Simple Form version 5.0 was released today with a fix for a security issue that could allow an attacker to execute methods on form objects. The issue is explained in details below.

This is a quick blog post about our experience replacing Hexdocs.pm’s GenStage pipeline with Broadway. To give some background information, Hexdocs.pm started out as basically just static file hosting for documentation. With the introduction of private Hexdocs it became a distinct Elixir application. Over time, we have also moved handling of documentation tarballs there to offload API servers. Instead of API servers doing … »

Devise version 4.7.1 was released with a fix for an edge case that could confirm accounts by mistake. We’ll explain now in details what is the issue, how it was fixed and which actions you might want to take in your applications. Description We received a security report saying that it was possible to confirm … »

TL;DR: The Reality Check is an agile tool designed to check if a deadline is feasible given the project context. It works by formulating a hypothesis, which can be updated every week by the technical team, where we organize our demands and the weeks before the delivery date. It only requires a simple board – physical or … »

In 2017 Hex.pm got support for Private packages and organizations, a way for teams to publish and manage packages without making them public. While this works great for many organizations, some have stricter compliance requirements and need to host packages on their own infrastructure. Today we are happy to announce MiniRepo, a minimal Hex server … »

Elixir v1.9 will ship with releases support and in this blog post we want to show how we have used this exciting new feature on the Hex.pm project. Installing Elixir master (Update: This section is no longer relevant since v1.9 is already out!) Since Elixir v1.9 is not out yet, we need to use the … »