@@ -331,7 +331,7 @@ To be released.
331331Version 2.3.2
332332-------------
333333
334- To be released .
334+ Released on July 15, 2026 .
335335
336336### @fedify/fedify
337337
@@ -345,7 +345,7 @@ To be released.
345345 caller. Both requests, including any redirect hops, are now validated
346346 against private and non-public addresses, consistent with the protections
347347 already applied to WebFinger lookups and the built-in document loader.
348- [[ GHSA- hqph -j65v-8cq5 ]]
348+ [[ CVE- 2026 -62857 ]]
349349
350350 - Fixed custom collection dispatchers registered through
351351 ` FederationBuilder.setCollectionDispatcher() ` and
@@ -375,7 +375,7 @@ To be released.
375375 npm publish artifact skipped the ` prepack ` step that materializes the
376376 symlinked skill directory before packing.
377377
378- [ GHSA-hqph-j65v-8cq5 ] : https://github.com/fedify-dev/fedify/security/advisories/GHSA-hqph-j65v-8cq5
378+ [ CVE-2026-62857 ] : https://github.com/fedify-dev/fedify/security/advisories/GHSA-hqph-j65v-8cq5
379379[ #849 ] : https://github.com/fedify-dev/fedify/issues/849
380380[ #851 ] : https://github.com/fedify-dev/fedify/pull/851
381381[ #916 ] : https://github.com/fedify-dev/fedify/issues/916
@@ -964,7 +964,7 @@ Released on June 25, 2026.
964964Version 2.2.7
965965-------------
966966
967- To be released .
967+ Released on July 15, 2026 .
968968
969969### @fedify/fedify
970970
@@ -978,7 +978,7 @@ To be released.
978978 caller. Both requests, including any redirect hops, are now validated
979979 against private and non-public addresses, consistent with the protections
980980 already applied to WebFinger lookups and the built-in document loader.
981- [[GHSA-hqph-j65v-8cq5 ]]
981+ [[CVE-2026-62857 ]]
982982
983983 - Fixed custom collection dispatchers registered through
984984 `FederationBuilder.setCollectionDispatcher()` and
@@ -1438,7 +1438,7 @@ Released on April 28, 2026.
14381438Version 2.1.18
14391439--------------
14401440
1441- To be released .
1441+ Released on July 15, 2026 .
14421442
14431443### @fedify/fedify
14441444
@@ -1452,7 +1452,7 @@ To be released.
14521452 caller. Both requests, including any redirect hops, are now validated
14531453 against private and non-public addresses, consistent with the protections
14541454 already applied to WebFinger lookups and the built-in document loader.
1455- [[GHSA-hqph-j65v-8cq5 ]]
1455+ [[CVE-2026-62857 ]]
14561456
14571457 - Fixed custom collection dispatchers registered through
14581458 `FederationBuilder.setCollectionDispatcher()` and
@@ -2077,7 +2077,7 @@ Released on March 24, 2026.
20772077Version 2.0.22
20782078--------------
20792079
2080- To be released .
2080+ Released on July 15, 2026 .
20812081
20822082### @fedify/fedify
20832083
@@ -2091,7 +2091,7 @@ To be released.
20912091 caller. Both requests, including any redirect hops, are now validated
20922092 against private and non-public addresses, consistent with the protections
20932093 already applied to WebFinger lookups and the built-in document loader.
2094- [[GHSA-hqph-j65v-8cq5 ]]
2094+ [[CVE-2026-62857 ]]
20952095
20962096 - Fixed custom collection dispatchers registered through
20972097 `FederationBuilder.setCollectionDispatcher()` and
@@ -3137,7 +3137,7 @@ Released on February 22, 2026.
31373137Version 1.10.12
31383138---------------
31393139
3140- To be released .
3140+ Released on July 15, 2026 .
31413141
31423142### @fedify/fedify
31433143
@@ -3151,7 +3151,7 @@ To be released.
31513151 caller. Both requests, including any redirect hops, are now validated
31523152 against private and non-public addresses, consistent with the protections
31533153 already applied to WebFinger lookups and the built-in document loader.
3154- [[GHSA-hqph-j65v-8cq5 ]]
3154+ [[CVE-2026-62857 ]]
31553155
31563156
31573157Version 1.10.11
@@ -3421,7 +3421,7 @@ Released on December 24, 2025.
34213421Version 1.9.13
34223422--------------
34233423
3424- To be released .
3424+ Released on July 15, 2026 .
34253425
34263426### @fedify/fedify
34273427
@@ -3435,7 +3435,7 @@ To be released.
34353435 caller. Both requests, including any redirect hops, are now validated
34363436 against private and non-public addresses, consistent with the protections
34373437 already applied to WebFinger lookups and the built-in document loader.
3438- [[GHSA-hqph-j65v-8cq5 ]]
3438+ [[CVE-2026-62857 ]]
34393439
34403440
34413441Version 1.9.12
0 commit comments