Node.js is to optimize memory usage. As you can see in the graph image below, Node.js uses significantly less memory than Bun. With this switch, Hollo is expected to be even more lightweight than before!</p><p>Are you interested in trying out the Node.js version of Hollo early? Try to pull <a href="https://github.com/dahlia/hollo/pkgs/container/hollo/324406231?tag=0.4.0-dev.290" rel="nofollow">ghcr.io/dahlia/hollo:0.4.0-dev.290</a>!</p>
<p>For those who want to use <a href="/tags/hollo/" rel="tag">#Hollo</a> on <span class="h-card"><a href="https://tapbots.social/@ivory" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ivory</span></a></span>: <a href="/tags/ivory/" rel="tag">#Ivory</a> evolved from the <a href="https://tapbots.com/tweetbot/" rel="nofollow">Tweetbot</a> codebase, which was a third-party Twitter client, so it assumes that object IDs are integers. Hollo uses <a href="https://en.wikipedia.org/wiki/Universally_unique_identifier" rel="nofollow">UUIDs</a> for object IDs, so it can't be used with Ivory at this time. We hope that Ivory will support non-integer object IDs in the future!</p>
<p>We'd like to introduce the <a href="/tags/fedify/" rel="tag">#Fedify</a> project family—a set of related tools that make building <a href="/tags/activitypub/" rel="tag">#ActivityPub</a> applications more accessible:</p><p><span class="h-card"><a href="https://hollo.social/@fedify" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Fedify</span></a></span> <img src="https://neodb.social/media/emoji/hollo.social/fedify.png" class="emoji" alt=":fedify:" title=":fedify:"></p><p><span class="h-card"><a href="https://hollo.social/@fedify" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Fedify</span></a></span> (<span class="h-card"><a href="https://hollo.social/@fedify" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fedify</span></a></span>) is a <a href="/tags/typescript/" rel="tag">#TypeScript</a> library for building federated server applications powered by ActivityPub and other <a href="/tags/fediverse/" rel="tag">#fediverse</a> standards. It provides <a href="https://fedify.dev/manual/vocab" rel="nofollow">type-safe objects for Activity Vocabulary</a>, WebFinger client/server, HTTP Signatures, and more—eliminating boilerplate code so you can focus on your application logic.</p><p><span class="h-card"><a href="https://hollo.social/@hollo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Hollo</span></a></span> <img src="https://neodb.social/media/emoji/hollo.social/hollo.png" class="emoji" alt=":hollo:" title=":hollo:"></p><p><span class="h-card"><a href="https://hollo.social/@hollo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Hollo</span></a></span> (<span class="h-card"><a href="https://hollo.social/@hollo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hollo</span></a></span>) is a single-user microblogging server powered by Fedify. While designed for individual users, it's fully federated through ActivityPub, allowing interaction with users across the fediverse. <a href="/tags/hollo/" rel="tag">#Hollo</a> implements Mastodon-compatible APIs, making it <a href="https://docs.hollo.social/clients/" rel="nofollow">compatible with most Mastodon clients</a> without needing its own web interface.</p><p>Hollo also serves as our testing ground for bleeding-edge Fedify features before they're officially released.</p><p><span class="h-card"><a href="https://hollo.social/@botkit" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BotKit</span></a></span> <img src="https://neodb.social/media/emoji/hollo.social/botkit.png" class="emoji" alt=":botkit:" title=":botkit:"></p><p><span class="h-card"><a href="https://hollo.social/@botkit" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BotKit</span></a></span> (<span class="h-card"><a href="https://hollo.social/@botkit" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>botkit</span></a></span>) is our newest family member—a framework specifically designed for creating ActivityPub bots. Unlike traditional Mastodon bots, <a href="/tags/botkit/" rel="tag">#BotKit</a> creates standalone ActivityPub servers that aren't constrained by platform-specific limitations (like character counts).