The Git Times

Hugging Face released Diffusers v0.37.1, addressing three integration issues that affect users of the latest generative models. The patch corrects ModularPipelines loading when AutoModel type hints appear in modular_model_index.json, resolves Flux Klein LoRA compatibility, and guards an unguarded torchvision import inside Cosmos Predict 2.5.

Diffusers remains the standard PyTorch toolbox for diffusion-based image, video and audio generation. It supplies ready pipelines that produce outputs from text prompts in a few lines, interchangeable noise schedulers that let developers trade inference speed for sample quality, and individual pretrained components that can be reassembled into custom end-to-end systems.

Installation continues through the established route: pip install --upgrade diffusers[torch]. Typical usage loads a Hub checkpoint such as a Stable Diffusion or Flux variant, moves it to GPU, then calls the pipeline with a prompt. The same modular parts—UNet2DModel, DDPMScheduler, and others—allow teams to replace any stage without rewriting surrounding code.

These maintenance fixes matter now because Flux variants and modular LoRA workflows have moved into routine production use. By removing loading failures and import conflicts, v0.37.1 reduces friction for teams iterating on text-to-image, image-to-video and scientific applications such as molecular structure generation. The library’s emphasis on usable, composable parts keeps it aligned with the pace of new checkpoints appearing on the Hub.

Streamlit 1.56.0 introduces targeted improvements to its framework for converting Python scripts into interactive web applications. The update focuses on practical enhancements that reduce friction for data scientists and engineers who already rely on the library for rapid prototyping.

New capabilities include the st.menu_button widget for contextual dropdowns, AudioColumn and VideoColumn types in st.column_config for embedding media in tables, and programmatic control over st.dataframe selections. Navigation gains support for external URLs in st.Page and configurable visible items through the expanded parameter in st.navigation. Additional changes add on_click rerun behavior to st.link_button, hide_index and hide_header options for st.table, plus height and file-type shortcuts for st.chat_input.

These updates matter because they expand what developers can accomplish while preserving Streamlit's signature simplicity. Changes appear instantly during live editing, maintaining the fast feedback loop that distinguishes the tool from traditional web frameworks. Static files now serve with native content types, and alert icons are extracted automatically for cleaner interfaces.

Six years after its initial release, Streamlit remains focused on letting Python users build dashboards, reports, and LLM chat apps without frontend expertise. The free Community Cloud continues to handle deployment and sharing, while the component ecosystem extends functionality for specialized needs in machine learning, finance, and scientific computing.

The release demonstrates the project's steady evolution rather than reinvention, addressing concrete requests from its active user base.

The AI4Finance Foundation has released FinGPT v1.0.0, packaging its open-source financial large language models as a downloadable software toolkit. The update provides ready implementations for market sentiment analysis, forecasting workflows, financial data processing, and LLM-based research pipelines.

Finance moves faster than general-purpose models can adapt. BloombergGPT demonstrated the problem: 53 days of training on mixed datasets at a cost of roughly $3 million. FinGPT instead applies instruction tuning and retrieval-augmented generation to existing open models, releasing the resulting weights on Hugging Face. Recent artifacts include a dedicated sentiment analysis model, the FinGPT-Forecaster, and multi-task LLMs evaluated on the FinGPT-Benchmark.

The project remains under active development. Its Jupyter Notebook codebase supports PyTorch backends, prompt engineering patterns, reinforcement learning components for trading agents, and technical analysis modules. Papers accepted at NeurIPS 2023 and IJCAI 2023 workshops document the benchmark, data curation methods, and sentiment enhancements.

Version 1.0.0 shifts the project from research prototypes toward production-ready assets. Developers and researchers can now download the full stack rather than assemble components from scattered repositories. In an industry constrained by internal regulations that discourage open-sourcing proprietary systems, this approach continues to lower the cost of deploying specialized LLMs.

(178 words)

evo continues to serve as the standard tool for evaluating odometry and SLAM trajectories more than eight years after its initial release. Recent commits, including an April 2026 push, have tightened ROS 2 integration and introduced Pixi as a reproducible installation method, addressing pain points for teams migrating from ROS 1 or managing complex Python environments.

