Post · bonfire.cafe

Post

🔒 Security Release: BotKit 0.3.1

We've released BotKit 0.3.1 with an important security fix.

This update addresses CVE-2025-68475 (High severity, CVSS 7.5), a ReDoS vulnerability in Fedify's HTML parsing that could cause denial of service.

If you're using BotKit 0.3.x, please upgrade to 0.3.1 as soon as possible.

📦 Release notes
🔐 Security advisory

#BotKit #Fedify #ActivityPub #fediverse #security

GitHub

Release BotKit 0.3.1 · fedify-dev/botkit

Released on December 20, 2025. Upgraded Fedify to 1.8.15, which includes a critical security fix CVE-2025-68475 that addresses a ReDoS (Regular Expression Denial of Service) vulnerability in HTML ...

GitHub

ReDoS Vulnerability in HTML Parsing Regex

Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Servic...

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.41 no JS en

Automatic federation enabled