PHP

The 100-million-row challenge is a PHP competition focused on high-performance data processing. Participants must parse page visit datasets into JSON files, optimizing for speed and resource management on a standard server environment. Running until March 15, 2026, the contest awards top performers with prizes from PhpStorm and Tideways.

A security vulnerability was discovered in Roundcube Webmail's sanitizer, specifically within the rcube_washtml class, which allowed attackers to bypass the 'Block remote images' privacy feature. While the sanitizer correctly blocked external resources for common tags like <img> and <use>, it failed to properly handle the SVG <feImage> element. Because its href attribute was routed through a link-washing function instead of the image-validation path, external URLs were permitted. This flaw allowed unauthorized tracking of users, enabling attackers to log IP addresses and confirm email opens by embedding invisible SVG filters. The issue has been addressed in versions 1.5.13 and 1.6.13 by ensuring <feImage> is correctly categorized as an image-bearing attribute during the validation process.