Flux
Couleur d'accent
Toutes les catégories

Programmation

2090 articles

Introducing Repository Access Permissions and Custom Roles
Cybersécurité Programmation

Introducing Repository Access Permissions and Custom Roles

Socket now supports more granular access control for organizations with Custom Roles and Repository Access Permissions, giving teams a more precise way to manage who can do what, and where they can do it. Modern engineering organizations rarely map cleanly to a single security team or a single set of repositories. A user might need to review alerts for one team's repositories, manage scans for another, or support a temporary project without gaining access to the entire organization. Access…

Socket
Building RAG in Laravel: Four Ingestion Bugs That Silently Wreck Retrieval
Programmation Web

Building RAG in Laravel: Four Ingestion Bugs That Silently Wreck Retrieval

Every Laravel RAG tutorial builds the same ingestion pipeline (chunk, embed, store) and stops the moment the agent answers on screen. None of them check whether retrieval is any good. But retrieval quality is decided at ingestion, before the model runs once, and four decisions there fail with no error, no exception, no failed test: Chunking that severs the answer mid-sentence, so answer@1 falls while source hit@1 still looks healthy. An HNSW index built with vector_l2_ops while you query with…

Freek Van der Herten
CVE-2026-55877: XSS in symfony/ux-icons via unsanitized SVG content in local files and Iconify on-demand responses
Programmation Web

CVE-2026-55877: XSS in symfony/ux-icons via unsanitized SVG content in local files and Iconify on-demand responses

Affected versions Symfony UX Icons versions >=2.17.0=3.0.0<3.2.0 are affected by this security issue. The issue has been fixed in Symfony UX Icons 2.36.1, 3.2.0. Description The ux_icon() Twig function is marked is_safe=['html'],…

Symfony Blog
CVE-2026-55878: Path Traversal in symfony/ux-toolkit Allows Arbitrary File Write and Read via Crafted Recipe Manifest
Programmation Web

CVE-2026-55878: Path Traversal in symfony/ux-toolkit Allows Arbitrary File Write and Read via Crafted Recipe Manifest

Affected versions Symfony UX Toolkit versions >=2.32.0=3.0.0<3.2.0 are affected by this security issue. The issue has been fixed in Symfony UX Toolkit 2.36.1, 3.2.0. Description The ux:install console command installs files from a…

Symfony Blog
The PHP Ambassador Program is Open
Programmation Web

The PHP Ambassador Program is Open

We are excited to announce that we have scheduled the first meeting for the PHP Ambassador Program! This is the second Special Interest Group launched by The PHP Foundation, and we are inviting you to be a part of it. As mentioned in our 2026 Strategy document, this group will be focused on improving the perception of PHP outside the PHP bubble. It will center on external advocacy and empowering the community to help tell the story of modern PHP in whatever capacity makes sense for them.…

The PHP Foundation
Datasette Apps: Host custom HTML applications inside Datasette
IA Programmation

Datasette Apps: Host custom HTML applications inside Datasette

Today we launched a new plugin for Datasette, datasette-apps, with this launch announcement post on the Datasette project blog. That post has the what, but I'm going to expand on that a little bit here to provide the why. The TL;DR Datasette Apps are self-contained HTML+JavaScript applications that run in a tightly constrained &lt;iframe&gt; sandbox hosted on your Datasette application. They can use JavaScript to run read-only SQL queries against data in Datasette, and can run write queries too…

Simon Willison's Weblog
Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection
Cybersécurité Programmation

Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection

AppSec and security engineering teams are under pressure to triage supply chain issues faster, with more context and less manual investigation. A single alert can require checking package metadata, reviewing published files, searching for suspicious code, cross-referencing threat intelligence, and determining whether the package appears anywhere in the organization. Socket MCP is now bringing that workflow into MCP-aware AI assistants. With authenticated access to Socket APIs, teams can…

Socket
datasette-acl 0.6a0
IA Programmation

datasette-acl 0.6a0

Release: datasette-acl 0.6a0 This release expands datasette-acl from table-only permissions toward a general resource-sharing system. Alex Garcia did most of the work for this release - we're fleshing out the plugin that will allow multi-user Datasette instances finely grained control over who can access which resources within Datasette. Tags: datasette, alex-garcia

Simon Willison's Weblog
The PHP Podcast 2026.06.17
Programmation Web

The PHP Podcast 2026.06.17

🎙️ PHP Podcast – June 17, 2026 Hosts: Sara Golemon & Holly Schilling | Guests: Paul Reinheimer & Sean Coates Eric and John are still locked in the basement. Sara is literally on a boat in Spain. Normal show, totally normal. 🚢 Sara Broadcasts from a Harbor in A Coruña Sara is joining this week’s […] The post The PHP Podcast 2026.06.17 appeared first on PHP Architect.

PHP Architect
GLM-5.2 is probably the most powerful text-only open weights LLM
IA Programmation

GLM-5.2 is probably the most powerful text-only open weights LLM

Chinese AI lab Z.ai released GLM-5.2 to their coding plan subscribers on June 13th, and then yesterday (June 16th) released the full open weights under an MIT license. Similar in size to their previous GLM-5 and GLM-5.1 releases, this is 753B parameter, 1.51TB monster - with 40 active parameters (Mixture of Experts). GLM-5.2 is a text input only model - Z.ai have a separate vision family most recently represented by GLM-5V-Turbo, but that one isn't open weights. GLM-5.2 has a 1 million token…

Simon Willison's Weblog
Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions
Cybersécurité Programmation

Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions

In May 2026, GitHub disclosed that attackers compromised an employee device through a poisoned third-party VS Code extension, allowing them to exfiltrate roughly 3,800 GitHub-internal repositories. The extension was Nx Console 18.95.0, a malicious release that reached both the Visual Studio Marketplace and Open VSX before removal. That incident should change how security teams think about editor extensions. Socket researchers have also documented repeated GlassWorm attacks across Open VSX,…

Socket
Esc