diff options
| -rw-r--r-- | documentation/migration-guides/release-notes-5.2.rst | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/documentation/migration-guides/release-notes-5.2.rst b/documentation/migration-guides/release-notes-5.2.rst index 417b202cdb..d7115230dc 100644 --- a/documentation/migration-guides/release-notes-5.2.rst +++ b/documentation/migration-guides/release-notes-5.2.rst | |||
| @@ -402,6 +402,23 @@ New Features / Enhancements in |yocto-ver| | |||
| 402 | Known Issues in |yocto-ver| | 402 | Known Issues in |yocto-ver| |
| 403 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 403 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 404 | 404 | ||
| 405 | - The :ref:`ref-classes-cve-check` class is based on the `National | ||
| 406 | Vulnerability Database <https://nvd.nist.gov/>`__ (NVD). Since the beginning | ||
| 407 | of 2024, the maintainers of this database have stopped annotating CVEs with | ||
| 408 | the affected CPEs. This prevents the :ref:`ref-classes-cve-check` class to | ||
| 409 | properly report CVEs as CPEs are used to match Yocto recipes with CVEs | ||
| 410 | affecting them. As a result, the current CVE reports may look good but the | ||
| 411 | reality is that some vulnerabilities are just not reported. | ||
| 412 | |||
| 413 | During that time, users may look up the 'CVE database | ||
| 414 | <https://www.cve.org/>'__ for entries concerning software they use, or follow | ||
| 415 | release notes of such projects closely. | ||
| 416 | |||
| 417 | Please note, that the :ref:`ref-classes-cve-check` tool has always been a | ||
| 418 | helper tool, and users are advised to always review the final result. Results | ||
| 419 | of an automatic scan may not take into account configuration options, | ||
| 420 | compiler options and other factors. | ||
| 421 | |||
| 405 | Recipe License changes in |yocto-ver| | 422 | Recipe License changes in |yocto-ver| |
| 406 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 423 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 407 | 424 | ||