Show Notes online - http://podcast.thinkingelixir.com/306

Elixir Community News

• https://paraxial.io/ – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a special offer.
• The Thinking Elixir Podcast is ending June 23rd, 2026, after 6 years of weekly episodes.
• https://x.com/maennchen_/status/2059586280711651745 – Jonatan Männchen of the EEF notes that 35% of EEF CVEs are uncontrolled resource consumption, with atom exhaustion as a recurring cause.
• https://erlef.org/blog/security/atom-exhaustion – EEF blog post — atom exhaustion accounts for roughly one tenth of all BEAM ecosystem CVEs, yet it's well understood and preventable.
• https://cna.erlef.org/common-weaknesses – EEF CNA Common Weaknesses page showing the current CVE category distribution.
• https://hex.pm/packages/sobelow – Sobelow is a great Elixir security scanner that detects atom exhaustion and other issues — easy to add to CI.
• https://x.com/benoitc/status/2058909986084819267 – Announcement of hackney 4.0.1, a security release fixing vulnerabilities across HTTP/1.1, HTTP/2, HTTP/3, and WebSocket.
• https://github.com/benoitc/hackney/releases/tag/4.0.1 – hackney 4.0.1 release — fixes 9 CVEs (1 low, 4 medium, 4 high); upgrade to v4.0.3 for HTTP/3 certificate verification too.
• https://github.com/benoitc/hackney/blob/master/NEWS.md – hackney changelog with full details on all security fixes in 4.0.1 through 4.0.3.
• https://www.linkedin.com/posts/pjullrich_elixirlang-share-7464694254557237248-sICM/ – Peter Ullrich urges upgrading hackney to 4.0.1 ASAP after he and two others reported the vulnerabilities using AI-assisted research.
• https://cna.erlef.org/cves/ – EEF CNA CVE listing page referenced by Peter Ullrich in his hackney disclosure post.
• https://bsky.app/profile/tylerayoung.com/post/3mmwal5yrkc2y – Tyler Young upgraded to Elixir 1.20-rc.6 and the new type system found ~500 issues 1.19 missed, including real bugs.
• https://x.com/dan_note/status/2057966143369777407 – Dannote announces "vibe", a new BEAM-native coding agent for Elixir/OTP projects.
• https://github.com/elixir-vibe/vibe – vibe GitHub repo — a local OTP app with TUI, LiveView console, subagents, plugins, and project-aware Elixir eval. Experimental.
• https://bsky.app/profile/tylerayoung.com/post/3mmrla7tqrs2d – Tyler Young releases jump_credo_checks v0.3.0 with a new UnusedLiveViewAssign check.
• https://x.com/claudedevs/status/2059385239781384341 – Anthropic ships a free security-guidance plugin for Claude Code that reviews code at three levels; saw 30-40% fewer security PR comments internally.
• https://x.com/ogrizkov/status/2059417410940145689 – A user tested the Claude Code security plugin — it immediately blocked eval() and a dangerous regex with OWASP explanations.

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com

Find us online

• Message the show - Bluesky
• Message the show - X
• Message the show on Fediverse - @ThinkingElixir@genserver.social
• Email the show - show@thinkingelixir.com
• Mark Ericksen on X - @brainlid
• Mark Ericksen on Bluesky - @brainlid.bsky.social
• Mark Ericksen on Fediverse - @brainlid@genserver.social
• David Bernheisel on Bluesky - @david.bernheisel.com
• David Bernheisel on Fediverse - @dbern@genserver.social

Sponsored By:

• Paraxial.io: Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a special offer.

