]>
Commit | Line | Data |
---|---|---|
1d84f72a VJ |
1 | 6.0.1 -- 2020-12-04 |
2 | ||
3 | Feature #2689: http: Normalized HTTP client body buffer | |
4 | Feature #4121: http2: support file inspection API | |
5 | Bug #1275: ET Rule 2003927 not matchin in suricata | |
6 | Bug #3467: Alert metadata not present in EVE output when using Socket Control Pcap Processing Mode | |
7 | Bug #3616: strip_whitespace causes FN | |
8 | Bug #3726: Segmentation fault on rule reload when using libmagic | |
9 | Bug #3856: dcerpc: last response packet not logged | |
10 | Bug #3924: asan leak htp_connp_create | |
11 | Bug #3925: dcerpc: crash in eve logging | |
12 | Bug #3930: Out of memory from THashInitConfig called by DetectDatasetSetup | |
13 | Bug #3994: SIGABRT TCPProtoDetectCheckBailConditions | |
14 | Bug #4018: Napatech: Double release of packet possible in certain error cases. | |
15 | Bug #4069: dcerpc: fix UDP transaction handling, free_tx, etc | |
16 | Bug #4071: Null dereference in ipv4hdr GetData | |
17 | Bug #4072: ssl: Integer underflow in SSL parser | |
18 | Bug #4073: Protocol detection evasion by packet splitting on enip/SMB | |
19 | Bug #4074: Timeout while loading many rules with keyword ssl_version | |
20 | Bug #4076: http2: Memory leak when parsing signature with filestore | |
21 | Bug #4085: Assertion from AdjustToAcked | |
22 | Bug #4086: dns: memory leak in v1 dns eve logging | |
23 | Bug #4090: icmpv4: header handling issue(s) | |
24 | Bug #4091: byte_math: Offset is a signed value | |
25 | Bug #4094: AddressSanitizer: dynamic-stack-buffer-overflow (util-crypt) | |
26 | Bug #4100: ftp: Quadratic complexity in FTPGetOldestTx may lead to DOS | |
27 | Bug #4109: mac address logging crash | |
28 | Bug #4110: http: LibHTP wrong protocol with content duplication | |
29 | Bug #4111: dnp3: DOS in long loop of zero sized objects | |
30 | Bug #4120: http2: null ptr deref in http2 alert metadata | |
31 | Bug #4124: dcerpc: UDP request response pair match is incorrect | |
32 | Bug #4155: dnp3: memory leak when parsing objects with bytearrays | |
33 | Bug #4156: dnp3: signed integer overflow | |
34 | Bug #4158: PacketCopyData sets packet length even on failure | |
35 | Bug #4173: dnp3: SV tests fail on big endian | |
36 | Bug #4177: Rustc nightly warning getting the inner pointer of a temporary `CString` | |
37 | Optimization #4114: Optmize Rust logging macros: SCLogInfo, SCLogDebug and friends | |
38 | Task #4137: deprecate: eve.dns v1 record support | |
39 | Task #4180: libhtp 0.5.36 | |
40 | ||
df5f96c5 VJ |
41 | 6.0.0 -- 2020-10-08 |
42 | ||
43 | Bug #3099: Weird handling of IKEv2 flows when alerts happen | |
44 | Bug #3691: strip_whitespace doesn't strip_whitespace | |
45 | Bug #3772: DNP3 probing parser does not detect the proper direction in midstream | |
46 | Bug #3774: Assert failed in TLS due to integer underflow | |
47 | Bug #3775: Memory leak in libhtp in error case | |
48 | Bug #3853: Multi-byte Heap buffer over-read in ssl parser | |
49 | Bug #3857: Protocol detection evasion by packet splitting on enip/dnp3 | |
50 | Bug #3877: Transaction list grows without bound on parsers that use unidirectional transactions | |
51 | Bug #3896: app-layer-parser.c:1264: AppLayerParserParse: Assertion `!(res.needed + res.consumed < input_len)' failed. | |
52 | Bug #3904: Suricata ASAN issue when detect.profiling.grouping.dump-to-disk=true | |
53 | Bug #3926: dcerpc: Rust panic in handle_common_stub | |
54 | Bug #3927: Alert "fileinfo" array conflicts with "fileinfo" event type | |
55 | Bug #3928: eve: metadata section mixup with anomaly | |
56 | Bug #3929: Unexpected exit from THashInitConfig called by DetectDatasetSetup | |
57 | Bug #3930: Out of memory from THashInitConfig called by DetectDatasetSetup | |
58 | Bug #3931: Memory leak from signature with file.name | |
59 | Bug #3956: HTTP2 support variable integer lengths for headers | |
60 | Bug #3972: HTTP2: stream_id_reuse | |
61 | Bug #3977: SNMP: Better handling of unidirectional transactions | |
62 | Bug #3978: DHCP: Add unidirectional transaction handling | |
63 | Bug #3979: IKEv2: Add unidirectional transaction handling | |
64 | Bug #3980: MQTT: Add unidirectional transaction handling | |
65 | Bug #3981: SIP: Add unidirectional transaction handling | |
66 | Bug #3982: RDP: Add unidirectional transaction handling | |
67 | Bug #3983: KRB5: Add unidirectional transaction handling | |
68 | Bug #3984: NTP: Add unidirectional transaction handling | |
69 | Bug #3987: Hang while processing HTTP traffic | |
70 | Bug #3989: HTTP2: invalid_frame_data anomaly | |
71 | Bug #3991: Libhtp timeout in data_probe_chunk_length | |
72 | Bug #3992: RDP incorrect AppLayerResult::incomplete | |
73 | Bug #3993: Use of uninitialized value in DetectDatarepParse | |
74 | Bug #3998: HTTP2: invalid header anomaly | |
75 | Bug #4009: ENIP: Unidirectional transaction handling | |
76 | Feature #3955: Protocol detection : run probing parser for protocol found in other direction | |
77 | Task #3922: libhtp 0.5.35 | |
78 | Task #4017: suricata-update: bundle 1.2.0 | |
79 | Documentation #2211: doc: document issues with --set and lists in the command line parameters section of the manual | |
80 | ||
990dfdac VJ |
81 | 6.0.0-rc1 -- 2020-09-11 |
82 | ||
83 | Feature #2970: DNS: Parse and extract SOA app layer data from DNS packets | |
84 | Feature #3063: protocol decoder: geneve | |
85 | Task #3178: json: remove individual loggers | |
86 | Task #3559: http: support GAP recovery | |
87 | Task #3759: datasets: finalize to move out of 'experimental' | |
88 | Task #3824: libhtp 0.5.34 | |
89 | Task #3868: GitHub CI: Add Fedora 32 runner with ASAN and Suricata-Verify | |
90 | Task #3903: remove BUG_ON from app-layer AppLayerResult eval | |
91 | Documentation #3497: Document the removal of unified2 and migration options | |
92 | Documentation #3799: Deprecated configuration keyword in "Hardware bypass with Netronome" | |
93 | Bug #2433: memleak with suppression rules defined in threshold.conf | |
94 | Bug #3776: Timeout in libhtp due to multiple responses with double lzma encoding | |
95 | Bug #3816: Coverity scan issue -- null pointer deref in reject dev handling | |
96 | Bug #3842: eve: logging silently continues if disk is full | |
97 | Bug #3850: Invalid state for JsonBuilder with metadata signature keyword | |
98 | Bug #3858: pcap recursive: coverity issues | |
99 | Bug #3861: flow: check flow bypass handling | |
100 | Bug #3863: reject: compile warning | |
101 | Bug #3864: plugin: coverity issues | |
102 | Bug #3865: flow: coverity issues | |
103 | Bug #3866: http2: http1 to http2 upgrade support | |
104 | Bug #3871: Include acsite.m4 in distribution | |
105 | Bug #3872: Fail CROSS_COMPILE check for PCRE JIT EXEC | |
106 | Bug #3874: configure: fails to check for netfilter_queue headers on older header packages | |
107 | Bug #3879: detasets related memleak | |
108 | Bug #3880: http parsing/alerting - continue | |
109 | Bug #3882: Plugin support typo | |
110 | Bug #3883: Runmode Single Memory Leak | |
111 | Bug #3885: 6.0.0-beta1 stream-tcp-reassemble.c:1066: AdjustToAcked: Assertion `!(adjusted > check)' failed | |
112 | Bug #3888: 6.0.0-dev - heap-buffer-overflow /opt/suricata/src/flow-manager.c:472:34 in FlowTimeoutHash with AFPv3 | |
113 | Bug #3890: AddressSanitizer: SEGV on unknown address - failed to setup/expand stream segment pool. | |
114 | Bug #3895: Assert failed in DNS incomplete parsing | |
115 | Bug #3897: Integer overflow in SCSigOrderByPriorityCompare | |
116 | Bug #3898: Leak from bad signature with DCERPC keyword, then another protocol keyword | |
117 | Bug #3902: flow/bypass: SEGV src/flow.c:1158:9 in FlowUpdateState | |
118 | Bug #3906: mqtt 'assertion failed: `(left == right)` src/mqtt/parser.rs:500:13 | |
119 | Bug #3907: http2 rust - 'index out of bounds: the len is 2 but the index is 63' | |
120 | Bug #3908: Port prscript to Python 3 | |
121 | Bug #3911: datasets: path handling issues with default-rule-path vs -S <file> | |
122 | Bug #3913: Memory leak from signature with pcrexform | |
123 | Bug #3914: Protocol detection gets not retries on protocol change if there is not enough data | |
124 | Bug #3915: Eve output in threaded mode does not rotate logs on request (eg: SIGHUP) | |
125 | Bug #3916: Dataset filename not always found on load | |
126 | Bug #3917: HTTP2 incorrect incomplete after banner | |
127 | ||
264d4d29 VJ |
128 | 6.0.0-beta1 -- 2020-08-07 |
129 | ||
130 | Feature #641: Flowbits group for ORing | |
131 | Feature #1807: Cisco HDLC Decoder | |
132 | Feature #1947: HTTP2 decoder | |
133 | Feature #2015: eve: add fileinfo in alert | |
134 | Feature #2196: Add flow_id to the file extracted .meta file | |
135 | Feature #2311: math on extracted values | |
136 | Feature #2312: http: parsing for async streams | |
137 | Feature #2385: deprecate: unified2 | |
138 | Feature #2524: Allow user to choose the reject iface | |
139 | Feature #2553: support 'by_both' in threshold rule keyword | |
140 | Feature #2694: thresholding: feature parity between global and per-rule options | |
141 | Feature #2698: hassh and hasshServer for ssh fingerprinting | |
142 | Feature #2859: Oss-fuzz integration | |
143 | Feature #3199: transformation should be able to take options | |
144 | Feature #3200: pcre: allow operation as transform | |
145 | Feature #3293: eve: per thread output files | |
146 | Feature #3332: Dynamic Loadable Module/Plugin Support | |
147 | Feature #3422: GRE ERSPAN Type 1 Support | |
148 | Feature #3444: app-layer: signal stream engine about expected data size | |
149 | Feature #3445: Convert SSH parser to Rust | |
150 | Feature #3501: Add RFB parser | |
151 | Feature #3546: Teredo port configuration | |
152 | Feature #3549: Add MQTT parser | |
153 | Feature #3626: implement from_end byte_jump keyword | |
154 | Feature #3635: datasets: add 'dataset-remove' unix command | |
155 | Feature #3661: validate strip_whitespace content before loading a rule | |
156 | Feature #3693: DCERPC multi tx support | |
157 | Feature #3694: DCERPC logging support | |
158 | Feature #3760: datasets: distinguish between 'static' and 'dynamic' sets | |
159 | Feature #3823: conditional logging: tx log filtering | |
160 | Optimization #749: pcre 8.32 introduces JIT pcre_jit_exec(...) | |
161 | Optimization #947: dynamic allocation of thread queues | |
162 | Optimization #1038: Flow Queue should be a stack | |
163 | Optimization #2779: Convert DCE_RPC from C to Rust | |
164 | Optimization #2845: Counters for kernel_packets decreases at times without restart | |
165 | Optimization #2977: replace asn1 parser with rust based implementation | |
166 | Optimization #3234: dns app-layer c vs rust cleanup | |
167 | Optimization #3308: rust: use cbindgen to generate bindings | |
168 | Optimization #3538: dns: use app-layer incomplete support | |
169 | Optimization #3539: rdp: use app-layer incomplete support | |
170 | Optimization #3541: applayertemplate: use app-layer incomplete support | |
171 | Optimization #3655: default to c11 standard | |
172 | Optimization #3708: Convert SSH logging to JsonBuilder | |
173 | Optimization #3709: Convert DNP3 logging to JsonBuilder | |
174 | Optimization #3710: Convert SMTP logging to JsonBuilder | |
175 | Optimization #3711: Convert NFS logging to JsonBuilder | |
176 | Optimization #3712: Convert SMB logging to JsonBuilder | |
177 | Optimization #3713: Convert RFB logging to JsonBuilder | |
178 | Optimization #3714: Convert FTP logging to JsonBuilder | |
179 | Optimization #3715: Convert RDP logging to JsonBuilder | |
180 | Optimization #3716: Use uuid crate wherever possible in smb rust parser | |
181 | Optimization #3754: Convert KRB to JsonBuilder | |
182 | Optimization #3755: Convert IKEv2 to JsonBuilder | |
183 | Optimization #3756: Convert SNMP to JsonBuilder | |
184 | Optimization #3757: Convert Netflow to JsonBuilder | |
185 | Optimization #3764: Convert TFTP to JsonBuilder | |
186 | Optimization #3765: Convert Templates to JsonBuilder | |
187 | Optimization #3773: DNP3 CRC disabled when fuzzing | |
188 | Optimization #3838: Convert 'vars' (metadata logging) to JsonBuilder | |
189 | Task #2381: deprecate: 'drop' log output | |
190 | Task #2959: deprecate: filestore v1 | |
191 | Task #3128: nom 5 | |
192 | Task #3167: convert all _Bool use to bool | |
193 | Task #3255: rdp: enable by default | |
194 | Task #3256: sip: enable by default | |
195 | Task #3331: Rust: Move to 2018 Edition | |
196 | Task #3344: devguide: setup sphinx | |
197 | Task #3408: FTP should place constraints on filename lengths | |
198 | Task #3409: SMTP should place restraints on variable length items (e.g., filenames) | |
199 | Task #3460: autotools: check autoscan output | |
200 | Task #3515: GRE ERSPAN Type 1 Support configuration | |
201 | Task #3564: dcerpc: support GAP recovery | |
202 | Documentation #3335: doc: add ipv4.hdr and ipv6.hdr | |
203 | Bug #2506: filestore v1: with stream-depth not null, files are never truncated | |
204 | Bug #2525: Add VLAN support to reject feature | |
205 | Bug #2639: Alert for tcp rules with established without 3whs | |
206 | Bug #2726: writing large number of json events on high speed traffic results in packet drops | |
207 | Bug #2737: Invalid memory read on malformed rule with Lua script | |
208 | Bug #3053: Replace atoi with StringParse* for better error handling | |
209 | Bug #3078: flow-timeout: check that 'emergency' settings are < normal settings | |
210 | Bug #3096: random failures on sip and http-evader suricata-verify tests | |
211 | Bug #3108: Calculation of threads in autofp mode is wrong | |
212 | Bug #3188: Use FatalError wherever possible | |
213 | Bug #3265: Dropping privileges does not work with NFLOG | |
214 | Bug #3282: --list-app-layer-protos only uses default suricata.yaml location. | |
215 | Bug #3283: bitmask option of payload-keyword byte_test not working | |
216 | Bug #3339: Missing community ID in smb, rdp, tftp, dhcp | |
217 | Bug #3378: ftp: asan detects leaks of expectations | |
218 | Bug #3435: afl: Compile/make fails on openSUSE Leap-15.1 | |
219 | Bug #3441: alerts: missing rdp and snmp metadata | |
220 | Bug #3451: gcc10: compilation failure unless -fcommon is supplied | |
221 | Bug #3463: Faulty signature with two threshold keywords does not generate an error and never match | |
222 | Bug #3465: build-info and configure wrongly display libnss status | |
223 | Bug #3468: BUG_ON(strcasecmp(str, "any") in DetectAddressParseString | |
224 | Bug #3476: datasets: Dataset not working in unix socket mode | |
225 | Bug #3483: SIP: Input not parsed when header values contain trailing spaces | |
226 | Bug #3486: Make Rust probing parsers optional | |
227 | Bug #3489: rule parsing: memory leaks | |
228 | Bug #3490: Segfault when facing malformed SNMP rules | |
229 | Bug #3496: defrag: asan issue | |
230 | Bug #3504: http.header.raw prematurely truncates in some conditions | |
231 | Bug #3509: Behavior for tcp fastopen | |
232 | Bug #3517: Convert DER parser to Rust | |
233 | Bug #3519: FTP: Incorrect ftp_memuse calculation. | |
234 | Bug #3522: TCP Fast Open - Bypass of stateless alerts | |
235 | Bug #3523: Suricata does not log alert metadata info when running in unix-socket mode | |
