blogs.perl.org

Reproduce the vulnerability CVE-2025-40909 in an isolated Docker container running Perl v5.34.0.

Only Graham and Philippe attended. We coordinated with Aristotle via chat.

We only met to discuss the mailing-list moderation and immediate actions
(which resolved to sending an email to them moderators, and another one
to the list).

We also talked about moderation in general, and got some ideas to discuss
with the next PSC.

[P5P posting of this summary]

Remember to click 'Continue Reading' or whatever.

You can download Perl Wiki V 1.29.

And you can play with the jsTree version V 1.00.

Also the corresponding Perl module is on CPAN as:
CPAN::MetaCurator V 1.00.
This converts the JSON file exported from Perl.Wiki into a HTML/jsTree managed version.

The Dancer Core Team is excitedly preparing a major release of Dancer2, 2.0.0. In advance of this, I'd like to give you all a preview of what to expect:

• A handful of bug fixes

• Customizable scrubber/censor engine (when dumping errors, etc. - a long requested feature)

• Remove Template::Tiny fork from core (Template::Tiny support remains, but ether graciously merged our customizations into Template::Tiny)

• Remove Dancer2::Template::Simple from the core of Dancer2

• New documentation, courtesy of a TPRF grant

• Removal of deprecated code (according to our deprecation policy)

• Official support for Perl 5.22 and newer

The following features are possible, but not likely for 2.0.0 (but maybe soon thereafter):

• Bring your own config engine (TOML, JSON, etc.)

• Using Throwable to produce errors

I'm estimating a release in the next 2-4 weeks. There are still a few bikesheds to paint, cats to herd, and yaks to shave.

If you have questions or feedback, we'd love to hear from you! Until then, keep Dancing, then Dance a little happier! :)

Jason/CromeDome

Caching with Redis/Valkey using Perl.
Please check out the link for more information:
https://theweeklychallenge.org/blog/caching-in-perl

In the past, it took two years to merge my first PAUSE on Plack branch into the master and three years to merge the next PAUSE on Mojolicious (actually, two years to deploy and another year to merge). Now the question was: how long would it take to merge the next big thing, multifactor authentication for PAUSE? Two years, three years, or maybe four years this time? I already had a two-year-old draft branch and initially wished to merge it this year. However, things went differently.

All three of us attended.

• Release blocker triage yielded no new blockers. We followed up on the issues we were already tracking.
• The security release made some progress this week, but has been held up by the lack of a perldelta entry.

[P5P posting of this summary]

With help from the community a development release of DBD::Oracle has been released to the CPAN.

This release includes a number of important changes that we hope will improve stability with threaded Perl.

If you are using DBD::Oracle I would ask that you try it out in your non-production environments initially and perhaps if you are confident there after, in your production environments.

The branch for it is here on github. I am personally grateful for people spending time and sending in pull requests , there is no monetary support for this driver although Oracle's open source community manager is actively engaged in discussions on issues and pull requests.

Github actions are configured on the repo and the quite thorough library of unit tests are run against Oracle XE on Ubuntu. This provides good signal but with extremely limited coverage of operating systems and database versions.

Due to the lack of variety in automated testing on Github - and the business critical nature of most Oracle databases - my recommendation is to mirror the Github repo in to your organization's repos and configure CI testing against your specific combination of Oracle versions, operating systems, and settings. The Github actions can be adapted to Gitlab reasonably quickly and give you a very high level of confidence before trialing new versions in production.

Comparative analysis of Storable and Sereal using Perl.
Please check out the link for more information:
https://theweeklychallenge.org/blog/serialisation-in-perl

Over the past year, I’ve been self-studying XS and have now decided to share my learning journey through a series of blog posts. This tenth post introduces you to what I call closures in XS.

Datastar is a new-ish entry in the world of hypermedia-oriented ,htmx alternatives, with a distinct focus on Server-Sent Events. It describes itself thus:

Datastar brings the functionality provided by libraries like Alpine.js (frontend reactivity) and htmx (backend reactivity) together, into one cohesive solution. It's a lightweight, extensible framework that allows you to:

1. Manage state and build reactivity into your frontend using HTML attributes.
2. Modify the DOM and state by sending events from your backend.

