OCaml Changelog

There is now a dedicated Security Response Team (SRT) to handle vulnerability reports and coordinate security responses. If you discover a security issue in the OCaml compiler, runtime, standard library, or ecosystem tools, you can report it confidentially to the team.

• Report vulnerabilities: Email security@ocaml.org or use a private GitHub issue for high-impact vulnerabilities
• Security page: ocaml.org/security provides full details on reporting and the team
• Security advisories: The OCaml Security Advisory Database documents known issues in OCaml libraries and tools
• Announcements: Subscribe to the ocsf-ocaml-security-announcements mailing list for notifications of new advisories

The SRT follows responsible disclosure practices, working with reporters to validate issues, develop fixes, and coordinate public disclosure timelines. This effort also helps OCaml developers and companies comply with emerging security regulations like the EU Cyber Resilience Act.

For more information, see the announcement on Discuss.

Building a more secure OCaml ecosystem is a community-wide effort, and now there's a major opportunity to get funded for it.

The OCaml Security Team, in partnership with the OCSF, has just announced a new Security Grant program with up to €100.000 available for projects that strengthen the OCaml ecosystem's security.

Whether your expertise is in building robust tooling, writing in-depth security documentation, or creating developer guides to prevent common pitfalls, the team wants to hear from you.

What and How

• Focus: Tooling, documentation, security guides, and infrastructure improvements.
• Funding: Grants available up to 100.000€.
• Deadline: Proposals must be submitted by March 1st, 2026.
• Reviewers: The OCaml Security Team will evaluate all submissions.

How to Apply

If you have an idea that makes OCaml safer for everyone, check out the full announcement and submission instructions on the OCaml Discuss forum:

Read the full announcement & apply here

Let’s work together to make OCaml a more secure choice for functional programming!