236 | Bug #3525: Kerberos vulnerable to TCP splitting evasion | |
237 | Bug #3529: rust: smb compile warnings | |
238 | Bug #3532: Skip over ERF_TYPE_META records | |
239 | Bug #3547: file logging: complete files sometimes marked 'TRUNCATED' | |
240 | Bug #3565: ssl/tls: ASAN issue in SSLv3ParseHandshakeType | |
241 | Bug #3566: rules: minor memory leak involving pcre_get_substring | |
242 | Bug #3567: rules/bsize: memory issue during parsing | |
243 | Bug #3568: rules: bad rule leads to memory exhaustion | |
244 | Bug #3569: fuzz: memory leak in bidir rules | |
245 | Bug #3570: rfb: invalid AppLayerResult use | |
246 | Bug #3583: rules: missing 'consumption' of transforms before pkt_data would lead to crash | |
247 | Bug #3584: rules: crash on 'internal'-only keywords | |
248 | Bug #3586: rules: bad address block leads to stack exhaustion | |
249 | Bug #3593: Stack overflow when parsing ERF file | |
250 | Bug #3594: rules: memory leaks in pktvar keyword | |
251 | Bug #3595: sslv3: asan detects leaks | |
252 | Bug #3615: Protocol detection evasion by packet splitting | |
253 | Bug #3628: Incorrect ASN.1 long form length parsing | |
254 | Bug #3630: Recursion stack-overflow in parsing YAML configuration | |
255 | Bug #3631: FTP response buffering against TCP stream | |
256 | Bug #3632: rules: memory leaks on failed rules | |
257 | Bug #3638: TOS IP Keyword not triggering an alert | |
258 | Bug #3640: coverity: leak in fast.log setup error path | |
259 | Bug #3641: coverity: data directory handling issues | |
260 | Bug #3642: RFB parser wrongly handles incomplete data | |
261 | Bug #3643: Libhtp request: extra whitespace interpreted as dummy new request | |
262 | Bug #3654: Rules reload with Napatech can hang Suricata UNIX manager process | |
263 | Bug #3657: Multiple DetectEngineReload and bad insertion into linked list lead to buffer overflow | |
264 | Bug #3662: Signature with an IP range creates one IPOnlyCIDRItem by IP address | |
265 | Bug #3677: Segfault on SMTP TLS | |
266 | Bug #3680: Dataset reputation invalid value logging | |
267 | Bug #3683: rules: memory leak on bad rule | |
268 | Bug #3687: Null dereference in DetectEngineSignatureIsDuplicate | |
269 | Bug #3689: Protocol detection evasion by packet splitting on enip/nfs | |
270 | Bug #3690: eve.json windows timestamp field has "Eastern Daylight Time" appended to timestamp | |
271 | Bug #3699: smb: post-GAP file handling | |
272 | Bug #3700: nfs: post-GAP file handling | |
273 | Bug #3720: Incorrect handling of ASN1 relative_offset keyword | |
274 | Bug #3732: filemagic logging resulting in performance hit | |
275 | Bug #3749: redis: Reconnect is invalid in batch mode | |
276 | Bug #3750: redis: no or delayed data in low speed network | |
277 | Bug #3772: DNP3 probing parser does not detect the proper direction in midstream | |
278 | Bug #3779: Exit on signature with invalid transform pcrexform | |
279 | Bug #3783: Stack overflow in DetectFlowbitsAnalyze | |
280 | Bug #3802: Rule filename mutation when reading file hash files from a directory other than the default-rule-directory | |
281 | Bug #3808: pfring: compile warnings | |
282 | Bug #3814: Coverity scan issue -- null pointer deref in ftp logger | |
283 | Bug #3815: Coverity scan issue -- control flow issue ftp logger | |
284 | Bug #3817: Coverity scan issue -- resource leak in filestore output logger | |
285 | Bug #3818: Coverity scan issue -- null pointer deref in detect engine | |
286 | Bug #3820: ssh: invalid use to 'AppLayerResult::incomplete` | |
287 | Bug #3821: Memory leak in signature parsing with keyword rfb.secresult | |
288 | Bug #3822: Rust panic at DCERPC signature parsing | |
289 | Bug #3840: Integer overflow in DetectContentPropagateLimits leading to unintended signature behavior | |
290 | Bug #3841: Heap-buffer-overflow READ 8 · DetectGetLastSMByListId | |
291 | Bug #3851: Invalid DNS incomplete result | |
292 | Bug #3855: mqtt: coverity static analysis issues | |
293 | ||
6fa66e3d VJ |
294 | 5.0.1 -- 2019-12-13 |
295 | ||
296 | Bug #1871: intermittent abort()s at shutdown and in unix-socket | |
297 | Bug #2810: enabling add request/response http headers in master | |
298 | Bug #3047: byte_extract does not work in some situations | |
299 | Bug #3073: AC_CHECK_FILE on cross compile | |
300 | Bug #3103: --engine-analysis warning for flow on an icmp request rule | |
301 | Bug #3120: nfq_handle_packet error -1 Resource temporarily unavailable warnings | |
302 | Bug #3237: http_accept not treated as sticky buffer by --engine-analysis | |
303 | Bug #3254: tcp: empty SACK option leads to decoder event | |
304 | Bug #3263: nfq: invalid number of bytes reported | |
305 | Bug #3264: EVE DNS Warning about defaulting to v2 as version is not set. | |
306 | Bug #3266: fast-log: icmp type prints wrong value | |
307 | Bug #3267: Support for tcp.hdr Behavior | |
308 | Bug #3275: address parsing: memory leak in error path | |
309 | Bug #3277: segfault when test a nfs pcap file | |
310 | Bug #3281: Impossible to cross-compile due to AC_CHECK_FILE | |
311 | Bug #3284: hash function for string in dataset is not correct | |
312 | Bug #3286: TCP evasion technique by faking a closed TCP session | |
313 | Bug #3324: TCP evasion technique by overlapping a TCP segment with a fake packet | |
314 | Bug #3328: bad ip option evasion | |
315 | Bug #3340: DNS: DNS over TCP transactions logged with wrong direction. | |
316 | Bug #3341: tcp.hdr content matches don't work as expected | |
317 | Bug #3345: App-Layer: Not all parsers register TX detect flags that should | |
318 | Bug #3346: BPF filter on command line not honored for pcap file | |
319 | Bug #3362: cross compiling not affecting rust component of surrcata | |
320 | Bug #3376: http: pipelining tx id handling broken | |
321 | Bug #3386: Suricata is unable to get MTU from NIC after 4.1.0 | |
322 | Bug #3389: EXTERNAL_NET no longer working in 5.0 as expected | |
323 | Bug #3390: Eve log does not generate pcap_filename when Interacting via unix socket in pcap processing mode | |
324 | Bug #3397: smtp: file tracking issues when more than one attachment in a tx | |
325 | Bug #3398: smtp: 'raw-message' option file tracking issues with multi-tx | |
326 | Bug #3399: smb: post-GAP some transactions never close | |
327 | Bug #3401: smb1: 'event only' transactions for bad requests never close | |
328 | Bug #3411: detect/asn1: crashes on packets smaller than offset setting | |
329 | Task #3364: configure: Rust 1.37+ has cargo-vendor support bundled into cargo. | |
330 | Documentation #2885: update documentation to indicate -i can be used multiple times | |
331 | ||
697410cb VJ |
332 | 5.0.0 -- 2019-10-15 |
333 | ||
334 | Feature #1851: add verbosity level description to the help command | |
335 | Feature #1940: Debian Jessie - better message when trying to run 2 suricata with afpacket | |
336 | Feature #3204: ja3(s): automatically enable when rules require it | |
337 | Bug #1443: deprecated library calls | |
338 | Bug #1778: af_packet: IPS and defrag | |
339 | Bug #2386: check if default log dir is writable at start up | |
340 | Bug #2465: Eve Stats will not be reported unless stats.log is enabled | |
341 | Bug #2490: Filehash rule does not fire without filestore keyword | |
342 | Bug #2668: make install-full fails if CARGO_TARGET_DIR has spaces in the directory path | |
343 | Bug #2669: make install-full fails due to being unable to find libhtp.so.2 | |
344 | Bug #2955: lua issues on arm (fedora:29) | |
345 | Bug #3113: python-yaml dependency is actually ptyhon3-yaml dependency | |
346 | Bug #3139: enip: compile warnings on gcc-8 | |
347 | Bug #3143: datasets: don't use list in global config | |
348 | Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rule | |
349 | Bug #3196: Distributed archive do not include eBPF files | |
350 | Bug #3209: Copy engine provided classification.config to $datadir/suricata. | |
351 | Bug #3210: Individual output log levels capped by the default log level | |
352 | Bug #3216: MSN protocol detection/parser is not working | |
353 | Bug #3223: --disable-geoip does not work | |
354 | Bug #3226: ftp: ASAN error | |
355 | Bug #3232: Static build with pcap fails | |
356 | Optimization #3039: configure: don't generate warnings on missing features | |
357 | Documentation #2640: http-body and http-body-printable in eve-log require metadata to be enabled, yet there is no indication of this anywhere | |
358 | Documentation #2839: Update perf and tuning user guides | |
359 | Documentation #2876: doc: add nftables with nfqueue section | |
360 | Documentation #3207: Update the http app-layer doc and config | |
361 | Documentation #3230: EVE DNS logger defaults to version 2 instead of version when version not specified. | |
362 | ||
deffabad VJ |
363 | 5.0.0-rc1 -- 2019-09-24 |
364 | ||
365 | Feature #524: detect double encoding in URI | |
366 | Feature #713: tls.fingerprint - file usage | |
367 | Feature #997: Add libhtp event for every htp_log() that needs an event. | |
368 | Feature #1203: TCP Fast Open support | |
369 | Feature #1249: http/dns ip-reputation alike technique | |
370 | Feature #1757: URL Reputation | |
3b5b71af | 371 | Feature #2200: Dynamically add md5 to blacklist without full restart |
deffabad VJ |
372 | Feature #2283: turn content modifiers into 'sticky buffers' |
373 | Feature #2314: protocol parser: rdp | |
374 | Feature #2315: eve: ftp logging | |
375 | Feature #2318: matching on large amounts of data with dynamic updates | |
376 | Feature #2529: doc: include quick start guide | |
377 | Feature #2539: protocol parser: vxlan | |
378 | Feature #2670: tls_cert sticky buffer | |
379 | Feature #2684: Add JA3S | |
380 | Feature #2738: SNMP parser, logging and detection | |
381 | Feature #2754: JA3 and JA3S - sets / reputation | |
382 | Feature #2758: intel / reputation matching on arbitrary data | |
3b5b71af | 383 | Feature #2789: Use clang for building eBPF programs even if Suricata is built using GCC |
deffabad VJ |
384 | Feature #2916: FTP decoder should have Rust port parsers |
385 | Feature #2940: document anomaly log | |
386 | Feature #2941: anomaly log: add protocol detection events | |
387 | Feature #2952: modernize http_header_names | |
3b5b71af | 388 | Feature #3011: Add new 'cluster_peer' runmode to allow for load balancing by IP header (src<->dst) only |
deffabad VJ |
389 | Feature #3058: Hardware offload for XDP bypass |
390 | Feature #3059: Use pinned maps in XDP bypass | |
391 | Feature #3060: Add way to detect TCP MSS values | |
392 | Feature #3061: Add way to inspect TCP header | |
393 | Feature #3062: Add way to inspect UDP header | |
394 | Feature #3074: DNS full domain matching within the dns_query buffer | |
395 | Feature #3080: Provide a IP pair XDP load balancing | |
396 | Feature #3081: Decapsulation of GRE in XDP filter | |
397 | Feature #3084: SIP parser, logging and detection | |
398 | Feature #3165: New rule keyword: dns.opcode; For matching on the the opcode in the DNS header. | |
399 | Bug #941: Support multiple stacked compression, compression that specifies the wrong compression type | |
400 | Bug #1271: Creating core dump with dropped privileges | |
401 | Bug #1656: several silent bypasses at the HTTP application level (chunking, compression, HTTP 0.9...) | |
402 | Bug #1776: Multiple Content-Length headers causes HTP_STREAM_ERROR | |
403 | Bug #2080: Rules with bad port group var do not error | |
404 | Bug #2146: DNS answer not logged with eve-log | |
3b5b71af | 405 | Bug #2210: logging: SC_LOG_OP_FILTER still displays some lines not matching filter |
deffabad VJ |
406 | Bug #2264: file-store.stream-depth not working as expected when configured to a specfic value |
407 | Bug #2395: File_data inspection depth while inspecting base64 decoded data | |
408 | Bug #2619: Malformed HTTP causes FN using http_header_names; | |
409 | Bug #2626: doc/err: More descriptive message on err for escaping backslash | |
410 | Bug #2654: Off-by-one iteration of EBPF flow_table_vX in EBPFForEachFlowVXTable (util-ebpf.c) | |
411 | Bug #2655: GET/POST HTTP-request with no Content-Length, http_client_body miss | |
412 | Bug #2662: unix socket - memcap read/set showing unlimited where there are limited values configured by default | |
413 | Bug #2686: Fancy Quotes in Documentation | |
414 | Bug #2765: GeoIP keyword depends on now discontinued legacy GeoIP database | |
415 | Bug #2769: False positive alerts firing after upgrade suricata 3.0 -> 4.1.0 | |
416 | Bug #2786: make install-full does not install some source events rules | |
3b5b71af | 417 | Bug #2840: xdp modes - Invalid argument (-22) on certain NICs |
deffabad VJ |
418 | Bug #2847: Confusing warning “Rule is inspecting both directions” when inspecting engine analysis output |
419 | Bug #2853: filestore (v1 and v2): dropping of "unwanted" files | |
420 | Bug #2926: engine-analysis with content modifiers not always issues correct warning | |
421 | Bug #2942: anomaly log: app layer events | |
422 | Bug #2951: valgrind warnings in ftp | |
423 | Bug #2953: bypass keyword: Suricata 4.1.x Segmentation Faults | |
424 | Bug #2961: filestore: memory leaks | |
425 | Bug #2965: Version 5 Beta1 - Multiple NFQUEUE failed | |
3b5b71af VJ |
426 | Bug #2986: stream bypass not making callback as expected |
427 | Bug #2992: Build failure on m68k with uclibc | |
deffabad VJ |
428 | Bug #2999: AddressSanitizer: heap-buffer-overflow in HTPParseContentRange |
429 | Bug #3000: tftp: missing logs because of broken tx handling | |
430 | Bug #3004: SC_ERR_PCAP_DISPATCH with message "error code -2" upon rule reload completion | |
431 | Bug #3006: improve rule keyword alproto registration | |
432 | Bug #3007: rust: updated libc crate causes depration warnings | |
433 | Bug #3009: Fixes warning about size of integers in string formats | |
434 | Bug #3051: mingw/msys: compile errors | |
435 | Bug #3054: Build failure with --enable-rust-debug | |
436 | Bug #3070: coverity warnings in protocol detection | |
437 | Bug #3072: Rust nightly warning | |
438 | Bug #3076: Suricata sometimes doesn't store the vlan id when vlan.use-for-tracking is false | |
439 | Bug #3089: Fedora rawhide af-packet compilation err | |
440 | Bug #3098: rule-reloads Option? | |
441 | Bug #3111: ftp warnings during compile | |
442 | Bug #3112: engine-analysis warning on http_content_type | |
443 | Bug #3133: http_accept_enc warning with engine-analysis | |
444 | Bug #3136: rust: Remove the unneeded macros | |
445 | Bug #3138: Don't install Suricata provided rules to /etc/suricata/rules as part of make install-rules. | |
446 | Bug #3140: ftp: compile warnings on gcc-8 | |
447 | Bug #3158: 'wrong thread' tracking inaccurate for bridging IPS modes | |
448 | Bug #3162: TLS Lua output does not work without TLS log | |
449 | Bug #3169: tls: out of bounds read (5.x) | |
450 | Bug #3171: defrag: out of bounds read (5.x) | |
451 | Bug #3176: ipv4: ts field decoding oob read (5.x) | |
3b5b71af | 452 | Bug #3177: suricata is logging tls log repeatedly if custom mode is enabled |
deffabad VJ |
453 | Bug #3185: decode/der: crafted input can lead to resource starvation (5.x) |
454 | Bug #3189: NSS Shutdown triggers crashes in test mode (5.x) | |
455 | Optimization #879: update configure.ac with autoupdate | |
