Elixir Security Mailing List

Does Elixir have a standard way of disclosing any security vulnerabilities/advisories outside of the “Elixir News” forum topic?

We are looking to bring Elixir into our organization, and are looking for some way that our SRE team can keep abreast of any potential security disclosures.

Something like the following for other languages:

NodeJS: https://nodejs.org/en/security/#receiving-security-updates
Python: https://mail.python.org/mailman/listinfo/security-announce
Java: https://www.oracle.com/technetwork/topics/security/alerts-086861.html
GoLang: https://groups.google.com/forum/#!searchin/golang-announce/[security]|sort:date per https://golang.org/security#tmp

Thanks in advance!

1 Like

We don’t currently but we shall. I believe we have done only one security release since v1.0.

1 Like

For discussion: https://github.com/elixir-lang/elixir/pull/7996


Jose and team, thanks so much for getting this taken care of!

1 Like