mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-07-19 20:59:41 +02:00
f7bffb351c
To be compliant with the recent yocto project security processes, add a SECURITY.md file that explains what to do if an issue is detected. This also renames README to README.md to be similar to other layers. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
24 lines
1.1 KiB
Markdown
24 lines
1.1 KiB
Markdown
How to Report a Potential Vulnerability?
|
|
========================================
|
|
|
|
If you would like to report a public issue (for example, one with a released
|
|
CVE number), please report it using the mailing list as described in README.md
|
|
If you have a patch ready, submit it following the same procedure as any other
|
|
patch as described in the same file.
|
|
|
|
If you are dealing with a not-yet released or urgent issue, please send a
|
|
message to the layer maintainer, including as many details as
|
|
possible: the software module affected, the recipe and its version,
|
|
and any example code, if available.
|
|
|
|
Branches maintained with security fixes
|
|
---------------------------------------
|
|
|
|
See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS]
|
|
for detailed info regarding the policies and maintenance of Stable branches.
|
|
|
|
The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
|
|
releases of the Yocto Project. Versions in grey are no longer actively maintained with
|
|
security patches, but well-tested patches may still be accepted for them for
|
|
significant issues.
|