From: Shivani Bhardwaj Date: Tue, 8 Apr 2025 12:36:59 +0000 (+0530) Subject: release: 8.0.0-beta1; update changelog X-Git-Tag: suricata-8.0.0-beta1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c965c5687db041492c19b7fbc3f72c4565427031;p=thirdparty%2Fsuricata.git release: 8.0.0-beta1; update changelog --- diff --git a/ChangeLog b/ChangeLog index c5ffe05113..378053f411 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,528 @@ +8.0.0-beta1 -- 2025-04-08 + +Feature #7644: pgsql: add CopyOut subprotocol/mode +Feature #7633: dpdk: refrain from creating TX queues on zero TX descriptors +Feature #7620: smb: configurable logging +Feature #7596: mime: add email.to keyword +Feature #7595: mime: add email.subject keyword +Feature #7592: mime: add email.from keyword +Feature #7588: mime: add email.cc keyword +Feature #7565: dcerpc: rpc interfaces info in request event +Feature #7533: detect/ldap: add ldap.request.attribute_type and ldap.request.attribute keywords, and same for responses +Feature #7532: detect/ldap: add keywords for LDAPResult +Feature #7517: detect: smtp.mail_from keyword +Feature #7516: detect: smtp.rcpt_to keyword +Feature #7515: detect: smtp.helo keyword +Feature #7513: detect/integers: add support for negated strings when enum is used +Feature #7508: rules: ftp.reply keyword +Feature #7503: rules: ftp.command_data keyword +Feature #7502: rules: ftp.command keyword +Feature #7485: rules: allow specifying explicit hooks +Feature #7482: eve/flow: log tcp session reuse as a timeout reason +Feature #7481: rules/actions: explicit action scopes +Feature #7477: ldap: add support for AbandonRequest +Feature #7471: detect/ldap: add ldap.distinguished_name keywords for request and response +Feature #7453: detect/ldap: add ldap.request.operation and ldap.response.operation keywords +Feature #7433: eve/alert: enrich decoder event rules +Feature #7403: requires: add ability to check for a rule keyword +Feature #7382: dpdk: create separate packet mempools per queue +Feature #7381: dpdk: when running with ice driver fully start only when link state change event is caught +Feature #7380: dpdk: provide "auto" option for RX/TX descriptors +Feature #7373: dpdk: provide "auto" option to mempool-size property +Feature #7337: dpdk: implement configuration of RSS using rte_flow rules for major cards +Feature #7330: dpdk: support HW VLAN stripping +Feature #7320: flow: add user registerable flow update callbacks +Feature #7319: flow: add user registerable flow initialization callback +Feature #7311: http1: log invalid status as string +Feature #7291: sdp: implements sticky buffer +Feature #7243: lua: expose dataset functions +Feature #7240: libsuricata: use provided threads and packets +Feature #7204: sip: rustify sticky buffers +Feature #7203: ldap: extend parser for udp +Feature #7202: ldap: frame support +Feature #7170: hyperscan: Cache Hyperscan databases to disk to speed up the startup +Feature #7120: threshold: add backoff type +Feature #7108: tls: ALPN keyword +Feature #7098: eve: add payload length field +Feature #7074: lua: expose base64 functions +Feature #7073: lua: expose hashing functions (md5/sha1/sha256) +Feature #7055: tls: log ALPN +Feature #7051: websocket: data frame +Feature #7045: tls-store: add support client certs +Feature #7017: dns: add OPT rdata struct and parsing +Feature #7012: rules: add dns.response sticky buffer +Feature #7011: dns: additional section parsing and logging +Feature #6967: multi-tenancy: support thresholding per tenant +Feature #6943: pcap: datalink type 229 not (yet) supported in module PcapFile +Feature #6939: lua: incremement stat when a lua rule exhausts its instruction count +Feature #6857: iprep: support seeing if rule is part of a rep list +Feature #6856: http: anomaly when request line is missing protocol +Feature #6832: pcap/log: Support BPFs for filtering pcap output +Feature #6827: arp: implement decoder and logger +Feature #6822: threshold: support tracking by flow +Feature #6788: bypass: decouple stream.bypass dependency from TLS encrypted bypass +Feature #6739: dpdk: warn the user if user-settings are adjusted to the device capabilities +Feature #6666: dns: add keyword for dns rrtype: dns.rrtype +Feature #6648: detect: integer: support bitmasks +Feature #6647: detect: integers: support for enumerations +Feature #6646: detect: integer: support negated ranges +Feature #6645: detect: integer parsed with hexadecimal notation +Feature #6637: requires: add