Olivia
Online
Mercure.rocks
@MercureRealTime
Mercure is an open protocol for real-time communications designed to be fast, reliable and battery-efficient.
The World Wide Web
Joined February 2020
0 Following
687 Followers
286 Posts
🐘 FrankenPHP 1.12.4 is out: a security hardening release.
Highlights:
- Underscore header spoofing blocked at the server layer. The bundled @caddyserver 2.11.4 now ignores header names containing underscores, closing a class of $_SERVER spoofing.
- Bundled @MercureRealTime 0.24.2 security fixes: SSE field injection (CWE-93), reserved-topic forgery, Last-Event-ID disclosure, DoS amplification caps.
- Worker-mode crash and data-race fixes: ext-parallel, metrics, save/close handler.
Every user should upgrade.
https://t.co/xqlDny1POH
🔒 @MercureRealTime 0.24.2 is out, a security hardening release for the real-time hub.
It rejects SSE field injection (CWE-93) via the id and type fields, blocks forgery of the reserved /.well-known/mercure namespace, fixes a Last-Event-ID metadata leak, and caps element counts to defang DoS amplification.
Every hub operator should upgrade.
https://t.co/bin5U6gcBe
🛰 @MercureRealTime 0.24.1 is out, riding on @caddyserver 2.11.3.
We just contributed native OTLP metrics push to Caddy upstream. Mercure hubs can now ship metrics straight to your OpenTelemetry collector. No Prometheus scrape job needed.
Drop
metrics {
otlp
}
into your Caddyfile and the standard OTEL_* env vars do the rest. Endpoint, protocol, headers, interval, all of it.
Pairs nicely with the OTel tracing that landed in 0.24, so traces + metrics work end-to-end against any OTLP backend (Grafana Alloy, OTel Collector, Tempo/Mimir, Honeycomb, Datadog, …).
Release notes: https://t.co/OkL6Dz6WK5
Upstream Caddy PR: https://t.co/kNZlzWLa6L
🚀 Mercure 0.24 is out!
@MercureRealtime gains native OpenTelemetry tracing for the Hub: dedicated spans nest under @caddyserver's tracing directive, with zero allocations when disabled.
Also in this release:
• file:// URLs for publisher_jwks_url and subscriber_jwks_url, so you can mount a JWK Set as a Kubernetes Secret instead of running a sidecar.
• A @HelmPack chart that satisfies the restricted Pod Security Standard out of the box: rootless UID 1000, drop ALL caps, read-only rootfs.
On the Enterprise side, all four production transports (Redis, PostgreSQL, Kafka, Pulsar) now emit OpenTelemetry spans too, with attributes and error recording matching the upstream pattern.
https://t.co/m2ycCZsc2d
Who to follow
API Platform
@ApiPlatform
Easily create REST and GraphQL APIs with Laravel or Symfony, scaffold JS apps from API docs and stream real-time changes.
Kévin Dunglas 
@dunglas
Founder of @coopTilleuls, a tech worker cooperative. Free Software creator: @ApiPlatform, @MercureRealTime, #FrankenPHP and many more!
SymfonyCon - SymfonyOnline
@symfonycon
Official International Symfony conferences:
🌎SymfonyOnline January 2026: Jan 22-23
🇳🇱 SymfonyCon Amsterdam 2025: Nov 27-28
More events: @Symfony_Live
🚀 @MercureRealTime v0.23.5 is out! This release focuses heavily on Helm chart hardening. After a recent cluster audit, we've shipped the necessary constraints directly into the OSS chart.
Key highlights:
🔒 Opt-in NetworkPolicy & CiliumNetworkPolic
📁 readOnlyRootFilesystem works out of the box
🛡️ Restricted PodSecurity defaults
I wrote a blog post breaking down the full story, the new security features, and how to configure them.
Read it here: https://t.co/AkthBlnfr6
#Kubernetes #Helm #DevOps #MercureRocks
Learn how we cut our cloud costs by nearly 50% while improving the resilience and performance of the managed version of @MercureRealTime through infrastructure and code optimization: https://t.co/SkDM8DTUzM
🚨 @MercureRealTime 0.23 is officially out! 🚨
This release brings a massive operational improvement for modern infrastructures, along with new Helm chart features. If you are running Mercure at scale, you'll want this update! 🚀
Here is what's new in v0.23.0:
🩺 Transport-aware Health Checks: Kubernetes (and other orchestrators) can now detect when a hub's transport connection is actually broken, rather than just checking if the Caddy process is alive.
