Nova@Chishiki611@enby.life

Home | Notifications | New Note | Local | Federated | Search | Logout

Nova@Chishiki611@enby.life

Plural (💡🏠) | Trying to be a sanctuary for those who need it.

💜🎗️ If you have been rejected by society, I want you to know that you are not alone and none of this is your fault. 💜🎗️

Follow requests are fine, but we will do a vibe check (see pinned for details) :)

If you are on mastodon.social, I will not accept your follow request unless you had an established presence rlsewhere. Please choose a better and smaller server.
⛔ Pedos, tankies, and the like are blocked on site.

ℹ️ While we do boost mutual aid posts, users who post mutual aid posts frequently enough get those posts filtered out via hard word mutes.

ℹ️ We intend to be a safe space where everyone is welcome to the table as long as they are not hurtful or harmful to others. If we find that someone is not getting along with a mutual, they will get a warning via a DM from us, and if we find that they still can't get along for a second time, they will get a mute and a force-unfollow. That is because to us, it shows that the entities in question don't like that we try to keep our space safe.

pronouns?: depends; see pinned.
Intermittent radio silence: Should be expected.
Follow requests: Vibe checked; follow requests automatically approve if we follow you
If we break ties with you first:: It is either for our safety or for others' safety
Age: Adult (21+)
Avatar source (Picrew): https://picrew.me/en/image_maker/1649970
Joined: 2026-05-20 10:52:50
1 notes, 0 following, 0 followers


Nova@Chishiki611@enby.life boosted:
@vmstan@vmst.io (2026-06-16 12:04:02)
The vmst.io instance will cease operations at the end of June 30, 2026. Please use this time to migrate your user account and connections. All data will be deleted after this date.


Nova@Chishiki611@enby.life boosted:
@jerry@infosec.exchange (2026-05-23 22:23:05)
If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised.  The latest patch will help clean up the mess.

See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8

Nova@Chishiki611@enby.life boosted:
@hollo@hollo.social (2026-05-21 02:39:43)
Hollo security updates: 0.7.17, 0.8.6, and 0.9.1
If you run Hollo, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and Hollo depends on Fedify for ActivityPub federation.

Fedify verifies incoming ActivityPub activities with several mechanisms, including HTTP Signatures, Object Integrity Proofs, and Linked Data Signatures. The vulnerable path is Linked Data Signatures: the signature is checked over the canonical RDF graph, but JSON-LD can represent the same graph in more than one JSON shape. In affected versions, that gap could let a signed activity be reshaped so that Fedify reads a different ActivityPub object shape than intended—without invalidating the signature.

The fix makes Fedify normalize Linked Data Signature-verified activities against its local JSON-LD context before interpreting them, and rejects JSON-LD constructs that can preserve the signed RDF graph while changing the ActivityPub object shape. For full technical details of the underlying vulnerability, see the Fedify security announcement.

All Hollo versions up to and including 0.7.16, 0.8.5, and 0.9.0 are affected. Patched releases are 0.7.17 for the 0.7.x series, 0.8.6 for the 0.8.x series, and 0.9.1 for the 0.9.x series.

For 0.7.x deployments, update to 0.7.17:

docker pull ghcr.io/fedify-dev/hollo:0.7.17
For 0.8.x deployments, update to 0.8.6:

docker pull ghcr.io/fedify-dev/hollo:0.8.6
For 0.9.x deployments, update to 0.9.1:

docker pull ghcr.io/fedify-dev/hollo:0.9.1
After pulling the new image, restart your Hollo container. If you deploy from source, pull the corresponding release tag and restart.

Thanks to @Claire for the report and responsible disclosure to the Fedify project.

If anything is unclear, ask below.


Nova@Chishiki611@enby.life boosted:
@admin@app.wafrn.net (2026-05-21 01:10:03)
Images available now

If you updated last week already, you just use the standard update method



RE: https://app.wafrn.net/fediverse/post/f84a56a2-d43a-4d2a-a461-618fdf0fa53a

Nova@Chishiki611@enby.life boosted:
@fedify@hollo.social (2026-05-21 02:35:44)
Fedify security updates: 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3
If you use Fedify, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling. An attacker could use JSON-LD graph-restructuring features to change how a signed activity is interpreted without invalidating its Linked Data Signature.

The fix makes Fedify normalize Linked Data Signature-verified activities against Fedify's local JSON-LD context before interpreting them, and rejects JSON-LD constructs that can preserve the signed RDF graph while changing the ActivityPub object shape consumed by Fedify.

Patched releases are 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3. The GitHub Security Advisory is GHSA-9rfg-v8g9-9367, and the CVE ID is CVE-2026-42462.

Update @fedify/fedify:

npm update @fedify/fedify
yarn upgrade @fedify/fedify
pnpm update @fedify/fedify
bun update @fedify/fedify
deno update @fedify/fedify
After updating, redeploy. If you run other Fedify-based servers, update those too.

Thanks to @Claire for the report and responsible disclosure.

If anything is unclear, ask below.


Nova@Chishiki611@enby.life boosted:
@misty@digipres.club (2026-05-21 00:40:16)
Hometown admins: we’ve released v4.5.10+hometown-1.2.1. This incorporates today’s Mastodon security release which fixes high severity bugs. We recommend that all admins update immediately. https://github.com/hometown-fork/hometown/releases/tag/v4.5.10%2Bhometown-1.2.2

#HometownAdmin


Nova@Chishiki611@enby.life boosted:
@sharkey@sharkey.team (2026-05-20 23:49:46)
develop has been updated! happy patching, everyone


Nova@Chishiki611@enby.life boosted:
@noisytoot@berkeley.edu.pl (2026-05-20 23:26:05)
For Akkoma and Pleroma users, this says:

Unofficial Announcement: We just released 2026.5.4-beta.0 of Misskey, which includes important security fixes. Official 2026.5.4, along with security advisory, is expected to be released several hours later due to timezone differences.

RE: https://transfem.social/notes/amhpmefg5yrf003n


Nova@Chishiki611@enby.life boosted:
@kakkokari_gtyih@transfem.social (2026-05-20 23:16:52)
Unofficial Announcement: We just released 2026.5.4-beta.0 of Misskey, which includes important security fixes. Official 2026.5.4, along with security advisory, is expected to be released several hours later due to timezone differences.


Nova@Chishiki611@enby.life boosted:
@sharkey@sharkey.team (2026-05-20 22:48:26)
We've released 2025.4.7, containing the security fixes mentioned. Work on merging the security fixes into develop is underway.

RE: https://sharkey.team/notes/amckzae8d8ka0001


Nova@Chishiki611@enby.life boosted:
@ShadowJonathan@tech.lgbt (2026-05-20 22:20:28)
ok they released it: https://github.com/mastodon/mastodon/releases/tag/v4.5.10

gogogo


Nova@Chishiki611@enby.life boosted:
@admin@enby.life (2026-05-17 11:14:10)
Enby.Life will be releasing and deploying a patched version of Campfire fork after this security update drops. As a reminder - we have already applied non-code mitigations to protect Enby.Life users, but Campfire itself is generally vulnerable. Any instances running our fork or custom branches should prepare to update as well. We will also be rotating all Enby.Life users's ActivityPub Actor keys before the update as a precaution.

RE: https://sharkey.team/notes/amckzae8d8ka0001


Nova@Chishiki611@enby.life (2026-05-20 10:52:04)
(⭐ hosts) admins, be ready to hit the ground running - there are around 12 hours until the half-way point between the release window opening and closing.

RE: https://sharkey.team/notes/amckzae8d8ka0001