skipped rules to stats +Feature #6627: sdp: add protocol parser and logger +Feature #6621: dns: add keyword for dns rcode: dns.rcode +Feature #6550: profiling/rules: allow enabling profiling for pcap file runs +Feature #6546: detect/transform: strip_pseudo_headers +Feature #6497: dns: new detection buffer: dns.query.name +Feature #6496: dns: new detection buffer: dns.answer.name +Feature #6487: detect/transform: from_base64 +Feature #6480: plugins: allow plugins to specify the version of suricata they are for +Feature #6455: txbits: support for new type of bits +Feature #6439: rules: add to_lowercase transform +Feature #6426: http2: app-layer-event and normalization when userinfo is in the :authority pseudo header for the http.host header +Feature #6396: rules: add protocol string support for mqtt +Feature #6379: ja4: support for TLS and QUIC +Feature #6374: sip: add sticky buffers for headers +Feature #6366: pop3: protocol detection +Feature #6290: http: support case insensitive testing of header name existence +Feature #6260: flow: flow matching excluding packet recursion level +Feature #6215: flow/output: log triggered exception policy +Feature #6164: rules: allow matching on flow pkts and bytes +Feature #6090: eve/alert: missing dcerpc metadata +Feature #6079: eve/dcerpc: eve/smb: log dcerpc uuid with request/response txs +Feature #5976: eve/stats: allow hiding counters whose value is 0 +Feature #5972: rules: "requires" keyword representing the minimum version of suricata to support the rule +Feature #5839: dpdk: power saving mode +Feature #5816: stats: exception policy counters +Feature #5773: doh: support DNS over HTTPS (DoH) +Feature #5743: http2: add frame support +Feature #5734: ssh: add frame support +Feature #5665: rules: bidirectional transaction matching +Feature #5647: rules: mark flow as elephant flow +Feature #5646: rules: allow matching on flow pkts and bytes in either direction +Feature #5489: research: multi version rules; or version dependent rules +Feature #5466: detect: allow alert-then-pass logic +Feature #5446: rules: allow ranges in dns.opcode value +Feature #5234: tls: subjectAltName buffer +Feature #5082: smb: keyword for matching the SMB files +Feature #5075: smb: keyword for the SMB version +Feature #4974: eve: log rule references +Feature #4905: smtp: add stream app-layer frame support +Feature #4904: dcerpc: frames support +Feature #4853: eve: Add information about Suricata version +Feature #4777: lua: implement sandboxing +Feature #4776: lua: vendor latest lua stable +Feature #4321: http2: Support link between packets in the same stream +Feature #4102: plugins: support creating app-layer parser, logger and detect +Feature #3958: enip: convert protocol parser to rust +Feature #3487: mime: multi-part parser in Rust +Feature #3351: sip: parse traffic over tcp +Feature #2816: vlan: support more than 2 layers +Feature #2696: http: implement parser in rust +Feature #2695: websocket support +Feature #2486: prefilter/fast_pattern logic for flowbits +Feature #2377: deprecate: ssh.softwareversion and ssh.protoversion +Feature #2280: http: rules that match both request and response +Feature #1971: lua: make mandatory +Feature #1520: multi-tenancy: verbose output clarity +Feature #1199: protocol: LDAP support +Feature #1125: smtp: improve protocol detection +Feature #1065: rules: introduce vlan id keyword +Feature #845: stats: track memory consumption +Security #7615: datasets: signature keyword setting can cause high memory usage(MODERATE - CVE 2025-29916) +Security #7613: decode_base64: signature can do large memory allocation(HIGH - CVE 2025-29917) +Security #7526: detect: infinite loop in DetectEngineContentInspectionInternal with negated pcre(HIGH - CVE 2025-29918) +Security #7465: ldap: bound of number of transactions is not fully enforced +Security #7464: doh2: buffer is not really limited to 65K as should be for DNS +Security #7458: af-packet: defrag option can lead to truncated packets(HIGH - CVE 2025-29915) +Security #7450: tracking: signature can allocate arbitrary amount of memory +Security #7411: tcp: generic detection bypass using TCP urgent support(HIGH - CVE 2024-55629) +Security #7393: tcp: segfault on StreamingBufferSlideToOffsetWithRegions(CRITICAL - CVE 2024-55627) +Security #7366: bpf: oversized bpf file can lead to buffer overflow(MODERATE - CVE 2024-55626) +Security #7280: dns: quadratic complexity in logging and invalid json as output(HIGH - CVE 2024-55628) +Security #7267: ja4: non alphanumeric characters in alpn lead to panic(CRITICAL - CVE 2024-47522) +Security #7229: detect: write to read-only memory in transforms(CRITICAL - CVE 2024-55605) +Security #7209: thash: random factor not used; possible abusive hash collisions(CRITICAL - CVE 2024-47187) +Security #7195: datasets: rule with unset makes suricata abort(HIGH - CVE 2024-45795) +Security #7191: http: quadratic complexity in headers processing/finding(CRITICAL - CVE 2024-45797) +Security #7183: smb: hashmap entries not removed for error responses +Security #7104: http2: oom from duplicate headers(CRITICAL - CVE 2024-38535) +Security #7085: eve: transactions can be logged an arbitrary number of times +Security #7067: defrag: off by one leads to possible evasion(HIGH - CVE 2024-45796) +Security #7040: defrag: id reuse can lead to invalid reassembly(CRITICAL - CVE 2024-37151) +Security #7029: http/range: segv when http.memcap is reached(HIGH - CVE 2024-38536) +Security #6987: modbus: txs without responses are never freed(MODERATE - CVE 2024-38534) +Security #6902: base64: off-by-three overflow in DecodeBase64()(HIGH - CVE 2024-32664) +Security #6900: http2: timeout logging headers(HIGH - CVE 2024-32663) +Security #6892: http2: oom on copying compressed headers(CRITICAL - CVE 2024-32663) +Security #6866: eve: excessive ssh long banner logging(HIGH - CVE 2024-28870) +Security #6799: ssh: quadratic complexity in overlong banner(CRITICAL - CVE 2024-28870) +Security #6796: output/filestore: slowdown because of running OutputTxLog on useless packets +Security #6770: log: arbitrary-length value can be logged +Security #6757: libhtp: quadratic complexity checking after request line missing protocol(CRITICAL - CVE 2024-28871) +Security #6680: smb: pcap with many open files takes too much time +Security #6675: ip-defrag: packet can be considered complete even with holes(MODERATE - CVE 2024-32867) +Security #6669: ip defrag: re-assembly error in bsd policy(MODERATE - CVE 2024-32867) +Security #6668: ip defrag: final overlapping packet can lead to "hole" in re-assembled data(MODERATE - CVE 2024-32867) +Security #6493: ip defrag: several issues with overlap handling +Security #6481: http2: quadratic complexity in find_or_create_tx not bounded by max-tx(CRITICAL - CVE 2024-23836) +Security #6477: smtp: quadratic complexity from unbounded number of transaction per flow(CRITICAL - CVE 2024-23836) +Security #6444: http1: quadratic complexity from infinite folded headers(CRITICAL - CVE 2024-23837) +Security #6441: detect: heap use after free with http.request_header keyword(CRITICAL - CVE 2024-23839) +Security #6411: pgsql: quadratic complexity leads to over consumption of memory(HIGH - CVE 2024-23835) +Security #6299: mqtt: pcap with anomalies takes too long to process because of app-layer-event detection +Security #5926: http2: evasion by splitting header fields over frames(HIGH - CVE 2024-24568) +Security #5921: http1: configurable limit for maximum number of live transactions per flow(CRITICAL - CVE 2024-23836) +Bug #7618: af-packet: setting bpf fails +Bug #7577: detect/files: file.data does not use content passed when closing the file internally +Bug #7567: dcerpc: assertion triggered !((res.needed + res.consumed < input_len)) +Bug #7562: detect/flow: null deference in signature parsing +Bug #7560: detect/krb5: undefined behavior with krb5.ticket_encryption when passing -INT32_MAX +Bug #7556: quic: valid traffic blocked in IPS mode +Bug #7554: tls: parser error on unACK'd data in FIN shutdown +Bug #7552: app-layer: misdetection if response is seen first without request +Bug #7548: dcerpc: avoid integer underflow +Bug #7523: rules/prefilter: prefilter keyword ignored when in content rule +Bug #7521: detect/ip-only: false positive alerts on pseudo packets ending a one direction flow +Bug #7495: protocol detection: probing parsers do not finish as soon as possible +Bug #7469: smtp: recognize when client initiated TLS +Bug #7467: detect: checksum detection broken by stream.checksum-validation +Bug #7466: lua: Flowvar memory leak +Bug #7455: flow: flow timeout behavior non-deterministic +Bug #7449: app-layer metadata does not get logged for stream rules and unidirectional protocols +Bug #7447: NULL dereference in ThreadLogFileHashFreeFunc in bug-5198 SV test +Bug #7444: dpdk: RSS key length missmatch on ice (E810) card with DPDK version 22.11.6 +Bug #7440: eve/frame: incomplete frame logging +Bug #7437: protocol detection : probing parsers are limited to 32 by use of bitflag +Bug #7436: sip: remove UPDATE pattern as already used by HTTP/1.1 +Bug #7435: fuzz: fix protocol detection target initialization sequence +Bug #7422: tcp: GAP event set on unack'd data following a RST +Bug #7418: requires: rules with unmet requirements are still loaded +Bug #7417: rust: remove shared reference to static mutable +Bug #7414: detect: decoder event rules fail to match on invalid packets +Bug #7409: http: crash in strip_pseudo_headers transform +Bug #7406: eve: Alerts with app_proto=tls no longer logs the tls app data +Bug #7398: datasets: scan-build warning call to blocking fn inside critical section +Bug #7394: ldap: support starttls with tls upgrade +Bug #7365: flow-manager: multi Flow Manager memory leak problem +Bug #7361: rules: unknown internal events not being detected as errors +Bug #7359: eve/syslog: crashes on use +Bug #7338: rust: different int types turn garbage on FFI boundary +Bug #7334: asan/profiling: global-buffer-overflow error +Bug #7333: tls: impossible to log alpns with 'custom' logging +Bug #7332: tls: fix duplicate EVE field issuerdn +Bug #7326: http: FN with prefilter if the first of multi buffer did not match +Bug #7325: sdp: one or more time descriptions +Bug #7323: mqtt: wrong and missing direction for keywords +Bug #7318: flow: flow timeout pseudo packet triggers unexpected alert +Bug #7315: template: remove usage of template-rust +Bug #7314: misc/warnings: compile warnings during build +Bug #7309: http: incorrect file direction handling +Bug #7305: sdp: media's encryption key not logged +Bug #7303: detect: memleak in case of errors during initialization +Bug #7302: conf: memleak if yaml parser is initialized before checking if file exists +Bug #7300: output: oversized records lead to invalid json +Bug #7296: detect: transform base64 creates a 0-sized variable-length array +Bug #7279: dns: protocol detection is not strict enough +Bug #7270: conf: nullptr dereference if mem alloc fails for a node in yaml parser +Bug #7264: detect/flow: ACK with data on 3whs fails to match 'flow:established' +Bug #7256: ja3: Error: ja3: Buffer should not be NULL +Bug #7253: fuzz: CIFuzz is not fuzzing PRs as it is supposed to +Bug #7241: app-layer-protocol: negated matching false positive +Bug #7238: app-layer: protocol flows are miscounted in case of error +Bug #7235: tls: a rule stops working since 7.0.5 +Bug #7230: dcerpc: invalid dcerpc header is not rejected +Bug #7228: dns: no data logged, and no events with udp corrupt additional record +Bug #7226: lua: use crate from crates.io instead of github to fix offline builds +Bug #7218: profiling: packet profiling to log file is only active with rule profiling +Bug #7213: frames: stream frame is not always the first one registered +Bug #7210: docs: inconsistent spelling in documentation for RFB `security_result` key +Bug #7206: cbindgen: comptability with newer version 0.27 +Bug #7200: smtp: crash in ByteExtractString +Bug #7199: detect: missing app-layer metadata in alerts +Bug #7187: detect: dcerpc logging and matching issues +Bug #7181: fuzz: File confyaml.c is missing +Bug #7176: ldap: crash when encountering GAP +Bug #7172: detect/integers: do not bother to free NULL pointer on setup/parse failure +Bug #7169: lua/output: vendored lua search for modules in /usr/local/ rather than /usr/ +Bug #7158: tcp: 'broken ack' event set on flow timeout +Bug #7135: util/thash: debug assertion for memuse +Bug #7126: decode/base64: Error message on packet path. +Bug #7121: smb/ntlmssp: nonsense smb.ntlmssp.version values +Bug #7115: dpdk: timestamping packets through TSC does not yield the same time as kernel time +Bug #7113: pgsql: track 'progress' in tx per direction +Bug #7111: protodetect: DNS flow direction is not correct sometimes +Bug #7106: packet: app-layer-events incorrectly used on recycled packets +Bug #7093: sip: wrong slice used for sip_take_line with tcp leads to quadratic oom +Bug #7059: smtp: split name logged as 2 names +Bug #7053: bypass: cannot bypass udp flow from first packet in second direction +Bug #7049: util/radix-tree: Possible dereference of nullptr in case of unsuccess allocation of memory for node +Bug #7048: af-packet: failure to start up on many threads plus high load +Bug #7037: pcap/log: MacOS rotates file well before limit is reached +Bug #7034: time: in offline mode, time can stay behind at pcap start +Bug #7028: base64: heap buffer overflow in RFC 