456 | Optimization #1218: BoyerMooreNocase could avoid tolower() call | |
457 | Optimization #1220: Boyer Moore SPM pass in ctx instead of indivual bmBc and bmBg | |
458 | Optimization #2602: add keywords to --list-keywords output | |
459 | Optimization #2843: suricatact/filestore/prune: check that directory is a filestore directory before removing files | |
460 | Optimization #2848: Rule reload when run with -s or -S arguments | |
461 | Optimization #2991: app-layer-event keyword tx handling | |
462 | Optimization #3005: make sure DetectBufferSetActiveList return codes are always checked | |
463 | Optimization #3077: FTP parser command lookup | |
464 | Optimization #3085: Suggest more appropriate location to store eBPF binaries | |
465 | Optimization #3137: Make description of all keywords consistent and pretty | |
466 | Task #2629: tracking: Rust 2018 edition | |
467 | Task #2974: detect: check all keyword urls | |
468 | Task #3014: Missing documentation for "flags" option | |
469 | Task #3092: Date of revision should also be a part of info from suricata -v | |
470 | Task #3135: counters: new default for decoder events | |
471 | Task #3141: libhtp 0.5.31 | |
472 | ||
65039d4a VJ |
473 | 5.0.0-beta1 -- 2019-04-30 |
474 | ||
475 | Feature #884: add man pages | |
476 | Feature #984: libhtp HTP_AUTH_UNRECOGNIZED | |
477 | Feature #1970: json: make libjansson mandatory | |
478 | Feature #2081: document byte_test | |
479 | Feature #2082: document byte_jump | |
480 | Feature #2083: document byte_extract | |
481 | Feature #2282: event log aka weird.log | |
482 | Feature #2332: Support for common http response headers - Location and Server | |
483 | Feature #2421: add system mode and user mode | |
484 | Feature #2459: Support of FTP active mode | |
485 | Feature #2484: no stream events after known pkt loss in flow | |
486 | Feature #2485: http: log byte range with file extraction | |
487 | Feature #2507: Make Rust mandatory | |
488 | Feature #2561: Add possibility for smtp raw extraction | |
489 | Feature #2563: Add dump of all headers in http eve-log | |
490 | Feature #2572: extend protocol detection to specify flow direction | |
491 | Feature #2741: netmap: add support for lb and vale switches | |
492 | Feature #2766: Simplified Napatech Configuration | |
493 | Feature #2820: pcap multi dev support for Windows (5.0.x) | |
494 | Feature #2837: Add more custom HTTP Header values for HTTP JSON Logging | |
495 | Feature #2895: OpenBSD pledge support | |
496 | Feature #2897: update http_content_type and others to new style sticky buffers | |
497 | Feature #2914: modernize tls sticky buffers | |
498 | Feature #2930: http_protocol: use mpm and content inspect v2 apis | |
499 | Feature #2937: sticky buffer access from lua script | |
500 | Optimization #2530: Print matching rule SID in filestore meta file | |
501 | Optimization #2632: remove C implementations where we have Rust as well | |
502 | Optimization #2793: Python 3 support for python tools | |
503 | Optimization #2808: Prefer Python 3 in ./configure | |
504 | Bug #1013: command line parsing | |
505 | Bug #1324: vlan tag in eve.json | |
506 | Bug #1427: configure with libnss and libnspr | |
507 | Bug #1694: unix-socket reading 0 size pcap | |
508 | Bug #1860: 2220005: SURICATA SMTP bdat chunk len exceeded when using SMTP connection caching | |
509 | Bug #2057: eve.json flow logs do not contain in_iface | |
510 | Bug #2432: engine-analysis does not print out the tls buffers | |
511 | Bug #2503: rust: nom 4.2 released | |
512 | Bug #2527: FTP file extraction only working in passive mode | |
513 | Bug #2605: engine-analysis warning on PCRE | |
514 | Bug #2733: rust/mingw: libc::IPPROTO_* not defined | |
515 | Bug #2751: Engine unable to disable detect thread, Killing engine. (in libpcap mode) | |
516 | Bug #2775: dns v1/2 with rust results in less app layer data available in the alert record (for dns related alerts/rules) | |
517 | Bug #2797: configure.ac: broken --{enable,disable}-xxx options | |
518 | Bug #2798: --engine-analysis is unaware of http_host buffer | |
519 | Bug #2800: Undocumented commands for suricatasc | |
520 | Bug #2812: suricatasc multiple python issues | |
521 | Bug #2813: suricatasc: failure with extra commands | |
522 | Bug #2817: Syricata.yaml encrypt-handling instead encryption-handling | |
523 | Bug #2821: netmap/afpacket IPS: stream.inline: auto broken (5.0.x) | |
524 | Bug #2822: SSLv3 - AddressSanitizer heap-buffer-overflow (5.0.x) | |
525 | Bug #2833: mem leak - rules loading hunt rules | |
526 | Bug #2838: 4.1.x gcc 9 compilation warnings | |
527 | Bug #2844: alignment issues in dnp3 | |
528 | Bug #2846: IPS mode crash under load (5.0.x) | |
529 | Bug #2857: nfq asan heap-use-after-free error | |
530 | Bug #2877: rust: windows build fails in gen-c-headers.py | |
531 | Bug #2889: configure doesn't display additional information for missing requirements | |
532 | Bug #2896: smb 1 create andx request does not parse the filename correctly (master) | |
533 | Bug #2899: Suricata 4.1.2 and up to 5.x Dev branch - Make compile issue when using PF_ring library on Redhat only | |
534 | Bug #2901: pcap logging with lz4 coverity warning (master) | |
535 | Bug #2909: segfault on logrotation when the files cannot be opened | |
536 | Bug #2912: memleaks in nflog | |
537 | Bug #2915: modernize ssh sticky buffers | |
538 | Bug #2921: chmod file mode warning expressed in incorrect base | |
539 | Bug #2929: error messages regarding byte jump and byte extract | |
540 | Bug #2944: ssh: heap buffer overflow (master) | |
541 | Bug #2945: mpls: heapbuffer overflow in file decode-mpls.c (master) | |
542 | Bug #2946: decode-ethernet: heapbuffer overflow in file decode-ethernet.c (master) | |
543 | Bug #2947: rust/dhcp: panic in dhcp parser (master) | |
544 | Bug #2948: mpls: cast of misaligned data leads to undefined behvaviour (master) | |
545 | Bug #2949: rust/ftp: panic in ftp parser (master) | |
546 | Bug #2950: rust/nfs: integer underflow (master) | |
547 | Task #2297: deprecate: dns.log | |
548 | Task #2376: deprecate: files-json.log | |
549 | Task #2379: deprecate: Tilera / Tile support | |
550 | Task #2849: Remove C SMB parser. | |
551 | Task #2850: Remove C DNS parsers. | |
552 | ||
b51e4a39 VJ |
553 | 4.1.2 -- 2018-12-21 |
554 | ||
555 | Feature #1863: smtp: improve pipelining support | |
556 | Feature #2748: bundle libhtp 0.5.29 | |
557 | Feature #2749: bundle suricata-update 1.0.3 | |
558 | Bug #2682: python-yaml Not Listed As Ubuntu Prerequisite | |
559 | Bug #2736: DNS Golden Transaction ID - detection bypass | |
560 | Bug #2745: Invalid detect-engine config could lead to segfault | |
561 | Bug #2752: smb: logs for IOCTL and DCERPC have tree_id value of 0 | |
562 | ||
d1fa4a35 VJ |
563 | 4.1.1 -- 2018-12-17 |
564 | ||
565 | Feature #2637: af-packet: improve error output for BPF loading failure | |
566 | Feature #2671: Add Log level to suricata.log when using JSON type | |
567 | Bug #2502: suricata.c ConfigGetCaptureValue - PCAP/AFP fallthrough to strip_trailing_plus | |
568 | Bug #2528: krb parser not always parsing tgs responses | |
569 | Bug #2633: Improve errors handling in AF_PACKET | |
570 | Bug #2653: llc detection failure in configure.ac | |
571 | Bug #2677: coverity: ja3 potential memory leak | |
572 | Bug #2679: build with profiling enabled on generates compile warnings | |
573 | Bug #2704: DNSv1 for Rust enabled builds. | |
574 | Bug #2705: configure: Test for PyYAML and disable suricata-update if not installed. | |
575 | Bug #2716: Stats interval are 1 second too early each tick | |
576 | Bug #2717: nfs related panic in 4.1 | |
577 | Bug #2719: Failed Assertion, Suricata Abort - util-mpm-hs.c line 163 (4.1.x) | |
578 | Bug #2723: dns v2 json output should always set top-level rrtype in responses | |
579 | Bug #2730: rust/dns/lua - The Lua calls for DNS values when using Rust don't behave the same as the C implementation. | |
580 | Bug #2731: multiple instances of transaction loggers are broken | |
581 | Bug #2734: unix runmode deadlock when using too many threads | |
582 | ||
787473ec VJ |
583 | 4.1.0 -- 2018-11-06 |
584 | ||
585 | Bug #2467: 4.1beta1 - non rust builds with SMB enabled | |
586 | Bug #2657: smtp segmentation fault | |
587 | Bug #2663: libhtp 0.5.28 | |
588 | ||
fd13970b VJ |
589 | 4.1.0-rc2 -- 2018-10-16 |
590 | ||
591 | Feature #2279: TLS 1.3 decoding, SNI extraction and logging | |
592 | Feature #2562: Add http_port in http eve-log if specified in the hostname | |
593 | Feature #2567: multi-tenancy: add 'device' selector | |
594 | Feature #2638: community flow id | |
595 | Optimization #2579: tcp: SegmentSmack | |
596 | Optimization #2580: ip: FragmentSmack | |
787473ec | 597 | Bug #2100: af_packet: High latency |
fd13970b VJ |
598 | Bug #2212: profiling: app-layer profiling shows time spent in HTTP on UDP |
599 | Bug #2419: Increase size of length of Decoder handlers from uint16 to uint32 | |
600 | Bug #2491: async-oneside and midstream not working as expected | |
601 | Bug #2522: The cross-effects of rules on each other, without the use of flowbits. | |
602 | Bug #2541: detect-parse: missing space in error message | |
603 | Bug #2552: "Drop" action is logged as "allowed" in af_packet and netmap modes | |
604 | Bug #2554: suricata does not detect a web-attack | |
605 | Bug #2555: Ensure strings in eve-log are json-encodable | |
606 | Bug #2558: negated fileext and filename do not work as expected | |
607 | Bug #2559: DCE based rule false positives | |
608 | Bug #2566: memleak: applayer dhcp with 4.1.0-dev (rev 9370805) | |
609 | Bug #2570: Signature affecting another's ability to detect and alert | |
610 | Bug #2571: coredump: liballoc/vec.rs dhcp | |
611 | Bug #2573: prefilter keyword doesn't work when detect.prefilter.default=mpm | |
612 | Bug #2574: prefilter keyword as alias for fast_pattern is broken | |
613 | Bug #2603: memleak/coredump: Ja3BufferInit | |
787473ec | 614 | Bug #2604: memleak: DetectEngineStateAlloc with ipsec-events.rules |
fd13970b | 615 | Bug #2606: File descriptor leak in af-packet mode |
787473ec | 616 | Bug #2615: processing of nonexistent pcap |
fd13970b | 617 | |
e0a58ffa VJ |
618 | 4.1.0-rc1 -- 2018-07-20 |
619 | ||
620 | Feature #2292: flow: add icmpv4 and improve icmpv6 flow handling | |
621 | Feature #2298: pcap: store pcaps in compressed form | |
787473ec | 622 | Feature #2416: Increase XFF coverage to files and http log |
e0a58ffa VJ |
623 | Feature #2417: Add Option to Delete Pcap Files After Processing |
624 | Feature #2455: Add WinDivert source to Windows builds | |
625 | Feature #2456: LZ4 compression for pcap logs | |
626 | Optimization #2461: Let user to explicit disable libnss and libnspr support | |
627 | Bug #1929: yaml: ConfYamlHandleInclude memleak | |
628 | Bug #2090: Rule-reload in multi-tenancy is buggy | |
629 | Bug #2217: event_type flow is missing icmpv4 (while it has icmpv6) info wherever available | |
630 | Bug #2463: memleak: gitmaster flash decompression - 4.1.0-dev (rev efdc592) | |
631 | Bug #2469: The autoconf script throws and error when af_packet is enabled and then continues | |
632 | Bug #2481: integer overflow caused by casting uin32 to uint16 in detection | |
633 | Bug #2492: Inverted IP params in fileinfo events | |
634 | Bug #2496: gcc 8 warnings | |
635 | Bug #2498: Lua file output script causes a segfault when protocol is not HTTP | |
636 | Bug #2501: Suricata stops inspecting TCP stream if a TCP RST was met | |
637 | Bug #2504: ntp parser update cause build failure | |
638 | Bug #2505: getrandom prevents any suricata start commands on more later OS's | |
639 | Bug #2511: Suricata gzip unpacker bypass | |
640 | Bug #2515: memleak: when using smb rules without rust | |
641 | Bug #2516: Dead lock caused by unix command register-tenant | |
642 | Bug #2518: Tenant rules reload completely broken in 4.x.x | |
643 | Bug #2520: Invalid application layer logging in alert for DNS | |
644 | Bug #2521: rust: dns warning during compile | |
645 | Bug #2536: libhtp 0.5.27 | |
646 | Bug #2542: ssh out of bounds read | |
647 | Bug #2543: enip out of bounds read | |
648 | ||
97c224d1 VJ |
649 | 4.1.0-beta1 -- 2018-03-22 |
650 | ||
87839d97 | 651 | Feature #550: Extract file attachments from FTP |
97c224d1 VJ |
652 | Feature #646: smb log feature to be introduced |
653 | Feature #719: finish/enable smb2 app layer parser | |
654 | Feature #723: Add support for smb 3 | |
655 | Feature #724: Prevent resetting in UNIX socket mode | |
656 | Feature #735: Introduce content_len keyword | |
657 | Feature #741: Introduce endswith keyword | |
658 | Feature #742: startswith keyword | |
659 | Feature #1006: transformation api | |
87839d97 | 660 | Feature #1198: more compact dns logging |
97c224d1 VJ |
661 | Feature #1201: file-store metadata in JSON format |
662 | Feature #1386: offline: add pcap file name to EVE | |
663 | Feature #1458: unix-socket - make rule load errs available | |
664 | Feature #1476: Suricata Unix socket PCAP processing stats should not need to reset after each run | |
665 | Feature #1579: Support Modbus Unit Identifier | |
666 | Feature #1585: unix-socket: improve information regarding ruleset | |
667 | Feature #1600: flash file decompression for file_data | |
668 | Feature #1678: open umask settings or make them configurable | |
669 | Feature #1948: allow filestore name configuration options | |
670 | Feature #1949: only write unique files | |
671 | Feature #2020: eve: add body of signature to eve.json alert | |
672 | Feature #2062: tls: reimplement tls.fingerprint | |
673 | Feature #2076: Strip whitespace from buffers | |
87839d97 | 674 | Feature #2086: DNS answer for a NS containing multiple name servers should only be one line |
97c224d1 VJ |
675 | Feature #2142: filesize: support other units than only bytes |
676 | Feature #2192: JA3 TLS client fingerprinting | |
677 | Feature #2199: DNS answer events compacted | |
678 | Feature #2222: Batch submission of PCAPs over the socket | |
679 | Feature #2253: Log rule metadata in alert event | |
680 | Feature #2285: modify memcaps over unix socket | |
681 | Feature #2295: decoder: support PCAP LINKTYPE_IPV4 | |
682 | Feature #2299: pcap: read directory with pcaps from the commandline | |
683 | Feature #2303: file-store enhancements (aka file-store v2): deduplication; hash-based naming; json metadata and cleanup tooling | |
684 | Feature #2352: eve: add "metadata" field to alert (rework of vars) | |
685 | Feature #2382: deprecate: CUDA support | |
686 | Feature #2399: eBPF and XDP bypass for AF_PACKET capture method | |
87839d97 | 687 | Feature #2464: tftp logging |
97c224d1 VJ |
688 | Optimization #2193: random: support getrandom(2) if available |
689 | Optimization #2302: rule parsing: faster parsing by not using pcre | |
690 | Bug #993: libhtp upgrade to handle responses first | |
691 | Bug #1503: lua output setup failure does not exit engine with --init-errors-fatal | |
87839d97 VJ |
692 | Bug #1788: af-packet coverity warning |
693 | Bug #1842: Duplicated analyzer in Prelude alert | |
694 | Bug #1904: modbus: duplicate alerts / detection unaware of direction | |
97c224d1 VJ |
695 | Bug #2202: BUG_ON asserts in AppLayerIncFlowCounter |
696 | Bug #2229: mem leak AFP with 4.0.0-dev (rev 1180687) | |
