From: Todd Mortimer Date: Mon, 31 Oct 2022 17:39:51 +0000 (+0000) Subject: swf-decompression: Disable by default. X-Git-Tag: suricata-7.0.0-rc1~356 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15c77be9377bce42884aff5cccf57b3aca1b134e;p=thirdparty%2Fsuricata.git swf-decompression: Disable by default. Add an entry to the upgrade guide noting the change. Ticket: #5632 --- diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index 706ba14a96..8c551a2b03 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -59,6 +59,8 @@ Other changes - NSS is no longer required. File hashing and JA3 can now be used without the NSS compile time dependency. - If installing Suricata without the bundled Suricata-Update, the ``default-rule-path`` has been changed from ``/etc/suricata/rules`` to ``/var/lib/suricata/rules`` to be consistent with Suricata when installed with Suricata-Update. - FTP has been updated with a maximum command request and response line length of 4096 bytes. To change the default see :ref:`suricata-yaml-configure-ftp`. +- SWF decompression in http has been disabled by default. To change the default see :ref:`suricata-yaml-configure-libhtp`. Users with configurations from previous releases may want to modify their config to match the new default. + See https://redmine.openinfosecfoundation.org/issues/5632 for more information. Logging changes ~~~~~~~~~~~~~~~ diff --git a/suricata.yaml.in b/suricata.yaml.in index 5988dfbf67..44a3833cb3 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -970,7 +970,7 @@ app-layer: # auto will use http-body-inline mode in IPS mode, yes or no set it statically http-body-inline: auto - # Decompress SWF files. + # Decompress SWF files. Disabled by default. # Two types: 'deflate', 'lzma', 'both' will decompress deflate and lzma # compress-depth: # Specifies the maximum amount of data to decompress, @@ -979,7 +979,7 @@ app-layer: # Specifies the maximum amount of decompressed data to obtain, # set 0 for unlimited. swf-decompression: - enabled: yes + enabled: no type: both compress-depth: 100kb decompress-depth: 100kb