Elixir Security Mailing List

mphfish · July 27, 2018, 7:32am

Does Elixir have a standard way of disclosing any security vulnerabilities/advisories outside of the “Elixir News” forum topic?

We are looking to bring Elixir into our organization, and are looking for some way that our SRE team can keep abreast of any potential security disclosures.

Something like the following for other languages:

NodeJS: https://nodejs.org/en/security/#receiving-security-updates
Python: https://mail.python.org/mailman/listinfo/security-announce
Java: https://www.oracle.com/technetwork/topics/security/alerts-086861.html
GoLang: https://groups.google.com/forum/#!searchin/golang-announce/[security]|sort:date per https://golang.org/security#tmp

Thanks in advance!

josevalim · July 27, 2018, 7:40am

We don’t currently but we shall. I believe we have done only one security release since v1.0.

josevalim · July 27, 2018, 9:20am

For discussion: https://github.com/elixir-lang/elixir/pull/7996

mphfish · July 27, 2018, 2:43pm

Jose and team, thanks so much for getting this taken care of!