V4.2.4

.github/.cSpellWords.txt

@@ -89,6 +89,7 @@ BLXNS
 bmcr
 BMSR
 BPDG
+BPIALL
 brgintclr
 brginten
 brgintstat
@@ -920,6 +921,7 @@ Picovolts
 PIDEVAD
 pidr
 PIDR
+PINSEL
 PIOA
 PKHBT
 pkhtb
@@ -1263,6 +1265,7 @@ STLIDMPUSR
 STLIMPUOR
 STLNVICACTVOR
 STLNVICPENDOR
+Storex
 strbt
 STRBT
 strexb

.github/workflows/ci.yml

@@ -128,17 +128,17 @@
           path: ./
 
   formatting:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: Check formatting
         uses: FreeRTOS/CI-CD-Github-Actions/formatting@main
         with:
           path: ./
 
   doxygen:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: Run doxygen build
         uses: FreeRTOS/CI-CD-Github-Actions/doxygen@main
@@ -406,7 +406,7 @@
       - name: Set up CBMC runner
         uses: FreeRTOS/CI-CD-Github-Actions/set_up_cbmc_runner@main
         with:
-          cbmc_version: "5.95.1"
+          cbmc_version: "6.3.1"
 
       - env:
           stepName: Install Dependencies

.github/workflows/release-candidate.yml

@@ -10,6 +10,10 @@ on:
         description: 'Release Version Number (Eg, v1.0.0-rc1)'
         required: true
 
+# Workflow permissions block
+permissions:
+  contents: write # This grants write access to repository content, including pushing commits/tags and creating releases.
+
 jobs:
   tag-commit:
     name: Tag commit
@@ -32,4 +36,4 @@ jobs:
           git tag -d ${{ github.event.inputs.version_number }}
           git remote update
           git checkout tags/${{ github.event.inputs.version_number }}
-          git diff ${{ github.event.inputs.commit_id }} tags/${{ github.event.inputs.version_number }}
+          git diff ${{ github.event.inputs.commit_id }} tags/${{ github.event.inputs.version_number }}

.github/workflows/release.yml

@@ -10,6 +10,10 @@ on:
         description: 'Release Version Number (Eg, v1.0.0)'
         required: true
 
