A cartoon penguin standing on snow looks startled as it approaches a wooden signpost with three directional signs. The top sign, pointing right and colored light blue, reads 'Known Regression' with a bug icon. The middle sign, pointing left and colored dark blue, reads 'Data Corruption' with a database icon. The bottom sign, pointing right and colored yellow, reads 'Incompatibility' with a warning triangle. The background shows an icy, snowy landscape under a blue sky with soft clouds.

With Advisories, important information about technical issues in nf-core pipelines — like regressions, incompatibilities, or security alerts — now travels faster and further than ever.

Too Long; Didn't Read

  • What is an advisory? A structured, long-lived notice about significant technical issues in nf-core. Advisories help users avoid or resolve known problems by providing clear, searchable, and actionable information.

  • Browse all advisories: See the full list of advisories and filter by category on the Advisory Listing Page.

  • How to add an advisory: Anyone can contribute! Learn how to create and publish an advisory in the nf-core documentation.

  • Stay up to date: Subscribe to the advisories RSS feed for instant updates about regressions, incompatibilities, or security issues.

Hello advisories!

As much as we aim for stability — with thorough testing and continuous integration — bugs can still slip through. Once a pipeline version is released, it remains as is, meaning any issues discovered later will continue to affect that version indefinitely.

While fixes are included in newer releases, older versions are still commonly used in practice. Unfortunately, information about known issues and possible workarounds for these versions can easily escape your attention — unless you happen to catch a Slack thread, scroll through a GitHub issue, or comb through a changelog. That’s far from ideal.

To fix that, we’ve introduced a new feature on the nf-core website: Advisories.

Note

If you haven’t come across the term advisory before: it’s commonly used in contexts like severe weather alerts, travel warnings, or those bold black-and-white parental advisory labels. In essence, an advisory is a heads-up: something important that might affect you, even if you’re not immediately aware of it. We’re now bringing that idea to nf-core!

Think of these as structured, long-lived notices for significant technical issues in pipelines, modules, subworkflows or configs. They’re searchable, easy to reference, and designed to help users avoid or resolve known problems. If it’s your jam, we’ve also added an RSS feed so you can stay in the loop without needing to monitor chats or repositories.

This isn’t just about fixing things — it’s about being transparent, reducing repeated confusion, and making life easier for both users and maintainers. If you work in a regulated environment, the added traceability and documentation may also come in handy for compliance and audits.

Background and motivation

May 2025. At least in our corner of the world, Sweden, spring had just arrived. Daylight lingered a little longer, and the first flowers carefully stretched toward the sun. But just as nature hit its stride, nf-core pipelines didn’t.

As the world shook off winter’s sleep, a configuration issue in our pipeline template emerged from hibernation, too. Soon, nf-core’s Slack channels and GitHub issues were buzzing like a disturbed hive — not with bees, but with confused and concerned users.

With the release of Nextflow version 25.04, our software had decided to join the seasonal chaos. Fortunately, identifying the culprit didn’t take long. A subtle configuration bug — previously tolerated up through Nextflow 24.10 — now had wide-reaching effects when pipelines were executed with the newly released version 25.04.

Fixing the configuration for the future was one thing; reaching everyone affected was another. Like many open-source projects, we don’t have a clear picture of who’s using our code, which meant we had no direct line to those caught off guard.

To make matters trickier, resolving the issue fully required releasing new versions of the affected pipelines — a process that can easily take weeks or even months to complete across all of them. In the meantime, users needed to override the default, buggy configuration.

Simple enough — if only they knew.

We had the fix in hand, but no easy way to get it into all the hands that needed it. It took weeks before support requests for that issue finally started to taper off.

The experience left us with a clear lesson: identifying and fixing bugs is only part of the equation — communicating effectively with a diverse, globally distributed user base is just as critical.

Had advisories existed at the time,we would have created one for this issue and quickly shared the link on all our communication channels.

How do I find advisories?

You can browse all existing advisories through our dedicated overview page, which presents each entry with a concise summary of the most important details.

Looking for something specific? Use the category buttons at the top to filter out advisory types that aren’t relevant to your work — whether you’re only interested in security issues, regressions, or anything else.

Example Advisory Title

Category: Pipelines

This is an example advisory demonstrating how advisories appear in the listing view with structured metadata and severity indicators.

Affects:Nextflow:25.04.0

Published 2 months ago

Incompatibility

Severity:

High

An example advisory card as it appears in the advisory listing, showing title, description, metadata, and severity indicators.

Clicking on a specific advisory brings you to a structured view with two complementary sections. In the main content area, you’ll find a clear, plain-text explanation of the issue: what went wrong, how it was triggered, and what users should expect. It’s written to be human-readable, even if the underlying bug wasn’t.

To the right, a compact info box offers the technical essentials at a glance — including which nf-core components are affected, which versions of dependencies are involved, and when the advisory was published by whom.

And to make sure important issues don’t go unnoticed, any advisory that impacts a specific pipeline version will also trigger a banner on that pipeline’s page. So even if you miss the RSS feed or the advisories page, you’ll still see the heads-up in context.

From Bug to Broadcast

So how do advisories actually come to life? In short: anyone can create one. While in practice they’ll most often be written by maintainers of the affected pipelines or modules, the process is open to contributors who spot an issue worth sharing broadly.

Some examples of issues that should be communicated as advisories include:

  • A newly discovered issue that leads to incorrect results in a module or pipeline. This includes bugs in tools bundled within a specific pipeline version.
  • Known regressions that occur with certain parameter combinations.
  • Incompatibilities between a particular pipeline version and a specific Nextflow version.
  • Security vulnerabilities or other issues affecting a dependency or container image.
  • Problems with executors (e.g., SLURM, AWS Batch) that require special considerations.

These are the kinds of problems where a clear, structured advisory can help users avoid pitfalls and stay informed, but there’s no rigid rule on when to publish one — if you’ve identified a problem, understand its cause, possibly even have a solid workaround or fix, that’s a great time.

Advisories should focus on clarity, relevance, and practical value: if the issue is significant enough that users could waste hours chasing it down, it’s probably worth an advisory. Think of it as a way to save others from stepping into the same pothole.

We have extra documentation available if you’d like to author an advisory.

Looking Ahead

Advisories are our way of making important technical issues more visible, more searchable, and more manageable — for users and maintainers alike. They’re not here to replace existing channels like Slack, GitHub issues, or blog posts, but to supplement them with a structured, lasting format that can stand the test of time (and version numbers). Think of them as bookmarks for lessons learned.

Importantly, they’re not about finger-pointing or perfect code. Software evolves — and so does understanding. By sharing what went wrong, what to watch out for, and how to move forward, we hope to strengthen trust in the nf-core ecosystem and make life just a little easier for everyone working with our pipelines.

So whether you’re contributing your own advisory or simply subscribing to stay informed, we hope this new system will help the community stay better connected, more resilient, and a bit less surprised by the occasional issues.

Published on
21 August 2025
Written by
Github user MatthiasZepper
@MatthiasZepper
On this page
Blog posts