📬 Open Source & Linux Weekly - W23_2026
HTTP/2 Bomb hits every web server, PostgreSQL 19 Beta 1 ships, Rust funds maintainers, CISA flags cgroups bug
The week's biggest break was a denial-of-service bug that an AI agent found across the entire web server stack, and the responses to it came from the people deciding who funds and who reviews open source code.
🤓 What I Wrote This Week
40 Years of Craft. Antipathy Turned Into a Weapon in His Own Code.
A veteran maintainer hid a prompt injection in a test framework called jqwik, invisible to humans but a weapon for AI agents.
Billions of Computers Run His Editor. He Managed It for 32 Years.
A text editor on nearly every Unix-based computer on Earth helped fund an orphanage in Uganda. One man maintained it for 32 years, until the day he couldn’t.
⚡ TL;DR
- HTTP/2 Bomb (CVE-2026-49975) can exhaust a server's memory in seconds across nginx, Apache, IIS, Envoy, and Cloudflare Pingora, and an AI coding agent found it.
- The Rust Foundation launched a Maintainers Fund on June 2 to pay compiler, Cargo, and Clippy maintainers losing their industry funding.
- A worm called Miasma rode GitHub trusted publishing into 32 @redhat-cloud-services npm packages on June 1.
- Torvalds shipped Linux 7.1-rc6 on May 31, smaller than rc5, with final release tracking to mid-June.
- PostgreSQL 19 Beta 1 shipped June 4 with an auto-scaling asynchronous I/O subsystem, parallel autovacuum, and SQL property-graph queries.
🐧 Linux
Torvalds ships 7.1-rc6 and the PostgreSQL regression gets a verdict, not a revert
Linus Torvalds released Linux 7.1-rc6 on May 31, and for the first time in this cycle sounded relieved: "I wouldn't call this 'small', but it is certainly smaller than rc5 was. And I don't think there's anything particularly scary here, so maybe we're still on track for a normal release cycle." Networking still carried the largest pull requests on AI-assisted contributions, the churn Torvalds has flagged for a month, but the final 7.1 release is tracking to mid-June. Separately, the PostgreSQL throughput regression that has sat in these notes since 7.0 reached a decision this week: maintainers will not restore the removed PREEMPT_NONE model, and Peter Zijlstra's position is that PostgreSQL should adopt the kernel's Restartable Sequences time-slice extension instead. Telling userspace to adapt to a kernel change that halved its throughput runs against the kernel's own "we do not break userspace" rule, and the maintainers chose the workaround anyway.
CISA gives federal agencies three days to patch a 2022 Linux cgroups escape now under active attack
CISA added CVE-2022-0492 to its Known Exploited Vulnerabilities catalog on June 2 and set a June 5 remediation deadline for federal civilian agencies, citing active exploitation of the cgroups v1 release_agent flaw. The bug (CVSS 7.8) lets a local user escape a container and run code as root through improper authentication, and it was patched in 2022, but hosts still exposing cgroups v1 (older kernels, container nodes, embedded and IoT devices that lag on updates) remain open to it.
AMD submits HDMI 2.1 FRL for Linux 7.2, years after the spec lockout
AMD's Harry Wentland posted the HDMI 2.1 Fixed Rate Link (FRL) and Display Stream Compression (DSC) patch series for the AMDGPU display driver, headed for the Linux 7.2 merge window in mid-June. The work enables higher-bandwidth modes the open driver has never reached, such as 4K at 144 Hz and 8K at 60 Hz, on Radeon hardware that the HDMI Forum's licensing terms kept locked behind closed firmware for years. Landing this in 7.2 puts it in Ubuntu 26.10 and the other second-half distributions.