</p><p>BotKit's API is intentionally simple—you can create a complete bot in a single TypeScript file!</p><p>All three projects are open source and hosted under the <a href="https://github.com/fedify-dev" rel="nofollow">@fedify-dev</a> GitHub organization. While they serve different purposes, they share common goals: making ActivityPub development more accessible and expanding the fediverse ecosystem.</p><p>If you're interested in trying any of these projects or contributing to their development, check out:</p><p>Fedify: <a href="https://fedify.dev/" rel="nofollow"><span class="invisible">https://</span>fedify.dev/</a><br>Hollo: <a href="https://docs.hollo.social/" rel="nofollow"><span class="invisible">https://</span>docs.hollo.social/</a><br>BotKit: <a href="https://botkit.fedify.dev/" rel="nofollow"><span class="invisible">https://</span>botkit.fedify.dev/</a></p><p><a href="/tags/fedidev/" rel="tag">#fedidev</a></p>
<p>Starting with <a href="/tags/hollo/" rel="tag">#Hollo</a> 0.4.0, you can allow your profile to be discovered in the public directory. Under the hood, this option corresponds to <a href="https://docs.joinmastodon.org/spec/activitypub/#discoverable" rel="nofollow">Mastodon's toot:discoverable property</a>.</p>
<p>One hidden feature of <a href="/tags/hollo/" rel="tag">#Hollo</a>: You can also quote another post while replying to someone else's post.</p>
<p>Just released <a href="/tags/hollo/" rel="tag">#Hollo</a> 0.3.5, which contains small minor bug fixes.</p>
<p><a href="https://github.com/dahlia/hollo/releases/tag/0.4.0" rel="nofollow">Hollo 0.4.0</a> released! <a href="/tags/hollo/" rel="tag">#Hollo</a> is a single-user federated microblogging software which is <a href="/tags/activitypub/" rel="tag">#ActivityPub</a>-enabled and powered by <a href="/tags/fedify/" rel="tag">#Fedify</a>.</p><p>The key changes of this release include:</p><p><p>Hollo is now powered by Node.js 23+ instead of Bun for <a href="https://hollo.social/@hollo/0193d5a1-e7e8-7ada-b7cd-8b0a84a8dfe0" rel="nofollow">more efficient memory usage</a>.</p><br><p>Added an experimental feature flag <a href="https://docs.hollo.social/install/env/#timeline_inboxes" rel="nofollow">TIMELINE_INBOXES</a> to store all posts visible to your timeline in the database, rather than filtering them in real-time as they are displayed. This is useful for relatively larger instances with many incoming posts, but as of now it may have several bugs. It is expected to be the default behavior in the future after it is stabilized.</p><br><p>Now you can import and export your data from the administration dashboard in CSV format: follows, lists, accounts you muted, accounts you blocked, and bookmarks.</p><br><p>You can now make your profile <a href="https://docs.joinmastodon.org/spec/activitypub/#discoverable" rel="nofollow">discoverable</a>.</p><br><p>The profile page now shows an account's cover image if it has one.</p><br><p>Many bug fixes.</p></p><p>For the details, see also the <a href="https://github.com/dahlia/hollo/releases/tag/0.4.0" rel="nofollow">full changelog</a>.</p><p>You can upgrade to Hollo 0.4.0 using the following ways:</p><p><p>To Railway users: <a href="https://docs.hollo.social/install/railway/#upgrading" rel="nofollow">Just redeploy the Hollo service</a>!</p><br><p>To Docker users: Switch your Hollo image to <a href="https://github.com/users/dahlia/packages/container/hollo/329079566?tag=0.4.0" rel="nofollow">ghcr.io/dahlia/hollo:0.4.0</a> or simply <a href="https://github.com/users/dahlia/packages/container/hollo/329079566?tag=latest" rel="nofollow">latest</a>!</p><br><p>To manual installers:</p><p><p>Install <a href="https://nodejs.org/" rel="nofollow">Node.js</a> 23 or higher.</p><br><p><a href="https://pnpm.io/installation" rel="nofollow">Install pnpm.</a></p><br><p>Fetch the <a href="https://github.com/dahlia/hollo/tree/stable" rel="nofollow">stable branch</a> and switch over to it.</p><br><p>Run pnpm install.</p><br><p>Run pnpm run prod to start the Hollo server.</p></p></p>
