Skip to content

Releases: zephyrproject-rtos/zephyr

Zephyr v2.7.6

01 Mar 22:49
v2.7.6
Compare
Choose a tag to compare

We are pleased to announce the release of Zephyr v2.7.6:
https://github.com/zephyrproject-rtos/zephyr/releases/tag/v2.7.6

This is an LTS maintenance release with fixes.

The following GitHub issues were addressed since the previous 2.7.5 tagged
release:

#32145 - use k_thread_foreach_unlocked() with shell callbacks
#56604 - drivers: nrf: rtc: make uptime consistent for app booted from v3.x mcuboot
#25917 - bluetooth: fix deadlock with tx of acl data and hci commands
#47649 - bluetooth: release att notification buffer after reconnection
#43718 - bluetooth: bt_conn: ensure tx buffers can be allocated within timeout
#60707 - canbus: isotp: seal context buffer memory leaks
#60904 - drivers: spi_nor: make erase operation more opportunistic
#61451 - drivers: can: stm32: correct timing_max parameters
#61501 - canbus: isotp: convert SF length check from ASSERT to runtime check
#61544 - drivers: ieee802154_nrf5: add payload length check on TX
#61784 - bluetooth: controller: check minmum sizes of adv PDUs
#62003 - drivers: dma: sam: implement xdmac get_status() API
#62701 - can: rework the table lookup code in can_dlc_to_bytes()
#63544 - drivers: can: mcan: move RF0L and RF1L to line 1
#63835 - net_mgmt: return EMSGSIZE if buffer passed to recvfrom() is too small
#63965 - logging: fix handling of CONFIG_LOG_BLOCK_IN_THREAD_TIMEOUT_MS
#64398 - drivers: can: be consistent in filter_id checks when removing rx filters
#65548 - cmake: modules: dts: fix board revision 0 overlay
#66500 - toolchain: support CONFIG_COMPILER_WARNINGS_AS_ERRORS
#66888 - net: ipv6: drop received packets sent by the same interface
#67692 - i2c: dw: fix integer overflow in i2c_dw_data_ask()
#69167 - fs: fuse: avoid possible buffer overflow
#69637 - userspace: additional checks in K_SYSCALL_MEMORY

The following security vulnerabilities (CVEs) were addressed in this
release:

More detailed information can be found in:
https://docs.zephyrproject.org/latest/security/vulnerabilities.html

The full release notes can be found here:
https://docs.zephyrproject.org/2.7.6/releases/release-notes-2.7.html

Zephyr 3.6.0

24 Feb 04:23
v3.6.0
Compare
Choose a tag to compare

We are pleased to announce the release of Zephyr v3.6.0:
https://github.com/zephyrproject-rtos/zephyr/releases/tag/v3.6.0

Major enhancements with this release include:

  • New GNSS subsystem added, enabling geo-awareness in Zephyr applications.
  • New API and drivers introduced for interfacing with keyboard matrices.
  • New socket and CoAP service libraries streamlining the implementation of socket and CoAP servers respectively, while also optimizing the use of resources.
  • Integrated Trusted Firmware-M (TF-M) 2.0, including an update to mbedTLS 3.5.2.
  • Improved LLEXT tooling, simplifying module creation in the Zephyr build system.
  • Userspace support extended to Xtensa architecture.
  • Build system now supports Link Time Optimization (LTO), reducing the size of the final image.
  • Bluetooth Mesh Protocol 1.1 now supported by default.
  • Major updates to the documentation of the native simulator, clarifying supported peripherals and how to use them.
  • Over 30 new supported boards, spanning all Zephyr-supported architectures.

An overview of the changes required or recommended when migrating your application from Zephyr v3.5.0 to Zephyr v3.6.0 can be found in the separate migration guide:
https://docs.zephyrproject.org/3.6.0/releases/migration-guide-3.6.html

The full release notes and major changes since the last release can be found here:
https://docs.zephyrproject.org/3.6.0/releases/release-notes-3.6.html

The merge window is now open to new features and enhancements, but with an important caveat that they must not introduce conflicts with HWMv2. The HWMv2 collab branch will be rebased and merged into main by the end of next week. Until then, please do not merge any new boards, SoCs, or anything referencing them, such as tests and samples.

Thanks to everyone who contributed to this release!

Maureen / Brix

Zephyr 3.5.0

20 Oct 10:33
Compare
Choose a tag to compare

We are pleased to announce the release of Zephyr version 3.5.0.

For a detailed overview of the 3.5.0 release and a summary of the various new features and highlights please see the 3.5.0 post in the Zephyr project blog.

Major enhancements with this release include:

  • Added support for linkable loadable extensions (llext)
  • Added native_sim simulator target (successor to native_posix)
  • Added new battery charger driver API
  • Added new hardware spinlock driver API
  • Added new modem subsystem
  • Added support for 45+ new boards
  • Networking: improvements to CoAP, Connection Manager, DHCP, Ethernet, gPTP, ICMP,
    IPv6 and LwM2M
  • Bluetooth: improvements to the Controller, Audio, Mesh, as well as the host stack in
    general
  • Improved LVGL graphics library integration
  • Integrated support with the CodeChecker static analyzer
  • Picolibc is now the default C standard library

An overview of the changes required or recommended when migrating your application from Zephyr
v3.4.0 to Zephyr v3.5.0 can be found in the separate migration guide.

