Closed Ryan-Palmer closed 5 months ago
Hello,
I don't know what you need to consider something to be a "security alerts" but we keep track of all the changes made to Fable in Changelog files.
Development of Fable happens at https://github.com/fable-compiler/Fable. The release of the compiler itself are pushed to as Github releases.
And we also keep track of the changes using one Changelog file per project / package published. You can find a list in the README.
When making release, I also tweet at https://twitter.com/FableCompiler.
Hi Maxime :)
Just realised I posted this on the website repo instead of the compiler, apologies.
I think what they were getting at is if you released a version of Fable and then found it was generating JS with vulnerabilities, you might want to push out a new version and tell everyone to update asap. In that case, where would you announce it?
(Again, I know it sounds like an odd question, I also was a bit confused!)
I'll close this issue as you have listed all the places that you guys communicate, and it would of course be through those channels.
Thanks for your help!
Hello! Just a simple question.
I recently introduced Fable to our company's tech stack. When going through the technical review board process, I was asked how we would know if a vulnerability was found - i.e. are there any bulletin boards, feeds or web pages that we should keep an eye on?
I know it seems like an odd question, especially given that this is a compiler rather than a runtime library, but because we are a bank the infosec requirements are quite tight!
My guess was that if you needed to get a notification out to all users it would be here on Github somewhere and possibly also X / Twitter?