87839d97 VJ |
697 | Bug #2240: suricatasc dump-counters returns error when return message is larger than 4096 |
698 | Bug #2252: Rule parses in 4.0 when flow to client is set and http_client_body is used. | |
699 | Bug #2258: rate_filter inconsistency: triggered after "count" detections when by_rule, and after count+1 detections when by_src/by_dst. | |
97c224d1 VJ |
700 | Bug #2268: Don't printf util-enum errors |
701 | Bug #2288: Suricata segfaults on ICMP and flowint check | |
702 | Bug #2294: rules: depth < content rules not rejected (master) | |
703 | Bug #2307: segfault in http_start with 4.1.0-dev (rev 83f220a) | |
704 | Bug #2335: conf: stack-based buffer-overflow in ParseFilename | |
705 | Bug #2345: conf: Memory-leak in DetectAddressTestConfVars | |
706 | Bug #2346: conf: NULL-pointer dereference in ConfUnixSocketIsEnable | |
707 | Bug #2347: conf: use of NULL-pointer in DetectLoadCompleteSigPath | |
708 | Bug #2349: conf: multiple NULL-pointer dereferences in FlowInitConfig | |
709 | Bug #2353: Command Line Options Ignored with pcap-file-continuous setting | |
710 | Bug #2354: conf: multiple NULL-pointer dereferences in StreamTcpInitConfig | |
711 | Bug #2356: coverity issues in new pcap file/directory handling | |
712 | Bug #2360: possible deadlock with signal handling | |
713 | Bug #2364: rust/dns: logging missing string versions of rtypes and rcodes | |
714 | Bug #2365: rust/dns: flooded by 'LogDnsLogger not implemented for Rust DNS' | |
715 | Bug #2367: Conf: Multipe NULL-pointer dereferences in HostInitConfig | |
716 | Bug #2368: Conf: Multipe NULL-pointer dereferences after ConfGetBool in StreamTcpInitConfig | |
717 | Bug #2370: Conf: Multipe NULL-pointer dereferences in PostConfLoadedSetup | |
718 | Bug #2390: mingw linker error with rust | |
719 | Bug #2391: libhtp 0.5.26 | |
720 | Bug #2394: Pcap Directory May Miss Files | |
721 | Bug #2397: Call to panic()! macro in Rust NFS decoder causes crash on malformed NFS traffic | |
722 | Bug #2398: Lua keyword cmd help documentation pointing to old docs | |
723 | Bug #2402: http_header_names doesn't operate as documented | |
724 | Bug #2403: Crash for offline pcap mode when running in single mode | |
725 | Bug #2407: Fix timestamp offline when pcap timestamp is zero | |
726 | Bug #2408: fix print backslash in PrintRawUriFp | |
727 | Bug #2414: NTP parser registration frees used memory | |
728 | Bug #2418: Skip configuration "include" nodes when file is empty | |
729 | Bug #2420: Use pthread_sigmask instead of sigprogmask for signal handling | |
730 | Bug #2425: DNP3 memcpy buffer overflow | |
731 | Bug #2427: Suricata 3.x.x and 4.x.x do not parse HTTP responses if tcp data was sent before 3-way-handshake completed | |
732 | Bug #2430: http eve log data source/dest flip | |
733 | Bug #2437: rust/dns: Core Dump with malformed traffic | |
734 | Bug #2442: der parser: bad input consumes cpu and memory | |
735 | Bug #2446: http bodies / file_data: thread space creation writing out of bounds (master) | |
736 | Bug #2451: Missing Files Will Cause Pcap Thread to No Longer Run in Unix Socket Mode | |
737 | Bug #2454: master - suricata.c:2473-2474 - SIGUSR2 not wrapped in #ifndef OS_WIN32 | |
87839d97 | 738 | Bug #2466: [4.1beta1] Messages with SC_LOG_CONFIG level are logged to syslog with EMERG priority |
97c224d1 | 739 | |
20759539 VJ |
740 | 4.0.1 -- 2017-10-18 |
741 | ||
742 | Bug #2050: TLS rule mixes up server and client certificates | |
743 | Bug #2064: Rules with dual classtype do not error | |
744 | Bug #2074: detect msg: memory leak | |
745 | Bug #2102: Rules with dual sid do not error | |
746 | Bug #2103: Rules with dual rev do not error | |
747 | Bug #2151: The documentation does not reflect current suricata.yaml regarding cpu-affinity | |
748 | Bug #2194: rust/nfs: sigabrt/rust panic - 4.0.0-dev (rev fc22943) | |
749 | Bug #2197: rust build with lua enabled fails on x86 | |
750 | Bug #2201: af_packet: suricata leaks memory with use-mmap enabled and incorrect BPF filter | |
751 | Bug #2207: DNS UDP "Response" parsing recording an incorrect value | |
752 | Bug #2208: mis-structured JSON stats output if interface name is shortened | |
753 | Bug #2226: improve error message if stream memcaps too low | |
754 | Bug #2228: enforcing specific number of threads with autofp does not seem to work | |
755 | Bug #2244: detect state uses broken offset logic (4.0.x) | |
756 | Feature #2114: Redis output: add RPUSH support | |
757 | Feature #2152: Packet and Drop Counters for Napatech | |
758 | ||
b8428378 VJ |
759 | 4.0.0 -- 2017-07-27 |
760 | ||
761 | Feature #2138: Create a sample systemd service file. | |
762 | Feature #2184: rust: increase minimally supported rustc version to 1.15 | |
763 | Bug #2169: dns/tcp: reponse traffic leads to 'app_proto_tc: failed' | |
764 | Bug #2170: Suricata fails on large BPFs with AF_PACKET | |
765 | Bug #2185: rust: build failure if libjansson is missing | |
766 | Bug #2186: smb dcerpc segfaults in StubDataParser | |
767 | Bug #2187: hyperscan: mpm setup error leads to crash | |
768 | ||
57791bd6 VJ |
769 | 4.0.0-rc2 -- 2017-07-13 |
770 | ||
771 | Feature #744: Teredo configuration | |
772 | Feature #1748: lua: expose tx in alert lua scripts | |
773 | Bug #1855: alert number output | |
774 | Bug #1888: noalert in a pass rule disables the rule | |
775 | Bug #1957: PCRE lowercase enforcement in http_host buffer does not allow for upper case in hex-encoding | |
776 | Bug #1958: Possible confusion or bypass within the stream engine with retransmits. | |
777 | Bug #2110: isdataat: keyword memleak | |
778 | Bug #2162: rust/nfs: reachable asserting rust panic | |
779 | Bug #2175: rust/nfs: panic - 4.0.0-dev (rev 7c25a2d) | |
780 | Bug #2176: gcc 7.1.1 'format truncation' compiler warnings | |
781 | Bug #2177: asn1/der: stack overflow | |
782 | ||
5e3d8b15 VJ |
783 | 4.0.0-rc1 -- 2017-06-28 |
784 | ||
785 | Feature #2095: eve: http body in alert event | |
786 | Feature #2131: nfs: implement GAP support | |
787 | Feature #2156: Add app_proto or partial flow entry to alerts | |
788 | Feature #2163: ntp parser | |
789 | Feature #2164: rust: external parser crate support | |
790 | Bug #1930: Segfault when event rule is invalid | |
791 | Bug #2038: validate app-layer API use | |
b8428378 | 792 | Bug #2101: unix socket: stalling due to being unable to disable detect thread |
5e3d8b15 | 793 | Bug #2109: asn1: keyword memleak |
b8428378 | 794 | Bug #2117: byte_extract and byte_test collaboration doesnt work on 3.2.1 |
5e3d8b15 VJ |
795 | Bug #2141: 4.0.0-dev (rev 8ea9a5a) segfault |
796 | Bug #2143: Bypass cause missing alert on packets only signatures | |
797 | Bug #2144: rust: panic in dns/tcp | |
798 | Bug #2148: rust/dns: panic on malformed rrnames | |
799 | Bug #2153: starttls 'tunnel' packet issue - nfq_handle_packet error -1 | |
800 | Bug #2154: Dynamic stack overflow in payload printable output | |
801 | Bug #2155: AddressSanitizer double-free error | |
802 | Bug #2157: Compilation Issues Beta 4.0 | |
803 | Bug #2158: Suricata v4.0.0-beta1 dns_query; segmentation fault | |
804 | Bug #2159: http: 2221028 triggers on underscore in hostname | |
805 | Bug #2160: openbsd: pcap with raw datalink not supported | |
806 | Bug #2161: libhtp 0.5.25 | |
807 | Bug #2165: rust: releases should include crate dependencies (cargo-vendor) | |
808 | ||
b970e1b8 VJ |
809 | 4.0.0-beta1 -- 2017-06-07 |
810 | ||
811 | Feature #805: Add support for applayer change | |
812 | Feature #806: Implement STARTTLS support | |
813 | Feature #1636: Signal rotation of unified2 log file without restart | |
814 | Feature #1953: lua: expose flow_id | |
815 | Feature #1969: TLS transactions with session resumption are not logged | |
816 | Feature #1978: Using date in logs name | |
817 | Feature #1998: eve.tls: custom TLS logging | |
818 | Feature #2006: tls: decode certificate serial number | |
819 | Feature #2011: eve.alert: print outside IP addresses on alerts on traffic inside tunnels | |
820 | Feature #2046: Support custom file permissions per logger | |
821 | Feature #2061: lua: get timestamps from flow | |
822 | Feature #2077: Additional HTTP Header Contents and Negation | |
b8428378 | 823 | Feature #2123: unix-socket: additional runmodes |
b970e1b8 VJ |
824 | Feature #2129: nfs: parser, logger and detection |
825 | Feature #2130: dns: rust parser with stateless behaviour | |
826 | Feature #2132: eve: flowbit and other vars logging | |
b970e1b8 VJ |
827 | Feature #2133: unix socket: add/remove hostbits |
828 | Bug #1335: suricata option --pidfile overwrites any file | |
829 | Bug #1470: make install-full can have race conditions on OSX. | |
830 | Bug #1759: CentOS5 EOL tasks | |
831 | Bug #2037: travis: move off legacy support | |
832 | Bug #2039: suricata stops processing when http-log output via unix_stream backs up | |
833 | Bug #2041: bad checksum 0xffff | |
834 | Bug #2044: af-packet: faulty VLAN handling in tpacket-v3 mode | |
835 | Bug #2045: geoip: compile warning on CentOS 7 | |
836 | Bug #2049: Empty rule files cause failure exit code without corresponding message | |
837 | Bug #2051: ippair: xbit unset memory leak | |
838 | Bug #2053: ippair: pair is direction sensitive | |
839 | Bug #2070: file store: file log / file store mismatch with multiple files | |
840 | Bug #2072: app-layer: fix memleak on bad traffic | |
841 | Bug #2078: http body handling: failed assertion | |
842 | Bug #2088: modbus: clang-4.0 compiler warnings | |
843 | Bug #2093: Handle TCP stream gaps. | |
844 | Bug #2097: "Name of device should not be null" appears in suricata.log when using pfring with configuration from suricata.yaml | |
845 | Bug #2098: isdataat: fix parsing issue with leading spaces | |
846 | Bug #2108: pfring: errors when compiled with asan/debug | |
847 | Bug #2111: doc: links towards http_header_names | |
848 | Bug #2112: doc: links towards certain http_ keywords not working | |
849 | Bug #2113: Race condition starting Unix Server | |
850 | Bug #2118: defrag - overlap issue in linux policy | |
851 | Bug #2125: ASAN SEGV - Suricata version 4.0dev (rev 922a27e) | |
852 | Optimization #521: Introduce per stream thread segment pool | |
853 | Optimization #1873: Classtypes missing on decoder-events,files, and stream-events | |
854 | ||
e072a10f VJ |
855 | 3.2.1 -- 2017-02-15 |
856 | ||
857 | Feature #1951: Allow building without libmagic/file | |
858 | Feature #1972: SURICATA ICMPv6 unknown type 143 for MLDv2 report | |
859 | Feature #2010: Suricata should confirm SSSE3 presence at runtime when built with Hyperscan support | |
860 | Bug #467: compilation with unittests & debug validation | |
861 | Bug #1780: VLAN tags not forwarded in afpacket inline mode | |
862 | Bug #1827: Mpm AC fails to alloc memory | |
863 | Bug #1843: Mpm Ac: int overflow during init | |
864 | Bug #1887: pcap-log sets snaplen to -1 | |
865 | Bug #1946: can't get response info in some situation | |
866 | Bug #1973: suricata fails to start because of unix socket | |
867 | Bug #1975: hostbits/xbits memory leak | |
868 | Bug #1982: tls: invalid record event triggers on valid traffic | |
869 | Bug #1984: http: protocol detection issue if both sides are malformed | |
870 | Bug #1985: pcap-log: minor memory leaks | |
871 | Bug #1987: log-pcap: pcap files created with invalid snaplen | |
872 | Bug #1988: tls_cert_subject bug | |
873 | Bug #1989: SMTP protocol detection is case sensitive | |
874 | Bug #1991: Suricata cannot parse ports: "![1234, 1235]" | |
875 | Bug #1997: tls-store: bug that cause Suricata to crash | |
876 | Bug #2001: Handling of unsolicited DNS responses. | |
877 | Bug #2003: BUG_ON body sometimes contains side-effectual code | |
878 | Bug #2004: Invalid file hash computation when force-hash is used | |
879 | Bug #2005: Incoherent sizes between request, capture and http length | |
880 | Bug #2007: smb: protocol detection just checks toserver | |
881 | Bug #2008: Suricata 3.2, pcap-log no longer works due to timestamp_pattern PCRE | |
882 | Bug #2009: Suricata is unable to get offloading settings when run under non-root | |
883 | Bug #2012: dns.log does not log unanswered queries | |
884 | Bug #2017: EVE Log Missing Fields | |
885 | Bug #2019: IPv4 defrag evasion issue | |
886 | Bug #2022: dns: out of bound memory read | |
887 | ||
7db31724 VJ |
888 | 3.2 -- 2016-12-01 |
889 | ||
890 | Bug #1117: PCAP file count does not persist | |
891 | Bug #1577: luajit scripts load error | |
892 | Bug #1924: Windows dynamic DNS updates trigger 'DNS malformed request data' alerts | |
893 | Bug #1938: suricata: log handling issues | |
894 | Bug #1955: luajit script init failed | |
895 | Bug #1960: Error while parsing rule with PCRE keyword with semicolon | |
896 | Bug #1961: No error on missing semicolon between depth and classtype | |
897 | Bug #1965: dnp3/enip/cip keywords naming convention | |
898 | Bug #1966: af-packet fanout detection broken on Debian Jessie (master) | |
899 | ||
f9f5e8a3 VJ |
900 | 3.2RC1 -- 2016-11-01 |
901 | ||
902 | Feature #1906: doc: install man page and ship pdf | |
903 | Feature #1916: lua: add an SCPacketTimestamp function | |
904 | Feature #1867: rule compatibility: flow:not_established not supported. | |
905 | Bug #1525: Use pkg-config for libnetfilter_queue | |
906 | Bug #1690: app-layer-proto negation issue | |
907 | Bug #1909: libhtp 0.5.23 | |
908 | Bug #1914: file log always shows stored: no even if file is stored | |
909 | Bug #1917: nfq: bypass SEGV | |
910 | Bug #1919: filemd5: md5-list does not allow comments any more | |
911 | Bug #1923: dns - back to back requests results in loss of response | |
912 | Bug #1928: flow bypass leads to memory errors | |
913 | Bug #1931: multi-tenancy fails to start | |
914 | Bug #1932: make install-full does not install tls-events.rules | |
915 | Bug #1935: Check redis reply in non pipeline mode | |
916 | Bug #1936: Can't set fast_pattern on tls_sni content | |
917 | ||
790ac8d4 VJ |
918 | 3.2beta1 -- 2016-10-03 |
919 | ||
920 | Feature #509: add SHA1 and SHA256 checksum support for files | |
921 | Feature #1231: ssl_state negation support | |
922 | Feature #1345: OOBE -3- disable NIC offloading by default | |
923 | Feature #1373: Allow different reassembly depth for filestore rules | |
924 | Feature #1495: EtherNet/IP and CIP support | |
925 | Feature #1583: tls: validity fields (notBefore and notAfter) | |
926 | Feature #1657: Per application layer stats | |
927 | Feature #1896: Reimplement tls.subject and tls.isserdn | |
928 | Feature #1903: tls: tls_cert_valid and tls_cert_expired keywords | |
929 | Feature #1907: http_request_line and http_response_line | |
930 | Optimization #1044: TLS buffers evaluated by fast_pattern matcher. | |
931 | Optimization #1277: Trigger second live rule-reload while first one is in progress | |
932 | Bug #312: incorrect parsing of rules with missing semi-colon for keywords | |
933 | Bug #712: wildcard matches on tls.subject | |
934 | Bug #1353: unix-command socket created with last character missing | |
935 | Bug #1486: invalid rule: parser err msg not descriptive enough | |
936 | Bug #1525: Use pkg-config for libnetfilter_queue | |
937 | Bug #1893: tls: src_ip and dest_ip reversed in TLS events for IPS vs IDS mode. | |
938 | Bug #1898: Inspection does not always stop when stream depth is reached | |
