Skip to content

Fedify 2.1.15

Choose a tag to compare

View all tags
@github-actions github-actions released this 04 Jun 05:50
· 1138 commits to main since this release
2.1.15
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
2e1122e
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.

Released on June 4, 2026.

@fedify/vocab-runtime

  • Fixed validatePublicUrl() allowing special-use IPv4 ranges, such as shared address space, benchmarking, multicast, reserved, and documentation ranges, which could bypass private network protections in remote document loading. [CVE-2026-50131]

  • Fixed validatePublicUrl() allowing IPv6 translation and tunneling prefixes, including NAT64, Teredo, and 6to4 addresses, which could bypass private network protections in remote document loading. [CVE-2026-50131]

Assets 35
Loading