OCaml Weekly News

Previous Week Up Next Week

Hello

Here is the latest OCaml Weekly News, for the week of February 17 to 24, 2026.

Table of Contents

OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization

Hannes Mehnert announced

Dear everyone,

it is my pleasure to announce the first security announcement of this year, and the first coordinated by the new OCaml security response team (https://ocaml.org/security).

Please subscribe to the OCaml security announcement mailing list (https://sympa.inria.fr/sympa/info/ocsf-ocaml-security-announcements) to receive all security advisories. To this mailing list I'll only copy those affecting the core of OCaml distribution.

It should any moment now also appear at https://osv.dev/list?q=OSEC-2026-01

Human link: https://github.com/ocaml/security-advisories/tree/main/advisories/2026/OSEC-2026-01.md

id: OSEC-2026-01
modified: "2026-02-17T13:30:00Z"
published: "2026-02-17T13:30:00Z"
aliases: [  GHSA-j26j-m5xr-g23c GHSA-m34r-cgq7-jhfm ]
severity: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
severity_score: "6.8"
affected: "ocaml" {< "4.14.3" | (>= "5" & < "5.4.1")}
events: [
   [
     git "https://github.com/ocaml/ocaml" [
       [fixed "b0a2614684a52acded784ec213f14ddfe085d146"]
     ]
   ]
   [
     git "https://github.com/ocaml/ocaml" [
       [fixed "e3919fef436f89271bc30bbe8592851f7289fb68"]
     ]
   ]
]
references: [
   [report 
"https://github.com/ocaml/security-advisories/security/advisories/GHSA-j26j-m5xr-g23c"]
]
credits: [
   [reporter "Justin Timperio"]
   [remediation_developer "Nicolás Ojeda Bär"]
   [remediation_developer "Xavier Leroy"]
   [remediation_developer "Gabriel Scherer"]
   [remediation_reviewer "Xavier Leroy"]
   [remediation_reviewer "Olivier Nicole"]
   [remediation_verifier "Mindy Preston"]
   [remediation_verifier "Edwin Török"]
   [coordinator "Hannes Mehnert"]
]
cwe: [ CWE-126 CWE-502 CWE-754 ]

Buffer Over-Read in OCaml Marshal Deserialization

Summary

A critical buffer over-read vulnerability in OCaml's Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from malicious Marshal data.

Please note that Marshal is not type safe, and you have to be careful if you use the deserialization on untrusted input (due to type confusion, and remote code execution by design - you can use Marshal for code).

Affected functions: Marshal.from_channel, Marshal.from_bytes, Marshal.from_string, Stdlib.input_value, Pervasives.input_value when reading data from an untrusted source.

Vulnerability Attack Vector

Corrupted or malicious marshaled data that causes undefined behaviour in the runtime system when unmarshaled. input_value should either fail cleanly or produce a well-formed OCaml object, without corrupting the runtime system.

Consequently, this excludes:

  • well-formed marshaled data that produces an OCaml object that is not of the type expected by the OCaml code and causes the Ocaml code to crash or misbehave
  • misuses of the OCaml runtime system by the program performing input_value, such as setting Debugger.function_placeholder to the wrong function.

The former issue may be addressed at some point by validating the unmarshaled OCaml value against the expected type, using the functions from module Obj and some kind of run-time type description.

The latter issue is a bug in the program that unmarshals the data.

Fix

  • OCaml runtime

    The OCaml runtime has been hardened with additional bounds checks. An exception is raised on bad input.

  • Third party libraries

    Third party libraries that want to harden their custom Marshal deserialization code can follow the example fix for bigarrays from the standard library. There are new macros in custom.h called Wsize_custom_data and Bsize_custom_data that return the size in words or bytes of the allocated custom destination block. The deserializer needs to ensure it only writes data within those bounds.

    This only needs to be done if the library defines a custom type in a C binding, and struct custom_operations's deserialize field is not set to NULL or custom_deserialize_default, and struct custom_operations's fixed_length field is set to NULL or custom_fixed_length_default

    Since Marshal.from* and input_value remain unsafe to use, the fix for the OCaml runtime is released, and we wouldn't attempt to coordinate updating all deserialization functions in the ecosystem.

