Todd Sundsted@toddsundsted@epiktistes.com: Release v3.3.9 of Ktistec continues the security h…

Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Todd Sundsted@toddsundsted@epiktistes.com (2026-05-21 19:50:48)
Release v3.3.9 of Ktistec continues the security hardening work from recent releases, with further progress on the Mastodon-compatible API.

Of note: all network connections now go through a new Ktistec::Network module. This allows Ktistec to limit the size of HTTP bodies it reads, on both inbound and outbound requests, and ensures it only opens connections to valid remote IP addresses.

Here's the full changelog:

Added

New Mastodon-compatible APIs.
Fixed

Close DNS rebinding window for outbound HTTP requests.
Limit the size of HTTP bodies the server reads.
Sanitize RSS feed output to prevent CDATA breakout.
Destroy all sessions and access tokens on account termination.
Changed

Ensure all GET and POST requests utilize Ktistec::Network.
Process local recipients in-process in inbox/outbox activity processors.
As always, it's worth upgrading for the security fixes!

#ktistec #crystallang #activitypub #fediverse