## ElizaOS Community and Development Report - April 18, 2026

## Community Activity

### Security and Scam Reports

- Multiple scam attempts were identified and flagged in the discussion channel throughout the day
- User frog.cs was called out as a scammer by several community members, with moderators and core developers alerted
- Community members were warned against clicking suspicious links
- A fake Solana airdrop impersonating Odilitime was flagged and reported across channels

### Security Vulnerability Disclosure

- A security researcher reported finding multiple vulnerabilities in the ElizaOS open source application
- Core developer Stan directed the researcher to submit a GitHub PR or issue
- Odilitime confirmed no formal bug bounty program exists and offered to receive details via direct message
- The researcher agreed to disclose the issues as an ethical researcher, submitted the details, and received acknowledgment

### Platform Discussion

- Community members discussed the ElizaOS official X (Twitter) account activity
- One member pointed to milady development as the current primary focus

## Development Activity

### Dependency Management

- Large batch of dependency update pull requests submitted to the core eliza repository
- Updates included Supabase and Postgres docker tags to v17.6.1.108
- @coral-xyz/borsh bumped to ^0.32.0
- Capacitor monorepo updated to v8.3.1
- Uniswap v2 and v3 SDKs updated to latest versions
- @types/node updated to v25.6.0
- gymnasium updated to ~=1.2.3
- Android Gradle build tools updated to v8.13.2

### Discord and Plugin Improvements

- Discord chat UX improvement submitted, removing heartbeat messages and bumping the orchestrator pin
- New plugin @quantoracle/plugin-quantoracle proposed for addition to the elizaos-plugins registry
- New issue opened proposing Merxex integration to enable agent-to-agent commerce functionality