Jonatan Männchen
@maennchen.dev
📤 135
📥 70
📝 30
CISO & Member Security WG
@theerlef.bsky.social
| he/him
reposted by
Jonatan Männchen
Leandro Pereira
19 days ago
The hexpm package pages are now generated by MDEx and Lumis, thanks to
@maennchen.dev
! - Better GitHub Flavored Markdown - Light/Dark themes - Syntax highlighting for more languages and sigils - HEEx, Python, Lua, Svelte, React, etc And more...
#MyElixirStatus
0
25
5
reposted by
Jonatan Männchen
Zach Daniel
about 1 month ago
Catch my keynote at
@elixirconf.bsky.social
in September😎. I'll be talking about how to augment and empower large engineering teams with AI 🤖. I've also got some spicy topics for you all, not shying away from the hard questions of the day 👊
elixirconf.com/talks/exoske...
loading . . .
Exoskeletons, not Autopilots
There is a lot of talk these days of peril for the software engineering industry. The fundamental thesis is that you will soon be able to dispatch work to an agent, or a ““swarm”” of agents to build y...
https://elixirconf.com/talks/exoskeletons-not-autopilots/
2
24
4
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
about 1 month ago
HexDocs URLs are changing! Public package docs move from
hexdocs.pm/package
to
package.hexdocs.pm
, and private organization docs move from
org.hexdocs.pm/package
to
org.hexorgs.pm/package
Funded by Alpha-Omega through EEF's Ægis initiative. Learn more 👇
hex.pm/blog/hexdocs...
loading . . .
https://org.hexdocs.pm/package
0
11
4
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
about 1 month ago
Our CISO
@maennchen.dev
joined this episode to talk about what securing the BEAM ecosystem actually looks like today — CVE coordination, the EEF's CNA, and what's changed.
www.youtube.com/watch?v=FulS...
loading . . .
AI Found 5 CVEs in One Afternoon — The BEAM Security Wake-Up Call | Peter Ullrich & Jonathan Machen
YouTube video by BEAM There, Done That
https://www.youtube.com/watch?v=FulShj7jc0o&t=1s
0
13
4
reposted by
Jonatan Männchen
Peter Ullrich
about 1 month ago
The Beam There, Done That podcast episode with me and
@maennchen.dev
is out!
www.youtube.com/watch?v=FulS...
loading . . .
AI Found 5 CVEs in One Afternoon — The BEAM Security Wake-Up Call | Peter Ullrich & Jonathan Machen
YouTube video by BEAM There, Done That
https://www.youtube.com/watch?v=FulShj7jc0o
0
10
5
reposted by
Jonatan Männchen
Zach Daniel
about 1 month ago
One third is a wild number. 😂 Atom exhaustion is one of those BEAM-specific issues that feels obvious once you know it, but keeps showing up in real vulnerabilities. Worth a read if you maintain
#ElixirLang
/
#Erlang
libraries or apps.
add a skeleton here at some point
0
9
1
Atom exhaustion is not just an old BEAM footgun. As of today, 35% of CVEs published by the EEF CNA fall under uncontrolled resource consumption, with atom exhaustion being one of the recurring causes. It’s well understood, documented, and preventable.
erlef.org/blog/securit...
loading . . .
Erlang Ecosystem Foundation - Supporting the BEAM community
https://erlef.org/blog/security/atom-exhaustion
about 1 month ago
0
31
12
reposted by
Jonatan Männchen
Peter Ullrich
about 1 month ago
🚨 Update hackney 🚨 A **bunch** of vulnerabilities I reported in hackney were just disclosed. Please upgrade to 4.0.1 ASAP. I know this is gonna start dependency hell so please take some time for this. Please RT for reach.
#ElixirLang
cna.erlef.org/cves/
loading . . .
List of Issued CVE’s
This project handles the CVE Numbering Authority (CNA) for the Erlang Ecosystem Foundation (EEF).
https://cna.erlef.org/cves/
4
30
23
reposted by
Jonatan Männchen
Steffen Deusch
2 months ago
If you’re running
#Phoenix
Channels (or LiveView) and have the LongPoll option enabled in your endpoint (default since 1.7.11), it’s time to do an update:
github.com/phoenixframe...
