From 2444feed0d5ff5beb52e4d6e1f7ece487f3de179 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Mon, 15 Sep 2025 18:55:42 -0600 Subject: [PATCH] release: 8.0.1; update changelog --- ChangeLog | 56 +++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 2 +- rust/Cargo.lock.in | 12 +++++----- rust/sys/src/sys.rs | 2 +- 4 files changed, 64 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index ea0ca9dd7e..8936246191 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,59 @@ +8.0.1 -- 2025-09-15 + +Security #7881: detect/tls: keyword tls.subjectaltname leads to NULL Deref if tls.subjectaltname contains zero(HIGH - CVE 2025-59150) +Security #7861: detect: Dynamic-stack-buffer-overflow in ShortenString(HIGH - CVE 2025-59149) +Security #7838: detect/entropy: segfault when not anchored to a sticky buffer(HIGH - CVE 2025-59148) +Security #7657: tcp: syn resend with different seq leads to detection bypasss(HIGH - CVE 2025-59147) +Bug #7891: unix-socket: memory leak when client disconnects during rule reload +Bug #7877: rust: build with RUSTC and CARGO variables fails +Bug #7865: detect/integers: u8 prefilter does not support all modes +Bug #7859: doc/userguide: build failure with read the docs theme +Bug #7843: http: dissection anomaly on `Content-Encoding: identity` +Bug #7836: util-byte: bad usage of StringParse function return codes +Bug #7828: util/hash: unexpected remove behavior +Bug #7827: app-layer: ippair.memcap counter shows memuse +Bug #7824: hyperscan: caching results in segfault with link time optimization (-flto=auto, etc) +Bug #7822: engine-analysis: SEGV on rule failure without rules-fast-pattern enabled +Bug #7821: engine-analysis: no report for failed rules without fast pattern +Bug #7820: app-layer/snmp: internal error if app-layer is disabled +Bug #7815: unix-socket: segfault in "pcap-file-list" command +Bug #7813: cppcheck: warnings in counters.c +Bug #7804: util-lua-sandbox.c undeclared identifier error for Suricata 8.0.0 +Bug #7803: http: use transactions right get function +Bug #7802: detect/dsize: uninitialized value from SigParseRequiredContentSize +Bug #7741: http2: events can contain an empty response object +Bug #7740: doh2: events are always dns even if there is no DNS info (pure HTTP2 settings) +Bug #7651: decoder/pppoe: valid packets are getting dropped as decoder.ppp.unsup_proto +Bug #7636: tcp: assertion triggered in StreamTcpReassembleAppLayer +Bug #7611: eve: segv in stats.totals output +Bug #5689: eve: community id computed wrong for tcp and ipv4 when src_ip == dest_ip +Bug #4702: tcp: SYN/ACK dropped when client does not support timestamps +Bug #4178: alert-debug: DNS Query triggers alert but no output in alert-debug.log +Bug #3844: tcp: possible bypass with TCP ssn reuse +Optimization #7769: detect/file: remove redundant de_ctx->rule_file != NULL check +Feature #7869: detect/integers: support units like kib +Task #7857: schema/arp: fix invalid pkt event output +Task #7834: detect: remove unused non-pf stats counters +Documentation #7890: detect: tls.cert_subject incorrectly claims to support multi-buffer +Documentation #7867: detect/multi-buffers: complete list in userguide page on multi-buffer-matching +Documentation #7854: doc/lualib: fix flow timestamps() return value order +Documentation #7795: eve/schema: document stats.detect counters +Documentation #7794: eve/schema: document stats.flow counters +Documentation #7728: lua: fix all Lua documentation examples for new library format +Documentation #7648: rtd: set "latest" to last stable release starting with 8.0.0 +Documentation #7639: dpdk: update Connect-X4 recommended fallback tx-descriptor count +Documentation #7631: userguide: document lua lib suricata.dnp3 +Documentation #7190: detect/integers: document usage of units +Documentation #7081: userguide: add unix socket option to retrieve flow info +Documentation #6840: devguide/app-layer: section with conceptualized steps for adding parser +Documentation #6284: userguide: document what's the impact of `stream.inline` +Documentation #6270: userguide: document usage of Suricata as a firewall +Documentation #5690: userguide: document the differences between IPS and IDS mode +Documentation #5513: userguide: add a chapter for IPS mode +Documentation #5139: userguide: add a section for netflow event type +Documentation #5078: doc/userguide: improve rule reload documentation +Documentation #4351: doc: explain the engine logic to trigger inspection of TCP data + 8.0.0 -- 2025-07-08 Security #7658: http2: global tx (stream id 0) may open file and never close it(HIGH - CVE 2025-53538) diff --git a/configure.ac b/configure.ac index 40297b4156..1b64af6ce8 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ - AC_INIT([suricata],[8.0.1-dev]) + AC_INIT([suricata],[8.0.1]) m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes]) AC_CONFIG_HEADERS([src/autoconf.h]) AC_CONFIG_SRCDIR([src/suricata.c]) diff --git a/rust/Cargo.lock.in b/rust/Cargo.lock.in index 31cd9ddbbe..b8d6f2ee85 100644 --- a/rust/Cargo.lock.in +++ b/rust/Cargo.lock.in @@ -1500,7 +1500,7 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "suricata" -version = "8.0.1-dev" +version = "8.0.1" dependencies = [ "aes", "aes-gcm", @@ -1552,7 +1552,7 @@ dependencies = [ [[package]] name = "suricata-derive" -version = "8.0.1-dev" +version = "8.0.1" dependencies = [ "proc-macro-crate", "proc-macro2", @@ -1562,7 +1562,7 @@ dependencies = [ [[package]] name = "suricata-htp" -version = "8.0.1-dev" +version = "8.0.1" dependencies = [ "base64", "brotli", @@ -1588,11 +1588,11 @@ dependencies = [ [[package]] name = "suricata-sys" -version = "8.0.1-dev" +version = "8.0.1" [[package]] name = "suricatactl" -version = "8.0.1-dev" +version = "8.0.1" dependencies = [ "clap", "once_cell", @@ -1603,7 +1603,7 @@ dependencies = [ [[package]] name = "suricatasc" -version = "8.0.1-dev" +version = "8.0.1" dependencies = [ "clap", "home", diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs index 1a0748abb8..e74f76c89e 100644 --- a/rust/sys/src/sys.rs +++ b/rust/sys/src/sys.rs @@ -1,6 +1,6 @@ // This file is automatically generated. Do not edit. -pub const SC_PACKAGE_VERSION: &[u8; 10] = b"8.0.1-dev\0"; +pub const SC_PACKAGE_VERSION: &[u8; 6] = b"8.0.1\0"; pub type __intmax_t = ::std::os::raw::c_long; pub type intmax_t = __intmax_t; #[repr(u32)] -- 2.47.3