From the last RfC meeting on 13 August 2014:
21:22:08 <sumanah> csteipp: Followup from 23 July: have we done security update planning re Composer managed libraries for use on WMF cluster?
21:22:09 <AndyRussG> :)
21:22:14 <sumanah> bd808|BUFFER:
21:22:33 <csteipp> Not really?
21:23:09 <csteipp> I know bd808|BUFFER is sponsoring the monolog bit, so he's the person to watch for updates, and will delegate someone else if when he's no longer able to
21:23:30 <csteipp> But the process hasn't been documented anywhere that I'm aware of
21:23:46 <sumanah> "Look into https://security.sensiolabs.org/check and https://github.com/sensiolabs/security-advisories for vulnerability tracking" - can we assign this to Bryan as well?
21:24:46 <csteipp> Right, I was on vacation for that meeting... no wonder it didn't look familiar. That sensiolabs thing looks interesting.
21:25:41 <csteipp> I'll check with Bryan when he gets back and see if he's set it up anywhere.
21:26:05 <sumanah> #action csteipp to check with Bryan re Composer managed libraries for use on WMF cluster security planning