Skip to content

hotfix: Update Phoenix to patch CVE 2026-32689#3162

Merged
joshlarson merged 1 commit intomainfrom
jdl/hotfix/patch-cve-2026-32689
May 6, 2026
Merged

hotfix: Update Phoenix to patch CVE 2026-32689#3162
joshlarson merged 1 commit intomainfrom
jdl/hotfix/patch-cve-2026-32689

Conversation

@joshlarson
Copy link
Copy Markdown
Contributor

@joshlarson joshlarson commented May 6, 2026

Scope

No Asana ticket.
Slack thread
CVE 2026-32689

Notes

There is what looks like an extraneous change in schedule_view.ex. Without this change, we were seeing 👇 error:

== Compilation error in file lib/dotcom_web/views/schedule_view.ex ==
** (RuntimeError) duplicate call to "use Phoenix.VerifiedRoutes" found, make sure it is used only once per module
    (phoenix 1.8.6) lib/phoenix/verified_routes.ex:269: Phoenix.VerifiedRoutes.__using__/2
    lib/dotcom_web/views/schedule_view.ex:5: (module)

Since schedule_view.ex is use-ing both :component and :view from DotcomWeb, it doesn't need to re-import the view_helpers() from the definition of :component, so replacing use DotcomWeb, :component with use Phoenix.Component should change nothing.

@joshlarson joshlarson requested a review from a team as a code owner May 6, 2026 14:43
@joshlarson joshlarson requested a review from lvachon1 May 6, 2026 14:43
@joshlarson joshlarson enabled auto-merge (squash) May 6, 2026 14:43
@joshlarson joshlarson merged commit 3cd97be into main May 6, 2026
26 checks passed
@joshlarson joshlarson deleted the jdl/hotfix/patch-cve-2026-32689 branch May 6, 2026 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lvachon1 lvachon1 lvachon1 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joshlarson @lvachon1