Sign in Subscribe

Self-Hosted Weekly: Week 13, 2026. KubeCon Drops Major Updates, Langflow Gets a CVSS 9.3, and OpenAI Buys Python's Best Tools

Michael Soto

4 min read
Self-Hosted Weekly: Week 13, 2026. KubeCon Drops Major Updates, Langflow Gets a CVSS 9.3, and OpenAI Buys Python's Best Tools

Another week, another round of "update immediately" advisories and corporate open-source acquisitions that make everyone nervous. KubeCon Europe happened in Amsterdam. Langflow got a CVSS 9.3. OpenAI bought the tools half the Python ecosystem depends on. Here's what you need to know.

KubeCon Europe 2026: Velero Goes to CNCF, GPUs Get First-Class K8s Support

KubeCon Amsterdam delivered a stack of announcements. The biggest for self-hosters: Broadcom donated Velero (the go-to Kubernetes backup/restore tool) to the CNCF Sandbox, making it vendor-neutral. Tekton and Fluid moved to CNCF incubating status, and a new sandbox project called llm-d was accepted for standardizing LLM inference on Kubernetes.

The headline technical change: Dynamic Resource Allocation (DRA) graduated to GA. If you're running GPU workloads on K8s — Ollama, ComfyUI, TensorFlow — this makes GPU scheduling a first-class operation instead of a hack.

Our take: Velero under CNCF is quietly one of the most important moves this year. Backup tooling needs to be vendor-neutral, and Broadcom doing the right thing here is worth acknowledging.

Langflow RCE Exploited Within 20 Hours (CVE-2026-33017)

A critical unauthenticated RCE vulnerability (CVSS 9.3) hit Langflow, the open-source AI workflow builder. Attackers can execute arbitrary Python code with a single HTTP request — no credentials required. CISA added it to the Known Exploited Vulnerabilities catalog on March 25 after Sysdig observed active exploitation within 20 hours of disclosure.

Worse: JFrog researchers found that the "fixed" version may still be exploitable through certain endpoints.

If you run Langflow: Upgrade to v1.9.0+ immediately, rotate all secrets, and never expose it directly to the internet without a reverse proxy and authentication layer. On Elestio, the Nginx reverse proxy and automatic updates help mitigate this kind of risk — but you still need to stay on top of version updates.

OpenAI Acquires Astral — Your Python Toolchain Just Changed Owners

OpenAI announced the acquisition of Astral, creators of uv (package manager), Ruff (linter), and ty (type checker). These tools are embedded in millions of Python workflows, including self-hosted projects like Paperless-ngx and Home Assistant plugins. Astral's team joins the Codex AI coding team.

OpenAI promises to keep everything open-source. The community is... cautiously skeptical.

Our take: The tools will probably stay open-source — OpenAI needs developer goodwill, and relicensing uv would be PR suicide. But the governance question matters. When one company owns both the AI and the toolchain, the incentives get complicated.

Self-Hosted Apps Under Fire: Tandoor Recipes & SiYuan Hit with Critical CVEs

Two self-hosted staples got critical vulnerability disclosures this week:

  • Tandoor Recipes (CVE-2026-33152, CVSS 9.1) — brute-force authentication bypass via API. Upgrade to v2.6.0+.
  • SiYuan (CVE-2026-33669, CVSS 9.8) — unauthenticated document access. Upgrade to v3.6.2+.

Our take: These aren't obscure tools — they're the recipe managers and note apps people run at home. If "personal" apps feel low-risk to you, a CVSS 9.8 with zero-click document access should change that. Keep everything updated. Always.

Valkey Becomes the Default: Cloud Providers Move Away from Redis

The Redis fork keeps gaining ground. AWS ElastiCache now defaults to Valkey as its engine. Google Cloud Memorystore added full Valkey support. Command compatibility sits at ~90% with genuine divergence happening between the projects.

For self-hosters still running Redis in Docker Compose: swapping redis:latest for valkey/valkey:latest is a near-drop-in replacement. Both Redis and Valkey are available on Elestio if you want managed hosting for either.

$12.5M Pledged for Open Source Security by AI Companies

Anthropic, AWS, GitHub, Google, Microsoft, and OpenAI committed $12.5 million through the OpenSSF and Alpha-Omega to fund open-source security. The irony: AI tools are dramatically accelerating vulnerability discovery in OSS projects, overwhelming maintainers who lack resources to triage the flood of automated reports.

Our take: The funding is welcome, but the math doesn't add up yet. AI companies are generating security debt faster than $12.5M can fix it. The structural problem — underfunded maintainers drowning in reports — remains.

Booklore Drama: Single-Maintainer Risk on Full Display

Booklore, a fast-growing self-hosted digital library platform, was removed from GitHub after community members uncovered developer misconduct toward contributors. Six days later, the developer shipped a "critical" security patch with no CVE disclosure or transparency about what was fixed.

Our take: This is the self-hosted community's version of bus-factor risk. When one person controls a project and burns bridges with every contributor, the whole community loses. Prefer projects with transparent governance, multiple maintainers, and clear contribution guidelines.

GitHub Actions Security Roadmap Amid Pricing Tensions

GitHub published its 2026 Actions security roadmap on March 26, shifting toward "secure-by-default" automation. Meanwhile, the shadow of December's pricing debacle lingers — GitHub tried charging for self-hosted runners on your own hardware, faced massive backlash, and postponed indefinitely.

Our take: If you haven't explored Gitea Actions yet, now's a good time. GitHub's pricing experiments suggest they'll try again. Having an exit plan isn't paranoia — it's ops.

What We're Watching Next Week

  • Langflow patch verification — JFrog says the fix may be incomplete. Watch for v1.9.1+.
  • KubeCon fallout — vendor announcements usually trickle in the week after the conference.
  • DietPi v10.2 shipped with native Immich support, bringing self-hosted Google Photos to Raspberry Pi. Worth exploring.

Bottom Line

KubeCon moved the needle on Kubernetes GPU support and gave Velero a proper community home. But the recurring theme this week is security: Langflow's 20-hour exploitation, two beloved self-hosted apps with CVSS 9+ scores, and the ongoing question of whether $12.5M is enough to fix what AI is breaking in open-source security. Keep your stacks updated and your admin panels behind a reverse proxy.

Thanks for reading. See you in the next one 👋

Sign up for more like this.

Enter your email
Subscribe