Open Source Digest: R & Perl Vulnerabilities, AI Tools, and More

Security Alerts

    • CVE-2026-14570: Crypt::DSA versions before 1.22 for Perl have a biased random generator that leaks the private key.
    • CVE-2026-12740: Plack::Middleware::OAuth through 0.10 for Perl lacks support for OAuth 2.0 state parameter, making CSRF attacks possible.

    New Tools & Projects

    • gh-suggest: A GitHub CLI extension that converts staged local fixes into pull request suggestions.
    • BrazilCrime: R package for analyzing crime data from Brazilian states and municipalities.
    • dd: VM-less native JIT containers for Mac, enabling lightweight isolation.

    AI & Language Models

    • Integrating MAX into a Chinese AI bridge allowed running Claude directly in a messenger app.
    • Russian RAG splitter trained to split documents by indexes instead of text, improving RAG pipeline accuracy.

    Community & Events

    • Social Coworking & Office Hours: Sessions for getting to know SORTEE, text linting with Vale, and debugging in R.

    Other Highlights

    • High-performance budget home console: A guide to building one using open-source tools.
    • GoodPower won Fast Company’s 2026 World Changing Ideas Award.
    • FDA API not updated for August, impacting data reliability.
    • Real estate expert Ashley Watters cited on sight-unseen buying and military relocation.

Source: OpenWorld.News/open-source-digest/