<p>Have you been having trouble fetching accounts or posts from <a href="/tags/akkoma/" rel="tag">#Akkoma</a> that have custom emojis in <a href="/tags/hollo/" rel="tag">#Hollo</a>?</p><p>This is because <a href="https://akkoma.dev/AkkomaGang/akkoma/issues/848" rel="nofollow">they represent an Emoji object as an invalid JSON-LD object</a>. Fortunately, <a href="https://akkoma.dev/AkkomaGang/akkoma/pulls/850" rel="nofollow">this patch</a> fixes that issue, so keep an eye out for it.</p><p><a href="https://hollo.social/@fedify/01941dab-e4c3-7ce0-9307-b5b8c095d521" rel="nofollow" class="ellipsis" title="hollo.social/@fedify/01941dab-e4c3-7ce0-9307-b5b8c095d521"><span class="invisible">https://</span><span class="ellipsis">hollo.social/@fedify/01941dab-</span><span class="invisible">e4c3-7ce0-9307-b5b8c095d521</span></a></p>
<p>Found 11 new servers and 18 servers died off since 7 hours ago.</p><p><a href="https://fediverse.observer/status" rel="nofollow">22,230</a> servers checked. 13,431,920 Total Users with 1,027,115 Active Users today. Check out the <a href="https://fediverse.observer/stats" rel="nofollow">stats</a>!</p><p>New <a href="/tags/fediverse/" rel="tag">#fediverse</a> servers found:</p><p><a href="https://hollo.fediverse.observer/hollo.ssig33.com" rel="nofollow">hollo.ssig33.com</a> a <a href="/tags/hollo/" rel="tag">#hollo</a> server from Private<br><a href="https://diaspora.fediverse.observer/diaspora.delaylama.de" rel="nofollow">diaspora.delaylama.de</a> a <a href="/tags/diaspora/" rel="tag">#diaspora</a> server from France<br><a href="https://mastodon.fediverse.observer/mastodon.mulesgaming.com" rel="nofollow">mastodon.mulesgaming.com</a> a <a href="/tags/mastodon/" rel="tag">#mastodon</a> server from Private<br><a href="https://misskey.fediverse.observer/cabamacnagoya.harumaki2000.net" rel="nofollow">cabamacnagoya.harumaki2000.net</a> a <a href="/tags/misskey/" rel="tag">#misskey</a> server from Private<br><a href="https://pleroma.fediverse.observer/pl.firelink.digital" rel="nofollow">pl.firelink.digital</a> a <a href="/tags/pleroma/" rel="tag">#pleroma</a> server from Private<br><a href="https://sharkey.fediverse.observer/kurage.homes" rel="nofollow">kurage.homes</a> a <a href="/tags/sharkey/" rel="tag">#sharkey</a> server from Germany<br><a href="https://gotosocial.fediverse.observer/social.seedoubleyou.me" rel="nofollow">social.seedoubleyou.me</a> a <a href="/tags/gotosocial/" rel="tag">#gotosocial</a> server from United Arab Emirates<br><a href="https://wordpress.fediverse.observer/this-email-list.ispants.com" rel="nofollow">this-email-list.ispants.com</a> a <a href="/tags/wordpress/" rel="tag">#wordpress</a> server from United Kingdom<br><a href="https://nexkey.fediverse.observer/altair.nyoroooon.xyz" rel="nofollow">altair.nyoroooon.xyz</a> a <a href="/tags/nexkey/" rel="tag">#nexkey</a> server from Private<br><a href="https://gotosocial.fediverse.observer/fedi.merta.xyz" rel="nofollow">fedi.merta.xyz</a> a <a href="/tags/gotosocial/" rel="tag">#gotosocial</a> server from United States<br><a href="https://wordpress.fediverse.observer/lvgaldieri.com" rel="nofollow">lvgaldieri.com</a> a <a href="/tags/wordpress/" rel="tag">#wordpress</a> server from United States</p><p>Help others find a home, send them to <a href="https://fediverse.observer" rel="nofollow">fediverse.observer</a></p>
