v2026.5.1
This release contains several critical security patches, as well as minor fixes and improvements. Upgrading is strongly recommended for all server operators.
### Security
- Fixed signature bypass with certain keywords (reported by Mastodon)
- Fixed signature bypass with improper algorithm ordering
- Fixed XSS in emoji autocompleter
- Disabled hashtag channel
### Miscellaneous
- Fixed service worker not properly loading
### Attribution
This release was made possible by project contributors: mia
Furthermore, I want to give special thanks to Mastodon for the vulnerability disclosure.
Iceshrimp Updates Bot
@iceshrimp_updates@meow.company