+# Workflow permissions block
+permissions:
+  contents: write # This grants write access to repository content, including pushing commits/tags and creating releases.
+
 jobs:
   tag-commit:
     name: Tag commit
@@ -20,31 +24,56 @@ jobs:
         with:
           ref: ${{ github.event.inputs.commit_id }}
       - name: Configure git identity
+        env:
+          ACTOR: ${{ github.actor }}
         run: |
-          git config --global user.name ${{ github.actor }}
-          git config --global user.email ${{ github.actor }}@users.noreply.github.com
+          git config --global user.name "$ACTOR"
+          git config --global user.email "$ACTOR"@users.noreply.github.com
       - name: create a new branch that references commit id
-        run: git checkout -b ${{ github.event.inputs.version_number }} ${{ github.event.inputs.commit_id }}
+        env:
+          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
+          COMMIT_ID: ${{ github.event.inputs.commit_id }}
+        run: git checkout -b "$VERSION_NUMBER" "$COMMIT_ID"
+      - name: Update version number in source files
+        env:
+          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
+          REPO_NAME: ${{ github.event.repository.name }}
+          source_folder_list: "source test"
+        run: |
+            echo "${{ env.source_folder_list }}" | \
+            xargs -n 1 sh -c \
+            'find $1 -type f \( -name "*.c" -o -name "*.h" \) \
+            -exec sed -i -b -E "0,/^ \* FreeRTOS\+TCP/s/^ \* FreeRTOS\+TCP.*/ \* FreeRTOS\+TCP $VERSION_NUMBER/g" {} +'
+            git add .
+            git commit -m '[AUTO][RELEASE]: Update version number in source files'
+            git push -u origin "$VERSION_NUMBER"
       - name: Generate SBOM
         uses: FreeRTOS/CI-CD-Github-Actions/sbom-generator@main
         with:
           repo_path: ./
           source_path: ./source
       - name: commit SBOM file
+        env:
+          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
         run: |
           git add .
           git commit -m 'Update SBOM'
-          git push -u origin ${{ github.event.inputs.version_number }}
+          git push -u origin "$VERSION_NUMBER"
       - name: Tag Commit and Push to remote
+        env:
+          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
         run: |
-          git tag ${{ github.event.inputs.version_number }} -a -m "FreeRTOS-Plus-TCP Library ${{ github.event.inputs.version_number }}"
+          git tag "$VERSION_NUMBER" -a -m "FreeRTOS-Plus-TCP Library $VERSION_NUMBER"
           git push origin --tags
       - name: Verify tag on remote
+        env:
+          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
+          COMMIT_ID: ${{ github.event.inputs.commit_id }}
         run: |
-          git tag -d ${{ github.event.inputs.version_number }}
+          git tag -d "$VERSION_NUMBER"
           git remote update
-          git checkout tags/${{ github.event.inputs.version_number }}
-          git diff ${{ github.event.inputs.commit_id }} tags/${{ github.event.inputs.version_number }}
+          git checkout tags/"$VERSION_NUMBER"
+          git diff "$COMMIT_ID" tags/"$VERSION_NUMBER"
   create-zip:
     needs: tag-commit
     name: Create ZIP and verify package for release asset.
@@ -55,36 +84,44 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.inputs.commit_id }}
+          ref: ${{ github.event.inputs.version_number }}
           path: FreeRTOS-Plus-TCP
           submodules: recursive
       - name: Checkout disabled submodules
         run: |
           cd FreeRTOS-Plus-TCP
           git submodule update --init --checkout --recursive
       - name: Create ZIP
+        env:
+          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
         run: |
-          zip -r FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}.zip FreeRTOS-Plus-TCP -x "*.git*"
+          zip -r FreeRTOS-Plus-TCP-"$VERSION_NUMBER".zip FreeRTOS-Plus-TCP -x "*.git*"
           ls ./
       - name: Validate created ZIP
+        env:
+          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
         run: |
           mkdir zip-check
-          mv FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}.zip zip-check
+          mv FreeRTOS-Plus-TCP-"$VERSION_NUMBER".zip zip-check
           cd zip-check
-          unzip FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}.zip -d FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}
-          ls FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}
-          diff -r -x "*.git*" FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}/FreeRTOS-Plus-TCP/ ../FreeRTOS-Plus-TCP/
+          unzip FreeRTOS-Plus-TCP-"$VERSION_NUMBER".zip -d FreeRTOS-Plus-TCP-"$VERSION_NUMBER"
+          ls FreeRTOS-Plus-TCP-"$VERSION_NUMBER"
+          diff -r -x "*.git*" FreeRTOS-Plus-TCP-"$VERSION_NUMBER"/FreeRTOS-Plus-TCP/ ../FreeRTOS-Plus-TCP/
           cd ../
       - name: Build
+        env:
+          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
         run: |
-          cd zip-check/FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}/FreeRTOS-Plus-TCP
+          cd zip-check/FreeRTOS-Plus-TCP-"$VERSION_NUMBER"/FreeRTOS-Plus-TCP
           sudo apt-get install -y lcov
           sudo apt-get install unifdef
           cmake -S test/unit-test -B test/unit-test/build/
           make -C test/unit-test/build/ all
       - name: Test
+        env:
+          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
         run: |
-          cd zip-check/FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}/FreeRTOS-Plus-TCP
+          cd zip-check/FreeRTOS-Plus-TCP-"$VERSION_NUMBER"/FreeRTOS-Plus-TCP
           pushd test/unit-test/build/
           ctest -E system --output-on-failure
           popd
@@ -107,6 +144,9 @@ jobs:
           ref: ${{ github.event.inputs.version_number }}
           add_release: "true"
   create-release:
+    permissions:
+      contents: write
+      id-token: write
     needs:
       - create-zip
       - deploy-doxygen
@@ -138,6 +178,11 @@ jobs:
           asset_path: ./FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}.zip
           asset_name: FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}.zip
           asset_content_type: application/zip
+      - name: Backup Release Asset
+        uses: FreeRTOS/CI-CD-Github-Actions/artifact-backup@main
+        with:
+          artifact_path: ./FreeRTOS-Plus-TCP-${{ github.event.inputs.version_number }}.zip
+          release_tag: ${{ github.event.inputs.version_number }}
   cleanup:
     needs:
       - create-release
@@ -147,6 +192,8 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Delete branch created for Tag by SBOM generator
+        env:
+          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
         run: |
           # Delete the branch created for Tag by SBOM generator
-          git push -u origin --delete refs/heads/${{ github.event.inputs.version_number }}
+          git push -u origin --delete refs/heads/"$VERSION_NUMBER"

History.txt

@@ -1,5 +1,55 @@
 Documentation and download available at https://www.FreeRTOS.org/
 
+Changes between FreeRTOS-plus-TCP V4.2.5 and V4.2.4 released October 10, 2025:
+    + The implementation lacked sufficient checks to ensure that received packets
+      meet the minimum size requirements for certain ICMPv6 message types, leading to
+      out-of-bounds read operations when processing packets smaller than the expected
+      size. This issue has been fixed by adding checks to prevent out-of-bounds reads.
+      The implementation lacked sufficient checks to prevent null pointer dereference
+      when an IPv6 multicast packet is received on a device not configured with a
+      link-local endpoint. This issue has been fixed by adding checks to prevent
+      null pointer dereference.
+    + The implementation lacked sufficient checks to validate the payload length field
+      in the IPv6 packet header. This allowed malicious packets with incorrect payload
+      lengths to cause integer wraparound, resulting in erroneously large calculated
+      payload length. This inflated payload length bypassed the existing
+      bounds-checking mechanisms, leading to out-of-bounds read operations. This issue
+      has been fixed by adding checks to validate the payload length field in the IPv6
+      packet header.
+    + The implementation lacked sufficient checks to validate the IP version field
+      when a UDP/IPv6 packet is received with ipconfigDRIVER_INCLUDED_RX_IP_CHECKSUM
+      disabled. This allowed the processing of packets with an incorrect IP version
+      field instead of rejecting them early. Subsequent attempts to extract network
+      buffers from these invalid UDP packets could result in dereferencing of an
+      invalid pointer due to incorrect pointer arithmetic.
+      We would like to thank Ivan Gotovchits of Mayhem Security for collaborating on
+      this issue through the coordinated vulnerability disclosure process.
+
+Changes between FreeRTOS-plus-TCP V4.2.4 and V4.2.3 released June 10, 2025:
+	+ Fixed maximum network buffer allocation size check when buffer
+	  allocation scheme 1 is used which caused allocation failure on
+	  some network interfaces.
+
+Changes between FreeRTOS-plus-TCP V4.2.3 and V4.2.2 released June 04, 2025:
+	+ It was possible to cause an out-of-bounds write when processing LLMNR
+	  or mDNS queries with very long DNS names. This issue only affects systems
+	  using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled.
+	  This issue has been fixed by adding checks to prevent out of bounds write.
+	  We would like to thank Paschal Amusuo (@AmPaschal),
+	  James C Davis (@davisjam), Taylor Le Lievre (@tlelievre26), and
+	  Aravind Kumar Machiry (@machiry) of Purdue University for collaborating
+	  on this issue through the coordinated vulnerability disclosure process.
+	+ Replace any missing functions by assert-false in all CBMC proofs to
+	  improve tests. We would like to thank @tautschnig for their contribution.
+	+ Adjust CBMC proof tooling to support CBMC v6.
+	  We would like to thank @tautschnig for their contribution.
+
+Changes between FreeRTOS-plus-TCP V4.2.2 and V4.2.1 released July 12, 2024
+    + Update version information in public header file
+
+Changes between FreeRTOS-plus-TCP V4.2.1 and V4.2.0 released June 27, 2024
+    + Update version information in source files.
+
 Changes between FreeRTOS-plus-TCP V4.2.0 and V4.1.0 released June 24, 2024
     + It was possible for a carefully crafted DNS response with domain name
       length value greater than the actual domain name length, to cause a buffer

README.md

@@ -5,12 +5,12 @@ This library has undergone static code analysis and checks for compliance with t
 
 ## Getting started
 The easiest way to use version 4.0.0 and later of FreeRTOS-Plus-TCP is to refer the Getting started Guide (found [here](https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/main/GettingStarted.md))
-Another way is to start with the pre-configured IPv4 Windows Simulator demo (found in [this directory](https://github.com/FreeRTOS/FreeRTOS/tree/main/FreeRTOS-Plus/Demo/FreeRTOS_Plus_TCP_Minimal_Windows_Simulator)) or IPv6 Multi-endpoint Windows Simulator demo (found in [this directory](https://github.com/FreeRTOS/FreeRTOS/tree/main/FreeRTOS-Plus/Demo/FreeRTOS_Plus_TCP_IPv6_Demo/IPv6_Multi_WinSim_demo)). That way you will have the correct FreeRTOS source files included, and the correct include paths configured.  Once a demo application is building and executing you can remove the demo application files, and start to add in your own application source files.  See the [FreeRTOS Kernel Quick Start Guide](https://www.freertos.org/FreeRTOS-quick-start-guide.html) for detailed instructions and other useful links.
+Another way is to start with the pre-configured IPv4 Windows Simulator demo (found in [this directory](https://github.com/FreeRTOS/FreeRTOS/tree/main/FreeRTOS-Plus/Demo/FreeRTOS_Plus_TCP_Minimal_Windows_Simulator)) or IPv6 Multi-endpoint Windows Simulator demo (found in [this directory](https://github.com/FreeRTOS/FreeRTOS/tree/main/FreeRTOS-Plus/Demo/FreeRTOS_Plus_TCP_IPv6_Demo/IPv6_Multi_WinSim_demo)). That way you will have the correct FreeRTOS source files included, and the correct include paths configured.  Once a demo application is building and executing you can remove the demo application files, and start to add in your own application source files.  See the [FreeRTOS Kernel Quick Start Guide](https://www.freertos.org/Documentation/01-FreeRTOS-quick-start/01-Beginners-guide/02-Quick-start-guide) for detailed instructions and other useful links.
 
