Skip to content

Releases: fedify-dev/fedify

Fedify 1.4.0

05 Feb 03:15
@github-actions github-actions
1.4.0
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
5dc91fc
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fedify 1.4.0 Latest
Latest

Released on February 5, 2025.

  • Document loader and context loader are now configurable with a factory function for more flexibility.

    • Deprecated CreateFederationOptions.documentLoader option. Use CreateFederationOptions.documentLoaderFactory option instead.
    • Deprecated CreateFederationOptions.contextLoader option. Use CreateFederationOptions.contextLoaderFactory option instead.
    • Added DocumentLoaderFactory type.
    • Added DocumentLoaderFactoryOptions interface.
    • Added the second parameter with DocumentLoaderFactoryOptions type to AuthenticatedDocumentLoaderFactory type.
    • GetAuthenticatedDocumentLoaderOptions interface became to extend DocumentLoaderFactoryOptions interface.
    • Added a type parameter TContextData to CreateFederationOptions interface.
    • Fedify now assigns a random-generated http:/https: URI to activities if these do not have explicit id properties. This behavior can be disabled by excluding autoIdAssigner() from the CreateFederationOptions.activityTransformers option.

  • Introduced ActivityTransformers for adjusting outgoing activities before sending them so that some ActivityPub implementations with quirks are satisfied.

    • Added @fedify/fedify/compat module.
    • Added ActivityTransformer type.
    • Added autoIdAssigner() function.
    • Added actorDehydrator() function.
    • Added defaultActivityTransformers constant.
    • Added CreateFederationOptions.activityTransformers option.

  • The suppressError option of Activity Vocabulary APIs, traverseCollection() function, and Context.traverseCollection() method now suppresses errors occurred JSON-LD processing.

  • WebFinger responses are now customizable. [#3]

    • Added ActorCallbackSetters.mapAlias() method.
    • Added ActorAliasMapper type.

  • Added Context.getNodeInfo() method. [#203]

  • Added shares property to Object class in Activity Vocabulary API.

    • Added Object.sharesId property.
    • Added Object.getShares() method.
    • new Object() constructor now accepts shares option.
    • Object.clone() method now accepts shares option.

  • Added likes property to Object class in Activity Vocabulary API.

    • Added Object.likesId property.
    • Added Object.getLikes() method.
    • new Object() constructor now accepts likes option.
    • Object.clone() method now accepts likes option.

  • Added emojiReactions property to Object class in Activity Vocabulary API.

    • Added Object.emojiReactionsId property
    • Added Object.getEmojiReactions() method.
    • new Object() constructor now accepts emojiReactions option.
    • Object.clone() method now accepts emojiReactions option.

  • Added allowPrivateAddress option to LookupWebFingerOptions interface.

  • Added more log messages using the LogTape library. Currently the below logger categories are used:

    • ["fedify", "compat", "transformers"]

  • Added -t/--traverse option to the fedify lookup subcommand. [#195]

  • Added -S/--suppress-errors option to the fedify lookup subcommand. [#195]

Assets 9
Loading

Fedify 1.3.7

01 Feb 07:21
@github-actions github-actions
1.3.7
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
6f55472
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fedify 1.3.7

Released on February 1, 2025.

  • Updated LogTape to version 0.8.1, which fixes a bug where lowestLevel option had incorrectly behaved.
Assets 9
Loading

Fedify 1.3.6

31 Jan 05:01
@github-actions github-actions
1.3.6
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
2e2e76b
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fedify 1.3.6

Released on January 31, 2025.

  • Fixed a bug where getUserAgent() function had returned a User-Agent string with a wrong JavaScript runtime name on Node.js. [#203]
Assets 9
Loading

Fedify 1.3.5

21 Jan 11:49
@github-actions github-actions
1.3.5
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
330c5d1
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fedify 1.3.5

Released on January 21, 2025.

  • Fixed a bug where CreateFederationOptions.allowPrivateAddress option had been ignored by the Context.lookupObject() method when it had taken a fediverse handle.

  • The lookupWebFinger() function became to silently return null when it fails to fetch the WebFinger document due to accessing a private network address, instead of throwing a UrlError.

Assets 9
Loading

Fedify 1.3.4

20 Jan 16:09
@github-actions github-actions
1.3.4
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
91bd1d7
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fedify 1.3.4

Released on January 21, 2025.

  • Fixed several security vulnerabilities of the lookupWebFinger() function. [CVE-2025-23221]

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the infinite number of redirects, which could lead to a denial of service attack. Now it follows up to 5 redirects.

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the redirects to other than the HTTP/HTTPS schemes, which could lead to a security breach. Now it follows only the same scheme as the original request.

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the redirects to the private network addresses, which could lead to a SSRF attack. Now it follows only the public network addresses.

Assets 9
Loading

Fedify 1.2.11

20 Jan 16:04
@github-actions github-actions
1.2.11
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
d47268b
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fedify 1.2.11

Released on January 21, 2025.

  • Fixed several security vulnerabilities of the lookupWebFinger() function. [CVE-2025-23221]

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the infinite number of redirects, which could lead to a denial of service attack. Now it follows up to 5 redirects.

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the redirects to other than the HTTP/HTTPS schemes, which could lead to a security breach. Now it follows only the same scheme as the original request.

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the redirects to the private network addresses, which could lead to a SSRF attack. Now it follows only the public network addresses.

Assets 9
Loading

Fedify 1.1.11

20 Jan 16:01
@github-actions github-actions
1.1.11
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
e06d873
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fedify 1.1.11

Released on January 21, 2025.

  • Fixed several security vulnerabilities of the lookupWebFinger() function. [CVE-2025-23221]

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the infinite number of redirects, which could lead to a denial of service attack. Now it follows up to 5 redirects.

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the redirects to other than the HTTP/HTTPS schemes, which could lead to a security breach. Now it follows only the same scheme as the original request.

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the redirects to the private network addresses, which could lead to a SSRF attack. Now it follows only the public network addresses.

Assets 9
Loading

Fedify 1.0.14

20 Jan 15:54
@github-actions github-actions
1.0.14
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
fbfe4e1
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fedify 1.0.14

Released on January 21, 2025.

  • Fixed several security vulnerabilities of the lookupWebFinger() function. [CVE-2025-23221]

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the infinite number of redirects, which could lead to a denial of service attack. Now it follows up to 5 redirects.

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the redirects to other than the HTTP/HTTPS schemes, which could lead to a security breach. Now it follows only the same scheme as the original request.

    • Fixed a security vulnerability where the lookupWebFinger() function had followed the redirects to the private network addresses, which could lead to a SSRF attack. Now it follows only the public network addresses.

Assets 9
Loading

Fedify 1.3.3

30 Dec 14:57
@github-actions github-actions
1.3.3
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
4193682
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fedify 1.3.3

Released on December 30, 2024.

Assets 9
Loading

Fedify 1.3.2

18 Dec 09:21
@github-actions github-actions
1.3.2
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
4e5f831
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fedify 1.3.2

Released on December 18, 2024.

  • Fixed the default document loader to handle the Link header with incorrect syntax. [#196]
Assets 9
Loading