The package ingests TUM trajectory files, KITTI pose files, EuRoC MAV ground truth, and ROS/ROS2 bagfiles containing geometry_msgs/PoseStamped, nav_msgs/Odometry, or TF messages. It then computes absolute pose error (APE) and relative pose error (RPE) with configurable association, alignment, and scale-correction routines essential for monocular systems.

Its CLI tools (evo_ape, evo_rpe, evo_traj) deliver rapid comparisons without writing boilerplate, while the modular core library lets developers script custom metrics or export results to LaTeX tables, Excel, or interactive plots. Benchmarks published in the repository show evo outperforming earlier Python alternatives on large datasets.

As autonomous delivery robots and warehouse mapping projects proliferate, evo’s format-agnostic design prevents metric fragmentation across benchmarks. The shift to Python 3.10+ and ROS 2 support keeps the tool aligned with production stacks rather than academic prototypes.

Installation remains simple: pip install evo for the latest release or pip install --editable . for local development. Virtual environments or Pixi are recommended to isolate dependencies.

Scikit-robot, the pure-Python library for robot kinematics and control, has consolidated its utilities under a single skr command-line interface. The change reduces fragmentation that previously required separate scripts for common operations on URDF files and mesh data.

The skr entrypoint now handles multiple workflows. Engineers can run skr visualize-urdf with Trimesh or other viewers, skr convert-urdf-mesh to update asset references, skr modularize-urdf to split large descriptions, and skr change-urdf-root to restructure link hierarchies. Additional commands compute file hashes and adjust wheel collision models for mobile platforms.

Core capabilities remain unchanged: forward and inverse kinematics, basic motion planning, signed-distance-function queries for collision detection, and geometry primitives. The library integrates with both ROS and ROS2 while staying lightweight enough for standalone Python scripts. Optional dependencies add PyBullet simulation, Open3D rendering and fast mesh simplification when installed via scikit-robot[all].

Installation has been updated for modern tooling. The recommended path uses uv to create virtual environments and pull the package in seconds. These refinements matter now as robotics teams shift toward Python-first prototyping before moving to embedded targets. The focused scope delivers concrete speed for iteration without the overhead of full middleware suites.

Current development keeps the project aligned with evolving Python packaging and maintains compatibility with the latest robot description formats.

PX4 v1.16.1 incorporates a series of targeted backports that tighten core behavior for developers and operators of unmanned systems.

The release lets the UXRCE DDS agent IP be set through a parameter in SITL, removing hardcoded network assumptions and simplifying ROS 2 integration workflows. A commander module correction now rotates accelerometer offsets and scales from body frame back to sensor frame before saving, fixing a long-standing calibration error that affected attitude estimation across multiple boards.

Hardware support advances with a VOXL2 compatibility patch and added VTOL attitude control for the ark_fpv autopilot. macOS CI issues have been resolved, ensuring reliable builds for developers on that platform. Documentation updates add an explicit warning about RTL mode edge cases, giving operators concrete guidance before flight.

These changes sit on top of PX4’s modular uORB middleware, which keeps modules parallelized and configurable. The stack continues to run on NuttX, Linux and macOS while supporting the full Pixhawk sensor and actuator ecosystem.

Simulation remains a single-command operation. The project’s BSD-3 license and Dronecode Foundation governance keep the roadmap open for both commercial adopters and independent researchers.

(178 words)

RedTeam-Tools received a significant refresh in April 2026, adding fresh techniques that reflect shifts in endpoint detection and network defense. The repository now surfaces more than 150 tools and resources organized around MITRE ATT&CK tactics, with expanded sections on reconnaissance and living-off-the-land methods.

Recent red team tips demonstrate practical bypasses: deleting Windows Defender signatures, enabling multiple simultaneous RDP sessions, implementing proxy-aware PowerShell DownloadString calls, and scanning ports using only native binaries. Contributors added HTML smuggling improvements via mouse eventListener handlers and JavaScript preventDefault link spoofing.

The reconnaissance category features spiderfoot for OSINT mapping, reconftw for automated subdomain and vulnerability discovery, subzy for takeover checks, nuclei for template-based scanning, and crt.sh pipelines that feed into httprobe and EyeWitness for rapid domain visualization. Windows-focused entries cover unquoted service path exploitation without PowerUp, AppLocker rule enumeration, and virtual machine detection to avoid sandboxes.