<p>10月26日(土)に開催されるOSC 2024 Tokyo/Fallに<a href="https://fedify.dev/" rel="nofollow">Fedify</a>/<a href="https://hollo.social/" rel="nofollow">Hollo</a>合同で出展します!可愛いFedifyのロゴのシールと『<a href="https://github.com/dahlia/fedify-microblog-tutorial-ja" rel="nofollow">自分だけのフェディバースのマイクロブログを作ろう!</a>』日本語版の紙の本を持って行く予定です。よろしくお願いします。</p><p><a href="https://event.ospn.jp/osc2024-fall/" rel="nofollow"><span class="invisible">https://</span>event.ospn.jp/osc2024-fall/</a></p><p><a href="/tags/fedify/" rel="tag">#Fedify</a> <a href="/tags/hollo/" rel="tag">#Hollo</a> <a href="/tags/osc24tk/" rel="tag">#osc24tk</a></p>
<p><a href="/tags/hollo/" rel="tag">#Hollo</a> 0.6.0 is coming soon!</p><p>We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:</p><p>Enhanced <a href="/tags/oauth/" rel="tag">#OAuth</a> <a href="/tags/security/" rel="tag">#security</a></p><p>RFC 8414 (OAuth metadata discovery)<br>RFC 7636 (<a href="/tags/pkce/" rel="tag">#PKCE</a> support)<br>Improved authorization flows following RFC 9700 best practices</p><p>New features</p><p>Extended character limit (4K → 10K)<br>Code syntax highlighting<br>Customizable profile themes<br>EXIF metadata stripping for privacy</p><p>Important notes for update</p><p>Node.js 24+ required<br>Updated environment variables for asset storage<br>Stronger SECRET_KEY requirements (44+ chars)</p><p>Special thanks to <span class="h-card"><a href="https://hachyderm.io/@thisismissem" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thisismissem</span></a></span> for the extensive OAuth improvements that help keep the <a href="/tags/fediverse/" rel="tag">#fediverse</a> secure and compatible! 🙏</p><p>Full changelog and upgrade guide coming with the release.</p><p><a href="/tags/activitypub/" rel="tag">#ActivityPub</a></p>
<p>In related news, <a href="/tags/hollo/" rel="tag">#Hollo</a> has also released <a href="/tags/security/" rel="tag">#security</a> updates: <a href="https://github.com/dahlia/hollo/releases/tag/0.3.6" rel="nofollow">0.3.6</a> & <a href="https://github.com/dahlia/hollo/releases/tag/0.4.4" rel="nofollow">0.4.4</a>. Update now!</p><p><a href="https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed" rel="nofollow" class="ellipsis" title="hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed"><span class="invisible">https://</span><span class="ellipsis">hollo.social/@fedify/01948487-</span><span class="invisible">87b2-709d-953f-8799b78433ed</span></a></p>
<p>The <a href="/tags/hollo/" rel="tag">#Hollo</a> repository has moved from <a href="https://github.com/dahlia/hollo" rel="nofollow">@dahlia/hollo</a> to <a href="https://github.com/fedify-dev/hollo" rel="nofollow">@fedify-dev/hollo</a>! Along with this move, our <a href="/tags/docker/" rel="tag">#Docker</a> image registry has also been relocated from <a href="https://github.com/users/dahlia/packages/container/package/hollo" rel="nofollow">ghcr.io/dahlia/hollo</a> to <a href="https://github.com/fedify-dev/hollo/pkgs/container/hollo" rel="nofollow">ghcr.io/fedify-dev/hollo</a>.</p><p>While the old image registry will remain accessible, it won't receive any new tags. We recommend all Hollo users to update their Docker image references to the new registry address.</p><p>To update your Docker configurations, please change:</p><p>From: ghcr.io/dahlia/hollo:latest<br>To: ghcr.io/fedify-dev/hollo:latest</p><p>The migration ensures better project organization and continued development. Thank you for your understanding and cooperation in making this transition smooth! <img src="https://neodb.social/media/emoji/hollo.social/hollo.png" class="emoji" alt=":hollo:" title=":hollo:"></p><p><a href="/tags/fediverse/" rel="tag">#fediverse</a></p><p><a href="https://hollo.social/@fedify/0194a851-581d-779c-b777-dc39e753ef14" rel="nofollow" class="ellipsis" title="hollo.social/@fedify/0194a851-581d-779c-b777-dc39e753ef14"><span class="invisible">https://</span><span class="ellipsis">hollo.social/@fedify/0194a851-</span><span class="invisible">581d-779c-b777-dc39e753ef14</span></a></p>
