If you would like to report a public issue (for example, one with a released CVE number), please report it using the Security Bugzilla

If you are dealing with a not-yet released or urgent issue, please send a message to security AT yoctoproject DOT org, including as many details as possible: the layer or software module affected, the recipe and its version, and any example code, if available.

See Stable release and LTS for detailed info regarding the policies and maintenance of Stable branches.

The Release page contains a list of all releases of the Yocto Project. Versions in grey are no longer actively maintained with security patches, but well-tested patches may still be accepted for them for significant issues.