: Fixes multiple vulnerabilities, including CVE-2021-3695 and CVE-2022-28733, which could potentially allow for unauthorized boot access.
: Run a clean command (e.g., npm cache clean or your build system's equivalent) to prevent old, vulnerable artifacts from persisting.
: Re-initialize and reinstall dependencies to ensure all pinned versions reflect the new security patches. Release notes for Yocto-4.0.4 (Kirkstone) Yep 4.0.4 fix
The following critical CVEs (Common Vulnerabilities and Exposures) have been patched in this version:
This write-up covers the key security and functional fixes for the release, which addresses several critical vulnerabilities across core components. Release Overview Release notes for Yocto-4
: Patches CVE-2022-35252 to improve the security of data transfers.
If you are managing an environment using these packages, follow these remediation steps to ensure a clean update: : Fixes multiple vulnerabilities
Yocto 4.0.4 is a maintenance release for the Kirkstone series, primarily focused on Security Fixes for various system utilities and libraries.