Skip to content

Replace vulnerable Phoenix version#4957

Merged
midigofrank merged 1 commit into
mainfrom
4956-update-phoenix
Jul 9, 2026
Merged

Replace vulnerable Phoenix version#4957
midigofrank merged 1 commit into
mainfrom
4956-update-phoenix

Conversation

@rorymckinley

@rorymckinley rorymckinley commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Description

Updates a vulnerable version of Phoenix. I have deployed this to staging and clicked around and i also ran the SAAS tests when running on this version of Lightning.

One note of caution: Phoenix now sets a limit of 100 concurrent channels per connection - this will cause issues if the number of concurrent runs per worker exceeds 100. While that situation is hard for me to imagine :) it is worth checking if we have ever encountered this in an actual implementation?

Closes #4956

Validation steps

I am not sure - other than the tests, once could run this branch locally and check general behaviour?

Additional notes for the reviewer

The forerunner of the automated telephone exchange was invented in 1891 by an undertaker in Missouri named Almon Strowger. He apparently developed it after discovering that a local telephone exchange operator was directing all potential customer to his competition.

AI Usage

Please disclose whether you've used AI anywhere in this PR (it's cool, we just
want to know!):

  • I have used Claude Code
  • I have used another model
  • I have not used AI

You can read more details in our
Responsible AI Policy

Pre-submission checklist

  • I have performed an AI review of my code (we recommend using /review
    with Claude Code)
  • I have implemented and tested all related authorization policies.
    (e.g., :owner, :admin, :editor, :viewer)
  • I have updated the changelog.
  • I have ticked a box in "AI usage" in this PR

@github-project-automation github-project-automation Bot moved this to New Issues in Core Jul 9, 2026
@rorymckinley rorymckinley self-assigned this Jul 9, 2026
@rorymckinley rorymckinley force-pushed the 4956-update-phoenix branch from b7fb4be to 9fcfc9f Compare July 9, 2026 05:50
@rorymckinley rorymckinley marked this pull request as ready for review July 9, 2026 05:50
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

Security Review ✅

  • S0 (project scoping): N/A — PR only bumps Phoenix (1.7.23→1.7.24) and transitive deps in mix.lock plus a CHANGELOG note; no queries or web-layer entrypoints changed.
  • S1 (authorization): N/A — no new controller actions, LiveView events, or policy modules touched.
  • S2 (audit trail): N/A — no config-resource writes or Ecto.Multi changes; dependency bump only.

@midigofrank midigofrank left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @rorymckinley

@midigofrank midigofrank merged commit fbb4305 into main Jul 9, 2026
4 of 6 checks passed
@midigofrank midigofrank deleted the 4956-update-phoenix branch July 9, 2026 06:05
@github-project-automation github-project-automation Bot moved this from New Issues to Done in Core Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

Update Vulnerable Phoenix

2 participants