939 | ||
ae116871 VJ |
940 | 3.1.2 -- 2016-09-06 |
941 | ||
942 | Feature #1830: support 'tag' in eve log | |
943 | Feature #1870: make logged flow_id more unique | |
944 | Feature #1874: support Cisco Fabric Path / DCE | |
945 | Feature #1885: eve: add option to log all dropped packets | |
946 | Bug #1849: ICMPv6 incorrect checksum alert if Ethernet FCS is present | |
947 | Bug #1853: suricata is matching everything on dce_stub_data buffer | |
948 | Bug #1854: unified2: logging of tagged packets not working | |
949 | Bug #1856: PCAP mode device not found | |
950 | Bug #1858: Lots of TCP 'duplicated option/DNS malformed request data' after upgrading from 3.0.1 to 3.1.1 | |
951 | Bug #1878: dns: crash while logging sshfp records | |
952 | Bug #1880: icmpv4 error packets can lead to missed detection in tcp/udp | |
953 | Bug #1884: libhtp 0.5.22 | |
954 | ||
ec602089 VJ |
955 | 3.1.1 -- 2016-07-13 |
956 | ||
957 | Feature #1775: Lua: SMTP-support | |
958 | Bug #1419: DNS transaction handling issues | |
959 | Bug #1515: Problem with Threshold.config when using more than one IP | |
960 | Bug #1664: Unreplied DNS queries not logged when flow is aged out | |
961 | Bug #1808: Can't set thread priority after dropping privileges. | |
962 | Bug #1821: Suricata 3.1 fails to start on CentOS6 | |
963 | Bug #1839: suricata 3.1 configure.ac says >=libhtp-0.5.5, but >=libhtp-0.5.20 required | |
964 | Bug #1840: --list-keywords and --list-app-layer-protos not working | |
965 | Bug #1841: libhtp 0.5.21 | |
966 | Bug #1844: netmap: IPS mode doesn't set 2nd iface in promisc mode | |
967 | Bug #1845: Crash on disabling a app-layer protocol when it's logger is still enabled | |
968 | Optimization #1846: af-packet: improve thread calculation logic | |
969 | Optimization #1847: rules: don't warn on empty files | |
970 | ||
0e913493 VJ |
971 | 3.1 -- 2016-06-20 |
972 | ||
973 | Bug #1589: Cannot run nfq in workers mode | |
974 | Bug #1804: yaml: legacy detect-engine parsing custom values broken | |
975 | ||
d4f84455 VJ |
976 | 3.1RC1 -- 2016-06-07 |
977 | ||
978 | Feature #681: Implement TPACKET_V3 support in AF_PACKET | |
979 | Feature #1134: tls: server name rule keyword | |
980 | Feature #1343: OOBE -1- increasing the default stream.memcap and stream.reassembly.memcap values | |
981 | Feature #1344: OOBE -2- decreasing the default flow-timeouts (at least for TCP) | |
982 | Feature #1563: dns: log sshfp records | |
983 | Feature #1760: Unit tests: Don't register return value, use 1 for success, 0 for failure. | |
984 | Feature #1761: Unit tests: Provide macros for clean test failures. | |
985 | Feature #1762: default to AF_PACKET for -i if available | |
986 | Feature #1785: hyperscan spm integration | |
987 | Feature #1789: hyperscan mpm: enable by default | |
988 | Feature #1797: netmap: implement 'threads: auto' | |
989 | Feature #1798: netmap: warn about NIC offloading on FreeBSD | |
990 | Feature #1800: update bundled libhtp to 0.5.20 | |
991 | Feature #1801: reduce info level verbosity | |
992 | Feature #1802: yaml: improve default layout | |
993 | Feature #1803: reimplement rule grouping | |
0e913493 | 994 | Bug #1078: 'Not" operator (!) in Variable causes extremely slow loading of Suricata |
d4f84455 VJ |
995 | Bug #1202: detect-engine profile medium consumes more memory than detect-engine profile high |
996 | Bug #1289: MPM b2gm matcher has questionable code | |
997 | Bug #1487: Configuration parser depends on key ordering | |
998 | Bug #1524: Potential Thread Name issues due to RHEL7 Interface Naming Contentions | |
999 | Bug #1584: Rule keywords conflict will cause Suricata restart itself in loop | |
0e913493 | 1000 | Bug #1606: [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl: 6 |
d4f84455 VJ |
1001 | Bug #1665: Default maximum packet size is insufficient when VLAN tags are present (and not stripped) |
1002 | Bug #1714: Kernel panic on application exit with netmap Suricata 3.0 stable | |
1003 | Bug #1746: deadlock with autofp and --disable-detection | |
1004 | Bug #1764: app-layer-modbus: AddressSanitizer error (segmentation fault) | |
1005 | Bug #1768: packet processing threads doubled | |
0e913493 | 1006 | Bug #1771: tls store memory leak |
d4f84455 VJ |
1007 | Bug #1773: smtp: not all attachments inspected in all cases |
1008 | Bug #1786: spm crash on rule reload | |
1009 | Bug #1792: dns-json-log produces no output | |
0e913493 | 1010 | Bug #1795: Remove unused CPU affinity settings from suricata.yaml |
d4f84455 VJ |
1011 | Optimization #563: pmq optimization -- remove patter_id_array |
1012 | Optimization #1037: Optimize TCP Option storage | |
1013 | Optimization #1418: lockless flow handling during capture (autofp) | |
1014 | Optimization #1784: reduce storage size of IPv4 options and IPv6 ext hdrs | |
1015 | ||
71a3c4ca VJ |
1016 | 3.0.1 -- 2016-04-04 |
1017 | ||
1018 | Feature #1704: hyperscan mpm integration | |
1019 | Feature #1661: Improved support for xbits/hostbits (in particular ip_pair) when running with multiple threads | |
1020 | Bug #1697: byte_extract incompatibility with Snort. | |
1021 | Bug #1737: Stats not reset between PCAPs when Suricata runs in socket mode | |
1022 | ||
0ac27e28 VJ |
1023 | 3.0.1RC1 -- 2016-03-23 |
1024 | ||
1025 | Feature #1535: Expose the certificate itself in TLS-lua | |
1026 | Feature #1696: improve logged flow_id | |
1027 | Feature #1700: enable "relro" and "now" in compile options for 3.0 | |
1028 | Feature #1734: gre: support transparent ethernet bridge decoding | |
1029 | Feature #1740: Create counters for decode-events errors | |
1030 | Bug #873: suricata.yaml: .mgc is NOT actually added to value for magic file | |
1031 | Bug #1166: tls: CID 1197759: Resource leak (RESOURCE_LEAK) | |
1032 | Bug #1268: suricata and macos/darwin: [ERRCODE: SC_ERR_MAGIC_LOAD(197)] - magic_load failed: File 5.19 supports only version 12 magic files. `/usr/share/file/magic.mgc' is version 7 | |
1033 | Bug #1359: memory leak | |
1034 | Bug #1411: Suricata generates huge load when nfq_create_queue failed | |
1035 | Bug #1570: stream.inline defaults to IDS mode if missing | |
1036 | Bug #1591: afpacket: unsupported datalink type 65534 on tun device | |
1037 | Bug #1619: Per-Thread Delta Stats Broken | |
1038 | Bug #1638: rule parsing issues: rev | |
1039 | Bug #1641: Suricata won't build with --disable-unix-socket when libjansson is enabled | |
1040 | Bug #1646: smtp: fix inspected tracker values | |
1041 | Bug #1660: segv when using --set on a list | |
1042 | Bug #1669: Suricate 3.0RC3 segfault after 10 hours | |
1043 | Bug #1670: Modbus compiler warnings on Fedora 23 | |
1044 | Bug #1671: Cygwin Windows compilation with libjansson from source | |
1045 | Bug #1674: Cannot use 'tag:session' after base64_data keyword | |
1046 | Bug #1676: gentoo build error | |
1047 | Bug #1679: sensor-name configuration parameter specified in wrong place in default suricata.yaml | |
1048 | Bug #1680: Output sensor name in json | |
1049 | Bug #1684: eve: stream payload has wrong direction in IPS mode | |
1050 | Bug #1686: Conflicting "no" for "totals" and "threads" in stats output | |
1051 | Bug #1689: Stack overflow in case of variables misconfiguration | |
1052 | Bug #1693: Crash on Debian with libpcre 8.35 | |
1053 | Bug #1695: Unix Socket missing dump-counters mode | |
1054 | Bug #1698: Segmentation Fault at detect-engine-content-inspection.c:438 (master) | |
1055 | Bug #1699: CUDA build broken | |
1056 | Bug #1701: memory leaks | |
1057 | Bug #1702: TLS SNI parsing issue | |
1058 | Bug #1703: extreme slow down in HTTP multipart parsing | |
1059 | Bug #1706: smtp memory leaks | |
1060 | Bug #1707: malformed json if message is too big | |
1061 | Bug #1708: dcerpc memory leak | |
1062 | Bug #1709: http memory leak | |
1063 | Bug #1715: nfq: broken time stamps with recent Linux kernel 4.4 | |
1064 | Bug #1717: Memory leak on Suricata 3.0 with Netmap | |
1065 | Bug #1719: fileinfo output wrong in eve in http | |
1066 | Bug #1720: flowbit memleak | |
1067 | Bug #1724: alert-debuglog: non-decoder events won't trigger rotation. | |
1068 | Bug #1725: smtp logging memleak | |
1069 | Bug #1727: unix socket runmode per pcap memory leak | |
1070 | Bug #1728: unix manager command channel memory leaks | |
1071 | Bug #1729: PCRE jit is disabled/blacklisted when it should not | |
1072 | Bug #1731: detect-tls memory leak | |
1073 | Bug #1735: cppcheck: Shifting a negative value is undefined behaviour | |
1074 | Bug #1736: tls-sni: memory leaks on malformed traffic | |
1075 | Bug #1742: vlan use-for-tracking including Priority in hashing | |
1076 | Bug #1743: compilation with musl c library fails | |
1077 | Bug #1744: tls: out of bounds memory read on malformed traffic | |
1078 | Optimization #1642: Add --disable-python option | |
1079 | ||
f9faf990 VJ |
1080 | 3.0 -- 2016-01-27 |
1081 | ||
1082 | Bug #1673: smtp: crash during mime parsing | |
1083 | ||
44a444ba VJ |
1084 | 3.0RC3 -- 2015-12-21 |
1085 | ||
1086 | Bug #1632: Fail to download large file with browser | |
1087 | Bug #1634: Fix non thread safeness of Prelude analyzer | |
1088 | Bug #1640: drop log crashes | |
1089 | Bug #1645: Race condition in unix manager | |
1090 | Bug #1647: FlowGetKey flow-hash.c:240 segmentation fault (master) | |
1091 | Bug #1650: DER parsing issue (master) | |
1092 | ||
e94bf972 VJ |
1093 | 3.0RC2 -- 2015-12-08 |
1094 | ||
1095 | Bug #1551: --enable-profiling-locks broken | |
1096 | Bug #1602: eve-log prefix field feature broken | |
1097 | Bug #1614: app_proto key missing from EVE file events | |
1098 | Bug #1615: disable modbus by default | |
1099 | Bug #1616: TCP reassembly bug | |
1100 | Bug #1617: DNS over TCP parsing issue | |
1101 | Bug #1618: SMTP parsing issue | |
1102 | Feature #1635: unified2 output: disable by default | |
1103 | ||
737c99dd VJ |
1104 | 3.0RC1 -- 2015-11-25 |
1105 | ||
1106 | Bug #1150: TLS store disabled by TLS EVE logging | |
1107 | Bug #1210: global counters in stats.log | |
1108 | Bug #1423: Unix domain log file writer should automatically reconnect if receiving program is restarted. | |
1109 | Bug #1466: Rule reload - Rules won't reload if rule files are listed in an included file. | |
1110 | Bug #1467: Specifying an IPv6 entry before an IPv4 entry in host-os-policy causes ASAN heap-buffer-overflow. | |
1111 | Bug #1472: Should 'goodsigs' be 'goodtotal' when checking if signatures were loaded in detect.c? | |
1112 | Bug #1475: app-layer-modbus: AddressSanitizer error (heap-buffer-overflow) | |
1113 | Bug #1481: Leading whitespace in flowbits variable names | |
1114 | Bug #1482: suricata 2.1 beta4: StoreStateTxFileOnly crashes | |
1115 | Bug #1485: hostbits - leading and trailing spaces are treated as part of the name and direction. | |
1116 | Bug #1488: stream_size <= and >= modifiers function as < and > (equality is not functional) | |
1117 | Bug #1491: pf_ring is not able to capture packets when running under non-root account | |
1118 | Bug #1493: config test (-T) doesn't fail on missing files | |
1119 | Bug #1494: off by one on rulefile count | |
1120 | Bug #1500: suricata.log | |
1121 | Bug #1508: address var parsing issue | |
1122 | Bug #1517: Order dependent, ambiguous YAML in multi-detect. | |
1123 | Bug #1518: multitenancy - selector vlan - vlan id range | |
1124 | Bug #1521: multitenancy - global vlan tracking relation to selector | |
1125 | Bug #1523: Decoded base64 payload short by 16 characters | |
1126 | Bug #1530: multitenant mapping relation | |
1127 | Bug #1531: multitenancy - confusing tenant id and vlan id output | |
1128 | Bug #1556: MTU setting on NIC interface not considered by af-packet | |
1129 | Bug #1557: stream: retransmission not detected | |
1130 | Bug #1565: defrag: evasion issue | |
1131 | Bug #1597: dns parser issue (master) | |
1132 | Bug #1601: tls: server name logging | |
1133 | Feature #1116: ips packet stats in stats.log | |
1134 | Feature #1137: Support IP lists in threshold.config | |
1135 | Feature #1228: Suricata stats.log in JSON format | |
1136 | Feature #1265: Replace response on Suricata dns decoder when dns error please | |
1137 | Feature #1281: long snort ruleset support for "SC_ERR_NOT_SUPPORTED(225): content length greater than 255 unsupported" | |
1138 | Feature #1282: support for base64_decode from snort's ruleset | |
1139 | Feature #1342: Support Cisco erspan traffic | |
1140 | Feature #1374: Write pre-aggregated counters for all threads | |
1141 | Feature #1408: multi tenancy for detection | |
1142 | Feature #1440: Load rules file from a folder or with a star pattern rather then adding them manually to suricata.yaml | |
1143 | Feature #1454: Proposal to add Lumberjack/CEE formatting option to EVE JSON syslog output for compatibility with rsyslog parsing | |
1144 | Feature #1492: Add HUP coverage to output json-log | |
1145 | Feature #1498: color output | |
1146 | Feature #1499: json output for engine messages | |
1147 | Feature #1502: Expose tls fields to lua | |
1148 | Feature #1514: SSH softwareversion regex should allow colon | |
1149 | Feature #1527: Add ability to compile as a Position-Independent Executable (PIE) | |
1150 | Feature #1568: TLS lua output support | |
1151 | Feature #1569: SSH lua support | |
1152 | Feature #1582: Redis output support | |
1153 | Feature #1586: Add flow memcap counter | |
1154 | Feature #1599: rule profiling: json output | |
1155 | Optimization #1269: Convert SM List from linked list to array | |
1156 | ||
0e2a4c01 VJ |
1157 | 2.1beta4 -- 2015-05-08 |
1158 | ||
1159 | Bug #1314: http-events performance issues | |
1160 | Bug #1340: null ptr dereference in Suricata v2.1beta2 (output-json.c:347) | |
1161 | Bug #1352: file list is not cleaned up | |
1162 | Bug #1358: Gradual memory leak using reload (kill -USR2 $pid) | |
1163 | Bug #1366: Crash if default_packet_size is below 32 bytes | |
1164 | Bug #1378: stats api doesn't call thread deinit funcs | |
1165 | Bug #1384: tcp midstream window issue (master) | |
1166 | Bug #1388: pcap-file hangs on systems w/o atomics support (master) | |
1167 | Bug #1392: http uri parsing issue (master) | |
1168 | Bug #1393: CentOS 5.11 build failures | |
1169 | Bug #1398: DCERPC traffic parsing issue (master) | |
1170 | Bug #1401: inverted matching on incomplete session | |
1171 | Bug #1402: When re-opening files on HUP (rotation) always use the append flag. | |
1172 | Bug #1417: no rules loaded - latest git - rev e250040 | |
1173 | Bug #1425: dead lock in de_state vs flowints/flowvars | |
1174 | Bug #1426: Files prematurely truncated by detection engine even though force-md5 is enabled | |
1175 | Bug #1429: stream: last_ack update issue leading to stream gaps | |
1176 | Bug #1435: EVE-Log alert payload option loses data | |
1177 | Bug #1441: Local timestamps in json events | |
1178 | Bug #1446: Unit ID check in Modbus packet error | |
1179 | Bug #1449: smtp parsing issue | |
1180 | Bug #1451: Fix list-keywords regressions | |
1181 | Bug #1463: modbus parsing issue | |
1182 | Feature #336: Add support for NETMAP to Suricata. | |
1183 | Feature #885: smtp file_data support | |
1184 | Feature #1394: Improve TCP reuse support | |
1185 | Feature #1410: add alerts to EVE's drop logs | |
1186 | Feature #1445: Suricata does not work on pfSense/FreeBSD interfaces using PPPoE | |