The project maintains its original warning that all materials are strictly for educational and authorized testing purposes. Navigation improvements let users collapse category headings, keeping the large list manageable during time-sensitive operations. Regular community updates continue to map new tools to evolving ATT&CK techniques, helping practitioners test current controls rather than outdated assumptions.

(178 words)

SOPS v3.12.2 focuses on verifiable distribution. The release requires users to validate binaries before installation using Cosign, the Sigstore tool that confirms checksums were signed by GitHub Actions workflows via OIDC.

The process is concrete: download the platform binary, the checksums.txt file, its .pem certificate and .sig signature, then run a single cosign verify-blob command with explicit identity and issuer flags. Only after verification should the binary move to /usr/local/bin/sops and receive execute permissions.

The tool itself remains unchanged in core function. It edits encrypted YAML, JSON, ENV, INI and BINARY files, decrypting them on the fly with keys from AWS KMS, GCP KMS, Azure Key Vault, HuaweiCloud KMS, age or PGP. Operators commonly export multiple KMS ARNs in the SOPS_KMS_ARN environment variable, placing keys in separate regions for fault tolerance. SOPS uses the aws-sdk-go-v2 library and respects standard credential chains.

More than a decade old and written in Go, the project continues to serve teams that store encrypted configuration directly in Git. The new verification step matters now because compromised build pipelines have become a primary attack vector; validating the tool that protects secrets is no longer optional.

Installation binaries and signed artifacts are available from the v3.12.2 GitHub release.

OWASP has shipped version 1.7.0 of the Mobile Application Security Testing Guide, delivering the second phase of its multi-year refactor. The release moves the guide’s material out of long-form Markdown files into separate components, each now living in its own folder and as an individual webpage with frontmatter metadata.

The most visible change is the new Tests section, reachable at mas.owasp.org/MASTG/tests/. Entries follow the ID format MASTG-TEST-XXXX and cover verification steps previously scattered across documents on data storage, cryptography, local authentication, network communication and related topics. Similar dedicated sections now exist for techniques, tools and reference applications.

Project maintainers warn that the scale of the rearrangement has left some broken links on the live site and in the PDF ebook; fixes are promised in forthcoming patches. The underlying technical content remains unchanged: MASTG still supplies concrete procedures for verifying MASWE weaknesses in alignment with the MASVS standard, spanning static analysis, dynamic instrumentation, reverse engineering and runtime inspection on both Android and iOS.

The modular layout improves navigation for practitioners who need to locate a specific test quickly rather than scanning 500-page documents. Trusted by platform vendors, government agencies and training programs, the updated structure keeps MASTG current without diluting the depth that has made it a de-facto reference for mobile security testing since 2016.

Google has shipped Protocol Buffers v34.1, the latest incremental update to its language-neutral serialization format. First released internally in 2001 and open-sourced in 2008, the project continues to serve as the backbone for structured data exchange in everything from microservice APIs to configuration stores.

The new version centers on build-system readiness. Support for Bazel 9.x has been added across C++, Python and Java codebases, while the protocopt flag has moved out of the C++-specific directory to reflect its multi-language role. CMake dependencies in the C++ library have been refreshed, and a new cc_proto_library target now covers MessageSet definitions in the bridge module.

Java users receive a security-minded change: JsonFormat now avoids toBigIntegerExact to prevent degenerate parsing when confronted with extremely large numeric exponents. Release-engineering scripts were also repaired to correct path handling during packaging.

These changes matter because Protobuf remains the default serialization layer for gRPC services, internal Google infrastructure, and thousands of open-source repositories. Teams pinning to release branches can now adopt Bazel 9 without waiting for downstream patches, while the modest runtime improvements reduce friction in continuous-integration pipelines that process thousands of .proto definitions daily.

The core value proposition is unchanged: a compact binary format paired with a strict schema compiler that guarantees backward and forward compatibility as data structures evolve.

The Rust-based bat has received a maintenance update with the release of version 0.26.1, strengthening its position as the go-to cat(1) clone for developers.

The update adds paging functionality to -h and --help output, addressing a long-standing request. This allows comfortable browsing of bat's extensive options and language list without overwhelming the terminal.