<p>Had some fun today installing <span class="h-card"><a href="https://hollo.social/@hollo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hollo</span></a></span> because you can never have enough fediverse accounts, right? I'm definitely not avoiding the real world with this distraction. 👀</p><p>Hollo is a single / low user platform for the fediverse. It runs on the <span class="h-card"><a href="https://hollo.social/@fedify" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fedify</span></a></span> framework and supports quote posts, markdown, and emoji reactions.</p><p>I went off the beaten path a bit and customized the composer file. Here's my notes on the install process.</p><p><a href="https://box464.com/posts/hollo-install/" rel="nofollow" class="ellipsis" title="box464.com/posts/hollo-install/"><span class="invisible">https://</span><span class="ellipsis">box464.com/posts/hollo-install</span><span class="invisible">/</span></a></p><p><a href="/tags/hollo/" rel="tag">#Hollo</a> <a href="/tags/fediverse/" rel="tag">#Fediverse</a> <a href="/tags/fediapps/" rel="tag">#FediApps</a></p>
<p><a href="/tags/hollo/" rel="tag">#Hollo</a> 0.5.0 has been released! This update brings several improvements to make your Hollo experience even better.</p><p>We've enhanced the accuracy of sharing and liking counts, giving you a clearer picture of post engagement. Posts now maintain precise counts of shares and likes, which persist even when shared across different servers.</p><p>Thanks to contributions from <span class="h-card"><a href="https://hollo.yamanoku.net/@yamanoku" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>yamanoku</span></a></span>, the profile page has received several enhancements:</p><p>You can now navigate to newer posts with backward pagination<br>Images are more accessible with improved alt text handling<br>Custom fields display better on smaller screens</p><p>The favicon now automatically adapts to your light/dark mode preference, and you can enable raw HTML in Markdown using the new ALLOW_HTML environment variable (with secure limitations on allowed HTML elements).</p><p>We've also expanded our Mastodon API compatibility by adding endpoints for muted and blocked accounts, making it easier to manage your social boundaries.</p><p>Important note for S3 users: The S3_REGION environment variable is now required when using S3 storage.</p><p>To update to 0.5.0:</p><p>Docker users: docker pull ghcr.io/fedify-dev/hollo:0.5.0<br>Manual installation: git pull origin stable and pnpm install<br>Railway users: Redeploy your service from the Railway dashboard</p><p>Full changelog: <a href="https://github.com/fedify-dev/hollo/releases/tag/0.5.0" rel="nofollow" class="ellipsis" title="github.com/fedify-dev/hollo/releases/tag/0.5.0"><span class="invisible">https://</span><span class="ellipsis">github.com/fedify-dev/hollo/re</span><span class="invisible">leases/tag/0.5.0</span></a>.</p>
<p><a href="/tags/hollo/" rel="tag">#Hollo</a> v0.6.0, the next minor release, will have theme colors on your profile pages. Powered by <a href="https://picocss.com/" rel="nofollow">Pico CSS</a>, see the list of all available colors in the <a href="https://picocss.com/docs/colors" rel="nofollow">Colors section</a> from their docs.</p><p>Want to give it a try in advance? Try <a href="https://github.com/fedify-dev/hollo/pkgs/container/hollo/359370140?tag=0.6.0-dev.397" rel="nofollow">v0.6.0-dev.397</a>, an unstable release, at your own risk.</p>
<p>Just released <a href="/tags/hollo/" rel="tag">#Hollo</a> <a href="https://github.com/fedify-dev/hollo/releases/tag/0.5.4" rel="nofollow">0.5.4</a> (<a href="https://github.com/orgs/fedify-dev/packages/container/hollo/362516640?tag=0.5.4" rel="nofollow">ghcr.io/fedify-dev/hollo:0.5.4</a>), <a href="https://github.com/fedify-dev/hollo/releases/tag/0.4.10" rel="nofollow">0.4.10</a> (<a href="https://github.com/orgs/fedify-dev/packages/container/hollo/362514656?tag=0.4.10" rel="nofollow">ghcr.io/fedify-dev/hollo:0.4.10</a>), and <a href="https://github.com/fedify-dev/hollo/releases/tag/0.3.9" rel="nofollow">0.3.9</a> (<a href="https://github.com/orgs/fedify-dev/packages/container/hollo/362510673?tag=0.3.9" rel="nofollow">ghcr.io/fedify-dev/hollo:0.3.9</a>), which fix interoperability issues with some software including <span class="h-card"><a href="https://mitra.social/users/mitra" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mitra</span></a></span>. (Thanks for <span class="h-card"><a href="https://mitra.social/users/silverpill" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>silverpill</span></a></span>'s bug report.)</p>