Show Notes online - http://podcast.thinkingelixir.com/255

Elixir Community News

• https://www.honeybadger.io/ – Honeybadger.io is sponsoring today's show! Keep your apps healthy and your customers happy with Honeybadger! It's free to get started, and setup takes less than five minutes.
• https://www.erlang.org/news/180 – OTP 28 release announcement with new priority messages functionality and SBOM support
• https://www.erlang.org/eeps/eep-0076 – EEP 76 specification for priority messages in OTP 28
• https://www.youtube.com/playlist?list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z – ElixirConf EU 2025 YouTube playlist with conference videos
• https://www.youtube.com/watch?v=ojL_VHc4gLk&list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z&index=3 – Chris McCord's keynote "Code Generators are Dead. Long Live Code Generators"
• https://x.com/chris_mccord/status/1923417060593356889 – Chris McCord's announcement about phoenix.new paid service
• https://phoenix.new/ – Chris McCord's new phoenix.new paid service at Fly.io
• https://www.youtube.com/watch?v=4IWShnVuRCg&list=PLvL2NEhYV4Zu421KzHuLICUqieJXI2o_Z&index=2 – James Arthur's keynote "Introducing Phoenix Sync" from ElixirConf EU
• https://github.com/electric-sql/phoenix_sync/ – Phoenix Sync GitHub repository for real-time sync to Postgres-backed Phoenix apps
• https://hexdocs.pm/phoenix_sync/readme.html – Phoenix Sync documentation on HexDocs
• https://github.com/josevalim/sync – José Valim's sync project that inspired Phoenix Sync
• https://erlef.org/blog/eef/election-2025-results – EEF board election results for Cohort C
• https://x.com/TheErlef/status/1924531926008004633 – EEF Twitter announcement of election results
• https://erlef.org/blog/eef/election-2025-candidates – Information about the EEF election candidates
• https://erlef.org/blog/security/eef-cna-announcement – EEF becomes CVE Numbering Authority for Hex and BEAM ecosystem
• https://github.com/erlef-cna – EEF CNA GitHub organization
• https://cna.erlef.org/ – EEF CNA website
• https://github.com/surface-ui/surface – Surface UI project for server-side rendering components
• https://github.com/phoenixframework/phoenix_live_view/pull/3810 – Draft PR for co-located hooks and macro components in LiveView
• https://github.com/tv-labs/lua – Elixir Lua package v0.2.x release by TvLabs
• https://x.com/davydog187/status/1925186045156463034 – Dave's tweet about ElixirConf EU Luerl talk
• https://www.youtube.com/watch?v=4YBBoXXH_98 – "Lua on the BEAM" talk by Dave Lucia & Robert Virding
• https://discord.gg/6Ukp9vpj – Discord link for Lua community
• https://x.com/germsvel/status/1922602086065148093 – German Velasco's video highlighting LiveDebugger tool
• https://bsky.app/profile/germsvel.com/post/3lp4snnkpj225 – German Velasco's BlueSky post about LiveDebugger
• https://podcast.thinkingelixir.com/249 – Thinking Elixir episode 249 featuring LiveDebugger discussion
• https://hexdocs.pm/mdex/MDEx.Sigil.html – MDEx v0.7 documentation for new ~MD sigil
• https://hexdocs.pm/autumn – Autumn syntax highlighter package that works with MDEx
• https://github.com/leandrocp/mdex_mermaid – MDEx Mermaid plugin for adding mermaid support to Markdown
• https://bsky.app/profile/zachdaniel.dev/post/3lpofyykwds2i – Zach Daniel's BlueSky post about usage_rules.md convention
• https://hexdocs.pm/usage_rules – Usage rules package documentation
• https://github.com/ash-project/usage_rules/ – Usage rules GitHub repository
• https://blogs.windows.com/windowsdeveloper/2025/05/19/the-windows-subsystem-for-linux-is-now-open-source/ – Microsoft announcement about Windows Subsystem for Linux going open source
• https://www.zdnet.com/article/believe-it-or-not-microsoft-just-announced-a-linux-distribution-service-heres-why/ – ZDNet article explaining Microsoft's Linux strategy and Azure statistics

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com

Find us online

• Message the show - Bluesky
• Message the show - X
• Message the show on Fediverse - @ThinkingElixir@genserver.social
• Email the show - show@thinkingelixir.com
• Mark Ericksen on X - @brainlid
• Mark Ericksen on Bluesky - @brainlid.bsky.social
• Mark Ericksen on Fediverse - @brainlid@genserver.social
• Dave Lucia - @davydog187

Sponsored By:

• Honeybadger.io: Honeybadger is a performance monitoring and error tracking tool that combines the best monitoring features into one simple interface that works with all the frameworks you use and comes with fantastic support from a small team of passionate developers. With error tracking, performance and uptime monitoring, log management, dashboards, and more, Honeybadger has everything you need to gain real-time insights into the health of your Elixir and Phoenix applications. Keep your apps healthy and your customers happy with Honeybadger! It's free to get started, and setup takes less than five minutes. Start monitoring today →