Thank you
@peterullrich.com
for finding and disclosing this issue!
loading . . .
Long-poll NDJSON body splitting causes large memory allocation in Phoenix
### Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a HTTP request. A handful of conc...
https://github.com/phoenixframework/phoenix/security/advisories/GHSA-628h-q48j-jr6q
2
24
11
reposted by
Jonatan Männchen
Peter Ullrich
2 months ago
The 5 vulnerabilities I found in Bandit were fixed and released today. Please go upgrade bandit ASAP. Thanks to
@mtrudel.bsky.social
for fixing them so quickly and to
@maennchen.dev
for managing the process 🙏
#ElixirLang
cna.erlef.org/cves/
loading . . .
List of Issued CVE’s
This project handles the CVE Numbering Authority (CNA) for the Erlang Ecosystem Foundation (EEF).
https://cna.erlef.org/cves/
1
34
8
reposted by
Jonatan Männchen
Paraxial.io
3 months ago
Securing Hex, the Backbone of the Elixir Ecosystem
paraxial.io/blog/hex-pen...
loading . . .
Securing Hex, the Backbone of the Elixir Ecosystem
Paraxial.io Completes Security Audit of Hex Package Manager
https://paraxial.io/blog/hex-pentest
0
5
3
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
5 months ago
Scaling Security from Zero by
@maennchen.dev
CISO of our Foundation! Learn how a Small OSS Ecosystem Jumped Into the Deep End! Jonatan talk at Code & Compliance is now live:
www.youtube.com/watch?v=jl89...
loading . . .
Scaling Security from Zero: How a Small OSS Ecosystem Jumped Into the Deep End | Jonatan Männchen
YouTube video by Eclipse Foundation
https://www.youtube.com/watch?v=jl89J0wx8mM
0
2
1
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
6 months ago
Can Erlang run on QNX? Turns out: yes ✅ In this article,
@maennchen.dev
explores what it takes to port Erlang/OTP to QNX. A great example of curiosity turning into concrete results.
erlef.org/blog/eef/otp...
1
2
3
reposted by
Jonatan Männchen
Bart Blast
7 months ago
Hi Elixir friends, After 3 years on Hologram full-time (transpiles Elixir to the browser), I'm at a crossroads. 60+ hr weeks balancing contracts & dev isn't sustainable. Where we are & how you can help:
hologram.page/blog/seeking...
Even sharing helps 💜
#Hologram
#Elixir
#ElixirLang
#BEAM
#WebDev
2
35
32
I really like what Hologram is building, there’s a lot of potential there to take it further. If you haven’t yet, consider sponsoring. I just did myself. Feels like one of those projects where a bit of support now could have a big impact later.
bsky.app/profile/bart...
add a skeleton here at some point
7 months ago
1
3
0
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
8 months ago
The Erlang Ecosystem Foundation CNA now publishes vulnerability data directly to
OSV.dev
. No more relying solely on CVE→OSV conversion. This update means faster, cleaner, and higher-quality security data for the BEAM ecosystem — including Erlang, Elixir, Gleam, and
Hex.pm
.
1
9
7
reposted by
Jonatan Männchen
Code BEAM
8 months ago
At Code BEAM Europe 2025
@maennchen.dev
: War stories from a security disaster. What to do when everything breaks.
0
2
1
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
8 months ago
🗓️ Nov 7- BEAM Unconference 1000-1500 7/11
luma.com/qyfevatp
Lightning talks, deep dives & community.
loading . . .
BEAM Unconference: Berlin · Luma
Let’s unconference before you go! Wrap up your week with something a little more spontaneous and social, and all about the BEAM ecosystem. The BEAM…
https://luma.com/qyfevatp
0
3
1
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
9 months ago
💜
@elixir-lang.org
v1.19 is the first release with OpenChain certification — bringing more transparency and trust to the BEAM ecosystem. Big thanks to
@maennchen.dev
and our sponsor Herrmann Ultraschall for making this milestone possible! 👏 🔗
elixir-lang.org/blog/2025/02...
