◉ RSS Simon Willison

sqlite-utils 4.0rc3

The sqlite-utils 4.0 release cycle has been extended beyond the initial weekend target due to an expanding changelog driven by the integration of Claude Fable 5 and GPT-5.5 into the development workflow. The primary update introduces support for introspecting and creating compound foreign keys, which necessitates a subtle breaking change to the table.foreign_keys method. This feature requires the full 4.0 stable release to ensure compatibility and stability for existing users. The author notes that the backlog of issues and pull requests grew significantly during the review process, delaying the final launch.

◉ RSS CVE Recent

CVE-2026-14803 - Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder

A critical vulnerability in Mojo::JSON versions prior to 9.47 enables memory exhaustion attacks through unbounded recursion within the pure-Perl decoder. Automated scanning of GitHub repositories has identified multiple public proof-of-concept exploits targeting this specific flaw, with results truncated to the first 15 entries to maintain system performance. These findings highlight an immediate risk for applications relying on affected Perl modules, as the recursive mechanism allows attackers to consume excessive system resources. The rapid publication of these exploits underscores the urgency for immediate patching to prevent service disruption.