GNOME 50.2 lands with NVIDIA, plymouth, and X11-session fixes
GNOME shipped 50.2 this week as the second maintenance update to the GNOME 50 series, with Nautilus at 50.2.2 and Mutter at 50.1. The release fixes plymouth hanging indefinitely on headless machines, corrects the session-type value GDM was setting wrong for X11 logins, and clears a batch of NVIDIA stutter and screenshot bugs. Fedora 44 and Arch already carry it.
systemd 261-rc3 stamps dlopen metadata into every binary
Lennart Poettering's team cut systemd 261-rc3 this week, mostly bug fixes from the prior two candidates, with one structural change: individual systemd binaries now embed a dlopen ELF metadata note declaring their optional dependencies, rather than carrying that note only on libsystemd-shared.so. The stable 261 release, which adds the systemd-sysinstall installer and the storagectl utility from rc1, is close and lands in second-half distributions.
Azure Linux 4.0 enters public preview as Microsoft's general-purpose distro, dropping tdnf for dnf5
Microsoft opened Azure Linux 4.0 to public preview for Azure VM customers this week, positioning the first-party distribution (which began as CBL-Mariner and ran mostly as the AKS container host) as a general-purpose server OS. The build pairs a 6.18 LTS kernel with systemd 258, glibc 2.42, Python 3.14, and rpm 6.0, and it retires tdnf, Microsoft's lean C reimplementation of dnf, for standard dnf5 and its full plugin ecosystem, with Azure Container Linux as the immutable container-host sibling sharing the same kernel and package baseline. Preview means evaluation only, not production, and FIPS 140-3 validation is still pending.
🧩 Open Source
HTTP/2 Bomb takes down nginx, Apache, IIS, Envoy, and Pingora, and an AI agent found it
Quang Luong, with Jun Rong and Duc Phan confirming the attack across servers, disclosed HTTP/2 Bomb (CVE-2026-49975) on June 2, a memory-exhaustion denial-of-service that hits the default HTTP/2 configuration of nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. The attack seeds the HPACK header-compression table with one large entry, then sends thousands of single-byte references back to it per request while holding the connection open, so one byte on the wire becomes one full header allocation on the server. Luong reported the amplification at roughly 5,700 to 1 on Envoy (32 GB gone in about 10 seconds) and around 4,000 to 1 on Apache, with Shodan showing more than 880,000 exposed servers. nginx shipped the fix in 1.29.8 by importing the max_headers directive from freenginx, defaulting to 1,000, and Apache's Stefan Eissing patched mod_http2 the same day, while Envoy, IIS, and Cloudflare Pingora had no fix at disclosure, though Envoy shipped one the next day. The bug was found by an AI coding agent reading the spec.
PostgreSQL 19 Beta 1 ships with async I/O, parallel autovacuum, and SQL property graphs
The PostgreSQL Global Development Group released PostgreSQL 19 Beta 1 on June 4, opening the test cycle for a release due late this year. The headline work is the maturing asynchronous I/O subsystem, now with an io_method=worker mode that auto-scales its worker pool, alongside parallel autovacuum, a new REPACK command that rebuilds tables with a CONCURRENTLY option, and SQL/PGQ property-graph queries that pull graph traversal into standard SQL. JIT is now off by default and TOAST compression defaults to lz4. Beta is the window to test async I/O against a real write workload before it reaches production next year.
The Rust Foundation will now pay the maintainers industry stopped funding
The Rust Foundation launched the Maintainers Fund on June 2, acting on RFC #3931, which sets up a Funding team and a Maintainer in Residence program to provide stable, long-term pay for people working on the compiler, standard library, Cargo, and Clippy. The Foundation was blunt about the trigger: "key Rust maintainers are losing their funding for Rust work due to budget shifts," meaning the day jobs that quietly subsidized core toolchain work are drying up. Funding maintenance directly, rather than hoping a sponsoring employer keeps a critical contributor on payroll, is the model open source keeps relearning, and Rust is large enough that the failure mode is no longer hypothetical.