I’ve introduced new /mercure/health/{ready,live} endpoints. The old /healthz HTTP port endpoint is now deprecated.
🛥️ Helm Chart Upgrades: Added support for HTTProute as an alternative to Ingress for Gateway API-based clusters. In addition, you can now configure annotations directly on the Deployment resource.
🏢 Enterprise Goodies: All Enterprise transports (Redis, Postgres, Kafka, and Pulsar) fully implement the new health checks. Production clusters using managed brokers now get 100% accurate readiness/liveness signals out of the box.
🙏 Huge thanks to our new contributor vmignot for adding the deployment annotations feature!
Read the full changelog and download the release: 🔗 https://t.co/E6yaMOAnRm
#Mercure #GoLang #Kubernetes #ServerSentEvents #OpenSource
We've just finalized our next-gen AI-powered security audit tool at @coopTilleuls!
We used it to discover and patch a critical vulnerability in @MercureRealTime as well as in several of our clients' projects.
The Mercure fix also made topic matching 38% faster! ⚡️
1. Update Mercure and FrankenPHP immediately. (Using https://t.co/bL7LOucWrF Cloud? You're already updated and protected! ☁️✅)
2. Want us to secure your stack? Contact us for a full security audit! ✉️ [email protected]
#CyberSecurity #AI #Mercure #FrankenPHP #OpenSource
🔥 @MercureRealTime v0.21.10 is here!
🚀 Built with @golang 1.26 (10–40% reduction in GC overhead)
🛠 Includes @caddyserver 2.11
Faster, leaner, and ready for production. Upgrade now! 🥳
https://t.co/YAYNYvAjxO
🎄 Merry Christmas #PHP developers! 🎁
FrankenPHP 1.11 is out now!
🔥 Native Hot Reload (HMR)
🪵 Structured Logging
🚀 Improved Performance
🧸 PLUS: "Le Monstre" plushies are available for @ApiPlatform Con attendees! (Everyone else: Early 2026!)
Unwrap it here (blog post, including Hot Reload with WordPress video): https://t.co/wrzo8njfwH
🧟♀️ After days and nights of toil: FrankenPHP 1.10 is alive! 🧟♂️
The creature is awake and brings unprecedented power to your #PHP applications:
🐘 PHP 8.5 support
🪽 New mercure_publish() function for easy real-time broadcasting with @MercureRealTime
⚙️ Enhanced extensions & custom workers (hello high-performance gRPC and WebSockets servers!)
Downloads and changelog, right from our laboratory: https://t.co/JX0AEEcWhJ
Au #ForumPHP 2025, notre coopérateur Albin a tenté de transformer 300 téléphones en pixels pour dessiner le logo #PHP dans la salle. Une expérience participative et interactive à base de PHP, Mercure, #FrankenPHP et @clever_cloud que l'on vous invite à découvrir sous ce post ⬇️
No more CORS headaches! 🤯
@MercureRealTime now supports 🌟 wildcards 🌟 for CORS and allowed publication domains!
The highly requested feature is finally here. Go check out the details and update your setup! 👇
https://t.co/0yGmzOrIFg
I just merged some improvements to FrankenPHP's documentation:
🪽 New @MercureRealTime tutorial: https://t.co/b7lIDKobmL
⛽️ New @MercureRealTime with #Laravel Octane tutorial: https://t.co/99lxeJLqUm
🔧 Improved config reference: https://t.co/QHIoKcPYHN
🔓 Guide to disable HTTPS: https://t.co/kmEhsuUGaf
New versions of @MercureRealTime and Vulcain compiled with @golang 1.25 and @caddyserver 2.10.2 are now available!
🪽 @MercureRealTime 0.20 has just been tagged. This new version introduces an automatic protection against thundering herd problems https://t.co/TIqWHzcOS8
@pronskiy If FrankenPHP reaches 10k stars on GitHub, we’ll start making a FrankenPHP elephpant 👀
I've just released a new version of @MercureRealtime that fixes a few hangs and memory leaks. Update now! https://t.co/CsB7Gt5Tae
With Mercure support inside 😍
I'm delighted to announce that FrankenPHP is now officially supported by the @ThePHPF, that the project repository will be moved to the @official_php organization on GitHub, and that the collaboration between the PHP project, @caddyserver, and @coopTilleuls will intensify even further!
PHP is kicking!
https://t.co/ZnkVa29J2R
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers