Release notes for Yocto-4.0.28 (Kirkstone)
Security Fixes in Yocto-4.0.28
- binutils: Fix CVE-2025-1180, CVE-2025-1182, CVE-2025-5244 and CVE-2025-5245 
- connman: Fix CVE-2025-32366 
- ffmpeg: Fix CVE-2025-1373, CVE-2025-22919 and CVE-2025-22921 
- ffmpeg: Ignore CVE-2022-48434 
- ghostscript: Fix CVE-2025-48708 
- git: Fix CVE-2024-50349 and CVE-2024-52006 
- glib-2.0: Fix CVE-2025-4373 
- glibc: Fix for CVE-2025-4802 
- go: Fix CVE-2025-4673 
- go: ignore CVE-2024-3566 
- icu: Fix CVE-2025-5222 
- iputils: Fix CVE-2025-47268 
- libsoup-2.4: Fix CVE-2025-2784, CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-32050, CVE-2025-32052, CVE-2025-32053, CVE-2025-32907, CVE-2025-32910, CVE-2025-32911, CVE-2025-32912, CVE-2025-32913, CVE-2025-32914, CVE-2025-46420 and CVE-2025-46421 
- libsoup: Fix CVE-2025-2784, CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-32050, CVE-2025-32051, CVE-2025-32052, CVE-2025-32053, CVE-2025-32907, CVE-2025-46420 and CVE-2025-46421 
- linux-yocto/5.15: Fix CVE-2024-26952, CVE-2025-21941, CVE-2025-21957, CVE-2025-21959, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-21968, CVE-2025-21996, CVE-2025-22018, CVE-2025-22020, CVE-2025-22035, CVE-2025-22054, CVE-2025-22056, CVE-2025-22063, CVE-2025-22066, CVE-2025-22081, CVE-2025-22097, CVE-2025-23136, CVE-2025-37785, CVE-2025-37803, CVE-2025-37805, CVE-2025-38152, CVE-2025-39728 and CVE-2025-39735 
- net-tools: Fix CVE-2025-46836 
- openssh: Fix CVE-2025-32728 
- python3: Fix CVE-2024-12718, CVE-2025-0938, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4516 and CVE-2025-4517 
- python3-requests: Fix CVE-2024-47081 
- python3-setuptools: Fix CVE-2025-47273 
- ruby: Fix CVE-2025-27221 
- screen: Fix CVE-2025-46802, CVE-2025-46804 and CVE-2025-46805 
- taglib: Fix CVE-2023-47466 
Fixes in Yocto-4.0.28
- babeltrace/libatomic-ops: correct the SRC_URI 
- brief-yoctoprojectqs/ref-manual: Switch to new CDN 
- bsp guide: update kernel version example to 6.12 
- bsp-guide: update lonely “4.12” kernel reference to “6.12” 
- build-appliance-image: Update to kirkstone head revision 
- cmake: Correctly handle cost data of tests with arbitrary chars in name 
- conf.py: tweak SearchEnglish to be hyphen-friendly 
- contributor-guide/submit-changes: encourage patch version changelogs 
- dev-manual/sbom.rst: fix wrong build outputs 
- docs: Clean up explanation of minimum required version numbers 
- docs: README: specify how to contribute instead of pointing at another file 
- docs: conf.py: silence SyntaxWarning on js_splitter_code 
- e2fsprogs: removed ‘sed -u’ option 
- ffmpeg: Add “libswresample libavcodec” to CVE_PRODUCT 
- ffmpeg: upgrade to 5.0.3 
- gcc: AArch64 - Fix strict-align cpymem/setmem 
- glibc: nptl Fix indentation 
- glibc: nptl Remove unnecessary catch-all-wake in condvar group switch 
- glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait 
- glibc: nptl Update comments and indentation for new condvar implementation 
- glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loop 
- glibc: nptl Use all of g1_start and g_signals 
- glibc: nptl rename __condvar_quiesce_and_switch_g1 
- glibc: pthreads NPTL lost wakeup fix 2 
- kernel.bbclass: add original package name to RPROVIDES for -image and -base 
- libpng: Improve ptest 
- linux-yocto/5.15: update to v5.15.184 
- migration-guides: add release notes for 4.0.26 and 4.0.27 
- nfs-utils: don’t use signals to shut down nfs server. 