#Elixilang
0
22
9
I received a small donation mentioning
ads.fund
, which apparently created a token around my open-source project. I’m not sure what to make of it and would appreciate community input on whether it’s legitimate or something to distance from.
github.com/maennchen/Zi...
loading . . .
💬 Input wanted: ads.fund “Zipstream PHP” token · Issue #382 · maennchen/ZipStream-PHP
Hey everyone, I recently got a small donation through GitHub Sponsors, and the message mentioned something called ads.fund (@ADS-Fund). That made me look into it, and apparently there is a token on...
https://github.com/maennchen/ZipStream-PHP/issues/382
9 months ago
2
0
0
reposted by
Jonatan Männchen
Zach Daniel
9 months ago
Hey folks! We have a CVE up for
#AshFramework
bypass policies. It's a *highly unlikely edge case*. But, as always, we take security extremely seriously and will always follow proper procedure here. Props to
@maennchen.dev
for reporting and resolving 🙇
1
17
6
reposted by
Jonatan Männchen
Elixir Radar
9 months ago
Elixir Radar issue 486 is out! 📣 You can read it here:
buff.ly/2UM7hp6
This issue comes with content from
@shahryar-tbiz.bsky.social
@katafrakt.bsky.social
@maennchen.dev
@elixircasts.io
, Matt Savoia and Yatender Singh . Thank you!
#ElixirLang
loading . . .
Elixir Radar 486
https://buff.ly/2UM7hp6
0
8
4
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
9 months ago
We have made major progress toward CRA readiness for the BEAM ecosystem! 🔙So far: CNA operations, OpenChain certification, and more already in place. 🔜Next up: signed OTP builds to lower compliance costs and strengthen sustainability.
security.erlef.org/assets/aegis...
1
3
2
reposted by
Jonatan Männchen
Zach Daniel
9 months ago
Another 🔥 package release from
@maennchen.dev
😎 AshDiagram is a library for generating beautiful diagrams to visualize your
#AshFramework
applications. Generate Entity Relationship, Class, C4 Architecture, and Policy diagrams directly from your Ash resources and domains. 🚀
1
45
10
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
9 months ago
What if the BEAM got hit by a worm? 🪱 We’ve been lucky so far — but luck runs out. The Ægis Initiative is how we defend our ecosystem. 👉 Read more & support:
erlef.org/blog/eef/bea...
#Erlang
#Elixirlag
#Gleam
0
6
4
One package. One update. A worm crawling through the BEAM ecosystem. A dark “what if” — and how we can stop it before it’s real.
erlef.org/blog/securit...
#erlang
#elixirlang
9 months ago
0
9
2
reposted by
Jonatan Männchen
LostKobrakai
10 months ago
There‘s still a bit to go to making this happen. Rebar is an important piece to using erlang not just for erlang, but just as much for elixir, gleam, … Consider backing this effort.
add a skeleton here at some point
1
14
9
reposted by
Jonatan Männchen
Zach Daniel
10 months ago
@maennchen.dev
has just released the first version of Clarity:
hexdocs.pm/clarity/Clar...
Clarity is an interactive introspection and visualization tool for Elixir projects.
2
36
10
reposted by
Jonatan Männchen
Maggie Tate
10 months ago
Cool!!!
@maennchen.dev
introduces Clarity!
@ash-hq.org
#elixirlang
1
8
2
reposted by
Jonatan Männchen
Petter Boström
10 months ago
The first part of the last afternoon gave us insights on how to handle a security disaster, converting from old code to new and our host
@lawik.bsky.social
showed us thousands of VMs running on the same machine.
#goatmire
#elixir
0
6
3
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
10 months ago
Proud to back the Rebar4 Kickstarter — moving the BEAM ecosystem forward with the community. 🙌
add a skeleton here at some point
0
6
4
reposted by
Jonatan Männchen
Zach Daniel
10 months ago
Hey folks, we have a CVE for
#AshFramework
. `before_transaction` hooks will execute in certain scenarios (bulk action calls) even if the action is forbidden by policies. Please update Ash core to 3.5.39. For more see:
github.com/ash-project/...
