Move last remaining items from reference section to the appropriate new
section in the new structure.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Update release notes for 2.6, and the vulnerabilities page to mention
CVE-2021-3581. This CVE is under embargo until Sept 4, 2021.
Signed-off-by: David Brown <david.brown@linaro.org>
Fix up a handful of references to 'master' in the security documentation
to refer to the new 'main' branch.
Signed-off-by: David Brown <david.brown@linaro.org>
Now that the security process has been moved to its own page, fix a
broken link that was to the current page.
Signed-off-by: David Brown <david.brown@linaro.org>
Create a new page containing just the information on reporting security
vulnerabilities, leaving a link behind in the old section. This will
make it easier to reference this document, rather than it being in the
midst of a larger document.
Signed-off-by: David Brown <david.brown@linaro.org>
Security documentation contains a code guideline section that is more
about security principles than code guidelines itself. Just removing
the mention do code guideline to avoid possible confusions with
upcoming project code guideline based on MISRA-C.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
These CVEs have been released from embargo. Include details in the v2.3
release notes, and in the vulnerabilities document.
Signed-off-by: David Brown <david.brown@linaro.org>
Include documentation for CVE issues that are now out of embargo. This
includes links to the CVE database, as well as referencing the PRs
within Zephyr that fix these issues.
Signed-off-by: David Brown <david.brown@linaro.org>
In addition to having security vulnerability fixes reported within each
release note page, consolidate all of them in a new vulnerabilities
document.
This gives us two advantages: 1. The vulnerabilities can easily be
referenced in a single place, which is useful for someone trying to
cross reference against CVE lists, and 2. It allows a release to be made
with just CVE numbers when issues are under embargo, and the details can
be added to this vulnerabilities page. The release notes will be locked
to a tag, and updates will not be visible.
Signed-off-by: David Brown <david.brown@linaro.org>
Remove leading/trailing blank lines in .c, .h, .py, .rst, .yml, and
.yaml files.
Will avoid failures with the new CI test in
https://github.com/zephyrproject-rtos/ci-tools/pull/112, though it only
checks changed files.
Move the 'target-notes' target in boards/xtensa/odroid_go/doc/index.rst
to get rid of the trailing blank line there. It was probably misplaced.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Rewrite who the members of the Security Group are
and move the 'ability' of the members to an outer
bullet point.
Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
The sentence "To process process documentation." does not make
any sense at all.
Add missing "the" to the sentence "in form of".
Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
