zachdaniel
Creator of Ash
Minor Ash CVE: Email link auto-click account confirmation vulnerability
Hey folks, we have a minor CVE issued for AshAuthentication. Please read the CVE and update accordingly. Relatively low severity, can’t compromise a user’s data, but there is an opportunity for a user to be “confirmed” for an email they do not have access to.
The Ash team takes security extremely seriously and always follow the proper procedure for filing CVEs for all security issues. This is just on the borderline of whether or not a CVE wouldn’t even be necessary, but we err on the side of caution.
Popular in News & Updates
Ash 3.1 Released!
Major themes
Generators! These are just the first entries into a powerful new suite of tools. Check out the generator d...
New
Hey folks! We’ve just released the beta 0.1.0 version of ash_sqlite. Take a look at the guide here: https://hexdocs.pm/ash_sqlite/get-sta...
New
Hey folks! I’ve begun putting together some concrete, framework-wide tooling and guidance on the usage of LLMs in development. The goal h...
New
Hey folks! I’ll be teasing some interesting bits going into Ash 3.0 while I work on it, and this is post #1!
You can follow along with t...
New
Hologram v0.6.0 is here, bringing production-ready features to the full-stack Elixir web framework! This release focuses on enhanced secu...
New
After building Hologram and sharing updates across various places, I’ve realized there’s a lot happening that doesn’t always make it to t...
New
We have for you a new release candidate. Take :notes: if you use partitioned queues or make heavy use of Workflows. This is the RC for yo...
New
Hey everyone! Just added syntax highlighting to the Hologram website.
What seemed like a simple task turned into quite the adventure. Cu...
New
We are thrilled to announce another update for Nerves Systems to nerves_system_br 1.22.5-based releases. Nerves systems are the device su...
New
Join us for our first Ash Office Hours next Thursday at 6PM EST! Myself and anyone from the core team who can make it will be answering q...
New
Other popular topics
Update:
How to use the Blogs & Podcasts section
You can post links to your blog posts or podcasts either in one of the Official Blog...
New
Hello!
tl;dr Announcing Oban, an Ecto based job processing library with a focus on reliability and historical observability.
After spen...
New
Okay, I'm having a heck of a time trying to figure out how to best handle the validation of belongs_to associations in Ecto. I'm sure I'...
New
In the Dialyzer docs ( http://erlang.org/doc/man/dialyzer.html#requesting-or-suppressing-warnings-in-source-files ), there is a way to tu...
New
I have a server on AWS, and was running a load test using artillery. When looking at the Phoenix dashboard I see the Ports going to 100% ...
New
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
The Elixir Typespec docs show the following syntax for keyword lists in typespecs:
# ...
| [key: type] # keyword lis...
New
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
None of the current solutions worked well for me, so I went ahead and built a user management system from scratch.
This project took far...
New
This post is an instruction guide to help you setup your Neovim for Elixir development from scratch. It includes general information on h...
New