Timeline

  • Nov 4th 2025: Discovery Date: Discovered first in OxCaml
  • Nov 5th 2025: First Disclosure Date (Jane Street Team): Emailed top maintainers, no response.
  • Nov 9th 2025: Second Disclosure Date (OCaml Team): Submitted to OCaml/ocaml GitHub Repo as a Security Advisory.
  • Nov 11th 2025: Emailed OCaml Security Mail List: Submitted to OCaml over email, responded asking for details.
  • Nov 11th 2025: Third Disclosure (OCaml Security Response Team): Submitted to ocaml/security-advisories GitHub Repo as a Security Advisory.
  • Dec 16th 2025: Initial patch is developed
  • Dec 17th 2025: Fuzz testing found further issues
  • Dec 24th 2025: Final patch for OCaml is developed
  • Dec 25th 2025: Fuzz testing couldn't find any further issues
  • Jan 2nd 2026: Patch got reviewed by OCaml maintainers
  • Jan 4th 2026: Benchmarking of the patch with good results
  • Jan 6th 2026: Reporter got contacted to confirm
  • Jan 25th 2026: Further related issues discovered by fuzzing
  • Feb 17th 2026: fixed OCaml releases are published, security advisory is published

OCaml 5.4.1 and 4.14.3 released

octachron announced

We have the pleasure of announcing the dual releases of OCaml 4.14.3 and OCaml 5.4.1, dedicated to the memory of Nicolaas Govert de Bruijn on the anniversary of his death.

Those releases are a collection of safe and valuable runtime bugfixes. The OCaml 5.4.1 release also contains a fix for the -pack mode for macOs and various TSAN fixes.

More importantly, those new versions harden the Marshal module against malicious inputs as described in the security announcement OSEC-2026-01.

We are encouraging you to switch to those new releases whenever possible.

Don't hesitate to report any bugs on the OCaml issue tracker.

See the list of changes below for more details.

Happy hacking, – Florian Angeletti for the OCaml team.

Installation Instructions

The base compilers will be soon installable as an opam switch with the following commands:

opam update
opam switch create 4.14.3
opam switch create 5.4.1

The source code for the release candidate is also directly available on:

OCaml 4.14.3 (17 February 2026)

  • #12070, #12075, #13209: auto-detect whether ar support @FILE arguments at configure-time to avoid using this feature with toolchains that do not support it (eg FreeBSD/Darwin); backport from 5.3. (backport by Boris Dobroslavov, original fix by Nicolás Ojeda Bär, review by Xavier Leroy, David Allsopp, Javier Chávarri, Anil Madhavapeddy)
  • #12207, #12222: Make closure computation linear in the number of recursive functions instead of quadratic (Vincent Laviron, report by François Pottier, review by Nathanaëlle Courant and Gabriel Scherer)
  • #13430, #13434: protect memory-safety on Lazy.force races (Gabriel Scherer and Vincent Laviron, report by Edwin Török, review by Vincent Laviron)
  • #13448, #13449: fix a code-generation bug on unsafe array accesses at type int32, int64, nativeint, which has been introduced in OCaml 4.04. (Gabriel Scherer, review by Nicolás Ojeda Bär and Vincent Laviron, report by Simon Cruanes)
  • #13516: Fix regression where error conditions during bytecode initialisation caused a segmentation fault rather than being properly reported (regression of #5115 in #11788) (David Allsopp, review by Nicolás Ojeda Bär)
  • #13847: On Windows, maintain a number of threads waiting on the master lock to avoid unnecessary context switches (Dmitry Bely, review by Antonin Décimo)
  • #14007, #14015: Fix memory corruption when an exception is raised during demarshaling. (Benoît Vaugon, review by David Allsopp and Gabriel Scherer)
  • OSEC-2026-01: robustify intern.c (Xavier Leroy, review by Damien Doligez and Olivier Nicole)

OCaml 5.4.1 (17 February 2026)

Bug fixes:

  • #14010: Fix miscompilation / liveness errors for string operations (Mark Shinwell, Xavier Clerc, review by Xavier Leroy and Gabriel Scherer)
  • #14065: Fix function signature mismatch of __tsan_func_exit with GCC 15. Check in the configure step if the TSan provided internal builtins are the same as what we expect, introduce caml_tsan_* wrappers for the __tsan_* functions we use. (Hari Hara Naveen S, report by Hari Hara Naveen S, review by Gabriel Scherer, Antonin Décimo, Olivier Nicole)
  • #14417: Fix issue with nested packs on macOS. (Vincent Laviron, report by Kate Deplaix, review by Gabriel Scherer)
  • #14213: Fix shadow-stack-related crashes with TSan (Olivier Nicole, report by Nathan Taylor, review by Gabriel Scherer and Stefan Muenzel)
  • #14255: Fix TSan bug with C calls that take many arguments (Olivier Nicole and Miod Vallat, report by Nathan Taylor, review by Gabriel Scherer)
  • OSEC-2026-01: robustify intern.c (Xavier Leroy and Nicolás Ojeda Bär, review by Olivier Nicole, Mindy Preston, Edwin Török, and Gabriel Scherer)

Ann: Ochat — Try Ochat for terminal-based LLM workflows

Dakota Murphy announced

Hi all — I’d like to share a project I’ve been building: Ochat.

What it is

Ochat is a toolkit for building LLM workflows as plain files. The core format is ChatMarkdown (ChatMD): Markdown plus a small, closed XML vocabulary.

A single ChatMD file is both:

  • the prompt/program (model config, tool allowlist, instructions, context), and
  • the auditable transcript (assistant replies + tool calls + tool outputs)

Because everything is plain text, workflows are reproducible and diffable in git.

Prompt packs: building larger workflows from small agents

Ochat supports agent-as-tool: you can mount one ChatMD prompt as a callable tool inside another. This lets you build prompt packs (planner/coder/reviewer/docs/test triage/etc.) and orchestrate them from a top-level prompt, without writing a custom “agent app”.

chat_tui: a Notty-based terminal UI (runtime uses Eio)

Ochat ships an interactive terminal UI called chat_tui.

  • The UI is built with Notty
  • The underlying runtime uses Eio (structured concurrency + I/O)

A ChatMD file can be treated as a “terminal agent”: you author an agent prompt as a .md, open it in chat_tui, and run/iterate on it while the transcript (including tool traces) is persisted.

Some chat_tui features:

  • streaming output (assistant text + tool calls + tool outputs)
  • persistent sessions you can resume/branch/export
  • manual context compaction (:compact) for long histories
  • syntax highlighting (including OCaml)
  • AI completions in the text input (to speed up drafting)
  • Vim-ish editing modes and message selection/yank/edit/resubmit workflows

Useful built-in tools (especially for code workflows)

Ochat includes built-in tools that cover most “agent + repo” loops:

  • read_file / read_dir for safe repo navigation
  • apply_patch for atomic, repo-safe edits
  • webpage_to_markdown for high-signal ingestion (incl. GitHub blob fast-path)
  • indexing/retrieval tools for grounding over docs and code
  • optional vision inputs via import_image

MCP tool import (optional)

Ochat can also mount external tools via MCP (stdio or HTTP). For example, importing Brave Search over stdio:

<tool mcp_server="stdio:npx -y brave-search-mcp" name="brave_web_search" />

Quick example: a “custom terminal orchestrator agent”

This is a complete agent definition (and becomes the runnable “app” when opened in chat_tui):

<config model="gpt-5.2" reasoning_effort="medium" />

<!-- core built-ins -->
<tool name="read_dir"/>
<tool name="read_file"/>
<tool name="apply_patch"/>
<tool name="webpage_to_markdown"/>

<!-- optional: import an external tool via MCP -->
<tool mcp_server="stdio:npx -y brave-search-mcp" name="brave_web_search" />

<!-- prompt-pack tools (agents as tools) -->
<tool name="plan"   agent="prompts/pack/plan.md" local/>
<tool name="code"   agent="prompts/pack/code.md" local/>
<tool name="review" agent="prompts/pack/review.md" local/>

<developer>
You are the orchestrator. Call plan first.
Keep edits small. Before apply_patch: explain the diff and wait for confirmation.
</developer>

<user>
Add a Quickstart section to README.md.
</user>

Run it from the repo with:

dune exec chat_tui -- -file prompts/refactor.md

Status / caveats

  • Provider support today is OpenAI-only.
  • The project is moving quickly.

