Gramps Web API Path Traversal Vulnerability CVE-2026-40258

⚠️ Medium Risk Vulnerability Alert! The Claude SDK for Python has a memory tool path validation race condition that allows sandbox escape. This issue is related to API security and can lead to unrestricted resource consumption. It's been patched in version 0.87.0. Stay safe and keep your systems updated! #ClaudeSDK #Python #APIsecurity #OWASP #CVE2026-34452 https://lnkd.in/g26q6ZAn

Just finished building an Automated Data Firewall in Python! The Problem: Manually checking incoming CSVs for errors is slow and prone to human error. The Solution: I built a system using Python and Watchdog that monitors folders in real-time. It runs parallel quality checks (null-value detection & outlier analysis) before promoting clean data to a MySQL warehouse via SQLAlchemy. Key Features: ✅ Real-time file monitoring ✅ Fail-safe reporting with ReportLab (PDFs) ✅ Concurrent processing with ThreadPoolExecutor 📂 Check out the repo here:https://lnkd.in/e8p7Aefq #Python #DataEngineering #Automation #Github #SoftwareDevelopment

Python’s most popular packages aren’t always the safest ones. 🪦 Some of them are still being downloaded millions of times — even after they’ve reached end-of-life. That means: • No more security patches • No more bug fixes • No maintainer support — ever From libraries that parse untrusted files to tools embedded deep in CI/CD pipelines, these EOL dependencies create a quiet but very real attack surface. Because the risk isn’t just “is there a CVE today?” It’s “what happens when the next one drops — and no one is there to fix it?” Outdated doesn’t always mean unused. And in open source, usage without support is where risk compounds. #Python #OpenSource #AppSec #EOL #SoftwareSecurity #DevSecOps #HeroDevs

Want to convert an integer #Python #Pandas column from Unix time to datetime? Use pd.to_datetime, passing the int column and the "unit" keyword argument, set to "s" (seconds): df['date'] = pd.to_datetime(df['unixtime'],unit='s') If the column is in ms, then say unit='ms'

pip 26.1 Just Released For anyone that uses #pip for #Python package installations, uninstalls, etc - it has been updated today. This upgrade includes: dependency resolution performance improvements, reduced memory usage, improved conflict reports, etc. To upgrade pip, perform the following command. python -m pip install --upgrade pip For a list of enhancements and bug fixes, see as follows: https://lnkd.in/enhpRgnX

🚨 High Risk Vulnerability Alert 🚨 A parser differential in Python's urllib.parse.urlparse allows bypass of URL scheme and host filters, leading to Server Side Request Forgery (SSRF). This vulnerability, CVE-2023-24329, affects Python 3.11.3 and can be exploited in 3 steps. It's a clear reminder of the importance of API security. Stay safe out there! #Python #Vulnerability #OWASP #APIsecurity #SSRF https://lnkd.in/gPvXm-rS

🐍 Python 3.10 is approaching end-of-life — October 31, 2026 is closer than it looks. Python 3.10 is already in its security-only phase — no new features, no bug fixes. Just critical patches until the clock runs out. But the impact isn't waiting until October: → NumPy, SciPy, Pandas, and others have already dropped 3.10 support → You may already be unable to get security updates for key dependencies → After EOL, every new CVE in CPython becomes permanent exposure → Compliance frameworks are already flagging EOL runtimes as audit findings And if you're running Django 4.2, it goes EOL April 30, 2026. The hardest part isn't knowing you need to upgrade. It's realizing how much of your stack is affected and how long it will actually take. For most teams, this isn't a version bump. It's a migration. The clock is already ticking. ⏰ #Python #OpenSource #EOL #SoftwareSecurity #DevSecOps #Engineering #HeroDevs

I’ve been spending my recent free time in building an Event-Driven Backtesting Engine from scratch for Options. Backtesting complex option strategies requires processing massive amounts of market data, calculating Greeks, and tracking portfolio metrics simultaneously. To handle this without latency bottlenecks, I decided to architect the entire core engine in C++. for now I have mostly tried to make it very flexible like modular commission and slippage and ability to write custom strategies instead of editing the core engine itself I completely decoupled most of the core things so The entire C++ backend is compiled as a standalone library. I am also trying to Integrate a python bridge using pybind11 exposing this compiled library directly to Python. The goal for this is to make the engine to do all the computation in the background, allowing anyone to write, test, and plug in custom strategies dynamically using simple Python scripts without ever needing to modify the core engine files. Getting the C++ event loop to work good with Python scripting is proving to be a little complicated right now! I'll be pushing a final README and some sample strategies once I get the bindings fully stabilized. You guys can check out the code here : https://lnkd.in/gRSgd4gs #quantfinance #cpp #python #algorithmictrading #options #pybind11 #derivatives

I hid an Easter Egg in our tooling… It’s fast. In case you haven't heard, there is a new kid on the block doing fast type checking: ty https://docs.astral.sh/ty/ ty is a new type checker from the team behind ruff (the linter that already replaced flake8 and black for us). It's written in Rust. Same idea: take a critical Python dev tool and make it instant. Our Python codebase runs mypy on every commit and every PR. It works, but sometimes you see that 2-3 seconds wait that even on a mid-size project, it adds noticeable seconds to every pre-commit hook and CI run. Multiply that by every developer, every push, every day. What we did: 1. Tested removing the Pydantic mypy plugin, zero new errors. It wasn't catching anything our type annotations didn't already cover. 2. Ran ty alongside mypy to compare output. 99 initial errors, all from third-party library stub gaps (SQLAlchemy, pyarrow), not real bugs. 3. Added per-module overrides in pyproject.toml to suppress the stub noise, same thing we were doing with mypy's # type: ignore comments. 4. Swapped mypy for ty in pre-commit, CI, and our justfile. Removed mypy entirely. Result: Type checking went from "look out the window" to "already done." Same coverage, same confidence, faster feedback loop. Should you migrate today? If you rely heavily on mypy plugins (Pydantic), test without them first. If your codebase passes clean, you're good to go. If not, wait for ty's plugin ecosystem to mature. You could argue that ty is still early but is moving incredibly fast. For well-typed codebases, it's already a drop-in improvement. Migration inspired by https://lnkd.in/eu5iMfS2

💻 Local vs Server: The Real Python Experience Working on Python projects locally feels easy — everything runs perfectly on your machine. But once you deploy the same code on a company server, reality hits: • Hard-coded paths or environment-specific settings break. • Dependencies installed locally may not exist on the server. • A requirements.txt file becomes mandatory to ensure all packages and versions are installed correctly. ✅ Lesson learned: Local testing is just the beginning — making your code robust, portable, and server-ready is the real challenge. #Python #SoftwareDevelopment #Deployment #ProgrammingTips