xref: /openbmc/openbmc/poky/bitbake/SECURITY.md (revision f52e3dde)
1How to Report a Potential Vulnerability?
2========================================
3
4If you would like to report a public issue (for example, one with a released
5CVE number), please report it using the
6[https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Security Security Bugzilla].
7If you have a patch ready, submit it following the same procedure as any other
8patch as described in README.md.
9
10If you are dealing with a not-yet released or urgent issue, please send a
11message to security AT yoctoproject DOT org, including as many details as
12possible: the layer or software module affected, the recipe and its version,
13and any example code, if available.
14
15Branches maintained with security fixes
16---------------------------------------
17
18See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS]
19for detailed info regarding the policies and maintenance of Stable branches.
20
21The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
22releases of the Yocto Project. Versions in grey are no longer actively maintained with
23security patches, but well-tested patches may still be accepted for them for
24significant issues.
25