Feedback / contributors

I’d appreciate any feedback or contributions

If you try it and anything’s confusing or rough, please open an issue.

Serialport - new serial communication library

Continuing this thread, Mikhail announced

Added (aka implemented) Win32 support, which has not been thoroughly tested, but may be useful for certain target use cases.

Slipshow!

Continuing this thread, Paul-Elliot announced

It is with extraterrestrial excitement that I announce the next release of Slipshow:

Slipshow 0.9.0: Manim Black

The featured new feature of this release is the ability to easily integrate Manim videos in your presentation.

https://github.com/user-attachments/assets/f67bb8fc-c288-4ff3-b6bc-e72c12e636a7

Note that, compared to just playing a video, you can schedule pauses, go faster to the next pause, and go back to the previous pauses, as showcased below.

Skipping steps and going backward demo

https://github.com/user-attachments/assets/cf1ad264-a5e2-42d2-9f57-09551f3a35e8

This release features many more changes, such as TikZ and MermaidJS integration! Here is the full changelog:

Added

  • Support for Mermaid JS (#205)
  • Support for syntax highlighting of all highlightjs-supported languages and themes (#200, #208)
  • Support for MathJax extensions, especially the html extension to allow actions to target math elements (#202)
  • Add KaTeX as a possible alternate renderer (#202)
  • Added carousel-fixed-size to have carousel not change size (#207)

Fix

  • Fix impossibility to reopen speaker view after closing it on Firefox (#198, issue #194)
  • Fix impossibility to open speaker view in serve mode (#198, issue #197)
  • Fix links opening inside iframe (#198)
  • Fix ending excursions with ijkl only when needed (#207)
  • Fixed video long-step handling (#207)
  • Removed confusing auto-generated IDs (#209)
  • Fix play-media behavior when facing errors (#210)

Docs

  • Add how to include TikZ figures in your Slipshow presentation (#206)
  • Add how to include Manim videos in your Slipshow presentation (#207)

Credit: @vds for the name of the release.

Thanks again to NLNet for supporting the development of Slipshow!

Remote OCaml Distributed Systems Engineer (Linux / Storage / Networking) – whitesky.cloud – EMEA/Asia

Geert Audenaert announced

We are looking for an OCaml engineer to join whitesky.cloud to work on low-level distributed infrastructure components.

About the work

You will work on core building blocks of a sovereign cloud platform, including distributed storage and coordination services.

Examples of related projects:

The work involves:

  • Distributed systems design and implementation
  • High-performance networking and I/O
  • Linux systems programming
  • Debugging and optimizing behavior under real production load
  • Long-running services where reliability and correctness matter

This is infrastructure work, not web development.

What we are looking for

  • Strong OCaml experience or strong systems programming background with willingness to work in OCaml
  • Good understanding of:
    • Linux internals
    • Networking / TCP/IP
    • Concurrency and performance
  • Interest in distributed systems, storage, or consensus algorithms

We care more about systems thinking and engineering depth than about specific frameworks.

Practical details

  • Full-time position
  • Fully remote
  • Location: EMEA or Asia
  • Salary: around €3000/month (depending on experience and location)

We know this is not a big-tech salary. We are a small engineering-driven company, and the role is aimed at engineers who enjoy working close to the system, solving real infrastructure problems, and having a direct impact.

About whitesky

whitesky builds a complete cloud platform based on Linux and KVM, focused on sovereignty and control. The platform is used by MSPs, SaaS providers and enterprises to run their own cloud infrastructure.

You will be working on components that run in production environments and form part of a distributed cloud stack.