- poky.conf: bump version for 4.0.28 
- python3: upgrade to 3.10.18 
- ref-manual/release-process: update releases.svg 
- ref-manual/variables.rst: document INHIBIT_DEFAULT_RUST_DEPS INHIBIT_UPDATERCD_BBCLASS SSTATE_SKIP_CREATION WIC_CREATE_EXTRA_ARGS IMAGE_ROOTFS_MAXSIZE INITRAMFS_MAXSIZE 
- ref-manual: clarify KCONFIG_MODE default behaviour 
- ref-manual: classes: nativesdk: move note to appropriate section 
- ref-manual: classes: reword to clarify that native/nativesdk options are exclusive 
- ref-manual: kernel-fitimage.bbclass does not use SPL_SIGN_KEYNAME 
- scripts/install-buildtools: Update to 4.0.27 
- sphinx-lint: role missing opening tag colon 
- sphinx-lint: trailing whitespace 
- sphinx-lint: unbalanced inline literal markup 
- sysstat: correct the SRC_URI 
- systemtap: add sysroot Python paths to configure flags 
- test-manual/intro: remove Buildbot version used 
- util-linux: Add fix to isolate test fstab entries using CUSTOM_FSTAB 
- xz: Update LICENSE variable for xz packages 
Known Issues in Yocto-4.0.28
- N/A 
Contributors to Yocto-4.0.28
- Aditya Tayade 
- Adrian Freihofer 
- Aleksandar Nikolic 
- Alper Ak 
- Antonin Godard 
- Archana Polampalli 
- Ashish Sharma 
- Bruce Ashfield 
- Carlos Sánchez de La Lama 
- Changqing Li 
- Christos Gavros 
- Colin Pinnell McAllister 
- Deepesh Varatharajan 
- Divya Chellam 
- Enrico Jörns 
- Etienne Cordonnier 
- Guocai He 
- Harish Sadineni 
- Hitendra Prajapati 
- Jiaying Song 
- Lee Chee Yang 
- Martin Jansa 
- Moritz Haase 
- NeilBrown 
- Peter Marko 
- Poonam Jadhav 
- Praveen Kumar 
- Quentin Schulz 
- Richard Purdie 
- Robert P. J. Day 
- Soumya Sambu 
- Steve Sakoman 
- Sundeep KOKKONDA 
- Sunil Dora 
- Trevor Woerner 
- Vijay Anusuri 
- Virendra Thakur 
- Yi Zhao 
- aszh07 
Repositories / Downloads for Yocto-4.0.28
poky
- Repository Location: https://git.yoctoproject.org/poky 
- Branch: kirkstone 
- Tag: yocto-4.0.28 
- Git Revision: 78c9cb3eaf071932567835742608404d5ce23cc4 
- Release Artefact: poky-78c9cb3eaf071932567835742608404d5ce23cc4 
- sha: 9c73c6f89e70c2041a52851e5cc582e5a2f05ad2fdc110d2c518f2c4994e8de3 
- Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.28/poky-78c9cb3eaf071932567835742608404d5ce23cc4.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.28/poky-78c9cb3eaf071932567835742608404d5ce23cc4.tar.bz2 
openembedded-core
- Repository Location: https://git.openembedded.org/openembedded-core 
- Branch: kirkstone 
- Tag: yocto-4.0.28 
- Git Revision: 75e54301c5076eb0454aee33c870adf078f563fd 
- Release Artefact: oecore-75e54301c5076eb0454aee33c870adf078f563fd 
- sha: c5ffceab90881c4041ec4304da8b7b32d9c1f89a4c63ee7b8cbd53c796b0187b 
- Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.28/oecore-75e54301c5076eb0454aee33c870adf078f563fd.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.28/oecore-75e54301c5076eb0454aee33c870adf078f563fd.tar.bz2 
meta-mingw
- Repository Location: https://git.yoctoproject.org/meta-mingw 
- Branch: kirkstone 
- Tag: yocto-4.0.28 
- Git Revision: 87c22abb1f11be430caf4372e6b833dc7d77564e 
- Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e 
- sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8 
- Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.28/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.28/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2 
meta-gplv2
- Repository Location: https://git.yoctoproject.org/meta-gplv2 
- Branch: kirkstone 
- Tag: yocto-4.0.28 
- Git Revision: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a 
- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a 
- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d 
- Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.28/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.28/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 
bitbake
- Repository Location: https://git.openembedded.org/bitbake 
- Branch: 2.0 
- Tag: yocto-4.0.28 
- Git Revision: 046871d9fd76efdca7b72718b328d8f545523f7e 
- Release Artefact: bitbake-046871d9fd76efdca7b72718b328d8f545523f7e 
- sha: e9df0a9f5921b583b539188d66b23f120e1751000e7822e76c3391d5c76ee21a 
- Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.28/bitbake-046871d9fd76efdca7b72718b328d8f545523f7e.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.28/bitbake-046871d9fd76efdca7b72718b328d8f545523f7e.tar.bz2 
meta-yocto
- Repository Location: https://git.yoctoproject.org/meta-yocto 
- Branch: kirkstone 
- Tag: yocto-4.0.28 
- Git Revision: 0bf3dcef1caa80fb047bf9c3514314ab658e30ea 
yocto-docs
- Repository Location: https://git.yoctoproject.org/yocto-docs 
- Branch: kirkstone 
- Tag: yocto-4.0.28 
- Git Revision: 97cd3ee7f3bf1de8454708d1852ea9cdbd45c39b