Bug fixes form the bulk of changes. Issues resolved include hangs with --list-themes, incorrect handling of negative values in line ranges, and broken Docker syntax that blocked custom assets. Piping decorations have been adjusted for better cat compatibility, and diagnostics no longer misidentify the builtin pager. Help commands now correctly load theme settings from configuration files.

Syntax highlighting receives attention with updated mappings for quadlet *.build and *.pod files, fixes for Ada inconsistencies, support for podman artifact files, and Korn Shell scripts now correctly highlighted via Bash syntax.

At its core, bat provides syntax highlighting for dozens of programming and markup languages, shows Git modifications in the left gutter, and offers the -A/--show-all option to reveal non-printable characters. It automatically pages output through less for large files or acts as a drop-in cat replacement when piped to another process or file.

The improvements ensure bat continues to deliver reliable, feature-rich file inspection in modern development workflows.

ClickHouse has scheduled its 26.2 Release Call for February 26, 2026, spotlighting new capabilities for AI workloads and lakehouse architectures. The column-oriented DBMS, written primarily in C++ with selective Rust components, continues to deliver sub-second analytical queries on petabyte-scale data using its distributed MPP execution engine.

Recent updates focus on native Apache Iceberg integration, allowing direct SQL queries over data lakes stored in object storage without ETL pipelines. This removes friction for teams operating hybrid lakehouse environments. The system maintains full SQL compatibility while supporting high-ingestion rates typical of real-time analytics use cases.

Community events underscore the shift. AI Demo Night SF on April 9 and multiple Iceberg meetups in March and April 2026 demonstrate production deployments for vector similarity search, real-time model feature serving, and observability pipelines. The v25.8.22.28-lts release provides the stable foundation for these workloads.

Installation remains one command (curl https://clickhouse.com/ | sh) across Linux, macOS, and FreeBSD. Self-hosted, cloud-native, or embedded deployments all share the same core engine. Monthly release calls and active Slack channels keep contributors aligned on priorities ranging from performance to lakehouse interoperability.

The updates reflect ClickHouse's response to builders demanding unified analytics across data lakes and AI applications.

GHDL has shipped version 6.0.0, refreshing its builds across four code-generation backends and adding official support for newer base images. The release supplies macOS x86_64 and aarch64 tarballs, Ubuntu 24.04 binaries, standalone Windows ZIP files, and updated MSYS2/MinGW packages. Docker images now target both Ubuntu 22.04 and 24.04 for mcode, llvm, llvm-jit and gcc variants, easing integration into CI pipelines and containerised development.

The simulator retains full IEEE 1076 compliance for the 1987, 1993 and 2002 standards, with continued partial coverage of 2008 and 2019. By emitting native machine code instead of interpreting, GHDL routinely simulates multi-million-gate designs such as the LEON3/grlib suite at speeds unattainable by interpreted tools. Waveforms export to GHW, VCD or FST for use with external viewers, while VPI and VHPIDIRECT interfaces enable co-simulation with C or Python models.

The companion pyGHDL 6.0.0 package exposes the analysis libraries to Python, allowing verification scripts to query design hierarchy and drive testbenches directly. An experimental synthesis path produces VHDL 1993 netlists compatible with open-source and vendor flows.

For hardware teams, the updated packaging reduces setup time on Windows and ARM hosts and keeps the tool aligned with current Linux distributions. The changes are incremental yet practical, reflecting a decade-long focus on stable, high-performance open-source VHDL tooling.

AxxSolder 3.6.2 arrives with a clear focus on stability and resource management. The STM32-based controller for JBC C115, C210 and C245 cartridges had grown close to filling the STM32G431CBT6 flash. Developers responded by eliminating sprintf, pruning unused uint16_t variables, and removing the -u _printf_float flag. These changes, combined with adjusted interrupt handling during flash reads and an updated STUSB4500 I2C timeout, produced a noticeably smaller binary while maintaining full functionality.

The release also corrects a PID calculation edge case and an over-temperature detection bug that could trigger false positives. Menu redraw failures on the TFT display have been fixed, restoring reliable button response. Earlier additions in the 3.6 series—set-temperature graphing, landscape mode support, and configurable standby delay—now benefit from greater reliability.