A worm called Miasma rode trusted publishing into Red Hat's npm packages
Aikido Security caught a compromise of 32 @redhat-cloud-services npm packages on June 1, with 96 malicious versions pushed across packages pulling roughly 117,000 downloads a week. The attacker took over a Red Hat employee's GitHub account and pushed orphan commits adding a workflow that requested short-lived OIDC tokens through GitHub's trusted-publishing mechanism, then published to npm with no stolen long-lived token, while a 4.2 MB obfuscated preinstall payload swept Vault tokens, Kubernetes configs, npm and PyPI publish tokens, SSH keys, and .env files. This is the second trusted-publishing abuse in two weeks, after the same pattern hit other packages in late May.
Anthropic says Claude Mythos has surfaced 10,000+ critical flaws, and widens Project Glasswing to about 150 organizations
Anthropic said on June 2 that partners in Project Glasswing, running a model it calls Claude Mythos Preview, have found more than 10,000 high or critical severity flaws in critical-infrastructure and widely used software, and that it is extending the program to roughly 150 more organizations across power, water, healthcare, communications, and hardware. The model pairs with human security teams to triage and report at a volume manual review has not matched. Arriving the same week an AI agent surfaced the HTTP/2 Bomb across every major web server, it is that same capability pointed at defense, and the open question is who absorbs 10,000 findings without burying the maintainers expected to fix them.
The Linux Foundation moves to launch a Tokenomics Foundation for AI token costs
The Linux Foundation announced on June 3 its intent to launch the Tokenomics Foundation, a standards body for the economics of AI infrastructure, with the per-token price of model and agent calls as the unit it wants to make measurable and comparable across vendors. It will work with the FinOps Foundation and fund the expansion of FOCUS (the open specification for normalizing cloud bills) into token-based spend, so finance teams can track model costs with the tools they already use for compute. Initial backers include Google Cloud, Microsoft, IBM, Oracle, SAP, Salesforce, ServiceNow, JPMorganChase, and Accenture, with the technical roadmap and first working groups due at FinOps X on June 8. The push follows enterprises reporting through the spring that they blew through annual token budgets within months, as per-token prices leveled off after two years of falling.
💎 Gems & Tools
The Q2 2026 graphics stack got its second point release on June 3, with Vulkan driver fixes including an Intel ANV crash on Xe3 hardware and a regression that 26.1.0 introduced on older Intel GPUs. If 26.1.0 broke graphics on an older Intel card, this is the build that clears it.
The Document Foundation shipped its fourth 26.2 maintenance update on June 5 with bug fixes across Writer, Calc, Impress, and the rest. The 25.8 branch reaches end of life on June 12, so anyone still there should move now rather than run unpatched.
The Fedora Atomic gaming image picked up Valve's VRAM prioritization patch set on June 5, which prioritizes game memory to stop out-of-memory crashes on both the KDE and GNOME builds, alongside Mesa 26.1 and the NVIDIA 610 open driver. The kind of fix that decides whether a handheld session survives a long game.
🔍 Spotlight
Quang Luong, security researcher
Luong is the researcher who disclosed HTTP/2 Bomb on June 2, the memory-exhaustion bug that hits the default HTTP/2 configuration of nearly every major web server at once. The technique is not new in its parts: an HPACK compression bomb and a Slowloris-style connection hold have each been known for close to a decade. The contribution was noticing that chaining them turns one byte on the wire into a full header allocation on the server, and then proving the amplification reached thousands to one on Envoy and Apache before reporting it through coordinated disclosure, with Jun Rong and Duc Phan confirming the impact across platforms.
How he found it is the part worth attention: an AI coding agent reading the HTTP/2 specification surfaced the interaction. That is the same tooling Torvalds spent the month blaming for the duplicate-report flood on the kernel's security list. The agent found a real, severe, web-wide bug because a researcher who knew what to chain pointed it at a protocol spec. The same tool produces only noise when it runs unsupervised against a maintainer's mailbox. The judgment about where to look stayed human, and that is the line that decides which of the two outcomes a team gets.
That was the week…
Cap your HTTP/2 header counts, audit your trusted-publishing config, and decide whether your database wants RSEQ before 7.1 lands.
Have a good week!
You can find me on Medium, X, Bluesky, Mastodon, and Threads.