Latest #security Threads 
Episode 308 of Thinking Elixir. Elixir v1.20 has officially landed, marking a huge milestone as the language is now officially a graduall...
New
Episode 307 of Thinking Elixir. Mark shares a bittersweet housekeeping update. The Thinking Elixir Podcast is winding down, with the fina...
New
Episode 306 of Thinking Elixir. Security takes center stage this week as the EEF’s Jonatan Männchen highlights that atom exhaustion accou...
New
Episode 305 of Thinking Elixir. News includes Elixir 1.20.0-rc.6 arriving as likely the final release candidate before v1.20.0 ships, com...
New
:warning: Security advisory: Decimal DoS vulnerability
A vulnerability has been published for decimal where very large exponents can cau...
New
Following has been copied from the Erlef website:
Vulnerability description
Allocation of Resources Without Limits or Throttling vulnera...
New
Episode 300 of Thinking Elixir. It’s Episode 300 — a milestone just under 6 years in the making! To celebrate, we kick things off with a ...
New
Episode 298 of Thinking Elixir. News includes the hex.pm website getting a fresh new redesign, the Hex 2.4 package manager upgrading to O...
New
Vet is a dependency security scanner for Elixir. It detects supply chain attacks by walking the AST of every dependency in your lock file...
New
Hi everyone,
I’ve been researching Content Security Policy Level 3 support in Phoenix and wanted to share my findings and a proposal for...
New
This Week's Trending
This Month's Trending
Episode 306 of Thinking Elixir. Security takes center stage this week as the EEF’s Jonatan Männchen highlights that atom exhaustion accou...
New
Episode 307 of Thinking Elixir. Mark shares a bittersweet housekeeping update. The Thinking Elixir Podcast is winding down, with the fina...
New
Episode 308 of Thinking Elixir. Elixir v1.20 has officially landed, marking a huge milestone as the language is now officially a graduall...
New
This Year's Trending
WebAuthnLiveComponent WebAuthnComponents
See this post about renaming the package.
Passwordless authentication for Phoenix LiveView app...
New
Generates a dependency inventory, or “Software Bill-of-Materials” (SBoM), including package versions and licenses, in a format that can b...
New
Vet is a dependency security scanner for Elixir. It detects supply chain attacks by walking the AST of every dependency in your lock file...
New
Hi everyone,
I’ve been researching Content Security Policy Level 3 support in Phoenix and wanted to share my findings and a proposal for...
New
:warning: Security advisory: Decimal DoS vulnerability
A vulnerability has been published for decimal where very large exponents can cau...
New
One package.
One update.
A worm crawling through the BEAM ecosystem.
A dark “what if” — and how we can stop it before it’s real.
New
OpenSSF Siren published a TLP:CLEAR advisory (March 1, 2026) about an ongoing attack campaign called “hackerbot-claw”. This is being expl...
New
In 2026 double submit/session tokens are no longer necessary to prevent against CSRF attacks. Instead, we can use the Sec-Fetch-Site head...
New
Following has been copied from the Erlef website:
Vulnerability description
Allocation of Resources Without Limits or Throttling vulnera...
New
Following on from part of the discussion in the Digital Nomads & Frequent Travellers (Tips/Advice/Chat) thread, I thought it might be...
New
Software in regulated industries must comply with:
Auditability laws that require tamper-proof, long-term storage of event logs
Privacy...
New
Episode 300 of Thinking Elixir. It’s Episode 300 — a milestone just under 6 years in the making! To celebrate, we kick things off with a ...
New
This may be a real beginner thing to be figuring out, but I’m working on both:
Good security practices
Phoenix module naming
Here’s my...
New
Episode 283 of Thinking Elixir. News includes celebrating Erlang’s 27th birthday as open source, results from the Elixir Hub 2025 survey ...
New
Hey everyone! I just released CfBouncer, a small library that keeps your Cloudflare WAF block rules in sync with your Phoenix application...
New
Last Three Year's Trending
This week i focus to web security. I read blogposts watch videos . As far as i know ecto queries protect us from SQL injection, changeset...
