diff --git a/ChangeLog b/ChangeLog index ca84bda2aeb4..460455ac76bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,447 @@ +7.0.0-beta1 -- 2022-10-26 + +Feature #5509: App-layer event for protocol change failure +Feature #5506: DHCP: signature keyword for rebinding_time +Feature #5503: ips: add "reject" action to exception policies +Feature #5479: Add landlock support +Feature #5468: ips: midstream: add "exception policy" for midstream +Feature #5442: kerberos: log ticket encryption method +Feature #5435: DHCP: signature keyword for lease_time +Feature #5416: SNMP: signature keyword for usm +Feature #5218: ips: allow dropping of flow if applayer reaches error state +Feature #5216: ips: allow dropping of flow if flow.memcap is hit +Feature #5215: ips: allow dropping of flow if stream.reassembly.memcap is hit +Feature #5214: ips: allow dropping of flow if stream.memcap is hit +Feature #5202: eve/drop: include drop "reason" +Feature #5191: new keyword for self signed certificates +Feature #5190: new tls.random keyword +Feature #5036: sip: add frames support +Feature #4984: dns: add frames support +Feature #4983: frames: support UDP +Feature #4967: QUIC v1 support +Feature #4872: nfs: add stream app-layer frame support +Feature #4556: HTTP2: support deflate decompression +Feature #4551: eve: add direct base64 to json option to json builder +Feature #4550: pthreads: set minimum stack size +Feature #4541: netmap: new API version (14) supports multi-ring software mode +Feature #4526: SIGSEGV handling -- log stack before aborting +Feature #4515: Add DNS logging of Z flag +Feature #4507: dpdk: initial support for IDS and IPS modes +Feature #4498: decoder: add VN-Tag support +Feature #4406: unix socket: Get flow information by flow_id +Feature #4386: Support for RFC2231 +Feature #4332: Makes libhtp decompression time limit configurable from Suricata +Feature #4241: Protocol support: PostgreSQL (pgsql) +Feature #4144: file.data: support for request side files in HTTP +Feature #4142: file.data: support for NFS +Feature #4117: http2: byte-range support +Feature #4116: http2: body compression handling +Feature #3957: Convert protocol to Rust: Modbus +Feature #3887: yaml: Increase maximum size for address vars +Feature #3767: Add IKEv1 parser +Feature #3701: eve: add tenant_id in eve-log for other types than alert +Feature #3512: stream depth event rule +Feature #3440: Add GQUIC Protocol Analysis and CYU Fingerprinting +Feature #3292: support for network service header (NSH) +Feature #3285: rules: XOR keyword +Feature #3002: Flow and Netflow Not Logging ESP Traffic +Feature #2697: prefilter support for stream_size +Feature #2450: lua: scripts access to calling rule informations +Feature #2323: Applayer support for telnet +Feature #2096: eve: event_type for MODBUS +Feature #2054: Extracting HTTPS URL´s from SMTP, currently only HTTP is supported +Feature #1576: http: byte-range support +Feature #1478: Active flow counters +Feature #1369: eve: json schema +Feature #1096: tls: client certificate handling +Feature #120: Capture full session on alert +Security #5408: filestore: Segfault with filestore enabled and forced +Security #5399: mqtt: DOS by quadratic with too many transactions in one parse +Security #5244: Infinite loop in JsonFTPLogger +Security #5243: protocol detection: exploitable type confusion due to concurrent protocol changes +Security #5237: nfs: arbitrary allocation from nfs4_res_secinfo_no_name +Security #5187: Rust regex crate security advisory CVE-2022-24713 +Security #5024: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input +Security #5023: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input +Security #4857: ftp: SEGV at flow cleanup due to protocol confusion +Security #4710: tcp: Bypass of Payload Detection on TCP RST with options of MD5header +Security #4569: tcp: crafted injected packets cause desync after 3whs +Security #4504: tcp: Evasion possibility on wrong/unexpected ACK value in crafted SYN packets +Bug #5595: eve/alert: SEGV in files to alert logging +Bug #5584: detect/tag: timeout handling issues on windows +Bug #5581: eve: mac address logging for packet records reverses direction +Bug #5571: ips: encapsulated packet logged as dropped, but not actually dropped +Bug #5538: Compiler Warning on Fedora 36 / gcc 12.2.1 +Bug #5536: detect: flow.age keyword +Bug #5527: postgresql: limit number of live transactions +Bug #5521: detect: transform strip whitespace creates a 0-sized variable-length array +Bug #5518: dcerpc: More efficient transaction handling for UDP +Bug #5508: SMB2 async responses are not matched with its request +Bug #5507: DHCP: signature keyword for renewal_time +Bug #5458: Reject action is no longer working +Bug #5457: Counters are not initialized in all places. +Bug #5455: ike: logging state transforms instead of transaction transforms +Bug #5419: Failed assert DeStateSearchState +Bug #5409: PCRE: use match and recursion limit for pcrexform +Bug #5402: detect: will still inspect packets of a "dropped" flow for non-TCP +Bug #5401: tcp: assertion failed in DoInsertSegment (BUG_ON) +Bug #5392: fileinfo: inconsistent file size tracking for GAPs +Bug #5391: events: PACKET_RECYCLE does not reset event_last_logged +Bug #5390: smb: have default stream-depth of 0 +Bug #5386: detect/threshold: offline time handling issue +Bug #5377: modbus: probing parser recognizes modbus with unknown function code +Bug #5368: bypass: Memory leak of some flow bypass objects. +Bug #5361: IPS: ip only rules, but with negated addresses not treated like pure ip-only rules in IPS context +Bug #5353: detect/alert: fix segvfault when incrementing discarded alerts if alert-queue-expand fails +Bug #5331: stacktrace-on-signal: Kills all processes in the same process group +Bug #5330: flow: vlan.use-for-tracking is not used for ICMPv4 +Bug #5329: rust: inconsistency between rust structure RustParser and C structure AppLayerParser +Bug #5327: track by_rule|by_both incorrectly rejected for global thresholds +Bug #5321: dcerpc: More efficient transaction handling +Bug #5317: flow manager: end of flow counters not working +Bug #5316: smtp: PreProcessCommands does not handle all the edge cases +Bug #5315: decode/mime: base64 decoding for data with spaces is broken +Bug #5314: ftp: quadratic complexity for tx iterator with linked list +Bug #5313: python: distutils deprecation warning +Bug #5312: test failure on Ubuntu 22.04 with GCC 12 +Bug #5310: detect: several potential infinite loops by comparing u16 to size_t +Bug #5309: CIDR prefix calculation fails on big endian archs +Bug #5308: file handling: avoid toctou race conditions +Bug #5306: dcerpc: unsigned integer overflow in parse_dcerpc_bindack +Bug #5298: template (rust): convert transaction list to vecdeque +Bug #5297: pgsql: convert transaction list to vecdeque +Bug #5296: http2: convert transaction list to vecdeque +Bug #5295: rdp: convert transaction list to vecdeque +Bug #5294: mqtt: convert to vecdeque +Bug #5291: cppcheck: various static analyzer "warning"s +Bug #5285: frame: assertion failed in PrefilterMpmFrame +Bug #5281: ftp: don't let first incomplete segment be over maximum length +Bug #5280: nfs: ASSERT: attempt to subtract with overflow (compound) +Bug #5278: app-layer: Allow for non slice based transaction containers in generate get iterator (rust) +Bug #5277: dns: More efficient transaction handling +Bug #5276: eve: payload field randomly missing even if the packet field is present +Bug #5271: app-layer: timeout when removing many transactions from the beginning +Bug #5268: mqtt: integer underflow with truncated +Bug #5260: rust: update regex dependency +Bug #5259: rust: update time dependency +Bug #5248: flow: double unlock in tcp reuse case +Bug #5246: smb: integer underflows and overflows +Bug #5238: frame: memory leak in signature parsing +Bug #5236: frame: buffer over read in SCACSearch +Bug #5228: pcre2: SEGV during rule loading +Bug #5226: Frames: failed assertion !