Release:
- Getting a few security patches merged in
- Add call-out to downloads/releases pages that you should only ever run tagged releases in prod
- Awareness of broad changes and ability to patch them into 8.x.
Contributing:
- How can we tackle the disparate AI coding tools to follow project guidelines? They don’t automatically follow CONTRIBUTING.md. Adding dozens of CLAUDE.md-type files with redundant information is not ideal.
- Anything else we can do to steer agents+people away from posting security issues directly into issues and get them into the GHSA tooling?
- As tooling improves and guidelines tighten up, how can we make sure contributing remains relatively accessible?
DORN:
- ClaimRev and OCE to collaborate with Veridigm to make decision on viability
- Certification process for autolab and lab corp
Misc:
- Session-handling questions, especially redis. More to do here, but it’s in more of a transitional state. This will log out active sessions upon upgrading.
- Telemetry: control via envvar, Jerry to add some additional data
- Bootstrap: demo upcoming, some existing security concerns noted. Building tooling that will improve React support as well.
- SemGrep customization, feeding it more data around what paths return safe data
Next week agenda:
- Continue discussion on DX and tooling (some of this may happen in forums)
- Modules vNext
- DBAL
- PHPStan, SemGrep, etc
- RC for release
- Permissions
- More DORN updates?
- Bootstrap demo +2 weeks