<p>I just discovered why some of my followers from larger <a href="/tags/mastodon/" rel="tag">#Mastodon</a> instances (like mastodon.social) would mysteriously unfollow me after a while!</p><p><a href="https://github.com/mastodon/mastodon/pull/34272" rel="nofollow">A pull request was just merged in Mastodon that fixes a critical bug in their follower synchronization mechanism.</a></p><p>Turns out Mastodon implements the <a href="https://w3id.org/fep/8fcf" rel="nofollow">FEP-8fcf</a> specification (Followers collection synchronization across servers), but it expected all followers to be in a single page collection. When followers were split across multiple pages, it would only see the first page and incorrectly remove all followers from subsequent pages!</p><p>This explains so much about the strange behavior I've been seeing with <a href="/tags/hollo/" rel="tag">#Hollo</a> and other <a href="/tags/fedify/" rel="tag">#Fedify</a>-based servers over the past few months. Some people would follow me from large instances, then mysteriously unfollow later without any action on their part.</p><p>Thankfully this fix has been marked for backporting, so it should appear in an upcoming patch release rather than waiting for the next major version. Great news for all of us building on <a href="/tags/activitypub/" rel="tag">#ActivityPub</a>!</p><p>This is why I love open source—we can identify, understand, and fix these kinds of interoperability issues together. 😊</p><p><a href="/tags/fediverse/" rel="tag">#fediverse</a> <a href="/tags/fedidev/" rel="tag">#fedidev</a></p>
<p>🚨 Security Update: <a href="https://github.com/fedify-dev/hollo/releases/tag/0.6.5" rel="nofollow">Hollo 0.6.5</a> Released</p><p>We've released <a href="/tags/hollo/" rel="tag">#Hollo</a> 0.6.5 with a critical <a href="/tags/security/" rel="tag">#security</a> fix for <a href="https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h" rel="nofollow">CVE-2025-53941</a>, addressing an HTML injection vulnerability in federated posts.</p><p>Please <a href="/tags/update/" rel="tag">#update</a> immediately to protect your instance from potential phishing and XSS attacks.</p><p>How to update:</p><p>Railway: Go to deployments → click three dots → Redeploy<br>Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart<br>Manual: git pull origin stable && pnpm install and restart server</p>
<p>We've released <a href="/tags/security/" rel="tag">#security</a> updates for <a href="/tags/hollo/" rel="tag">#Hollo</a> (<a href="https://github.com/fedify-dev/hollo/releases/tag/0.4.12" rel="nofollow">0.4.12</a>, <a href="https://github.com/fedify-dev/hollo/releases/tag/0.5.7" rel="nofollow">0.5.7</a>, and <a href="https://github.com/fedify-dev/hollo/releases/tag/0.6.6" rel="nofollow">0.6.6</a>) to address a <a href="/tags/vulnerability/" rel="tag">#vulnerability</a> in the underlying <a href="/tags/fedify/" rel="tag">#Fedify</a> framework. These updates incorporate the latest Fedify security patches that fix <a href="https://github.com/fedify-dev/fedify/security/advisories/GHSA-6jcc-xgcr-q3h4" rel="nofollow">CVE-2025-54888</a>.</p><p>We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.</p><p>Update Instructions:</p><p>Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”<br>Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers<br>Manual installations: Run git pull to get the latest code, then pnpm install and restart your service</p>