2045 and 4648 modes +Bug #7025: websocket: wrong value for opcode ping/pong +Bug #7022: unix-socket: iface-bypassed-stat crash +Bug #7020: unix-socket: hostbit commands don't properly release host +Bug #7013: rust: build with rust 1.78 with slice::from_raw_parts now requiring the pointer to be non-null +Bug #7000: pgsql: trigger raw stream reassembly +Bug #6994: sip/sdp: logget closes unopened array for empty medias +Bug #6989: tls.random buffers don't work as expected +Bug #6985: base64: coverity dead code warning +Bug #6984: mqtt: do not log non-string messages? +Bug #6983: eve/alert/metadata: no pgsql object encapsulation +Bug #6973: detect: log relevant frames app-layer metdata +Bug #6969: dataset: lookup function is not working with ip type +Bug #6964: base64: consumed bytes are incorrectly set for different modes +Bug #6959: http: improve handling of content encoding: gzip but request_body not actually compressed +Bug #6957: Assert: BUG_ON(id <= 0 || id > (int)thread_store.threads_size); +Bug #6954: eve: packet field packet_info.linktype is non-portable +Bug #6948: detect/http.response_body: false positive because not enforcing direction to_client +Bug #6942: decode/ppp: decoder.event.ppp.wrong_type on valid packet +Bug #6940: lua: handle errors in lua rules +Bug #6921: jsonbuilder: serializes Rust f64 NaNs to an invalid literal +Bug #6918: pcre2: compile warning +Bug #6913: reimplement systemd sd_notify w/o linking to libsystemd +Bug #6906: smtp/mime: data command rejected by pipelining server does not reset data mode +Bug #6904: mime: buffer overflow in GetFullValue() (util-decode-mime.c) +Bug #6903: streaming buffer: heap overflows in StreamingBufferAppend()/StreamingBufferAppendNoTrack() +Bug #6896: detect/port: upper boundary ports are not correctly handled +Bug #6891: sip: usage of Vec instead of Vecdeque leads to quadratic complexity on cleanup +Bug #6889: detect: slowdown in rule parsing +Bug #6887: defrag: reassembled packet can have wrong datatype +Bug #6883: rust: clippy 1.77 warning +Bug #6881: detect/port: port grouping does not happen correctly if gap between a single and range port +Bug #6877: Suricata 8 general protection fault ip:698117 sp:7fd537b08090 +Bug #6875: output/alert: assertion failed p->flow != NULL +Bug #6871: dpdk: fix compatibility issues for ice cards +Bug #6864: detect: ipopts keyword false positive +Bug #6861: profiling/rules: crash when profiling ends +Bug #6846: eve/alerts: wrongly using tx id 0 when there is no tx +Bug #6843: detect/port: port ranges are incorrect when a port is single as well as a part of range +Bug #6839: coverity: warning in port grouping code +Bug #6838: eve/filetypes: move from plugin api to eve api +Bug #6837: netmap: error message Netmap pipes (with lb) +Bug #6835: BUG_ON triggered from TmThreadsInjectFlowById +Bug #6834: iprep: rule with '=,0' can't match +Bug #6811: capture plugins: capture plugins unusable due to initialization order +Bug #6790: dpdk: evaluate the correct handling of DPDK ports on shutdown +Bug #6787: decode/pppoe: Suspicious pointer scaling +Bug #6782: streaming/buffer: crash in HTTP body handling +Bug #6778: detect/tls.certs: direction flag checked against wrong field +Bug #6766: multi-tenancy: dead lock during tenant loading +Bug #6762: hugepages: error for FreeBSD when kernel NUMA build option is not enabled +Bug #6760: af-packet: hugepages Error for ARM64 and af-packet IPS mode +Bug #6755: netmap: deadlock if netmap_open fails +Bug #6753: detect/cip: missing return-value check for a 'scanf'-like function +Bug #6745: util/mime: Memory leak at util-decode-mime.c:MimeDecInitParser +Bug #6741: dpdk: automatic cache calculation is broken +Bug #6737: dpdk: property configuration can lead to integer overflow +Bug #6733: tcp: tcp flow flags changing incorrectly when ruleset contains content matching +Bug #6732: eve/stats: parent interface object in stats contains VLAN-ID as keys +Bug #6726: stream: stream.drop-invalid drops valid traffic +Bug #6715: dpdk: NUMA warning on non-NUMA system +Bug #6710: rules: failed rules after a skipped rule are recorded as skipped, not failed +Bug #6678: datasets: discard datasets that hit the memcap while loading correctly +Bug #6664: eve/smtp: attachment filenames not logged +Bug #6661: detect/content-inspect: FN on negative distance +Bug #6656: detect/requires: assertion failed !