If this sounds interesting, please contact:

geert.audenaert@whitesky.cloud

or send a DM.

We are happy to answer questions or discuss whether this could be a good fit.

Grace 0.3.0 💅, fancy diagnostics library for compilers

"Alistair O'Brien" announced

I’m excited to announce the release of grace 0.3.0, an OCaml library for building, reporting and rendering beautiful compiler diagnostics :camel: :paintbrush:. Now available on opam-repository.

This release includes:

  • :window: Windows support: Grace now works on Windows, a long-awaited feature since its 0.1.0 release! :rocket:
  • :keyboard: TTY auto-detection: Grace_ansi_renderer can now automatically configure itself based on whether the output channel is a TTY. New functions: pr_diagnostic, epr_diagnostic, and output_diagnostic.
  • :elephant: Line elision: Grace_ansi_renderer now elides unnecessary lines in diagnostics, producing more focused output.
  • :zero: Zero-width ranges: Grace_ansi_renderer can now handle zero-width ranges within lines, as well as at end-of-line (EOL) and end-of-file (EOF) positions.

Many thanks to @giltho for their contributions to this release! :flexed_biceps:

CHANGES

  • feat(renderer): add breaks in large diagnostics (#63)
  • feat(renderer): check for tty when rendering (#60)
  • fix(renderer): off-by-one in lines_of_labels (#65)
  • fix(renderer): create 0-sized segment on empty label range (#64)
  • fix(renderer): renderer multi-line labels when message is empty (#53)
  • fix(renderer): fix errors that occur with special zero-width segments (#41)
  • fix(renderer): use Format.pp_infinity in Message.to_string for OCaml >5.2 (#40)
  • refactor!: removes base/core dependency (#58)

BREAKING CHANGE

  • Many base/core interfaces from Grace have been replaced with custom ones.
  • Source.reader has been removed. Use Source.Reader.t instead.

Js_of_ocaml / Wasm_of_ocaml 6.3

Jérôme Vouillon announced

I'm pleased to announce the joint release of js_of_ocaml and wasm_of_ocaml 6.3.

Js_of_ocaml is a compiler from OCaml bytecode to JavaScript. It makes it possible to run pure OCaml programs in JavaScript environment like browsers and Node.js.

Wasm_of_ocaml is a compiler from OCaml bytecode to WebAssembly. It is highly compatible with Js_of_ocaml, so you can compile your programs with wasm_of_ocaml instead of js_of_ocaml and experience overall better performance.

Most significant changes (since 6.1):

  • Number unboxing for wasm_of_ocaml: a type analysis pass now tracks which values are floats, integers, or nativeints, enabling the compiler to unbox them and use native Wasm instructions directly. This also enables specialisation of number comparisons and bigarray operations, avoiding costly generic runtime calls.
  • Constant sinking for js_of_ocaml: a new optimisation pass moves constants closer to their use sites, reducing register pressure. Many constants end up inlined, resulting in smaller code size.
  • JS parser improvements: support for import/export attributes, decorators, using declarations (resource management), and HTML comments.
  • Many bug fixes across the compiler, runtime, library bindings, and PPX.

See the Changelog for the full list of changes.

kqueue-ml 0.5.0

Anurag Soni announced

Hi,

I'd like to announce a new release for kqueue-ml version 0.5.0

Kqueue-ml: Thin bindings to kqueue event notification system.

Changes since the last release:

  • Moved development to codeberg
  • Remove dependencies on ppx_optcomp and ppx_expect (Dependencies are limited to the ocaml standard library and dune)

Best, Anurag

Dune 3.21.0

Continuing this thread, Shon announced

The Dune team announces the release of dune 3.21.1.

This is a small patch release consisting of a few bug fixes. See the full changelog for all the changes.

If you encounter a problem with this release, please report it in our issue tracker.

Other OCaml News

Old CWN

If you happen to miss a CWN, you can send me a message and I'll mail it to you, or go take a look at the archive or the RSS feed of the archives.

If you also wish to receive it every week by mail, you may subscribe to the caml-list.