The full release notes and major changes since the last release can be found here.

The merge window is now open; feature and enhancement pull requests may be merged to the main branch.

Thanks to everyone who contributed to this release.

Johan / Fabio

Zephyr v3.5.0-rc3

14 Oct 09:02
Compare
Choose a tag to compare
Zephyr v3.5.0-rc3 Pre-release
Pre-release

The third release candidate for Zephyr 3.5.0 has been tagged.

From this point onward, only the release managers for Zephyr 3.5 will be performing merging of pull requests. The final release target date is scheduled for next week’s Friday, i.e. October 20th; until then, only blocker bug fixes and documentation changes will be merged.

Subsystem maintainers, please finalise your section in the v3.5 release notes if you have not done that already:
https://github.com/zephyrproject-rtos/zephyr/blob/main/doc/releases/release-notes-3.5.rst
Also make sure that any changes which require out-of-tree applications to update their code are documented in the new migration guide:
https://github.com/zephyrproject-rtos/zephyr/blob/main/doc/releases/migration-guide-3.5.rst

Release milestone dates:
https://github.com/zephyrproject-rtos/zephyr/wiki/Release-Management
Release process:
https://docs.zephyrproject.org/latest/project/release_process.html

Zephyr v3.5.0-rc2

06 Oct 18:03
Compare
Choose a tag to compare
Zephyr v3.5.0-rc2 Pre-release
Pre-release

The second release candidate for Zephyr 3.5.0 has been tagged.

The project remains in the stabilisation phase, and only bug-fix, documentation and stabilisation patches may be merged into the main branch.

If you have a pull request targeting this release, please set its "Milestone" to "v3.5.0". If your pull request contains code changes, it will also need an associated bug report issue; please make sure to link a related bug report issue to the pull request by adding "Fixes #1234" to the pull request description.

Subsystem maintainers, please start updating your subsystem section in the v3.5 release notes file:
https://github.com/zephyrproject-rtos/zephyr/blob/main/doc/releases/release-notes-3.5.rst

Also make sure that important information for migrating applications from 3.4 to 3.5 is available in the new migration guide file:
https://github.com/zephyrproject-rtos/zephyr/blob/main/doc/releases/migration-guide-3.5.rst

Release milestone dates:
https://github.com/zephyrproject-rtos/zephyr/wiki/Release-Management
Release process:
https://docs.zephyrproject.org/latest/project/release_process.html

Zephyr v3.5.0-rc1

01 Oct 17:41
Compare
Choose a tag to compare
Zephyr v3.5.0-rc1 Pre-release
Pre-release

The first release candidate for Zephyr 3.5.0 has been tagged: https://github.com/zephyrproject-rtos/zephyr/releases/tag/v3.5.0-rc1
The merge window for features and enhancements is now closed for this release, and it will remain closed until 3.5.0 is released.
We are now in the stabilisation phase, and only bug-fix, documentation and stabilisation patches may be merged to the main branch. Additional features and enhancements for the 3.5.0 release require approval by the TSC.

You may continue to submit pull requests for new features to gather feedback early or collaborate with others, but the release team would like to encourage everyone to focus on testing and fixing bugs.

Release milestone dates:
https://github.com/zephyrproject-rtos/zephyr/wiki/Release-Management

Release process:
https://docs.zephyrproject.org/latest/project/release_process.html

Zephyr 3.4.0

16 Jun 17:16
v3.4.0
Compare
Choose a tag to compare

Hello Zephyr community,

We are pleased to announce the release of Zephyr version 3.4.0.

For a detailed overview of the 3.4.0 release and a summary of the various new features and highlights please see the 3.4.0 post in the Zephyr project blog.

Some of the highlights and enhancements in this release include:

• Input subsystem: handles input events from various types of input devices and distributes them to other threads in the application.
• Barrier API: added architecture agnostic API for data memory barriers.
• USB Device support overhaul.
• Added Power Delivery Source Support to the USB-C Stack.
• Bluetooth: Added support for Periodic Advertising with Responses (PAwR).
• Cache API functions are now fully in-lined by compilers.
• Added an API for real-time clocks (RTC).
• Added Retention subsystem.
• Added initial support for MMU on Xtensa.
• SMBus (System Management Bus) API.
• Various improvements to the testing framework and twister
• Added Snippets: Support common configuration settings that can be used across platforms.

The full release notes and major changes since the last release can be found here.

If you’d like to see some of the highlights of this release in action, Benjamin Cabé, Zephyr’s Developer Advocate, assembled a short video going through some cool examples and demos.

The merge window is now open; feature and enhancement pull requests may be merged to the main branch.

Thanks to everyone who contributed to this release.