At its core, AxxSolder implements a PID loop that regulates tip temperature to within a few degrees of target. The board accepts either 9-24 VDC or USB-C Power Delivery, negotiating supply limits during the PD handshake and throttling output automatically. A recommended Mean Well LRS-150-24 supply delivers full power to all handles; 65 W USB-PD adapters suffice for C115 and C210 while derating C245.

Both the JBC ADS-style station and portable enclosures share the same PCB and firmware. Design files, BOM with priced components, and 3D-printable CAD remain available in the repository. The project continues to serve builders seeking precise, open-source JBC control without proprietary hardware lock-in.

**

Version 5.9.1 of Rezolus updates its build containers with gnupg2 and pinentry to enable proper RPM signing. The change simplifies distribution to enterprise Linux environments while leaving the agent's instrumentation unchanged.

Written in Rust, Rezolus uses eBPF to deliver high-resolution metrics with minimal overhead. It instruments CPU utilization, scheduler behavior, block I/O workloads, network protocols, system call latencies, and container resource usage directly in the kernel. Execution in kernel context provides sub-second granularity that user-space polling cannot match.

The rezolus-capture script automates collection for a chosen duration and can ingest Prometheus-compatible service metrics. One documented workflow pairs the agent with redis_exporter to capture both kernel events and Valkey statistics, then serves an interactive dashboard on port 8080. Docker images lower the barrier to evaluation, requiring only privileged mode and a data volume.

These capabilities matter now as infrastructure teams diagnose elusive performance regressions across increasingly complex containerized workloads. By combining kernel visibility with OpenTelemetry export, Rezolus integrates cleanly into existing observability pipelines without perturbing the systems it measures. The v5.9.1 packaging improvements make that capability easier to deploy at scale.

Netfox's v1.35.3 release delivers practical upgrades for Godot multiplayer developers. The update packs 49 commits from eight new contributors, most notably physics rollback courtesy of @albertok. It is now possible to run and synchronize physics simulations with full rollback support, as shown in the open-source Rocket League example at albertok/godot-rocket-league. Documentation for the netfox.extras package explains integration steps.

A built-in network simulator further simplifies testing. One project setting toggle now emulates latency and packet loss, removing reliance on external tools such as clumsy or tc netem. Developers must prepare UI flows for automatic hosting and joining.

These features extend the core netfox library, which already supplies consistent timing across machines, client-server architecture, interpolation for smooth motion, and lag compensation via client-side prediction plus server-side reconciliation. Noray integration handles reliable connectivity.

The modular design includes netfox.noray for establishing peer connections, netfox.extras for reusable components such as input handlers and weapon classes, and netfox.internals for shared utilities. Releases continue to bundle a Forest Brawl demo for Windows and Linux. Installation proceeds through Godot's Asset Library, GitHub zips, or direct source copy, followed by enabling the addons in project settings.

The changes address concrete pain points in responsive online game development.

FuncGodot continues to serve as the primary bridge between classic Quake mapping tools and Godot 4. The 2025.12 release focuses on stability and precision rather than new headline features, addressing accumulated technical debt in mesh generation and editor integration.

Developers will notice immediate gains from the configurable vertex merge distance, which produces cleaner geometry without manual cleanup. UV2 unwrapping now occurs automatically on smooth-shaded meshes after the smoothing pass, while corrected Valve UV scale construction eliminates texture stretching on certain brush faces. Support for Quake’s -1 and -2 angle values restores expected behavior for legacy maps.

Entity handling received stricter typing with Dictionary[String, Variant], group assignment options for all entities, and fixes for deep duplication of shader materials. TrenchBroom exports now apply the correct inverse scale factor for model point entities.

The plugin ingests both Quake .map and Valve .vmf files, generating Godot scenes with brush meshes, texture-derived materials and UVs, convex or concave collision shapes, and fully customizable entities. It exports FGD and GameConfig files for seamless editor workflows and remains compatible with TrenchBroom, Hammer, J.A.C.K. and NetRadiant Custom.

For teams maintaining retro-style projects or rapidly prototyping levels in traditional editors, these changes reduce iteration time and import errors.

(178 words)