github fedify-dev/hollo 0.6.0
Hollo 0.6.0
on GitHub

latest releases: 0.6.10, 0.6.9, 0.6.8...
3 months ago

Released on June 5, 2025.

  • Revamped the environment variables for asset storage configuration. [#115, #121 by Emelia Smith]

    • Added FS_STORAGE_PATH environment variable, which is required where DRIVE_DISK is set to fs.
    • Added STORAGE_URL_BASE environment variable, which is required.
    • Deprecated FS_ASSET_PATH in favor of FS_STORAGE_PATH.
    • Deprecated ASSET_URL_BASE in favor of STORAGE_URL_BASE.

  • Implemented OAuth 2.0 Authorization Code flow with support for access grants. This improves the security of the OAuth authorization process by separating the authorization code from the access token issuance. [#130 by Emelia Smith]

  • Hollo now requires the SECRET_KEY environment variable to be at least 44 characters long. This change ensures sufficient entropy for cryptographic operations. [#126 by Emelia Smith]

  • Hollo now lets /.well-known/ and /oauth/ endpoints allow cross origin requests which is aligned with those of Mastodon. [#126 by Emelia Smith]

  • Added the BIND environment variable to specify the host address to listen on. [#114, #120 by Emelia Smith]

  • The theme color of the profile page is now customizable. The list of all available theme colors can be found in the Colors section of the Pico CSS docs.

  • You can now sign out from the administration dashboard. [#50, #122 by Emelia Smith]

  • On profile page, shared posts are now more visually separated from the original posts, and the time of sharing is now shown. [#111]

  • On profile page, alt texts for images are now expanded within <details>. [#99, #110 by Okuto Oyama]

  • The scope parameter is now optional for POST /oauth/token endpoint.

  • The current version string is displayed at the bottom of the dashboard page. [#136, #137 by RangHo Lee]

  • Increased the maximum character limit for posts from 4,096 to 10,000 characters.

  • EXIF metadata of attached images are now stripped before storing them to prevent privacy leaks. [#152 by NTSK]

  • Code blocks inside Markdown are now highlighted. The syntax highlighting is powered By Shiki. See also the complete list of supported languages. [#149]

  • Implemented OAuth 2.0 Proof Key for Code Exchange (PKCE) support with the S256 code challenge method. This enhances security by preventing authorization code interception attacks in the OAuth authorization flow. [#155 by Emelia Smith]

  • Added support for the profile OAuth scope for enhanced user authentication. This allows applications to request limited profile information using the new /oauth/userinfo endpoint and enables the profile scope to be used with the GET /api/v1/accounts/verify_credentials endpoint. [#45, #156 by Emelia Smith]

  • Made few Mastodon API endpoints publicly accessible without authentication so that they behave more similarly to Mastodon:

    • GET /api/v1/statuses/:id
    • GET /api/v1/statuses/:id/context

  • Upgraded Fedify to 1.5.3 and @fedify/postgres to 0.3.0.

  • The minimum required version of Node.js is now 24.0.0.

Check out latest releases or
releases around fedify-dev/hollo 0.6.0

Don't miss a new hollo release

NewReleases is sending notifications on new releases.

Get notifications