Hi all, previously Rails security announcements were posted to the rubyonrails-security and (for some gems) ruby-security-ann Google Groups. However, the recent security announcements this year do not appear to have been posted to these lists. Is this intentional? We have automation set up internally based on these lists so that we get notified when security announcements are released, so that we can react urgently to these types of issues. It appears that the docs, at least, still links to the rubyonrails-security list:
The security landscape shifts and it is important to keep up to date, because missing a new vulnerability can be catastrophic. You can find additional resources about (Rails) security here:
- Subscribe to the Rails security mailing list.
However, it appears these lists have been removed from the security policy. Was there an announcement of the deprecation of these groups somewhere that we missed?