Sign in Subscribe

Self-Hosted Weekly: Week 11, 2026. Dify Raises $30M, Rust Is Stable in the Linux Kernel, and FOSS Gets an Endowment

Michael Soto

4 min read
Self-Hosted Weekly: Week 11, 2026. Dify Raises $30M, Rust Is Stable in the Linux Kernel, and FOSS Gets an Endowment

Look, it's been one of those weeks where the open-source ecosystem flexed in every direction at once. Dify closed a $30M round. Rust in the Linux kernel isn't experimental anymore. And someone finally came up with a funding model for FOSS that doesn't involve begging or relicensing. Let's get into it.

1. Dify Raises $30M — Open-Source AI Agents Get Enterprise Money

Dify, the open-source AI agent platform, closed a $30 million Series Pre-A at a $180M valuation. The round was led by HSG, with participation from GL Ventures, Alt-Alpha Capital, and 5Y Capital. Over 2,000 teams and 280 enterprises already use Dify for document analysis, internal copilots, and customer support automation.

Hot take: Dify has quietly become the backbone of a lot of internal AI tooling at companies that don't want to ship their data to OpenAI's servers. The funding means better agent capabilities, enterprise compliance features, and — let's be honest — a product that's going to get harder to ignore. You can deploy Dify on Elestio and start building AI workflows without writing a single line of agent code.

2. The Open Source Endowment Wants to Fix FOSS Funding — Permanently

A new 501(c)(3) nonprofit called the Open Source Endowment (OSE) launched with $750K+ in commitments and a radical idea: fund open-source like a university. Capital gets invested, and only the investment income goes out as grants. The principal stays forever.

Backers include former GitHub CEO Thomas Dohmke, HashiCorp founder Mitchell Hashimoto, Supabase CEO Paul Copplestone, and the creators of Vue.js and cURL. First grant round is planned for Q2 2026.

Hot take: Every other open-source funding model has been either "please donate" (unsustainable) or "switch to a restrictive license" (hostile). An endowment model is the first approach that could actually scale without poisoning the ecosystem. If OSE gets to $10M+ in the principal, the annual grants could meaningfully support critical infrastructure projects that everyone depends on but nobody pays for.

3. Linux 7.0-rc3: Rust Is Officially Stable in the Kernel

Linus Torvalds released Linux 7.0-rc3, and buried in the changelog is a milestone that's been years in the making: Rust support in the kernel is no longer experimental. It's stable. Official. Done.

The rc3 release itself ended up bigger than usual, largely due to an expanded test suite focused on hardening — which is fitting for a milestone this significant.

Hot take: Rust-in-kernel has been the most contentious debate in Linux development since systemd. Now that it's stable, expect an acceleration of memory-safe driver rewrites and new subsystems. This matters for self-hosters because memory safety bugs in kernel drivers are the kind of vulnerabilities that keep sysadmins up at night. Fewer of those is a win for everyone.

4. OpenProject 17.2 Ships an MCP Server for AI Integration

OpenProject 17.2 dropped this week with a feature that caught my attention: an MCP (Model Context Protocol) Server that enables AI and LLM integrations directly with your project management data. It's an Enterprise add-on, but the core release also includes reusable meeting templates and improved financial insights in the Project Overview.

Hot take: MCP is quickly becoming the standard way AI tools talk to structured data sources. Seeing OpenProject adopt it means your self-hosted project management instance can now be queried by Claude, ChatGPT, or any MCP-compatible agent. That's powerful. If you're running OpenProject on Elestio, the upgrade path is straightforward — docker-compose pull and restart.

5. digiKam 9.0: A Complete Qt 6 Rewrite with 400 Bug Fixes

The leading open-source photo management desktop app shipped version 9.0 with a full port to Qt 6, a rewritten file transfer tool, dozens of new RAW camera models, and over 400 bug fixes.

Hot take: If you're running Immich or PhotoPrism on your server for cloud photo storage, digiKam 9.0 is the perfect desktop companion for local editing and tagging before upload. The Qt 6 migration also future-proofs the project — Qt 5 is approaching end-of-life, and projects that haven't migrated will start falling behind.

6. March Security Roundup: 180+ CVEs Across Android, Windows, and FreeType

Google's March 2026 Android security bulletin patches 100+ vulnerabilities, including CVE-2026-21385 (CVSS 7.8), a memory corruption flaw in Qualcomm's graphics component confirmed under active exploitation. Microsoft's Patch Tuesday added another 79 CVEs, including two zero-days. Separately, the FreeType project disclosed an integer overflow vulnerability (CVE-2026-23865) affecting Linux, Windows, and macOS.

Separately, OpenCTI (the open-source threat intelligence platform) disclosed an SSRF vulnerability (CVE-2026-21887) in versions prior to 6.8.16.

Hot take: The FreeType CVE is the one self-hosters should care about — it's in a library that's everywhere. If you're running any Linux-based service that renders fonts (so... all of them), make sure your containers are pulling updated base images. And if you're running OpenCTI, patch immediately — SSRF in a threat intelligence platform is particularly ironic.

7. GSoC 2026 Opens March 16 — and KubeCon EU Arrives March 23

Two community milestones are right around the corner. Google Summer of Code 2026 opens contributor applications on March 16, with 185 open-source organizations participating — including CNCF. And KubeCon + CloudNativeCon Europe lands in Amsterdam March 23–26 with co-located events covering AI, observability, and platform engineering.

Hot take: GSoC remains the best on-ramp for first-time open-source contributors. And KubeCon Amsterdam should be interesting — Kubernetes v1.36 code freeze hits March 19, so expect previews of what's coming next.

What We're Watching Next Week

  • KubeCon EU Amsterdam kicks off March 23 — expect a flood of cloud-native announcements
  • Kubernetes v1.36 code freeze on March 19
  • Open Source Endowment first grant decisions approaching in Q2
  • Dify post-funding roadmap — what's next after $30M?

The Bottom Line

This was one of those weeks where serious money met serious engineering. Dify's $30M and the Open Source Endowment both point to real capital flowing into open-source infrastructure — not as charity, but as strategy. And Rust going stable in the kernel is the kind of boring, important progress that makes everything more secure five years from now.

The self-hosted ecosystem isn't just surviving. It's becoming the default.

Thanks for reading ❤️ See you next week 👋

Sign up for more like this.

Enter your email
Subscribe