Skip to content

Fedify 1.6.8
Compare
Choose a tag to compare
@github-actions github-actions released this 07 Aug 21:10
· 776 commits to main since this release
1.6.8
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
68d2505
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.

Released on August 8, 2025.

  • Fixed a critical authentication bypass vulnerability in the inbox handler that allowed unauthenticated attackers to impersonate any ActivityPub actor. The vulnerability occurred because activities were processed before verifying that the HTTP Signatures key belonged to the claimed actor. Now authentication verification is performed before activity processing to prevent actor impersonation attacks. [CVE-2025-54888]
Assets 9
Loading