hollo
#Hollo finally has #Misskey/#Threads-style quotes! It's easy to use. Just paste the link to the post you want to quote into your post! It will automatically recognize a link to an ActivityPub post (supports Article, Note, and Question) and turn it into a quote.
FYI, if you're using #Phanpy, you can use the Quote button that appears when you press the boost icon!
https://hollo.social/@fedify/0191d67c-a300-786e-8395-2020ac47ebc7
#Hollo is currently testing #Node.js instead of #Bun. (In fact, the hollo.social server is already running on Node.js!) If this test is successful, starting with the next release, Hollo will be powered by Node.js instead of Bun.
The main reason for switching to Node.js is to optimize memory usage. As you can see in the graph image below, Node.js uses significantly less memory than Bun. With this switch, Hollo is expected to be even more lightweight than before!
Are you interested in trying out the Node.js version of Hollo early? Try to pull ghcr.io/dahlia/hollo:0.4.0-dev.290!
Just released #Hollo 0.5.4 (ghcr.io/fedify-dev/hollo:0.5.4), 0.4.10 (ghcr.io/fedify-dev/hollo:0.4.10), and 0.3.9 (ghcr.io/fedify-dev/hollo:0.3.9), which fix interoperability issues with some software including @mitra. (Thanks for @silverpill's bug report.)
We're pleased to announce that #Hollo has been included in the Nivenly Fediverse Security Fund program!
The @nivenly Foundation has launched a security bounty fund to support contributors who identify and help fix #security vulnerabilities in popular #fediverse software. Both Hollo and @fedify are among the selected projects that meet their responsible security disclosure requirements.
This program will run from April–September 2025, with bounties of $250–$500 USD for high and critical security vulnerabilities.
We're honored to be recognized alongside other established fediverse projects like Mastodon, Misskey, and Lemmy. This further encourages our commitment to maintaining strong security practices.
If you're interested in contributing to Hollo's security, please follow our responsible disclosure process outlined in our SECURITY.md file.
Learn more about the program:
https://nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
RFC 8414 (OAuth metadata discovery)
RFC 7636 (#PKCE support)
Improved authorization flows following RFC 9700 best practices
New features
Extended character limit (4K → 10K)
Code syntax highlighting
Customizable profile themes
EXIF metadata stripping for privacy
Important notes for update
Node.js 24+ required
Updated environment variables for asset storage
Stronger SECRET_KEY requirements (44+ chars)
Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
Exciting news for the #Hollo project! We're thrilled to announce that Emelia Smith (@thisismissem) has joined as a co-maintainer alongside Hong Minhee (@hongminhee).
Emelia brings extensive experience in the #fediverse ecosystem, having been a long-time contributor to Mastodon and a leading expert in trust & safety tooling for decentralized social networks. She's dedicated years to improving moderation systems and security across #ActivityPub platforms.
Her recent contributions to Hollo have been substantial—implementing the reporting/flagging system and making significant improvements to OAuth and security features. These valuable contributions naturally led to her joining as a co-maintainer.
This collaboration marks an important milestone for Hollo as we continue building better single-user microblogging software for the fediverse. Welcome aboard, Emelia! 🚀
🚨 Security Update: Hollo 0.6.5 Released
We've released #Hollo 0.6.5 with a critical #security fix for CVE-2025-53941, addressing an HTML injection vulnerability in federated posts.
Please #update immediately to protect your instance from potential phishing and XSS attacks.
How to update:
Railway: Go to deployments → click three dots → Redeploy
Docker: docker pull ghcr.io/fedify-dev/hollo:latest and restart
Manual: git pull origin stable && pnpm install and restart server
We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.
We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.
Update Instructions:
Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
Manual installations: Run git pull to get the latest code, then pnpm install and restart your service