Security page has outdated info

[drouhard]

https://emberjs.com/security/

This page asking for help in #emberjs, which hasn't been around for years. It also says the best way to get security updates is to sign up for the Ember Security mailing list, but I can see that hasn't had a post since 2015.

At a minimum these details should be removed. As an Ember consumer it makes me question how much of this page is factual, and how I can ensure I am on top of security vulnerabilities 😬

[MinThaMie]

I've contacted @kategengler and I'll create a PR. Thanks for brining this to our attention!

[kategengler]

I want to assure anybody reading this page that the security email address is monitored and the people currently listed are involved enough that they would let others on the team know if they were contacted directly.

The most incorrect piece of info is #emberjs, which should be #dev-ember-js and is referring to a Discord channel (the discord server is mentioned again in the next sentence).

We have dropped the ball on notifying the security mailing list. We had no security issues to send to the list after those from 2016 until November 2022. We applied for a CVE number but were never issued one.

Another place to monitor is the tag on the blog https://blog.emberjs.com/tag/security

[drouhard]

Thank you for the update!