Show Notes online - http://podcast.thinkingelixir.com/306

Elixir Community News

• https://paraxial.io/ – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a special offer.
• The Thinking Elixir Podcast is ending June 23rd, 2026, after 6 years of weekly episodes.
• https://x.com/maennchen_/status/2059586280711651745 – Jonatan Männchen of the EEF notes that 35% of EEF CVEs are uncontrolled resource consumption, with atom exhaustion as a recurring cause.
• https://erlef.org/blog/security/atom-exhaustion – EEF blog post — atom exhaustion accounts for roughly one tenth of all BEAM ecosystem CVEs, yet it's well understood and preventable.
• https://cna.erlef.org/common-weaknesses – EEF CNA Common Weaknesses page showing the current CVE category distribution.
• https://hex.pm/packages/sobelow – Sobelow is a great Elixir security scanner that detects atom exhaustion and other issues — easy to add to CI.
• https://x.com/benoitc/status/2058909986084819267 – Announcement of hackney 4.0.1, a security release fixing vulnerabilities across HTTP/1.1, HTTP/2, HTTP/3, and WebSocket.
• https://github.com/benoitc/hackney/releases/tag/4.0.1 – hackney 4.0.1 release — fixes 9 CVEs (1 low, 4 medium, 4 high); upgrade to v4.0.3 for HTTP/3 certificate verification too.
• https://github.com/benoitc/hackney/blob/master/NEWS.md – hackney changelog with full details on all security fixes in 4.0.1 through 4.0.3.
• https://www.linkedin.com/posts/pjullrich_elixirlang-share-7464694254557237248-sICM/ – Peter Ullrich urges upgrading hackney to 4.0.1 ASAP after he and two others reported the vulnerabilities using AI-assisted research.
• https://cna.erlef.org/cves/ – EEF CNA CVE listing page referenced by Peter Ullrich in his hackney disclosure post.
• https://bsky.app/profile/tylerayoung.com/post/3mmwal5yrkc2y – Tyler Young upgraded to Elixir 1.20-rc.6 and the new type system found ~500 issues 1.19 missed, including real bugs.
• https://x.com/dan_note/status/2057966143369777407 – Dannote announces "vibe", a new BEAM-native coding agent for Elixir/OTP projects.
• https://github.com/elixir-vibe/vibe – vibe GitHub repo — a local OTP app with TUI, LiveView console, subagents, plugins, and project-aware Elixir eval. Experimental.
• https://bsky.app/profile/tylerayoung.com/post/3mmrla7tqrs2d – Tyler Young releases jump_credo_checks v0.3.0 with a new UnusedLiveViewAssign check.
• https://x.com/claudedevs/status/2059385239781384341 – Anthropic ships a free security-guidance plugin for Claude Code that reviews code at three levels; saw 30-40% fewer security PR comments internally.
• https://x.com/ogrizkov/status/2059417410940145689 – A user tested the Claude Code security plugin — it immediately blocked eval() and a dangerous regex with OWASP explanations.

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com

Find us online

• Message the show - Bluesky
• Message the show - X
• Message the show on Fediverse - @ThinkingElixir@genserver.social
• Email the show - show@thinkingelixir.com
• Mark Ericksen on X - @brainlid
• Mark Ericksen on Bluesky - @brainlid.bsky.social
• Mark Ericksen on Fediverse - @brainlid@genserver.social
• David Bernheisel on Bluesky - @david.bernheisel.com
• David Bernheisel on Fediverse - @dbern@genserver.social

Sponsored By:

• Paraxial.io: Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a special offer.