Types, CVEs, and Hot Reloads

News includes a major milestone for Elixir's set-theoretic types as inference of all language constructs is completed and merged with Elixir v1.20.0-rc.5 hot on its heels, OTP 29.0 drops as a major release with secure-by-default SSH, post-quantum SSL key exchange, Erlang doctests, and more, a wave of high-severity CVEs hits the Elixir and Phoenix stack prompting the EEF CNA to take on a larger work load as AI-driven vulnerability reports surge, string processing in Elixir gets a serious speed boost via SWAR (SIMD Within A Register) optimizations with 1.5–5x improvements across Base and String operations, and a handy tip for enabling state-preserving hot reloads in Phoenix LiveView with just a small dev.exs config tweak, and more!

Show Notes online - http://podcast.thinkingelixir.com/304

Elixir Community News

• https://paraxial.io/ – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a special offer.
• https://x.com/josevalim/status/2054202778990383152 – José Valim announces that "inference of all language constructs" for Elixir's set-theoretic types has been completed and merged.
• https://github.com/elixir-lang/elixir/issues/14558 – The meta-issue tracking set-theoretic type inference of all Elixir constructs, now wrapped up. Includes occurrence typing for high-degree precision. A new RC is expected soon on the way to Elixir v1.20.
• https://x.com/josevalim/status/2054631923893313662 – José Valim announces the release of Elixir v1.20.0-rc.5 with the latest batch of typing and performance improvements.
• https://github.com/elixir-lang/elixir/releases/tag/v1.20.0-rc.5 – Release notes for Elixir v1.20.0-rc.5. The team says they are very close to the final release and encourages users to try it and report issues.
• https://cna.erlef.org/ – The EEF CNA (CVE Numbering Authority) has seen a large increase in volume of CVEs, largely driven by AI tools. They are considering a funding campaign to cover the increased costs of fixing and administering CVEs.
• https://bsky.app/profile/tylerayoung.com/post/3mlsxbdmrw22e – Tyler Young highlights a heap of recent high-severity CVEs published against the typical Elixir + Phoenix web stack. Packages to check include cowboy < 2.15.0, cowlib < 2.16.1, plug < 1.19.2, bandit < 1.11.1, and decimal < 3.0.0.
• https://cna.erlef.org/cves/ – Full list of CVEs issued by the EEF CNA.
• https://hex.pm/packages/mix_audit – The mix_audit package can be installed and run via mix deps.audit to check your app against up-to-date published CVEs. Recommended to make it part of your CI pipeline.
• https://www.erlang.org/news/188 – OTP 29.0 released as a new major version. Highlights include unsafe function warnings, SSH daemon now defaults to disabled shell/exec services, SFTP no longer enabled by default, post-quantum hybrid key exchange as default in SSL, ANSI terminal support, Erlang doctest support, and xref now handles ignore_xref natively. Note that 32-bit Windows builds are no longer available.
• https://bsky.app/profile/peterullrich.com/post/3mlmb7kwgoc2w – Peter Ullrich highlights performance improvements landing in Elixir — Base.valid(16|32|64)? is now 1.5-2.8x faster thanks to SWAR (SIMD Within A Register) optimizations.
• https://github.com/elixir-lang/elixir/pull/15357 – PR adding SWAR (SIMD Within A Register) versions of Base validations to Elixir. SWAR treats a CPU register like a small vector to check multiple bytes at once instead of one by one.
• https://github.com/elixir-lang/elixir/pull/15255 – PR applying SWAR optimization to ASCII fast paths in String.length/1 and String.slice, yielding 2-5x improvements for pure-ASCII strings.
• https://github.com/erlang/otp/pull/10948 – The SWAR technique was also applied to Erlang itself, accelerating binary ASCII traversal using 56-bit SWAR. Improvements range from 0x to 2x depending on the operation.
• https://www.linkedin.com/posts/jskalec_phoenix-liveview-has-one-massive-dx-feature-share-7459520758126473216-glO8 – The creator of the live_vue project shares a tip for enabling state-preserving hot reloads in Phoenix LiveView.

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com

Find us online

• Message the show - Bluesky
• Message the show - X
• Message the show on Fediverse - @ThinkingElixir@genserver.social
• Email the show - show@thinkingelixir.com
• Mark Ericksen on X - @brainlid
• Mark Ericksen on Bluesky - @brainlid.bsky.social
• Mark Ericksen on Fediverse - @brainlid@genserver.social
• David Bernheisel on Bluesky - @david.bernheisel.com
• David Bernheisel on Fediverse - @dbern@genserver.social