#AshFramework
#ElixirLang
loading . . .
Before action hooks may execute in certain scenarios despite a request being forbidden
### Summary Certain bulk action calls with a `before_transaction` hook and no `after_transaction` hook, will call the `before_transaction` hook before authorization is checked and a Forbidden erro...
https://github.com/ash-project/ash/security/advisories/GHSA-jj4j-x5ww-cwh9
0
18
4
reposted by
Jonatan Männchen
Louis Pilfold
10 months ago
Stretch goal 2 (inclusion in Erlang/OTP itself) would solve the #1 thing people get stuck on when trying to get started with Gleam or Erlang!
www.kickstarter.com/projects/pee...
loading . . .
From Rebar3 to Rebar4: Integrating with Erlang/OTP
Building on top of Rebar3 to Fully Integrate with Erlang/OTP for All BEAM Languages, creating Rebar4 the next generation build tool.
https://www.kickstarter.com/projects/peerstritzinger/rebar3-integrating-with-erlang-otp
0
23
7
I just backed From Rebar3 to Rebar4: Integrating with Erlang/OTP on
@kickstarter.com
www.kickstarter.com/projects/pee...
#elixir
loading . . .
From Rebar3 to Rebar4: Integrating with Erlang/OTP
Building on top of Rebar3 to Fully Integrate with Erlang/OTP for All BEAM Languages, creating Rebar4 the next generation build tool.
https://www.kickstarter.com/projects/peerstritzinger/rebar3-integrating-with-erlang-otp?ref=thanks-tweet
10 months ago
0
3
0
reposted by
Jonatan Männchen
ElixirConf
10 months ago
Community growth needs collective action Roadmap for outreach and engagement @danj3.bsky.social on taking responsibility for Elixir's future through community championship.
#ElixirConfUS
0
2
1
reposted by
Jonatan Männchen
ElixirConf
10 months ago
Security incident response: from panic to patch CVEs, Hex retirement, vulnerability scanners @maennchen.devshows how to handle security disasters with transparency and leadership.
0
2
1
reposted by
Jonatan Männchen
Maggie Tate
10 months ago
Had a great chat with
@zachdaniel.dev
and
@maennchen.dev
during a break at
@elixirconf.bsky.social
about the Erlang Ecosystem Foundation and its role in security.
#elixirlang
loading . . .
1
9
3
reposted by
Jonatan Männchen
Code BEAM
11 months ago
🚀 6 must-see talks at CodeBEAM Europe 2025: Gleam careers, workflow orchestration, VPP with Elixir, security disasters, BEAM+Rust combo, and taming 20M Oban jobs! Featuring
@ihh.dev
@maennchen.dev
codebeameurope.com#register
0
9
3
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
11 months ago
👉🏽 "From Freakout to Fix: Navigating a Security Disaster" Our Foundation's CISO -
@maennchen.dev
- will be speaking at
@elixirconf.bsky.social
on how to handle serious security holes — without melting down. 📢 Don’t miss it:
elixirconf.com/talks/from-f...
#ElixirLang
#Security
#BEAM
0
5
3
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
11 months ago
🎙️
@maennchen.dev
joins the latest
@openssf.org
podcast! In this SOSS episode, he shares how the Erlang community is proactively addressing security concerns, why manufacturers are investing in upstream projects — and what other ecosystems can learn from their approach. Listen!
shorturl.at/iKdG7
0
3
2
reposted by
Jonatan Männchen
OpenSSF
about 1 year ago
🎉 Today we celebrate
#OpenSSFCommunity
Day NA 2025, welcoming six new member organizations and honoring incredible contributors with the Golden Egg Awards 🥚. Read the full update: 🌐
openssf.org/blog/2025/06...
#OpenSSF
#OpenSource
#SoftwareSecurity
#OSS
0
6
3
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
about 1 year ago
🙌 Welcome to another
#GettingToKnowUs
edition! This time we got to meet
@maennchen.dev
a seasoned developer and lead engineer, with contributions to projects like the certified
#OpenID
Connect client for the
#BEAM
. He is currently the CISO of our Foundation. 🔗
erlef.org/blog/marketi...
