Skip to content

Fedify 2.0.19

Choose a tag to compare

View all tags
@github-actions github-actions released this 04 Jun 04:57
· 1418 commits to main since this release
2.0.19
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
0bdad17
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.

Released on June 4, 2026.

@fedify/vocab-runtime

  • Fixed validatePublicUrl() allowing special-use IPv4 ranges, such as shared address space, benchmarking, multicast, reserved, and documentation ranges, which could bypass private network protections in remote document loading. [CVE-2026-50131]

  • Fixed validatePublicUrl() allowing IPv6 translation and tunneling prefixes, including NAT64, Teredo, and 6to4 addresses, which could bypass private network protections in remote document loading. [CVE-2026-50131]

Assets 33
Loading