We will always apply vulnerability fixes on branch develop and include them in the next release. Depending on the severity, we will consider hotfixing the most recent release too. Older releases will not be hotfixed.

To report a vulnerability privately please email security@contiki-ng.org

We will try to confirm or decline your report ASAP by email. For accepted vulnerability reports we will create an advisory and, if you wish, invite you to the discussion.