Phoenix 1.8 Gets Official Security Documentation

Phoenix 1.8.0-rc was released in March 2025 to much excitement in the Elixir community. Highlights included daisyUI, enhancements to phx.gen.auth, and scopes to ensure strong access control. Given the security improvements in the first release candidate, it seems appropriate that the final release of Phoenix 1.8 will include official security documentation.

You can read the full text in the pull request above, the documentation covers the following OWASP Top 10 vulnerabilities in Phoenix applications:

1. Remote Code Execution (RCE)
2. SQL injection
3. Server Side Request Forgery (SSRF)
4. Cross Origin Resource Sharing (CORS) Misconfiguration
5. Broken Access Control
6. Cross Site Scripting (XSS)
7. Cross Site Request Forgery (CSRF)

Phoenix provides an incredibly secure base to build upon, and the goal of this documentation is to help both new and experienced developers understand common security vulnerabilities and how to avoid them. I’ve published articles on this blog about Phoenix security and received incredible feedback from the community. Having this information incorporated into the official documentation shows businesses considering adopting Elixir and Phoenix that the community cares deeply about security.

What do you think of the documentation? Is there a vulnerability or risk you would like to see covered? Send an email to - michael at paraxial.io or message me in the Elixir Slack group. I have some further work planned on this and would like to hear from you.

Paraxial.io stops data breaches by helping developers ship secure applications. Get a demo or start for free.