If you would like to report a public issue (for example, one with a released CVE number), please report it as a GitHub issue. If you have a patch ready, submit it following the same procedure as any other patch as described in README.md.
If you are dealing with a not-yet released or urgent issue, please contact us via our Product Security team or see our Report a Bug page, including as many details as possible: the layer or software module affected, the recipe and its version, and any example code, if available.
See https://wiki.yoctoproject.org/wiki/Releases for the list of current releases. We only accept patches for the LTS releases and the main branch.