1
5
3
reposted by
Jonatan Männchen
Louis Pilfold
about 1 year ago
Watch out folks, there's a CVE for the Erlang zip module. Update to the latest patch release when you can
cna.erlef.org/cves/cve-202...
loading . . .
Absolute path traversal in zip:unzip/1,2
This project handles the CVE Numbering Authority (CNA) for the Erlang Ecosystem Foundation (EEF).
https://cna.erlef.org/cves/cve-2025-4748.html
0
21
13
reposted by
Jonatan Männchen
Erlang Solutions
about 1 year ago
In part two of our talk with
@maennchen.dev
(CISO at
@theerlef.bsky.social
), we dive into the real security challenges BEAM developers face. From CVE tracking to practical tips for open source teams, this is about building safer systems from the start, not patching them too late. 🎥
bit.ly/45WjT3y
loading . . .
Security and the BEAM Ecosystem - Erlang Solutions
In the second and final part, Jonatan Männchen on how the BEAM community is making security smarter and more collaborative.
https://bit.ly/45WjT3y
0
3
2
reposted by
Jonatan Männchen
Erlang Solutions
about 1 year ago
Security is most effective when it is built in from day one. In part one of our latest webinars with
@maennchen.dev
, CISO
@theerlef.bsky.social
, he shares his experience using SAFE, our security audit service for Erlang and Elixir systems. 🔒
loading . . .
SAFE and OIDCC - Erlang Solutions
Even secure code benefits from a second opinion. In part one, Jonatan Männchen shares how SAFE helped strengthen his authentication library.
https://bit.ly/4l1D5Bp
1
4
2
reposted by
Jonatan Männchen
Zach Daniel
about 1 year ago
Elixir 1.19 is a banger! Honestly I'm so pleased with the direction that
#ElixirLang
is going. My programs just get faster and more correct every time. I just know that we're in good hands. Thank you to everyone on the team for your hard work!
github.com/elixir-lang/...
loading . . .
Release v1.19.0-rc.0 · elixir-lang/elixir
Type system improvements Type checking of protocol dispatch and implementations This release also adds type checking when dispatching and implementing protocols. For example, string interpolation i...
https://github.com/elixir-lang/elixir/releases/tag/v1.19.0-rc.0
2
116
24
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
about 1 year ago
🔐Security and the BEAM Ecosystem In this insightful session organized by
@erlangsolutions.bsky.social
,
@maennchen.dev
— CISO at our Foundation —shares how the BEAM community is stepping up its open source security efforts, including becoming an official CNA
www.erlang-solutions.com/webinars/sec...
loading . . .
Security and the BEAM Ecosystem - Erlang Solutions
Jonatan Männchen shares how the BEAM community is improving security through better tracking, smarter tooling and shared responsibility.
https://www.erlang-solutions.com/webinars/security-and-the-beam-ecosystem/
0
4
3
reposted by
Jonatan Männchen
Zach Daniel
about 1 year ago
Did the required work this morning to get
#AshFramework
passing the OpenSSF Best Practices certification, and to get our OpenSSF Scorecard. Thanks again to
@maennchen.dev
from
@theerlef.bsky.social
for his expert council and advice. See the scorecard here:
scorecard.dev/viewer/?uri=...
#ElixirLang
0
17
2
reposted by
Jonatan Männchen
Erlang Ecosystem Foundation
about 1 year ago
🎥 What’s new at the EEF? Alistair Woodman,
@maennchen.dev
& Dan Janowski share big updates: 🔐 We’ve joined the CVE® Program as an official CNA 🛡️ Launched the Ægis Initiative to boost security Must-watch for the BEAM community! ▶
youtu.be/5WqMpSt_rRE
loading . . .
LT: EEF Update - Alistair Woodman, Jonatan Männchen, Dan Janowski | ElixirConf EU 2025
YouTube video by Code Sync
https://youtu.be/5WqMpSt_rRE
0
4
2
Load more
feeds!
log in