Add an entry to the upgrade guide noting the change.
Ticket: #5632
- NSS is no longer required. File hashing and JA3 can now be used without the NSS compile time dependency.
- If installing Suricata without the bundled Suricata-Update, the ``default-rule-path`` has been changed from ``/etc/suricata/rules`` to ``/var/lib/suricata/rules`` to be consistent with Suricata when installed with Suricata-Update.
- FTP has been updated with a maximum command request and response line length of 4096 bytes. To change the default see :ref:`suricata-yaml-configure-ftp`.
+- SWF decompression in http has been disabled by default. To change the default see :ref:`suricata-yaml-configure-libhtp`. Users with configurations from previous releases may want to modify their config to match the new default.
+ See https://redmine.openinfosecfoundation.org/issues/5632 for more information.
Logging changes
~~~~~~~~~~~~~~~
# auto will use http-body-inline mode in IPS mode, yes or no set it statically
http-body-inline: auto
- # Decompress SWF files.
+ # Decompress SWF files. Disabled by default.
# Two types: 'deflate', 'lzma', 'both' will decompress deflate and lzma
# compress-depth:
# Specifies the maximum amount of data to decompress,
# Specifies the maximum amount of decompressed data to obtain,
# set 0 for unlimited.
swf-decompression:
- enabled: yes
+ enabled: no
type: both
compress-depth: 100kb
decompress-depth: 100kb
projects / thirdparty / suricata.git / commitdiff
