zachdaniel

zachdaniel

Creator of Ash

Minor Ash CVE: Email link auto-click account confirmation vulnerability

Hey folks, we have a minor CVE issued for AshAuthentication. Please read the CVE and update accordingly. Relatively low severity, can’t compromise a user’s data, but there is an opportunity for a user to be “confirmed” for an email they do not have access to.

The Ash team takes security extremely seriously and always follow the proper procedure for filing CVEs for all security issues. This is just on the borderline of whether or not a CVE wouldn’t even be necessary, but we err on the side of caution.

Where Next?

Popular in News & Updates Top

jimsynz
As some of you know, I have been working on a tight integration between Ash and Reactor which has triggered a few small bug fixes in Spar...
New
ConnorRigby
This week we added official Nerves support for the OSD32MP1 line of SOMs. Currently we have tested the osd32mp1-brk breakout board, and ...
New
DominikWolek
After years of developing our framework, we have a release candidate for Membrane Core 1.0! :tada: The new version introduces children g...
New
zachdaniel
Hey folks! AshEvents Release We’ve just released the first version of AshEvents, an Event Sourcing tool for Ash Framework apps. Check o...
New
jjcarstens
The Raspberry Pi is a very popular hardware platform for Nerves users and the official systems are getting an upgrade! :tada: :beers: Wh...
New
zachdaniel
Hey folks! I’ve begun putting together some concrete, framework-wide tooling and guidance on the usage of LLMs in development. The goal h...
New
DominikWolek
Hi everyone! After about 3 months of really hard work, we have released the very first version of Jellyfish Media Server! The best star...
New
fhunleth
We’re excited to announce that we’re actively working on NervesHub 2.0, an improved version of our IoT device firmware update and managem...
New
bartblast
Hey there! There’s a new kid on the block! :smiley: What is it? Full stack isomorphic Elixir web framework that can be used on top of P...
New
fhunleth
I wanted to let everyone know that the Erlang Ecosystem Foundation (EEF) has a working group dedicated to embedded systems and IoT. We ha...
New

Other popular topics Top

hariharasudhan94
lets say i have a sample like a = 20; b = 10; if (a > b) do {:ok, "a"} end if (a < b) do {:ok, b} end if (a == b) do {:ok, "equa...
New
sorentwo
Hello! tl;dr Announcing Oban, an Ecto based job processing library with a focus on reliability and historical observability. After spen...
985 43487 311
New
TunkShif
This post is an instruction guide to help you setup your Neovim for Elixir development from scratch. It includes general information on h...
274 41989 114
New
pmjoe
I have a relationship of love and hate with Elixir. Lots of things are just absolutely right, but there are some things that are kind of ...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
gausby
I asked this very same question on twitter and got some interesting feedback, but I thought it would be a good question to ask here as we...
1207 39467 209
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New
jaysoifer
Is there a way to rollback a specific migration and only that one (“skipping” all the other ones)? Would mix ecto.rollback -v 200809061...
New
svb
Hi! Currently I want to submit a form by pressing the Enter key. However, since my input field is of type “textarea” this is just adds a...
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement