306: Don't Exhaust Your Atoms

306: Don't Exhaust Your Atoms

From Thinking Elixir Podcast by ThinkingElixir.com

June 2, 2026 · 27 min

About this episode

This episode discusses security issues in the BEAM ecosystem, focusing on atom exhaustion and recent updates in Elixir and Hackney.

Security takes center stage this week as the EEF's Jonatan Männchen highlights that atom exhaustion accounts for roughly one tenth of all CVEs in the BEAM ecosystem and Sobelow can help catch it before it hits production. Hackney users get an urgent nudge to upgrade to v4.0.3, which patches 9 CVEs including high-severity issues and fixes missing HTTP/3 certificate verification, thanks in part to Peter Ullrich's AI-assisted vulnerability research. On the exciting side, the new Elixir 1.20-rc.6 type system is proving its worth in the real world, with Tyler Young reporting it caught ~500 issues, including outright bugs, that 1.19 completely missed. Dannote releases "vibe", an ambitious BEAM-native coding agent for Elixir/OTP projects featuring a TUI, LiveView web console, subagents, and more! Show Notes online - http://podcast.thinkingelixir.com/306 Elixir Community News https://paraxial.io/ – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a special offer. The Thinking Elixir Podcast is ending June 23rd, 2026, after 6 years of weekly episodes…

Topics covered

  • security
  • atom exhaustion
  • vulnerabilities
  • Elixir
  • BEAM ecosystem
  • software development
  • coding agents

Keywords

  • atom exhaustion
  • CVEs
  • Sobelow
  • Hackney
  • Elixir 1.20-rc.6
  • vulnerabilities
  • Dannote
  • coding agent
  • security

Sponsors

Paraxial.io

Mentioned in this episode

Organizations: EEF

Products: Hackney, Sobelow, Elixir 1.20-rc.6, Dannote, vibe

More episodes of Thinking Elixir Podcast

Explore listener stats, chart rankings, contacts and more on the Thinking Elixir Podcast podcast page.