Arm takes security issues seriously and welcomes feedback from researchers and the security community in order to improve the security of its products and services. We operate a coordinated disclosure policy for disclosing vulnerabilities and other security issues.
Security issues can be complex and one single timescale doesn't fit all circumstances. We will make best endeavours to inform you when we expect security notifications and fixes to be available and facilitate coordinated disclosure when notifications and patches/mitigations are available.
If you would like to report a public issue (for example, one with a released CVE number), please contact the meta-arm mailing list at [email protected] and [email protected].
If you are dealing with a not-yet released or urgent issue, please send a mail to the maintainers (see README.md) and [email protected], including as much detail as possible. Encrypted emails using PGP are welcome.
For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.
meta-arm follows the Yocto release model, so see [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS] for detailed info regarding the policies and maintenance of stable branches.
The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all releases of the Yocto Project. Versions in grey are no longer actively maintained with security patches, but well-tested patches may still be accepted for them for significant issues.