(ret == -4) +Bug #6643: http: wrongly assuming http0.9 leads to missed headers +Bug #6634: tls: Invalid ja3 due to double client hello +Bug #6633: stats: flows with a detection-only alproto not accounted in this protocol +Bug #6619: profiling: runtime much longer to run than it used to +Bug #6618: endace: timestamp fixes +Bug #6617: detect/filestore: flow, to_server was broken by moving files into transactions +Bug #6615: detect/analyzer: misrepresenting negative distance value +Bug #6592: mqtt: frames on TCP are not set properly when parsing multiple PDUs in one go +Bug #6585: src: SCTIME_FROM_TIMESPEC() creates incorrect timestamps +Bug #6584: src: SCTIME_ADD_SECS() macro zeros out ts.usec part +Bug #6578: ssh: no alert on packet with Message Code: New Keys (21) +Bug #6574: detect/filestore: memory leak on rule parsing +Bug #6553: eve/alert: payload/payload_printable misrepresent data in case of overlaps +Bug #6551: Invalid registration of prefiltering in stream size +Bug #6547: http2: http.response_line has leading space +Bug #6527: cppcheck 2.11 errors +Bug #6501: eve/alert: missing TFTP metadata +Bug #6500: eve/alert: missing FTP metadata +Bug #6490: profiling: rule profiling doesn't support absolute paths +Bug #6483: http.request_headers - odd behavior with multiple signtures +Bug #6419: dpdk: Analyze hugepage allocation on startup more thoroughly +Bug #6415: http: various header buffer not populated when malformed header value exists +Bug #6414: detect-engine/port: recursive DetectPortInsert calls are expensive +Bug #6408: Output plugins receive identifier, but not thread identifier +Bug #6405: eve: ethernet src_mac should match src_ip +Bug #6398: eve/stats: threads object in stats contains memcap_pressure scalars +Bug #6393: detect/filestore: be more explicit about the U16_MAX limit per signature group head +Bug #6390: detect/filestore: do not store if "both,flow" is triggered after the file was set to "nostore" +Bug #6389: pgsql: u16 overflow found by oss-fuzz w/ quadfuzz +Bug #6376: detect: huge increase on start up time with a lot of ip-only rules and bigger HOME_NET +Bug #6347: log-pcap: crash with suricata.yaml setting max-file to 1 +Bug #6305: drop: assertion failed !(PKT_IS_PSEUDOPKT(p)) && !PacketCheckAction(p, ACTION_DROP) +Bug #6304: schema.json : if protocol such as ENIP is detection only, we do not have _tcp suffix in stats +Bug #6281: dns: structure of query differs between "alert" and "dns" event types +Bug #6280: base64: strict mode should only accept strings that can be reliably converted back +Bug #6254: bypass: thread "FB" failed to start in time: flags 0003 +Bug #6092: eve/alert: missing pgsql metadata +Bug #6080: pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL +Bug #5977: eve/alert: missing KRB5 metadata +Bug #5539: landlock: coverity warnings +Bug #5524: pgsql: parser should not error on parsing error, so as to keep on parsing the next PDUs +Bug #5491: smtp: response 530 appears to generate an invalid response alert +Bug #5486: eve: ethernet metadata is missing for some protocols or parts of a protocol +Bug #5279: nom: use of count combinator can use too much memory +Bug #5220: detect/base64_data: fast_pattern shouldn't be allowed +Bug #5185: mime: URL extraction missing +Bug #4921: detect/app-layer-protocol: unexpected results when one direction state "failed" +Bug #4858: fuzz: Timeout with pcre +Bug #4734: pfring: memory leak +Bug #3910: datasets: for type string the memcap isn't applied to the string data +Bug #3682: detect/bsize: error for impossible matching conditions +Bug #2886: imap: protocol detection is incomplete +Bug #2881: http.protocol parsing inaccuracy : accept spaces in URI +Bug #2224: rules: negated http_* match returns false if buffer not populated +Bug #1457: conf: non-standard units used for file size indication +Optimization #7617: af-packet: set defrag based on passive or inline mode +Optimization #7558: detect: convert rule group dumping to JsonBuilder +Optimization #7358: CI: only run CodeQL python if the PR contains changed files that are python +Optimization #7304: detect: improve support for multi-protocol keywords +Optimization #7297: src: remove duplicate function declarations +Optimization #7272: af-packet: improve startup time +Optimization #7208: tcp/reassemble: GetBlock takes O(nlgn) in worst case +Optimization #7185: stats: exceptions: use search-friendly log output +Optimization #7178: rfb: rustify keywords and app-layer registration +Optimization #7155: pcap: use larger read size buffer for a performance increase +Optimization #7087: app-layer: track modified transactions +Optimization #7065: base64: move the decoder to rust +Optimization #7044: app-layer: clean up truncate callbacks and logic +Optimization #7018: dns/tcp: allow triggering raw stream reassembly +Optimization #7002: detect: move pseudo packet checks out of keyword Match funcs +Optimization #6938: packet: optimize packet data storage +Optimization #6937: compile: make code clean with -Wunused-macros +Optimization #6878: conf: quadratic complexity in yaml loader +Optimization #6873: byte_extract: convert keyword/option parsing to Rust +Optimization #6855: src: var code cleanups +Optimization #6852: mpm/ac: support endswith +Optimization #6821: smtp: add 535 code +Optimization #6795: detect/port: PortGroupWhitelist fn takes a lot of processing time +Optimization #6792: detect/port: port grouping is quite slow in worst cases +Optimization #6786: util-rohash.c : make code cleaner to make CodeQL happier +Optimization #6775: detect: do not run tx detection on tcp non established packets +Optimization #6773: app-layer/template: no limit on txs number +Optimization #6728: detect: prefilter for events (decode, stream, app-layer, etc...) +Optimization #6718: detect/frames: avoid rescanning in IPS mode +Optimization #6702: streaming-buffer: Explore Rank Balanced trees +Optimization #6575: detect/multi-buffer: use single definition of struct PrefilterMpmKrb5Name +Optimization #6569: threading: fix condition signalling w/o taking lock first +Optimization #6454: detect: force os to release memory on rule reload +Optimization #6433: packetpool: improve return sync logic +Optimization #6387: mqtt: move parser registration code to the rust side +Optimization #6111: defrag: avoid passing null pointers to functions +Optimization #5699: dcerpc: switch to incomplete api for tcp +Optimization #5672: smb: avoid unbounded hash maps +Optimization #5634: detect: unify ValidateCallback for MD5-like keywords +Optimization #5566: pgsql: add events +Optimization #5517: decode: big clean up (macros and functions) +Optimization #5311: ftp: use unsigned integer for input_len +Optimization #5047: sip: implement pattern based protocol detection +Optimization #4798: af-packet: default to tpacket-v3 in IDS mode +Optimization #3827: output: clean up logging initialization code +Optimization #3449: eve: output calls fflush very often +Optimization #3427: datasets: issue warning/info for data with type string that are not base64 +Optimization #426: threshold: rule based thresholding data structure improvement +Task #7604: lua: turn http into lib +Task #7602: lua: turn dns into lib +Task #7601: lua: turn dnp3 into lib +Task #7492: lua: remove script_api_ver check from needs block +Task #7489: lua: turn flow into lib +Task #7488: lua: turn packet into lib +Task #7456: engine/analysis: report rule state altered by flowbit rule +Task #7426: flowint: add isnotset support +Task #7350: firewall usecase: log app-layer metadata for for catch-all drop rules +Task #7341: rust: use bindgen to generate Rust bindings to C functions +Task #7287: schema: add missing tls fields certificate and chain +Task #7246: libhtp 0.5.49 +Task #7227: logging: document and cleanup low level logging registration +Task #7219: rust/crates: update base64 +Task #7167: dns: make the version field in a dns object required +Task #7165: napatech: move into bundled plugin +Task #7162: pfring: move into bundled plugin +Task #7154: plugins: add template detection plugin +Task #7152: plugins: add template logger plugin +Task #7151: plugins: add template app-layer plugin +Task #7130: rust: dependency "time" fails to build on Rust nightly +Task #7058: fuzz/base64: check decoded strings for correctness in strict mode +Task #6965: libhtp 0.5.48 +Task #6962: yaml: unify 0 stats counter config option terminology +Task #6961: lua: use a rust crate to vendor lua +Task #6935: unittests: convert tests to new FAIL/PASS API - src/app-layer-htp.c +Task #6888: contrib: remove obsolete items from contrib +Task #6818: rust: snmp-parser 0.10.0 +Task #6817: rust: kerberos-parser 0.8.0 +Task #6769: libhtp 0.5.47 +Task #6748: doc: mention X710 RX descriptor limitation +Task #6712: dependencies: completely remove nss +Task #6705: build-info: remove obsolete "rust support" line +Task #6605: flash decompression: update/remove deprecation warnings +Task #6603: pgsql: don't log password msg if password disabled +Task #6586: mpm/ac-bs: remove implementation +Task #6577: pgsql: add cancel request message +Task #6544: logging: deprecate syslog +Task #6543: logging: deprecate http-log +Task #6542: logging: deprecate tls-log +Task #6488: plugins: add example plugins to the suricata source tree +Task #6432: tracking: autofp capture stalls due to packetpool depletion +Task #6427: runmodes: remove reference to auto modes +Task #6360: detect/analyzer: add more details for the icmp_id keyword +Task #6355: detect/analyzer: add more details for the tcp.mss keyword +Task #6354: detect/analyzer: add more details for the tcp ack keyword +Task #6353: detect/analyzer: add more details for the tcp seq keyword +Task #6352: detect/analyzer: add more details for the tcp window keyword +Task #6318: unittests: convert tests to new FAIL/PASS API - detect-engine-address-ipv4.c +Task #6312: detect/analyzer: add more details for the flow.age keyword +Task #6309: detect/analyzer: add more details for the flowbits keyword +Task #6287: suricatasc: rewrite in rust +Task #6209: libhtp 0.5.46 +Task #6107: unittests: convert tests to new FAIL/PASS API - util-memcmp.c +Task #6050: base64: make a fuzz target +Task #5626: doc: document file.data +Task #5588: ips/tap: don't allow mixed tap and ips modes +Task #5053: app-layer: dynamic alproto IDs +Task #4742: build: make the auto-generated config.h not conflict with other config.h +Task #4698: lib: Example program to bootstrap Suricata (an alternate main() for Suricata) +Task #4683: detect: remove sigmatch_table in favor of a dynamic storage option +Task #4105: plugins: Create template capture source plugin +Task #4103: plugins: convert an app-layer to use the plugin API (snmp) +Documentation #7540: doc/userguide: fix typo +Documentation #7383: userguide: fix typo +Documentation #7262: doc: remove mentions to suricata-6 +Documentation #7260: userguide/config: fix consistency of dashes instead of underscores +Documentation #7153: devguide: document adding a detection plugin +Documentation #7150: devguide: document adding a logging plugin +Documentation #7149: devguide: document adding a app-layer plugin +Documentation #7031: userguide: document SignatureProperties sigtype +Documentation #6911: manpages: use consistant date based on release and/or git commits +Documentation #6908: userguide: document how to verify tar.gz signature +Documentation #6781: http: document duplicate headers concatenation handling +Documentation #6725: document pcap file variables +Documentation #6708: userguide/payload: fix explanation about bsize ranges +Documentation #6686: docs: port userguide build instruction changes from master-6.0.x +Documentation #6685: userguide: explain noalert keyword +Documentation #6629: docs: fix byte_test examples +Documentation #6628: userguide: document generic aspects of integer keywords +Documentation #6599: docs: update eBPF installation instructions +Documentation #6589: docs: fix broken bulleted list style on rtd +Documentation #6570: remove references in docs mentioning prehistoric Suricata versions +Documentation #6568: devguide: document backports policies and process +Documentation #6552: doc: add tcp timeout fix to upgrade guide +Documentation #6548: http2: http.stat_msg - note about HTTP/2 behavior +Documentation #6445: userguide: explain what flow_id is +Documentation #6076: eve/schema: document quic +Documentation #5651: detect/bsize: format should specify operators +Documentation #5494: userguide: update tls eve-log fields 'not_before' and 'not_after' +Documentation #5393: devguide: move github workflow document from redmine into devguide +Documentation #5088: detect/file.name: keyword is not documented +Documentation #4359: docs: elaborate documentation for rule profiling +Documentation #3015: userguide: document "tag" keyword + 7.0.2 -- 2023-10-18 Security #6306: mime: quadratic complexity in MimeDecAddEntity diff --git a/configure.ac b/configure.ac index 23b6f97c57..450cc88408 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ - AC_INIT([suricata],[8.0.0-dev]) + AC_INIT([suricata],[8.0.0-beta1]) m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes]) AC_CONFIG_HEADERS([src/autoconf.h]) AC_CONFIG_SRCDIR([src/suricata.c]) diff --git a/requirements.txt b/requirements.txt index 537f896bfd..f6a3b74f82 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,4 +3,4 @@ # Format: # # name {repo} {branch|tag} -suricata-update https://github.com/OISF/suricata-update master +suricata-update https://github.com/OISF/suricata-update 1.3.4