From: Shivani Bhardwaj Date: Tue, 8 Jul 2025 07:07:25 +0000 (+0530) Subject: release: 7.0.11; update changelog X-Git-Tag: suricata-7.0.11^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=98b12d1c30e6f8db1e38f3c34abf965a4d03b062;p=thirdparty%2Fsuricata.git release: 7.0.11; update changelog --- diff --git a/ChangeLog b/ChangeLog index c40b2ec831..0096af6b57 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,24 @@ +7.0.11 -- 2025-07-08 + +Security #7766: libhtp-c: memory leak with lzma(HIGH - CVE 2025-53537) +Security #7659: http2: global tx (stream id 0) may open file and never close it (7.0.x backport)(HIGH - CVE 2025-53538) +Bug #7779: mpm/ac: error "Just ran out of space in the queue" (7.0.x backport) +Bug #7748: byte_extract: issue with saved 'name' in distance keyword (7.0.x backport) +Bug #7736: brotli: old crate version has integer underflow (7.0.x backport) +Bug #7731: dcerpc: uint16 overflow (rust debug assertion) (7.0.x backport) +Bug #7716: snmp: probing parser returns ALPROTO_FAILED instead of ALPROTO_UNKNOWN if slice.len() < 4 (7.0.x backport) +Bug #7690: datasets: set type IP can't set IPv4 (7.0.x backport) +Bug #7688: flow: non-TCP protocol timeout handling leads to missing flows (7.0.x backport) +Bug #7682: flow: race condition at shutdown leads to duplicate flows (7.0.x backport) +Bug #7670: http: lack of setting updated_ts leads to detection delay (7.0.x backport) +Bug #7663: ips: deconflict pass flow and drop packet rules (7.0.x backport) +Bug #7661: pcap: continuous file reading fails on an empty directory (7.0.x backport) +Bug #7652: rust: warnings with rustc 1.86 +Bug #7610: http: reachable assertion when memcap reached during rule reload +Bug #7375: dpdk: iface-copy should not be mandatory (7.0.x backport) +Bug #7293: CI: clang-format does not work for main-7.0.x branch (7.0.x backport) +Optimization #7781: mpm/ac-ks: reduce stack usage (7.0.x backport) + 7.0.10 -- 2025-03-25 Bug #7619: af-packet: setting bpf fails (7.0.x backport) diff --git a/configure.ac b/configure.ac index 7b759d1ba7..20a3a69f6e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ - AC_INIT([suricata],[7.0.11-dev]) + AC_INIT([suricata],[7.0.11]) m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes]) AC_CONFIG_HEADERS([src/autoconf.h]) AC_CONFIG_SRCDIR([src/suricata.c]) @@ -1580,12 +1580,12 @@ echo exit 1 fi - PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.50],[libhtp_minver_found="yes"],[libhtp_minver_found="no"]) + PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.51],[libhtp_minver_found="yes"],[libhtp_minver_found="no"]) if test "$libhtp_minver_found" = "no"; then PKG_CHECK_MODULES(LIBHTPDEVVERSION, [htp = 0.5.X],[libhtp_devver_found="yes"],[libhtp_devver_found="no"]) if test "$libhtp_devver_found" = "no"; then echo - echo " ERROR! libhtp was found but it is neither >= 0.5.50, nor the dev 0.5.X" + echo " ERROR! libhtp was found but it is neither >= 0.5.51, nor the dev 0.5.X" echo exit 1 fi diff --git a/requirements.txt b/requirements.txt index 6df1358f07..0fe1709507 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,5 +3,5 @@ # Format: # # name {repo} {branch|tag} -libhtp https://github.com/OISF/libhtp 0.5.x -suricata-update https://github.com/OISF/suricata-update master +libhtp https://github.com/OISF/libhtp 0.5.51 +suricata-update https://github.com/OISF/suricata-update 1.3.6 diff --git a/rust/Cargo.lock.in b/rust/Cargo.lock.in index fbf17d164b..0c2024968b 100644 --- a/rust/Cargo.lock.in +++ b/rust/Cargo.lock.in @@ -927,7 +927,7 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "suricata" -version = "7.0.11-dev" +version = "7.0.11" dependencies = [ "aes", "aes-gcm", @@ -973,7 +973,7 @@ dependencies = [ [[package]] name = "suricata-derive" -version = "7.0.11-dev" +version = "7.0.11" dependencies = [ "proc-macro-crate", "proc-macro2",