1187 | Feature #1447: Ability to reject ICMP traffic | |
1188 | Feature #1448: xbits | |
1189 | Optimization #1014: app layer reassembly fast-path | |
1190 | Optimization #1377: flow manager: reduce (try)locking | |
1191 | Optimization #1403: autofp packet pool performance problems | |
1192 | Optimization #1409: http pipeline support for stateful detection | |
1193 | ||
a5641bc7 VJ |
1194 | 2.1beta3 -- 2015-01-29 |
1195 | ||
1196 | Bug #977: WARNING on empty rules file is fatal (should not be) | |
1197 | Bug #1184: pfring: cppcheck warnings | |
1198 | Bug #1321: Flow memuse bookkeeping error | |
1199 | Bug #1327: pcre pkt/flowvar capture broken for non-relative matches (master) | |
1200 | Bug #1332: cppcheck: ioctl | |
1201 | Bug #1336: modbus: CID 1257762: Logically dead code (DEADCODE) | |
1202 | Bug #1351: output-json: duplicate logging (2.1.x) | |
1203 | Bug #1354: coredumps on quitting on OpenBSD | |
1204 | Bug #1355: Bus error when reading pcap-file on OpenBSD | |
1205 | Bug #1363: Suricata does not compile on OS X/Clang due to redefinition of string functions (2.1.x) | |
1206 | Bug #1365: evasion issues (2.1.x) | |
1207 | Feature #1261: Request for Additional Lua Capabilities | |
1208 | Feature #1309: Lua support for Stats output | |
1209 | Feature #1310: Modbus parsing and matching | |
1210 | Feature #1317: Lua: Indicator for end of flow | |
1211 | Feature #1333: unix-socket: allow (easier) non-root usage | |
1212 | Optimization #1339: flow timeout optimization | |
1213 | Optimization #1339: flow timeout optimization | |
1214 | Optimization #1371: mpm optimization | |
1215 | ||
0b289434 VJ |
1216 | 2.1beta2 -- 2014-11-06 |
1217 | ||
1218 | Feature #549: Extract file attachments from emails | |
1219 | Feature #1312: Lua output support | |
1220 | Feature #899: MPLS over Ethernet support | |
1221 | Feature #707: ip reputation files - network range inclusion availability (cidr) | |
1222 | Feature #383: Stream logging | |
1223 | Feature #1263: Lua: Access to Stream Payloads | |
1224 | Feature #1264: Lua: access to TCP quad / Flow Tuple | |
1225 | Bug #1048: PF_RING/DNA config - suricata.yaml | |
1226 | Bug #1230: byte_extract, within combination not working | |
1227 | Bug #1257: Flow switch is missing from the eve-log section in suricata.yaml | |
1228 | Bug #1259: AF_PACKET IPS is broken in 2.1beta1 | |
1229 | Bug #1260: flow logging at shutdown broken | |
1230 | Bug #1279: BUG: NULL pointer dereference when suricata was debug mode. | |
1231 | Bug #1280: BUG: IPv6 address vars issue | |
1232 | Bug #1285: Lua - http.request_line not working (2.1) | |
1233 | Bug #1287: Lua Output has dependency on eve-log:http | |
1234 | Bug #1288: Filestore keyword in wrong place will cause entire rule not to trigger | |
1235 | Bug #1294: Configure doesn't use --with-libpcap-libraries when testing PF_RING library | |
1236 | Bug #1301: suricata yaml - PF_RING load balance per hash option | |
1237 | Bug #1308: http_header keyword not matching when SYN|ACK and ACK missing (master) | |
1238 | Bug #1311: EVE output Unix domain socket not working (2.1) | |
1239 | ||
7fa2b876 VJ |
1240 | 2.1beta1 -- 2014-08-12 |
1241 | ||
1242 | Feature #1155: Log packet payloads in eve alerts | |
1243 | Feature #1208: JSON Output Enhancement - Include Payload(s) | |
1244 | Feature #1248: flow/connection logging | |
1245 | Feature #1258: json: include HTTP info with Alert output | |
1246 | Optimization #1039: Packetpool should be a stack | |
1247 | Optimization #1241: pcap recording: record per thread | |
1248 | ||
2bcff80d VJ |
1249 | 2.0.3 -- 2014-08-08 |
1250 | ||
1251 | Bug #1236: fix potential crash in http parsing | |
1252 | Bug #1244: ipv6 defrag issue | |
1253 | Bug #1238: Possible evasion in stream-tcp-reassemble.c | |
1254 | Bug #1221: lowercase conversion table missing last value | |
1255 | Support #1207: Cannot compile on CentOS 5 x64 with --enable-profiling | |
1256 | ||
1419e400 VJ |
1257 | 2.0.2 -- 2014-06-25 |
1258 | ||
1259 | Bug #1098: http_raw_uri with relative pcre parsing issue | |
1260 | Bug #1175: unix socket: valgrind warning | |
1261 | Bug #1189: abort() in 2.0dev (rev 6fbb955) with pf_ring 5.6.3 | |
1262 | Bug #1195: nflog: cppcheck reports memleaks | |
1263 | Bug #1206: ZC pf_ring not working with Suricata 2.0.1 (or latest git) | |
1264 | Bug #1211: defrag issue | |
1265 | Bug #1212: core dump (after a while) when app-layer.protocols.http.enabled = yes | |
1266 | Bug #1214: Global Thresholds (sig_id 0, gid_id 0) not applied correctly if a signature has event vars | |
1267 | Bug #1217: Segfault in unix-manager.c line 529 when using --unix-socket and sending pcap files to be analized via socket | |
1268 | Feature #781: IDS using NFLOG iptables target | |
1269 | Feature #1158: Parser DNS TXT data parsing and logging | |
1270 | Feature #1197: liblua support | |
1271 | Feature #1200: sighup for log rotation | |
1272 | ||
174a5055 VJ |
1273 | 2.0.1 -- 2014-05-21 |
1274 | ||
1275 | No changes since 2.0.1rc1 | |
1276 | ||
7e8f80b3 VJ |
1277 | 2.0.1rc1 -- 2014-05-12 |
1278 | ||
1279 | Bug #978: clean up app layer parser thread local storage | |
1280 | Bug #1064: Lack of Thread Deinitialization For Decoder Modules | |
1281 | Bug #1101: Segmentation in AppLayerParserGetTxCnt | |
1282 | Bug #1136: negated app-layer-protocol FP on multi-TX flows | |
1283 | Bug #1141: dns response parsing issue | |
1284 | Bug #1142: dns tcp toclient protocol detection | |
1285 | Bug #1143: tls protocol detection in case of tls-alert | |
1286 | Bug #1144: icmpv6: unknown type events for MLD_* types | |
1287 | Bug #1145: ipv6: support PAD1 in DST/HOP extension hdr | |
1288 | Bug #1146: tls: event on 'new session ticket' in handshake | |
1289 | Bug #1159: Possible memory exhaustion when an invalid bpf-filter is used with AF_PACKET | |
1290 | Bug #1160: Pcaps submitted via Unix Socket do not finish processing in Suricata 2 | |
1291 | Bug #1161: eve: src and dst mixed up in some cases | |
1292 | Bug #1162: proto-detect: make sure probing parsers for all registered ports are run | |
1293 | Bug #1163: HTP Segfault | |
1294 | Bug #1165: af_packet - one thread consistently not working | |
1295 | Bug #1170: rohash: CID 1197756: Bad bit shift operation (BAD_SHIFT) | |
1296 | Bug #1176: AF_PACKET IPS mode is broken in 2.0 | |
1297 | Bug #1177: eve log do not show action 'dropped' just 'allowed' | |
1298 | Bug #1180: Possible problem in stream tracking | |
1299 | Feature #1157: Always create pid file if --pidfile command line option is provided. | |
1300 | Feature #1173: tls: OpenSSL heartbleed detection | |
1301 | ||
bc70fc0f VJ |
1302 | 2.0 -- 2014-03-25 |
1303 | ||
1304 | Bug #1151: tls.store not working when a TLS filter keyword is used | |
1305 | ||
03091dfb VJ |
1306 | 2.0rc3 -- 2014-03-18 |
1307 | ||
1308 | Bug #1127: logstash & suricata parsing issue | |
1309 | Bug #1128: Segmentation fault - live rule reload | |
1310 | Bug #1129: pfring cluster & ring initialization | |
1311 | Bug #1130: af-packet flow balancing problems | |
1312 | Bug #1131: eve-log: missing user agent reported inconsistently | |
1313 | Bug #1133: eve-log: http depends on regular http log | |
1314 | Bug #1135: 2.0rc2 release doesn't set optimization flag on GCC | |
1315 | Bug #1138: alert fastlog drop info missing | |
1316 | ||
845cbcce VJ |
1317 | 2.0rc2 -- 2014-03-06 |
1318 | ||
1319 | Bug #611: fp: rule with ports matching on portless proto | |
1320 | Bug #985: default config generates rule warnings and errors | |
1321 | Bug #1021: 1.4.6: conf_filename not checked before use | |
1322 | Bug #1089: SMTP: move depends on uninitialised value | |
1323 | Bug #1090: FTP: Memory Leak | |
1324 | Bug #1091: TLS-Handshake: Uninitialized value | |
1325 | Bug #1092: HTTP: Memory Leak | |
1326 | Bug #1108: suricata.yaml config parameter - segfault | |
1327 | Bug #1109: PF_RING vlan handling | |
1328 | Bug #1110: Can have the same Pattern ID (pid) for the same pattern but different case flags | |
1329 | Bug #1111: capture stats at exit incorrect | |
1330 | Bug #1112: tls-events.rules file missing | |
1331 | Bug #1115: nfq: exit stats not working | |
1332 | Bug #1120: segv with pfring/afpacket and eve-log enabled | |
1333 | Bug #1121: crash in eve-log | |
1334 | Bug #1124: ipfw build broken | |
1335 | Feature #952: Add VLAN tag ID to all outputs | |
1336 | Feature #953: Add QinQ tag ID to all outputs | |
1337 | Feature #1012: Introduce SSH log | |
1338 | Feature #1118: app-layer protocols http memcap - info in verbose mode (-v) | |
1339 | Feature #1119: restore SSH protocol detection and parser | |
1340 | ||
2421da6e VJ |
1341 | 2.0rc1 -- 2014-02-13 |
1342 | ||
1343 | Bug #839: http events alert multiple times | |
1344 | Bug #954: VLAN decoder stats with AF Packet get written to the first thread only - stats.log | |
1345 | Bug #980: memory leak in http buffers at shutdown | |
1346 | Bug #1066: logger API's for packet based logging and tx based logging | |
1347 | Bug #1068: format string issues with size_t + qa not catching them | |
1348 | Bug #1072: Segmentation fault in 2.0beta2: Custom HTTP log segmentation fault | |
1349 | Bug #1073: radix tree lookups are not thread safe | |
1350 | Bug #1075: CUDA 5.5 doesn't compile with 2.0 beta 2 | |
1351 | Bug #1079: Err loading rules with variables that contain negated content. | |
1352 | Bug #1080: segfault - 2.0dev (rev 6e389a1) | |
1353 | Bug #1081: 100% CPU utilization with suricata 2.0 beta2+ | |
1354 | Bug #1082: af-packet vlan handling is broken | |
1355 | Bug #1103: stats.log not incrementing decoder.ipv4/6 stats when reading in QinQ packets | |
1356 | Bug #1104: vlan tagged fragmentation | |
1357 | Bug #1106: Git compile fails on Ubuntu Lucid | |
1358 | Bug #1107: flow timeout causes decoders to run on pseudo packets | |
1359 | Feature #424: App layer registration cleanup - Support specifying same alproto names in rules for different ip protocols | |
1360 | Feature #542: TLS JSON output | |
1361 | Feature #597: case insensitive fileext match | |
1362 | Feature #772: JSON output for alerts | |
1363 | Feature #814: QinQ tag flow support | |
1364 | Feature #894: clean up output | |
1365 | Feature #921: Override conf parameters | |
1366 | Feature #1007: united output | |
1367 | Feature #1040: Suricata should compile with -Werror | |
1368 | Feature #1067: memcap for http inside suricata | |
1369 | Feature #1086: dns memcap | |
1370 | Feature #1093: stream: configurable segment pools | |
1371 | Feature #1102: Add a decoder.QinQ stats in stats.log | |
1372 | Feature #1105: Detect icmpv6 on ipv4 | |
1373 | ||
d3d745d5 VJ |
1374 | 2.0beta2 -- 2013-12-18 |
1375 | ||
1376 | Bug #463: Suricata not fire on http reply detect if request are not http | |
1377 | Bug #640: app-layer-event:http.host_header_ambiguous set when it shouldn't | |
1378 | Bug #714: some logs not created in daemon mode | |
1379 | Bug #810: Alerts on http traffic storing the wrong packet as the IDS event payload | |
1380 | Bug #815: address parsing with negation | |
1381 | Bug #820: several issues found by clang 3.2 | |
1382 | Bug #837: Af-packet statistics inconsistent under very high traffic | |
1383 | Bug #882: MpmACCudaRegister shouldn't call PatternMatchDefaultMatcher | |
1384 | Bug #887: http.log printing unknown hostname most of the time | |
1385 | Bug #890: af-packet segv | |
1386 | Bug #892: detect-engine.profile - custom - does not err out in incorrect toclient/srv values - suricata.yaml | |
1387 | Bug #895: response: rst packet bug | |
1388 | Bug #896: pfring dna mode issue | |
1389 | Bug #897: make install-full fails if wget is missing | |
1390 | Bug #903: libhtp valgrind warning | |
1391 | Bug #907: icmp_seq and icmp_id keyword with icmpv6 traffic (master) | |
1392 | Bug #910: make check fails w/o sudo/root privs | |
1393 | Bug #911: HUP signal | |
1394 | Bug #912: 1.4.3: Unit test in util-debug.c: line too long. | |
1395 | Bug #914: Having a high number of pickup queues (216+) makes suricata crash | |
1396 | Bug #915: 1.4.3: log-pcap.c: crash on printing a null filename | |
1397 | Bug #917: 1.4.5: decode-ipv6.c: void function cannot return value | |
1398 | Bug #920: Suricata failed to parse address | |
1399 | Bug #922: trackers value in suricata.yaml | |
1400 | Bug #925: prealloc-sessions value bigger than allowed in suricata.yaml | |
1401 | Bug #926: prealloc host value in suricata.yaml | |
1402 | Bug #927: detect-thread-ratio given a non numeric value in suricata.yaml | |
1403 | Bug #928: Max number of threads | |
1404 | Bug #932: wrong IP version - on stacked layers | |
1405 | Bug #939: thread name buffers are sized inconsistently | |
1406 | Bug #943: pfring: see if we can report that the module is not loaded | |
1407 | Bug #948: apple ppc64 build broken: thread-local storage not supported for this target | |
1408 | Bug #958: SSL parsing issue (master) | |
1409 | Bug #963: XFF compile failure on OSX | |
1410 | Bug #964: Modify negated content handling | |
1411 | Bug #967: threshold rule clobbers suppress rules | |
1412 | Bug #968: unified2 not logging tagged packets | |
1413 | Bug #970: AC memory read error | |
1414 | Bug #973: Use different ids for content patterns which are the same, but one of them has a fast_pattern chop set on it. | |
1415 | Bug #976: ip_rep supplying different no of alerts for 2 different but semantically similar rules | |
1416 | Bug #979: clean up app layer protocol detection memory | |
1417 | Bug #982: http events missing | |
1418 | Bug #987: default config generates error(s) | |
1419 | Bug #988: suricata don't exit in live mode | |
1420 | Bug #989: Segfault in HTPStateGetTxCnt after a few minutes | |
1421 | Bug #991: threshold mem leak | |
1422 | Bug #994: valgrind warnings in unittests | |
1423 | Bug #995: tag keyword: tagging sessions per time is broken | |
1424 | Bug #998: rule reload triggers app-layer-event FP's | |
1425 | Bug #999: delayed detect inits thresholds before de_ctx | |
1426 | Bug #1003: Segmentation fault | |
1427 | Bug #1023: block rule reloads during delayed detect init | |
1428 | Bug #1026: pfring: update configure to link with -lrt | |
1429 | Bug #1031: Fix IPv6 stream pseudo packets | |
1430 | Bug #1035: http uri/query normalization normalizes 'plus' sign to space | |
1431 | Bug #1042: Can't match "emailAddress" field in tls.subject and tls.issuerdn | |
1432 | Bug #1061: Multiple flowbit set in one rule | |
1433 | Feature #234: add option disable/enable individual app layer protocol inspection modules | |
1434 | Feature #417: ip fragmentation time out feature in yaml | |
1435 | Feature #478: XFF (X-Forwarded-For) | |
1436 | Feature #602: availability for http.log output - identical to apache log format | |
1437 | Feature #622: Specify number of pf_ring/af_packet receive threads on the command line | |
1438 | Feature #727: Explore the support for negated alprotos in sigs. | |
1439 | Feature #746: Decoding API modification | |
1440 | Feature #751: Add invalid packet counter | |
1441 | Feature #752: Improve checksum detection algorithm | |
1442 | Feature #789: Clean-up start and stop code | |
1443 | Feature #813: VLAN flow support | |
1444 | Feature #878: add storage api | |
1445 | Feature #901: VLAN defrag support | |
1446 | Feature #904: store tx id when generating an alert | |
1447 | Feature #940: randomize http body chunks sizes | |
1448 | Feature #944: detect nic offloading | |
1449 | Feature #956: Implement IPv6 reject | |
1450 | Feature #957: reject: iface setup | |
1451 | Feature #959: Move post config initialisation code to PostConfLoadedSetup | |
1452 | Feature #981: Update all switch case fall throughs with comments on false throughs | |
1453 | Feature #983: Provide rule support for specifying icmpv4 and icmpv6. | |
1454 | Feature #986: set htp request and response size limits | |
1455 | Feature #1008: Optionally have http_uri buffer start with uri path for use in proxied environments | |
1456 | Feature #1009: Yaml file inclusion support | |
1457 | Feature #1032: profiling: per keyword stats | |
1458 | Optimization #583: improve Packet_ structure layout | |
1459 | Optimization #1018: clean up counters api | |
1460 | Optimization #1041: remove mkinstalldirs from git | |
1461 | ||
f09f289b VJ |
1462 | 2.0beta1 -- 2013-07-18 |
1463 | ||
1464 | - Luajit flow vars and flow ints support (#593) | |
1465 | - DNS parser, logger and keyword support (#792), funded by Emerging Threats | |
1466 | - deflate support for HTTP response bodies (#470, #775) | |
1467 | - update to libhtp 0.5 (#775) | |
1468 | - improved gzip support for HTTP response bodies (#470, #775) | |
1469 | - redesigned transaction handling, improving both accuracy and performance (#753) | |
1470 | - redesigned CUDA support (#729) | |
1471 | - Be sure to always apply verdict to NFQ packet (#769) | |
1472 | - stream engine: SACK allocs should adhere to memcap (#794) | |
1473 | - stream: deal with multiple different SYN/ACK's better (#796) | |
1474 | - stream: Randomize stream chunk size for raw stream inspection (#804) | |
1475 | - Introduce per stream thread ssn pool (#519) | |
1476 | - "pass" IP-only rules should bypass detection engine after matching (#718) | |
1477 | - Generate error if bpf is used in IPS mode (#777) | |
1478 | - Add support for batch verdicts in NFQ, thanks to Florian Westphal | |
1479 | - Update Doxygen config, thanks to Phil Schroeder | |
1480 | - Improve libnss detection, thanks to Christian Kreibich | |
1481 | - Fix a FP on rules looking for port 0 and fragments (#847), thanks to Rmkml | |
1482 | - OS X unix socket build fixed (#830) | |
1483 | - bytetest, bytejump and byteextract negative offset failure (#827) | |
1484 | - Fix fast.log formatting issues (#771), thanks to Rmkml | |
1485 | - Invalidate negative depth (#774), thanks to Rmkml | |
1486 | - Fixed accuracy issues with relative pcre matching (#791) | |
1487 | - Fix deadlock in flowvar capture code (#802) | |
1488 | - Improved accuracy of file_data keyword (#817) | |
1489 | - Fix af-packet ips mode rule processing bug (#819), thanks to Laszlo Madarassy | |
1490 | - stream: fix injecting pseudo packet too soon leading to FP (#883), thanks to Francis Trudeau | |
1491 | ||
1492 | 1.4.4 -- 2013-07-18 | |
1493 | ||
1494 | - Bug #834: Unix socket - showing as compiled when it is not desired to do so | |
1495 | - Bug #835: Unix Socket not working as expected | |
1496 | - Bug #841: configure --enable-unix-socket does not err out if libs/pkgs are not present | |
1497 | - Bug #846: FP on IP frag and sig use udp port 0, thanks to Rmkml | |
1498 | - Bug #864: backport packet action macro's | |
1499 | - Bug #876: htp tunnel fix | |
1500 | - Bug #877: Flowbit check with content doesn't match consistently, thanks to Francis Trudeau | |
1501 | ||
1502 | 1.4.3 -- 2013-06-20 | |
1503 | ||
1504 | - Fix missed detection in bytetest, bytejump and byteextract for negative offset (#828) | |
1505 | - Fix IPS mode being unable to drop tunneled packets (#826) | |
1506 | - Fix OS X Unix Socket build (#829) | |
1507 | ||
1508 | 1.4.2 -- 2013-05-29 | |
1509 | ||
1510 | - No longer force nocase to be used on http_host | |
1511 | - Invalidate rule if uppercase content is used for http_host w/o nocase | |
1512 | - Warn user if bpf is used in af-packet IPS mode | |
1513 | - Better test for available libjansson version | |
1514 | - Fixed accuracy issues with relative pcre matching (#784) | |
1515 | - Improved accuracy of file_data keyword (#788) | |
1516 | - Invalidate negative depth (#770) | |
1517 | - Fix http host parsing for IPv6 addresses (#761) | |
1518 | - Fix fast.log formatting issues (#773) | |
1519 | - Fixed deadlock in flowvar set code for http buffers (#801) | |
1520 | - Various signature ordering improvements | |
1521 | - Minor stream engine fix | |
1522 | ||
1523 | 1.4.1 -- 2013-03-08 | |
1524 | ||
1525 | - GeoIP keyword, allowing matching on Maxmind's database, contributed by Ignacio Sanchez (#559) | |
1526 | - Introduce http_host and http_raw_host keywords (#733, #743) | |
1527 | - Add python module for interacting with unix socket (#767) | |
1528 | - Add new unix socket commands: fetching config, counters, basic runtime info (#764, #765) | |
1529 | - Big Napatech support update by Matt Keeler | |
1530 | - Configurable sensor id in unified2 output, contributed by Jake Gionet (#667) | |
1531 | - FreeBSD IPFW fixes by Nikolay Denev | |
1532 | - Add "default" interface setting to capture configuration in yaml (#679) | |
1533 | - Make sure "snaplen" can be set by the user (#680) | |
1534 | - Improve HTTP URI query string normalization (#739) | |
1535 | - Improved error reporting in MD5 loading (#693) | |
1536 | - Improve reference.config parser error reporting (#737) | |
1537 | - Improve build info output to include all configure options (#738) | |
1538 | - Segfault in TLS parsing reported by Charles Smutz (#725) | |
1539 | - Fix crash in teredo decoding, reported by Rmkml (#736) | |
1540 | - fixed UDPv4 packets without checksum being detected as invalid (#760) | |
1541 | - fixed DCE/SMB parsers getting confused in some fragmented cases (#764) | |
1542 | - parsing ipv6 address/subnet parsing in thresholding was fixed by Jamie Strandboge (#697) | |
1543 | - FN: IP-only rule ip_proto not matching for some protocols (#689) | |
1544 | - Fix build failure with other libhtp installs (#688) | |
1545 | - Fix malformed yaml loading leading to a crash (#694) | |
1546 | - Various Mac OS X fixes (#700, #701, #703) | |
1547 | - Fix for autotools on Mac OS X by Jason Ish (#704) | |
1548 | - Fix AF_PACKET under high load not updating stats (#706) | |
1549 | ||
1550 | 1.3.6 -- 2013-03-07 | |
1551 | ||
1552 | - fix decoder event rules not checked in all cases (#671) | |
1553 | - checksum detection for icmpv6 was fixed (#673) | |
1554 | - crash in HTTP server body inspection code fixed (#675) | |
1555 | - fixed a icmpv6 payload bug (#676) | |
1556 | - IP-only rule ip_proto not matching for some protocols was addressed (#690) | |
1557 | - fixed malformed yaml crashing suricata (#702) | |
1558 | - parsing ipv6 address/subnet parsing in thresholding was fixed by Jamie Strandboge (#717) | |
1559 | - crash in tls parser was fixed (#759) | |
1560 | - fixed UDPv4 packets without checksum being detected as invalid (#762) | |
1561 | - fixed DCE/SMB parsers getting confused in some fragmented cases (#763) | |
1562 | ||
63370745 VJ |
1563 | 1.4 2012-12-13 |
1564 | ||
1565 | - Decoder event matching fixed (#672) | |
1566 | - Unified2 would overwrite files if file rotation happened within a second of file creation, leading to loss of events/alerts (#665) | |
1567 | - Add more events to IPv6 extension header anomolies (#678) | |
1568 | - Fix ICMPv6 payload and checksum calculation (#677, #674) | |
1569 | - Clean up flow timeout handling (#656) | |
1570 | - Fix a shutdown bug when using AF_PACKET under high load (#653) | |
1571 | - Fix TCP sessions being cleaned up to early (#652) | |
1572 | ||
1573 | 1.3.5 2012-12-06 | |
1574 | ||
1575 | - Flow engine memory leak fixed by Ludovico Cavedon (#651) | |
1576 | - Unified2 would overwrite files if file rotation happened within a second of file creation, leading to loss of events/alerts (#664) | |
1577 | - Flow manager mutex used unintialized, fixed by Ludovico Cavedon (#654) | |
1578 | - Windows building in CYGWIN fixed (#630) | |
1579 | ||
e4f25661 VJ |
1580 | 1.4rc1 2012-11-29 |
1581 | ||
1582 | - Interactive unix socket mode (#571, #552) | |
1583 | - IP Reputation: loading and matching (#647) | |
1584 | - Improved --list-keywords commandline option gives detailed info for supported keyword, including doc link (#435) | |
1585 | - Rule analyzer improvement wrt ipv4/ipv6, invalid rules (#494) | |
1586 | - User-Agent added to file log and filestore meta files (#629) | |
1587 | - Endace DAG supports live stats and at exit drop stats (#638) | |
1588 | - Add support for libhtp event "request port doesn't match tcp port" (#650) | |
1589 | - Rules with negated addresses will not be considered IP-only (#599) | |
1590 | - Rule reloads complete much faster in low traffic conditions (#526) | |
1591 | - Suricata -h now displays all available options (#419) | |
1592 | - Luajit configure time detection was improved (#636) | |
1593 | - Flow manager mutex used w/o initialization (#628) | |
1594 | - Cygwin work around for windows shell mangling interface string (#372) | |
1595 | - Fix a Prelude output crash with alerts generated by rules w/o classtype or msg (#648) | |
1596 | - CLANG compiler build fixes (#649) | |
1597 | - Several fixes found by code analyzers | |
1598 | ||
b0caeaa5 VJ |
1599 | 1.4beta3 2012-11-14 |
1600 | ||
1601 | - support for Napatech cards was greatly improved by Matt Keeler from Npulse (#430, #619) | |
1602 | - support for pkt_data keyword was added | |
1603 | - user and group to run as can now be set in the config file | |
1604 | - make HTTP request and response body inspection sizes configurable per HTTP server config (#560) | |
1605 | - PCAP/AF_PACKET/PF_RING packet stats are now printed in stats.log (#561, #625) | |
1606 | - add contrib directory to the dist (#567) | |
1607 | - performance improvements to signatures with dsize option | |
1608 | - improved rule analyzer: print fast_pattern along with the rule (#558) | |
1609 | - fixes to stream engine reducing the number of events generated (#604) | |
1610 | - add stream event to match on overlaps with different data in stream reassembly (#603) | |
1611 | - stream.inline option new defaults to "auto", meaning enabled in IPS mode, disabled in IDS mode (#592) | |
1612 | - HTTP handling in OOM condition was greatly improved (#557) | |
1613 | - filemagic keyword performance was improved (#585) | |
1614 | - fixes and improvements to daemon mode (#624) | |
1615 | - fix drop rules not working correctly when thresholded (#613) | |
1616 | - fixed a possible FP when a regular and "chopped" fast_pattern were the same (#581) | |
1617 | - fix a false possitive condition in http_header (#607) | |
1618 | - fix inaccuracy in byte_jump keyword when using "from_beginning" option (#627) | |
1619 | - fixes to rule profiling (#576) | |
1620 | - cleanups and misc fixes (#379, #395) | |
1621 | - updated bundled libhtp to 0.2.11 | |
1622 | - build system improvements and cleanups | |
1623 | - fix to SSL record parsing | |
1624 | ||
1625 | 1.3.4 -- 2012-11-14 | |
1626 | ||
1627 | - fix crash in flow and host engines in cases of low memory or low memcap settings (#617) | |
1628 | - improve http handling in low memory conditions (#620) | |
1629 | - fix inaccuracy in byte_jump keyword when using "from_beginning" option (#626) | |
1630 | - fix building on OpenBSD 5.2 | |
1631 | - update default config's defrag settings to reflect all available options | |
1632 | - fixes to make check | |
1633 | - fix to SSL record parsing | |
1634 | ||
1635 | 1.3.3 -- 2012-11-01 | |
1636 | ||
1637 | - fix drop rules not working correctly when thresholded (#615) | |
1638 | - fix a false possitive condition in http_header (#606) | |
1639 | - fix extracted file corruption (#601) | |
1640 | - fix a false possitive condition with the pcre keyword and relative matching (#588) | |
1641 | - fix PF_RING set cluster problem on dma interfaces (#598) | |
1642 | - improve http handling in low memory conditions (#586, #587) | |
1643 | - fix FreeBSD inline mode crash (#612) | |
1644 | - suppress pcre jit warning (#579) | |
1645 | ||
d774d6e2 VJ |
1646 | 1.4beta2 -- 2012-10-04 |
1647 | ||
1648 | - New keyword: "luajit" to inspect packet, payload and all HTTP buffers with a Lua script (#346) | |
1649 | - Added ability to control per server HTTP parser settings in much more detail (#503) | |
1650 | - Rewrite of IP Defrag engine to improve performance and fix locking logic (#512, #540) | |
1651 | - Big performance improvement in inspecting decoder, stream and app layer events (#555) | |
1652 | - Pool performance improvements (#541) | |
1653 | - Improved performance of signatures with simple pattern setups (#577) | |
1654 | - Bundled docs are installed upon make install (#527) | |
1655 | - Support for a number of global vs rule thresholds [3] was added (#425) | |
1656 | - Improved rule profiling performance | |
1657 | - If not explicit fast_pattern is set, pick HTTP patterns over stream patterns. HTTP method, stat code and stat msg are excluded. | |
1658 | - Fix compilation on architectures other than x86 and x86_64 (#572) | |
1659 | - Fix FP with anchored pcre combined with relative matching (#529) | |
1660 | - Fix engine hanging instead of exitting if the pcap device doesn't exist (#533) | |
1661 | - Work around for potential FP, will get properly fixed in next release (#574) | |
1662 | - Improve ERF handling. Thanks to Jason Ish | |
1663 | - Always set cluster_id in PF_RING | |
1664 | - IPFW: fix broken broadcast handling | |
1665 | - AF_PACKET kernel offset issue, IPS fix and cleanup | |
1666 | - Fix stream engine sometimes resending the same data to app layer | |
1667 | - Fix multiple issues in HTTP multipart parsing | |
1668 | - Fixed a lockup at shutdown with NFQ (#537) | |
1669 | ||
1670 | 1.3.2 -- 2012-10-03 | |
1671 | ||
1672 | - Fixed a possible FP when a regular and "chopped" fast_pattern were the same (#562) | |
1673 | - Fixed a FN condition with the flow:no_stream option (#575) | |
1674 | - Fix building of perf profiling code on i386 platform. By Simon Moon (#534) | |
1675 | - Fix multiple issues in HTTP multipart parsing | |
1676 | - Fix stream engine sometimes resending the same data to app layer | |
1677 | - Always set cluster_id in PF_RING | |
1678 | - Defrag: silence some potentially noisy errors/warnings | |
1679 | - IPFW: fix broken broadcast handling | |
1680 | - AF_PACKET kernel offset issue | |
1681 | ||
fca70730 VJ |
1682 | 1.4beta1 -- 2012-09-06 |
1683 | ||
1684 | - Custom HTTP logging contributed by Ignacio Sanchez (#530) | |
1685 | - TLS certificate logging and fingerprint computation and keyword (#443) | |
1686 | - TLS certificate store to disk feature (#444) | |
1687 | - Decoding of IPv4-in-IPv6, IPv6-in-IPv6 and Teredo tunnels (#462, #514, #480) | |
1688 | - AF_PACKET IPS support (#516) | |
1689 | - Rules can be set to inspect only IPv4 or IPv6 (#494) | |
1690 | - filesize keyword for matching on sizes of files in HTTP (#489) | |
1691 | - Delayed detect initialization. Starts processing packets right away and loads detection engine in the background (#522) | |
1692 | - NFQ fail open support (#507) | |
1693 | - Highly experimental lua scripting support for detection | |