New
I had a bit of a mini-adventure following Sobelow’s advice on adding a CSP to a Phoenix App. If you want to follow along, or want to add ...
New
I have noticed that the session cookie is not set to secure, how to turn the secure flag on for Phoenix sessions?
New
Just seen this on LinkedIn, and didn’t see any threads here. Looks like a severe problem with anything running xz library (brew lists it ...
New
So this is something I am working on for a client I will reference as REDACTED, because they are :slight_smile:
I’ve discussed it a fair...
New
Hi all,
The last weeks I’ve been working on a library implementing the server side of WebAuthn: Wax.
Link: https://github.com/tanguilp/...
New
Hi Elixir Forum,
I’ve been working on Paraxial.io for a while now, and am excited to announce the beta is officially live! Here’s the an...
New
You may have seen that a critical security vulnerability has been disclosed in the OTP SSH implementation that could permit an attacker t...
New
Erlang/OTP’s :public_key application provides a set of high-level APIs for working with common PKI-related data structures. Under the hoo...
New
“Vision for a Secure Elixir Ecosystem: An Empirical Study of Vulnerabilities in Elixir Programs” was published by the ACM in April, 2022....
New
Howdy howdy everyone!
@PJUllrich and I have built our first Pro library, Phx2Ban! Phx2Ban is a web application firewall that you can ins...
New
I’m learning Elixir and Phoenix now and really like it so far. However I started thinking of security.
What is the history of 0day-explo...
New
We were notified by Panagiotis Nezis that certain payloads could take a long time to process when converted to integers. New Erlang/OTP v...
New
How do I set security header for phoenix elixir application.
I used this plug, but its not working.
defmodule Provider.Plugs.SecurityHe...
New
Hi guys,
I have a question, so I’m wondering what is the best way to do this?
I’m using Phoenix gen command, for generating liveview co...
New
Trending Over Three Years
Sobelow
Sobelow is a security-focused static analysis tool for the Phoenix framework. For security researchers, it is a useful tool for g...
New
Hi everybody,
I’m working on a new API, and digging (once again, why not?) on how to provide auth capabilities to it, I found an interes...
New
At start some definitions:
HTTPS (is a protocol for secure communication over a computer network which is widely used on the Internet) -...
New
Bad news. You have to upgrade Rebar3. We just noticed that SSL validation had been partially disabled for years.
I’ve written up all the...
New
I’m trying to set up an elixir application that uses OpenID connect for authentication. I don’t want to roll my own security so I am usin...
New
Recently we passed a security audit for a new customer that used some security analysis tools and they pointed out some Blind SQL Injecti...
New
Hi,
I use sobelow to highlight potential security issues, and the latest version has started warning if no content-security-policy heade...
New
Hello,
I have recently been working with Phoenix Channels. The whole process has been incredibly straightforward so far! The one thing I...
New
Today I saw this newsletter:
The interesting bit is in the clairvoyance part of the newsletter, where it reveals us a new tool to reve...
New
Hello,
I am trying to get an alexa skill certified by Amazon. As part of the certification process, they want the server to validate th...
New
Hi!
How can I disable introspection in Absinthe/GraphQL?
I would like the GraphQL API to respond only to defined queries and mutations,...
New
Hello Everyone,
We are using LiveView to build a feature that displays some information in the admin dashboard of our Application, but w...
New
I find myself quite often in the following situation.
Colleague: “Elixir/Erlang is problematic because we cannot secure the VM (i.e. Bea...
New
Is there any way to protect and obfuscate my elixir application? Is it required at all? As I understood I can remove debug info but does ...
New
I’ve been looking for an open-source database of Elixir vulnerabilities, similar to The Ruby Advisory Database, The RustSec Advisory Data...
New
Latest on Elixir Forum
Get money off!
The Pragmatic Bookshelf
35% off any eBook
Manning Publications
45% off any item
ElixirCasts
10% off for life
The Pragmatic Studio
20% off any course
AppSignal
10% off for 12 months
Honeybadger
10% off for 12 months
Simply use coupon code "devtalk.com" or "elixirforum" at checkout!
Filter by Type:
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #javascript
- #podcasts
- #code-sync
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








