Central Location for New Features, Release Notes, Early Access, Etc

jmszuch · June 3, 2025, 12:51am

While the forum and help docs serve parts of these functions well enough, I don’t seem the harm in potentially taking some… inspiration on further centralizing the access of all that and related information. For instance, this page from Orb (software for measuring Internet speed and responsiveness) seemed like a pretty slick way of keeping all that information together: The Forge - Orb Development Hub

Also that sort of page might provide a way to further promote newly implimented features (like Alta Boost for example) and keep transparency on what features and fixes are in the pipline. Curious to see if anyone else in the community feels the same way.

Thanks!

Beaker · June 3, 2025, 1:01am

Also a security advisory page on the official website might be a nice added touch. For example,

jmszuch · June 3, 2025, 1:10am

Yeah, I think that would certainly make sense as well. Either by itself or as part of the central page I was thinking of. Although it could be argued that’s somewhat handled by the trust site at Trust

Still, I wouldn’t mind a little blurb at some point listing the security@alta.inc email (unless it’s somewhere and I didn’t notice) and the low priority CVE that’s going to be patched that were both mentioned in this thread: CVE vulnerabilities router10 and controller

Alta-Jeff · June 3, 2025, 2:23pm

We do have a security@alta.inc alias set up, and it gets to the proper people internally.

jmszuch · June 3, 2025, 3:14pm

Thanks, Jeff! Is that email posted on the Alta website? I had looked around a little and hand’t seen it, so that’s more specifically what I was referring to in my last post.

rutman286 · June 3, 2025, 3:17pm

Jeff the way I interpret this request is we would like to see a Release Note specifically for CVE patches and security patches.

Alta-Jeff · June 3, 2025, 3:57pm

@rutman286 We have not posted any security updates as of yet, but do plan on addressing the ICMP Timestamp Reply Information Disclosure CVSS 2.1 (very low severity) issue found here: CVE vulnerabilities router10 and controller - #7 by Alta-Jeff at low priority.

We have received many security reports and have looked into each one, but most of them are not applicable or are not tied to a specific controller release, and have had more to do with our cloud controller infrastructure.