1694 | - Live reloads now supports HTTP rule updates better (#522) | |
1695 | - AF_PACKET performance improvements (#197, #415) | |
1696 | - Make defrag more configurable (#517, #528) | |
1697 | - Improve pool performance (#518) | |
1698 | - Improve file inspection keywords by adding a separate API (#531) | |
1699 | - Example threshold.config file provided (#302) | |
1700 | - Fix building of perf profiling code on i386 platform. By Simon Moon (#534) | |
1701 | - Various spelling corrections by Simon Moon (#533) | |
1702 | ||
e28835af VJ |
1703 | 1.3.1 -- 2012-08-21 |
1704 | ||
1705 | - AF_PACKET performance improvements | |
1706 | - Defrag engine performance improvements | |
1707 | - HTTP: add per server options to enable/disable double decoding of URI (#464, #504) | |
1708 | - Stream engine packet handling for packets with non-standard flag combinations (#508) | |
1709 | - Improved stream engine handling of packet loss (#523) | |
1710 | - Stream engine checksum alerting fixed | |
1711 | - Various rule analyzer fixes (#495, #496, #497) | |
1712 | - (Rule) profiling fixed and improved (#460, #466) | |
1713 | - Enforce limit on max-pending-packets (#510) | |
1714 | - fast_pattern on negated content improved | |
1715 | - TLS rule keyword parsing issues | |
1716 | - Windows build fixes (#502) | |
1717 | - Host OS parsing issues fixed (#499) | |
1718 | - Reject signatures where content length is bigger than "depth" setting (#505) | |
1719 | - Removed unused "prune-flows" option | |
1720 | - Set main thread and live reload thread names (#498) | |
1721 | ||
22957776 VJ |
1722 | 1.3 -- 2012-07-06 |
1723 | ||
1724 | - make live rule reloads optional and disabled by default | |
1725 | - fix a shutdown bug | |
1726 | - fix several memory leaks (#492) | |
1727 | - warn user if global and rule thresholding conflict (#455) | |
1728 | - set thread names on FreeBSD (Nikolay Denev) | |
1729 | - Fix PF_RING building on Ubuntu 12.04 | |
1730 | - rule analyzer updates | |
1731 | - file inspection improvements when dealing with limits (#493) | |
1732 | ||
583ba460 VJ |
1733 | 1.3rc1 -- 2012-06-29 |
1734 | ||
1735 | - experimental live rule reload by sending a USR2 signal (#279) | |
1736 | - AF_PACKET BPF support (#449) | |
1737 | - AF_PACKET live packet loss counters (#441) | |
1738 | - Rule analyzer (#349) | |
1739 | - add pcap workers runmode for use with libpcap wrappers that support load balancing, such as Napatech's or Myricom's | |
1740 | - negated filemd5 matching, allowing for md5 whitelisting | |
1741 | - signatures with depth and/or offset are now checked against packets in addition to the stream (#404) | |
1742 | - http_cookie keyword now also inspects "Set-Cookie" header (#479) | |
1743 | - filemd5 keyword no longer depends on log-file output module (#447) | |
1744 | - http_raw_header keyword inspects original header line terminators (#475) | |
1745 | - deal with double encoded URI (#464) | |
1746 | - improved SMB/SMB2/DCERPC robustness | |
1747 | - ICMPv6 parsing fixes | |
1748 | - improve HTTP body inspection | |
1749 | - stream.inline accuracy issues fixed (#339) | |
1750 | - general stability fixes (#482, #486) | |
1751 | - missing unittests added (#471) | |
1752 | - "threshold.conf not found" error made more clear (#446) | |
1753 | - IPS mode segment logging for Unified2 improved | |
1754 | ||
1755 | 1.3beta2 -- 2012-06-08 | |
ed9b07ef VJ |
1756 | |
1757 | - experimental support for matching on large lists of known file MD5 checksums | |
1758 | - Improved performance for file_data, http_server_body and http_client_body keywords | |
1759 | - Improvements to HTTP handling: multipart parsing, gzip decompression | |
1760 | - Byte_extract can support negative offsets now (#445) | |
1761 | - Support for PF_RING 5.4 added. Many thanks to Chris Wakelin (#459) | |
1762 | - HOME_NET and EXTERNAL_NET and the other vars are now checked for common errors (#454) | |
1763 | - Improved error reporting when using too long address strings (#451) | |
1764 | - MD5 calculation improvements for daemon mode and other cases (#449) | |
1765 | - File inspection scripts: Added Syslog action for logging to local syslog. Thanks to Martin Holste. | |
1766 | - Rule parser is made more strict. | |
1767 | - Unified2 output overhaul, logging individual segments in more cases. | |
1768 | - detection_filter keyword accuracy problem was fixed (#453) | |
1769 | - Don't inspect cookie header with http header (#461) | |
1770 | - Crash with a rule with two byte_extract keywords (#456) | |
1771 | - SSL parser fixes. Thanks to Chris Wakelin for testing the patches! (#476) | |
1772 | - Accuracy issues in HTTP inspection fixed. Thanks to Rmkml (#452) | |
1773 | - Improve escaping of some characters in logs (#418) | |
1774 | - Checksum calculation bugs fixed | |
1775 | - IPv6 parsing issues fixed. Thanks to Michel Saborde. | |
1776 | - Endace DAG issues fixed. Thanks to Jason Ish from Endace. | |
1777 | - Various OpenBSD related fixes. | |
1778 | - Fixes for bugs found by Coverity source code analyzer. | |
1779 | ||
fbe0206c VJ |
1780 | 1.3beta1 -- 2012-04-04 |
1781 | ||
1782 | - TLS/SSL handshake parser, tls.subjectdn and tls.issuerdn keywords (#296, contributed by Pierre Chifflier) | |
1783 | - Napatech capture card support (contributed by Randy Caldejon -- nPulse) | |
1784 | - Scripts for looking up files / file md5's at Virus Total and others (contributed by Martin Holste) | |
1785 | - Test mode: -T option to test the config (#271) | |
1786 | - Ringbuffer and zero copy support for AF_PACKET | |
1787 | - Commandline options to list supported app layer protocols and keywords (#344, #414) | |
1788 | - File extraction for HTTP POST request that do not use multipart bodies | |
1789 | - On the fly md5 checksum calculation of extracted files | |
1790 | - Line based file log, in json format | |
1791 | - Basic support for including other yaml files into the main yaml | |
1792 | - New multi pattern engine: ac-bs | |
1793 | - Profiling improvements, added lock profiling code | |
1794 | - Improved HTTP CONNECT support in libhtp (#427, Brian Rectanus -- Qualys) | |
1795 | - Unified yaml naming convention, including fallback support (by Nikolay Denev) | |
1796 | - Improved Endace DAG support (#431, Jason Ish -- Endace) | |
1797 | - New default runmode: "autofp" (#433) | |
1798 | - Major rewrite of flow engine, improving scalability. | |
1799 | - Improved http_stat_msg and http_stat_code keywords (#394) | |
1800 | - Improved scalability for Tag and Threshold subsystems | |
1801 | - Made the rule keyword parser much stricter in detecting syntax errors | |
1802 | - Split "file" output into "file-store" and "file-log" outputs | |
1803 | - Much improved file extraction | |
1804 | - CUDA build fixes (#421) | |
1805 | - Various FP's reported by Rmkml (#403, #405, #411) | |
1806 | - IPv6 decoding and detection issues (reported by Michel Sarborde) | |
1807 | - PCAP logging crash (#422) | |
1808 | - Fixed many (potential) issues with the help of the Coverity source code analyzer | |
1809 | - Fixed several (potential) issues with the help of the cppcheck and clang/scan-build source code analyzers | |
1810 | ||
65d1783b VJ |
1811 | 1.2.1 -- 2012-01-20 |
1812 | ||
1813 | - fix malformed unified2 records when writing alerts trigger by stream inspection (#402) | |
1814 | - only force a pseudo packet inspection cycle for TCP streams in a state >= established | |
1815 | ||
5b42f360 VJ |
1816 | 1.2 -- 2012-01-19 |
1817 | ||
1818 | - improved Windows/CYGWIN path handling (#387) | |
1819 | - fixed some issues with passing an interface or ip address with -i | |
1820 | - make live worker runmode threads adhere to the 'detect' cpu affinity settings | |
1821 | ||
e192ce7e VJ |
1822 | 1.2rc1 -- 2012-01-11 |
1823 | ||
1824 | - app-layer-events keyword: similar to the decoder-events and stream-events, this will allow matching on HTTP and SMTP events | |
1825 | - auto detection of checksum offloading per interface (#311) | |
1826 | - urilen options to match on raw or normalized URI (#341) | |
1827 | - flow keyword option "only_stream" and "no_stream" | |
1828 | - unixsock output options for all outputs except unified2 (PoC python script in the qa/ dir) (#250) | |
1829 | - in IPS mode, reject rules now also drop (#399) | |
1830 | - http_header now also inspects response headers (#389) | |
1831 | - "worker" runmodes for NFQ and IPFW | |
1832 | - performance improvement for "ac" pattern matcher | |
1833 | - allow empty/non-initialized flowints to be incremented | |
1834 | - PCRE-JIT is now enabled by default if available (#356) | |
1835 | - many file inspection and extraction improvements | |
1836 | - flowbits and flowints are now modified in a post-match action list | |
1837 | - general performance increasements | |
1838 | - fixed parsing really high sid numbers >2 Billion (#393) | |
1839 | - fixed ICMPv6 not matching in IP-only sigs (#363) | |
1840 | ||
c0cd2c85 VJ |
1841 | 1.2beta1 -- 2011-12-19 |
1842 | ||
1843 | - File name, type inspection and extraction for HTTP | |
1844 | - filename, fileext, filemagic and filestore keywords added | |
1845 | - "file" output for storing extracted files to disk | |
1846 | - file_data keyword support, inspecting normalized, dechunked, decompressed HTTP response body (feature #241 | |
1847 | - new keyword http_server_body, pcre regex /S option | |
1848 | - Option to enable/disable core dumping from the suricata.yaml (enabled by default) | |
1849 | - Human readable size limit settings in suricata.yaml | |
1850 | - PF_RING bpf support (required PF_RING >= 5.1) (feature #334) | |
1851 | - tos keyword support (feature #364) | |
1852 | - IPFW IPS mode does now support multiple divert sockets | |
1853 | - New IPS running modes, Linux and FreeBSD do now support "worker" and "autofp" | |
1854 | - Improved alert accuracy in autofp and single runmodes | |
1855 | - major performance optimizations for the ac-gfbs pattern matcher implementation | |
1856 | - unified2 output fixes | |
1857 | - PF_RING supports privilege dropping now (bug #367) | |
1858 | - Improved detection of duplicate signatures | |
1859 | ||
1860 | 1.1.1 -- 2011-12-07 | |
1861 | ||
1862 | - Fix for a error in the smtp parser that could crash Suricata. | |
1863 | - Fix for AF_PACKET not compiling on modern linux systems like Fedora 16. | |
1864 | ||
6256d6b5 VJ |
1865 | 1.1 -- 2011-11-10 |
1866 | ||
1867 | - CUDA build fixed | |
1868 | - minor pcap, AF_PACKET and PF_RING fixes (#368) | |
1869 | - bpf handling fix | |
1870 | - Windows CYGWIN build | |
1871 | - more cleanups | |
1872 | ||
1873 | 1.1rc1 -- 2011-11-03 | |
1874 | ||
1875 | - extended HTTP request logging for use with (among other things) http_agent for Sguil (#38) | |
1876 | - AF_PACKET report drop stats on shutdown (#325) | |
1877 | - new counters in stats.log for flow and stream engines (#348) | |
1878 | - SMTP parsing code support for BDAT command (#347) | |
1879 | - HTTP URI normalization no longer converts to lowercase (#362) | |
1880 | - AF_PACKET works with privileges dropping now (#361) | |
1881 | - Prelude output for state matches (#264, #355) | |
1882 | - update of the pattern matching code that should improve accuracy | |
1883 | - rule parser was made more strict (#295, #312) | |
1884 | - multiple event suppressions for the same SID was fixed (#366) | |
1885 | - several accuracy fixes | |
1886 | - removal of the unified1 output plugins (#353) | |
1887 | ||
1888 | 1.1beta3 -- 2011-10-25 | |
1889 | ||
1890 | - af-packet support for high speed packet capture | |
1891 | - "replace" keyword support (#303) | |
1892 | - new "workers" runmode for multi-dev and/or clustered PF_RING, AF_PACKET, pcap | |
1893 | - added "stream-event" keyword to match on TCP session anomalies | |
1894 | - support for suppress keyword was added (#274) | |
1895 | - byte_extract keyword support was added | |
1896 | - improved handling of timed out TCP sessions in the detection engine | |
1897 | - unified2 payload logging if detection was in the HTTP state (#264) | |
1898 | - improved accuracy of the HTTP transaction logging | |
1899 | - support for larger (64 bit) Flow/Stream memcaps (#332) | |
1900 | - major speed improvements for PCRE, including support for PCRE JIT | |
1901 | - support setting flowbits in ip-only rules (#292) | |
1902 | - performance increases on SSE3+ CPU's | |
1903 | - overhaul of the packet acquisition subsystem | |
1904 | - packet based performance profiling subsystem was added | |
1905 | - TCP SACK support was added to the stream engine | |
1906 | - updated included libhtp to 0.2.6 which fixes several issues | |
1907 | ||
1908 | 1.1beta2 -- 2011-04-13 | |
1909 | ||
1910 | - New keyword support: http_raw_uri (including /I for pcre), ssl_state, ssl_version (#258, #259, #260, #262). | |
1911 | - Inline mode for the stream engine (#230, #248). | |
1912 | - New keyword support: nfq_set_mark | |
1913 | - Included an example decoder-events.rules file | |
1914 | - api for adding and selecting runmodes was added | |
1915 | - pcap logging / recording output was added | |
1916 | - basic SCTP protocol parsing was added | |
1917 | - more fine grained CPU affinity setting support was added | |
1918 | - stream engine inspects stream in larger chunks | |
1919 | - fast_pattern support for http_method content modifier (#255) | |
1920 | - negation support for isdataat keyword (#257) | |
1921 | - configurable interval for stats.log updates (#247) | |
1922 | - new pf_ring runmode was added that scales better | |
1923 | - pcap live mode now handles the monitor interface going up and down | |
1924 | - several QA additions to "make check" | |
1925 | - NFQ (linux inline) mode was improved | |
1926 | - Alerts classification fix (#275) | |
1927 | - compiles and runs on big-endian systems (#63) | |
1928 | - unified2 output works around barnyard2 issues with DLT_RAW + IPv6 | |
1929 | ||
1930 | 1.1beta1 -- 2010-12-21 | |
1931 | ||
1932 | - New keyword support: http_raw_header, http_stat_msg, http_stat_code. | |
1933 | - A new default pattern matcher, Aho-Corasick based, that uses much less memory. | |
1934 | - reference.config support as supplied by ET/ETpro and VRT. | |
1935 | - Much improved fast_pattern support, including for http_uri, http_client_body, http_header, http_raw_header. | |
1936 | - Improved parsers, especially the DCERPC parser. | |
1937 | - Much improved performance & accuracy. | |
1938 | ||
1939 | 1.0.5 -- 2011-07-25 | |
1940 | ||
1941 | - Fix stream reassembly bug #300. Thanks to Rmkml for the report. | |
1942 | - Fix several (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat. | |
1943 | ||
1944 | 1.0.4 -- 2011-06-24 | |
1945 | ||
1946 | - LibHTP updated to 0.2.6 | |
1947 | - Large number of (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat. | |
1948 | - Large number of (potential) issues fixed after source code scans with the Clang static analizer. | |
1949 | ||
1950 | 1.0.3 -- 2011-04-13 | |
1951 | ||
1952 | - Fix broken checksum calculation for TCP/UDP in some cases | |
1953 | - Fix errors in the byte_test, byte_jump, http_method and http_header keywords | |
1954 | - Fix a ASN1 parsing issue | |
1955 | - Improve LibHTP memory handling | |
1956 | - Fix a defrag issue | |
1957 | - Fix several stream engine issues | |
1958 |