I added Perl for Datastar with Datastar::SSE, for the backend reactivity bits.

Hi, you my have noticed our "ad" showing up on on metacpan.org - many thanks to David Cross for helping us out there! You may have to hit "refresh" a few times to see it (but not too many, please! xD)

Now, as much as we'd love to see everyone in Austin, TX on July 3-4, and it's sure to be a lot of fun, the PCC is a hybrid event, meaning we do permit remote attendees and worthy talks.

We already have many exciting and highly technical Perl talks. But we are selfish and we want more. It is okay if you even repeat a talk you've given elsewhere. We offer several levels of talks, including lightning talks, which we all know is how most of us got started. Do not be afraid! :-)

• https://www.meetup.com/austin-perl-mongers/events/305855419/
• https://www.papercall.io/perlcommunity
• https://www.papercall.io/cfps/6270/submissions/new

Quick introduction to AWS Lambda using CLI, Python and Perl.
Please check out the link for more information:
https://theweeklychallenge.org/blog/aws-lambda

All three of us attended.

• The release is imminent while Chris Williams, who usually releases Module::CoreList, is temporarily absent. We were not all sure whether this would require any additional coordination. Phillipe had sent mail to clarify the situation. We concluded that there is no issue because CoreList is an outlier: it is not upstream-CPAN but neither is it upstream-blead, while nevertheless being maintained in core. A lagging CPAN release won’t be a problem, even though that’s not the usual sequence. In the event, Chris responded to the mail with assurance that he is available enough anyway.
• We coordinated further about the release, which is coming up the following week.
• Release blocker triage this week ended as it began: with no blockers.

[P5P posting of this summary]

Over the past year, I’ve been self-studying XS and have now decided to share my learning journey through a series of blog posts. This first post introduces the fundamentals of creating an perl object from XS.

This post is adapted from my notes and recollection of the welcome speech I gave on the morning of Thursday May 1st, 2025, just before the initial stand-up.

This post is brought to you by Booking.com, the Diamond sponsor for the Perl Toolchain Summit 2025.

Booking.com is proud to sponsor the 2025 Perl Toolchain Summit as Perl continues to be a vital piece of our technology stack. We continue to rely on the Perl platform and tooling to serve millions of customers every day, helping them experience the world. Other than our interest in the evolution and modernization of the platform and tooling, the PTS is also a great opportunity to connect with the larger community and share learnings about how other companies and projects are tackling the challenges of working with Perl at scale (talking about both in systems and teams scalability), and how Perl fits an ever-changing and diverse technological landscape in other organizations.

You can learn more about Booking.com at the end of this article.

Lexical Method in the latest release Perl v5.42 RC1. For more details, follow the link: https://theweeklychallenge.org/blog/lexical-method-v542

Graham couldn’t make it, so only Aristotle and Philippe this week.

• We discussed the structure of the feature.pm documentation and how unfeatures should be covered. Philippe has provided a first patch which extends the description of each unfeature with a note stating from which feature bundle onward it is disabled.
• Relesae blocker triage continues. The meeting began without any unresolved blockers and ended the same way.
• Philippe plans to ship 5.42.0-RC1 as soon as the last missing perldelta entries are in.

[P5P posting of this summary]

Remember! Click Continue Reading to see all the text.

I am selling my villa unit and downsizing, probably in a month or so.
There may be a period when I am off-line.
In Australia villa unit means (usually) a stand-alone building in a small block of units.
I have 2-bedroom unit and am moving into a retirement (Yikes!) village to a 1-bedroom unit.
The are various reasons but one is this month I turned 75, much to my amazement and horror.
I still live independently, drive, have 2 miniature dogs, manage my own medicine, etc. So - all good ATM.
And yes, I am still programming. I more-or-less monthly release https://savage.net.au/misc/Perl.Wiki.html,
my curated compendium of Perl module, and I am slowly automating the creation of this wiki.
The next step will be to output the wiki as a jsTree (https://www.jstree.com/),
but moving - as you might know - consumes a lot of time.....

So, what exactly is a Readonly variable in Perl? A readonly variable is one that, once assigned a value, cannot be changed. Any attempt to modify it will trigger a runtime error. This mechanism enforces immutability, ensuring that critical values remain untouched and are protected from accidental or unauthorised alterations.