-Additionally, for FreeRTOS-Plus-TCP source code organization refer to the [Documentation](http://www.FreeRTOS.org/FreeRTOS-Plus/FreeRTOS_Plus_TCP/TCP_Networking_Tutorial.html), and [API Reference](https://freertos.org/FreeRTOS-Plus/FreeRTOS_Plus_TCP/FreeRTOS_TCP_API_Functions.html).
+Additionally, for FreeRTOS-Plus-TCP source code organization refer to the [Documentation](http://www.FreeRTOS.org/FreeRTOS-Plus/FreeRTOS_Plus_TCP/TCP_Networking_Tutorial.html), and [API Reference](https://freertos.org/Documentation/03-Libraries/02-FreeRTOS-plus/02-FreeRTOS-plus-TCP/09-API-reference/01-FreeRTOS-plus-TCP-APIs).
 
 ### Getting help
-If you have any questions or need assistance troubleshooting your FreeRTOS project, we have an active community that can help on the [FreeRTOS Community Support Forum](https://forums.freertos.org). Please also refer to [FAQ](http://www.freertos.org/FAQHelp.html) for frequently asked questions.
+If you have any questions or need assistance troubleshooting your FreeRTOS project, we have an active community that can help on the [FreeRTOS Community Support Forum](https://forums.freertos.org). Please also refer to [FAQ](https://www.freertos.org/Why-FreeRTOS/FAQs) for frequently asked questions.
 
 Also see the [Submitting a bugs/feature request](https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/main/.github/CONTRIBUTING.md#submitting-a-bugsfeature-request) section of CONTRIBUTING.md for more details.
 
@@ -86,7 +86,7 @@ git submodule update --checkout --init --recursive tools/CMock test/FreeRTOS-Ker
 ```
 
 ## Porting
-The porting guide is available on [this page](http://www.FreeRTOS.org/FreeRTOS-Plus/FreeRTOS_Plus_TCP/FreeRTOS_TCP_Porting.html).
+The porting guide is available on [this page](https://www.freertos.org/Documentation/03-Libraries/02-FreeRTOS-plus/02-FreeRTOS-plus-TCP/10-Porting/01-FreeRTOS_TCP_Porting).
 
 ## Repository structure
 This repository contains the FreeRTOS-Plus-TCP repository and a number of supplementary libraries for testing/PR Checks.

docs/doxygen/config.doxyfile

@@ -48,7 +48,7 @@ PROJECT_NAME           = FreeRTOS-Plus-TCP
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER         = V4.2.0
+PROJECT_NUMBER         = V4.2.5
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a

manifest.yml

@@ -1,5 +1,5 @@
 name: "FreeRTOS-Plus-TCP"
-version: "V4.2.0"
+version: "V4.2.5"
 description:
   "Thread safe FreeRTOS TCP/IP stack working on top of the FreeRTOS-Kernel to
   implement the TCP/IP protocol. Suitable for microcontrollers."

readme.txt

@@ -7,7 +7,7 @@ A description of the source code organisation is available on:
 http://www.FreeRTOS.org/FreeRTOS-Plus/FreeRTOS_Plus_TCP/TCP_Networking_Tutorial.html
 
 The porting guide is available on:
-http://www.FreeRTOS.org/FreeRTOS-Plus/FreeRTOS_Plus_TCP/FreeRTOS_TCP_Porting.html
+https://www.freertos.org/Documentation/03-Libraries/02-FreeRTOS-plus/02-FreeRTOS-plus-TCP/10-Porting/01-FreeRTOS_TCP_Porting
 
 License information is available on:
 http://www.FreeRTOS.org/FreeRTOS-Plus/FreeRTOS_Plus_TCP/FreeRTOS_Plus_TCP_License.html