Anas / Josh

Zephyr v3.4.0-rc3

16 Jun 16:16
v3.4.0-rc3
Compare
Choose a tag to compare
Zephyr v3.4.0-rc3 Pre-release
Pre-release
Zephyr v3.4.0-rc3

Zephyr v3.4.0-rc2

05 Jun 01:45
v3.4.0-rc2
Compare
Choose a tag to compare
Zephyr v3.4.0-rc2 Pre-release
Pre-release
Zephyr v3.4.0-rc2

Zephyr v2.7.5

01 Jun 15:31
v2.7.5
Compare
Choose a tag to compare

We are pleased to announce the release of Zephyr version 2.7.5.

This is an LTS maintenance release with fixes.

Issues Fixed

These GitHub issues were addressed since the previous 2.7.4 tagged release:

  • 41111 - utils: tmcvt: fix integer overflow after 6.4 days with gettimeofday() and z_tmcvt()
  • 51663 - tests: kernel: increase coverage for kernel and mmu tests
  • 53124 - bmake: fix argument passing in zephyr_check_compiler_flag() cmake function
  • 53315 - net: tcp: fix possible underflow in tcp_flags().
  • 53981 - scripts: fixes for gen_syscalls and gen_app_partitions
  • 53983 - init: correct early init time calls to k_current_get() when TLS is enabled
  • 54140 - net: fix BUS FAULT when running nmap towards echo_async sample
  • 54325 - coredump: support out-of-tree coredump backend definition
  • 54386 - kernel: correct SMP scheduling with more than 2 CPUs
  • 54527 - tests: kernel: remove faulty test from tests/kernel/poll
  • 55019 - bluetooth: host: initialize value passed to k_sem_init()
  • 55068 - net: ipv6: validate arguments in net_if_ipv6_set_reachable_time()
  • 55069 - net: core: net pkt shell command missing input validation
  • 55323 - logging: fix userspace runtime filtering
  • 55490 - cxx: fix compile error in C++ project for bad flags -Wno-pointer-sign and -Werror=implicit-int
  • 56071 - security: MbedTLS: update to v2.28.3
  • 56729 - posix: SCHED_RR valid thread priorities
  • 57210 - drivers: pcie: endpoint: pcie_ep_iproc: correct use of optional devicetree binding
  • 57419 - tests: dma: support 64-bit addressing in tests
  • 57710 - posix: support building eventfd on arm-clang

mbedTLS

Moving mbedTLS to 2.28.x series (2.28.3 precisely). This is a LTS release that will be supported with bug fixes and security fixes until the end of 2024.

Detailed information can be found in:

This version is incompatible with TF-M and because of this TF-M is no longer supported in Zephyr LTS. If TF-M is required it can be manually added back changing the mbedTLS revision on west.yaml to the previous one (5765cb7f75a9973ae9232d438e361a9d7bbc49e7). This should be carefully assessed by a security expert to ensure that the know vulnerabilities in that version don’t affect the product.

Vulnerabilities addressed in this update:

  • MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on builds that couldn’t compile the GCC-style assembly implementation (most notably builds with Visual Studio), leaving them vulnerable to timing side-channel attacks. There is now an intrinsics-based AES-NI implementation as a fallback for when the assembly one cannot be used.

  • Fix potential heap buffer overread and overwrite in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

  • An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) could recover an RSA private key after observing the victim performing a single private-key operation if the window size used for the exponentiation was 3 or smaller. Found and reported by Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG. See “Cache Side-channel Attacks and Defenses of the Sliding Window Algorithm in TEEs” - Design, Automation and Test in Europe 2023.

  • Zeroize dynamically-allocated buffers used by the PSA Crypto key storage module before freeing them. These buffers contain secret key material, and could thus potentially leak the key through freed heap.

  • Fix a potential heap buffer overread in TLS 1.2 server-side when MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite is selected. This may result in an application crash or potentially an information leak.

  • Fix a buffer overread in DTLS ClientHello parsing in servers with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client or a man-in-the-middle could cause a DTLS server to read up to 255 bytes after the end of the SSL input buffer. The buffer overread only happens when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(), and possibly up to 571 bytes with a custom cookie check function. Reported by the Cybeats PSI Team.

  • Zeroize several intermediate variables used to calculate the expected value when verifying a MAC or AEAD tag. This hardens the library in case the value leaks through a memory disclosure vulnerability. For example, a memory disclosure vulnerability could have allowed a man-in-the-middle to inject fake ciphertext into a DTLS connection.

  • In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back from the output buffer. This fixes a potential policy bypass or decryption oracle vulnerability if the output buffer is in memory that is shared with an untrusted application.

  • Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). After that, calling mbedtls_ssl_session_free() and mbedtls_ssl_free() would cause an internal session buffer to be free()’d twice.

  • Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM) private keys and of blinding values for DHM and elliptic curves (ECP) computations.

  • Fix a potential side channel vulnerability in ECDSA ephemeral key generation. An adversary who is capable of very precise timing measurements could learn partial information about the leading bits of the nonce used for the signature, allowing the recovery of the private key after observing a large number of signature operations. This completes a partial fix in Mbed TLS 2.20.0.

Security Vulnerability Related

The following security vulnerabilities (CVEs) were addressed in this release:

More detailed information can be found in:
https://docs.zephyrproject.org/latest/security/vulnerabilities.html