1##############
2Issue tracking
3##############
4
5To trace TF-M issues and to maintain LTS versions transparently, all issues
6found after an official release and breaking TF-M functionality, i.e. bugs in
7either common code or platform code, or security vulnerability post public
8disclosure shall be registered in TF-M Github `Issue tracker`_ .
9The identified issues shall be addressed in the **main** development branch to
10ensure normal progress. Additionally, these fixes will be backported to the
11active Long-Term Support (LTS) branches and will be included in the upcoming
12LTS release.
13
14.. warning:: Security-related issues should be addressed through the
15    :doc:`Security Disclosure </security/index>` and recorded in the `Issue tracker`_
16    **only** after public disclosure.
17
18When reporting a new issue please cover:
19
20 1. **Summary:**
21    Provide a concise overview of the issue.
22    What problem are you encountering?
23 2. **Technical Description:**
24    Explain the issue thoroughly. Include relevant logs or screenshots.
25 3. **Build and Execution Environment:**
26       - The hardware platform
27       - Build toolchain with versions
28 4. **Reproduction Steps:**
29    Describe how to reproduce the issue step by step.
30    If possible, provide sample code or configuration settings.
31 5. **Proposed Fix (Optional):**
32    If you have ideas on how to address the issue, share them.
33    It’s not mandatory, but it can be helpful.
34
35Is it a bug or security vulnerability?
36--------------------------------------
37
38A security vulnerability refers to a flaw that an attacker can exploit to gain
39unauthorized access to system secrets, manipulate data, or perform actions
40beyond the intended functionality. However, it’s important to note that defects
41that cause system crashes or lead to a Denial of Service (DoS) state are
42considered bugs rather than security vulnerabilities.
43When faced with uncertainty in classifying a new defect, it is wise to use
44caution and consider it as a potential safety issue.
45
46As implied in the :doc:`/contributing/contributing_process`
47maintainers reserve the right to decide on what's acceptable to be backported
48to LTS branches in case of any divergence.
49
50.. _Issue tracker: https://github.com/TrustedFirmware-M/trusted-firmware-m/issues
51
52--------------
53
54*Copyright (c) 2024, Arm Limited. All rights reserved.*
55