((int64_t)data_len > frame->len) +Bug #5223: base64_decode does not populate base64_data buffer once hitting non-base64 chars +Bug #5208: DCERPC protocol detection when nested in SMB +Bug #5205: FTP-data unrecognized depending on multi-threading +Bug #5201: content:"22 2 22"; is parsed without error +Bug #5197: fast_pattern assignment of specific content results in FN +Bug #5188: SSL : over allocation for certificates +Bug #5183: TLS Handshake Fragments not Reassembled +Bug #5174: MIME URL extraction creates invalid url in JSON +Bug #5168: detect/iponly: non-cidr netmask settings can lead incorrect detection +Bug #5162: inspection of smb traffic without smb/dcerpc doesn't work correct. +Bug #5147: frames: debug assertion on SMB2 traffic +Bug #5146: libhtp: does not handle 100 continue if there is a 0 Content Length +Bug #5145: nfs: Integer underflow in NFS +Bug #5144: Failed assert DeStateSearchState +Bug #5132: segfault: master - HTPFileCloseHandleRange +Bug #5094: output: timestamp missing usecs on Arm 32bit + Musl +Bug #5093: rust/proc-macro-crate: pin to old version to support our MSRV +Bug #5086: htp: server personality radix handling issue +Bug #5085: defrag: policy config can setup radix incorrectly +Bug #5084: iprep: cidr support can set up radix incorrectly +Bug #5081: detect/iponly: rule parsing does not always apply netmask correctly +Bug #5080: eve/dnp3: coverity warnings for string handling +Bug #5079: swf: coverity warning +Bug #5077: byte_math rule options need to be in order or will fail otherwise +Bug #5073: Off-by-one in flow-manager flow_hash row allocation +Bug #5070: Stacktrace logger should propagate original signal +Bug #5066: detect/iponly: mixing netblocks can lead to FN/FP +Bug #5065: frames: coverity warning +Bug #5046: Documentation copyright years are invalid +Bug #5040: stats: add app-layer error counters +Bug #5034: dns: probing/parser can return error when it should return incomplete +Bug #5019: dataset: error with space in rule language +Bug #5018: MQTT can return AppLayerResult::incomplete forever and buffer forever +Bug #5011: frames: buffer overread in SigValidate +Bug #5009: dpdk: fails to compile on ubuntu 22.04 +Bug #5007: pgsql: coverity warning +Bug #4972: Null deference in ConfigApplyTx +Bug #4969: Libhtp timeout lzma reallocing dictionary +Bug #4953: stream: too aggressive pruning in lossy streams +Bug #4948: SMTP assertion triggered +Bug #4947: suricatasc loop if recv returns no data +Bug #4945: smb: excessive CPU utilization and higher packet processing latency due to excessive calls to Vec::extend_from_slice() +Bug #4941: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit +Bug #4935: DPDK: Packet counters set incorrectly +Bug #4924: dns: transaction not created when z-bit set +Bug #4920: detect/app-layer-protocol: app-layer-protocol:http broken +Bug #4882: Netmap configuration -- need a configuration option for non-standard library locations. +Bug #4877: Run stream reassembly on both directions upon receiving a FIN packet +Bug #4862: MQTT : transactions are never cleaned by AppLayerParserTransactionsCleanup +Bug #4860: eve.json remove app-layer specific fields from root object +Bug #4859: dnp3: buffer over read in logging base64 empty objects +Bug #4849: protodetect: SMB vs TLS protocol detection in midstream +Bug #4848: TFTP: memory leak due to missing detect state +Bug #4842: smb: excessive memory use during file transfer +Bug #4839: Memory leak with signature using file_data and NFS +Bug #4836: profiling: Invalid performance counter when using sampling +Bug #4828: flow: flows not evicted & freed in time +Bug #4817: smtp: smtp transaction not logged if no email is present +Bug #4812: conf: quadratic complexity +Bug #4811: Range: memory leak from HTTP2 +Bug #4810: pppoe decoder fails when protocol identity field is only 1 byte +Bug #4808: flow: worker-evicted flows need to be processed quicker +Bug #4807: packetpool: packets in pool may have capture method ReleasePacket callbacks set +Bug #4804: af-packet: tpacket v3 if/down logic broken +Bug #4803: af-packet: up/down logic leaks resources in autofp (tpacket v2) +Bug #4801: af-packet: tpacket v3 socket reference handling broken +Bug #4800: af-packet: flag colision between kernel and Suricata +Bug #4785: af-packet: threads sometimes get stuck in capture +Bug #4779: flow/bypass: flow worker not performing flow timeout "housekeeping" +Bug #4778: flow/bypass: app-layer/stream resources not freed when bypass activated +Bug #4771: pcrexform: does not capture substring but whole match +Bug #4769: dcerpc dce_iface just match a packet +Bug #4767: Rule error in SMB dce_iface and dce_opnum keywords +Bug #4766: Flow leaked when flow->use_cnt access race happens +Bug #4765: loopback: different AF_INET6 values per OS +Bug #4764: range: no validity check with HTTP2 leads to over allocation +Bug #4757: Incomplete range with overlap, and expected new bytes, lead to incomplete reassembly +Bug #4754: Invalid range leads to OOM +Bug #4752: Memory leak in SNMP with DetectEngineState +Bug #4741: Quadratic complexity in modus due to missing tx_iterator +Bug #4739: Absent app-layer protocol is always enabled by default +Bug #4737: ubsan: bytejump warning +Bug #4731: flows: spare pool not freeing flows aggressively enough +Bug #4724: pcre2: scan-build warning +Bug #4722: flows: TCP flow timeout handling stuck if there is no traffic +Bug #4720: pcre2: ASAN heap-buffer-overflow +Bug #4719: http2: byte-range test fails intermittently +Bug #4699: coverity warnings after output changes +Bug #4692: lua: file info callback returns wrong value +Bug #4685: detect: too many prefilter engines lead to FNs +Bug #4681: Wrong list_id with transforms for http_client_body and http file_data +Bug #4680: nfs: failed assert self.tx_data.files_logged > 1 +Bug #4679: IPv6 : decoder event on invalid fragment length +Bug #4670: rules: mix of drop and pass rules issues +Bug #4666: http: ipv6 address is a valid host +Bug #4664: ipv6 evasions : fragmentation +Bug #4663: rules: drop rules with noalert not fully dropping +Bug #4659: Configuration test mode succeeds when reference.config file contains invalid content +Bug #4654: tcp: insert_data_normal_fail can hit without triggering memcap +Bug #4650: Stream TCP raw reassembly is leaking +Bug #4622: File deletions over SMB are not always logged +Bug #4621: rust panic: when using smb stream-depth +Bug #4620: Protocol detection : confusion with SMB in midstream +Bug #4619: HTTP2 null dereference in upgrade +Bug #4586: segmentfault when reopen redis +Bug #4582: BUG_ON triggered from TmThreadsInjectFlowById +Bug #4581: Excessive qsort/msort time when large number of rules using tls.fingerprint +Bug #4577: coverity: minor warnings +Bug #4570: eve/flow: many flows logged with reason==unknown +Bug #4563: Rules based on SSH banner-related keywords only match on acked data +Bug #4562: Memory leak in Protocol change during protocol detection +Bug #4561: Failed assertion in SMTP SMTPTransactionComplete +Bug #4560: Quadratic complexity in HTTP2 gzip decompression +Bug #4558: DNP3: intra structure overflow in DNP3DecodeObjectG70V6 +Bug #4549: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned +Bug #4540: unused variables warnings on Windows compiles with rust +Bug #4537: alert count shows up as 0 when stats are disabled +Bug #4536: SWF decompression overread +Bug #4534: Timeout in ikev2 parsing +Bug #4533: Rust modbus parser does not handle gaps as it claims +Bug #4530: DOS Quadratic complexity when having too many transactions +Bug #4527: Fix implicit conversions in traffic facing source code modules +Bug #4525: segv with --set cmdline option if incorrect key is provided +Bug #4523: Application log cannot to be re-opened when running as non-root user +Bug #4516: Integer overflows +Bug #4509: Incorrect flags in Rust +Bug #4508: SSH bypass is not working +Bug #4505: Rust panic while parsing (new rust) modbus rule +Bug #4503: Buffer overflow in "by_rule" threshold context +Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped +Bug #4495: output: threaded output coverity warning +Bug #4494: Failed assertion in HTTP2 decompression +Bug #4491: rules: rules w/o sid accepted, leading to alerts with signature_id: 0 +Bug #4478: freebsd: lockups due to mutex handling issues +Bug #4477: Infinite loops in when using InspectionBufferMultipleForList +Bug #4476: heap-buffer-overflow WRITE in InspectionBufferSetup with use of InspectionBufferGetMulti +Bug #4473: Timeout in ftp parsing rs_ftp_active_eprt +Bug #4472: YAML -- interpretation of "~" (tilde) +Bug #4448: Properly set the ICMP emergency-bypassed value +Bug #4447: ipv6 & ftp & passive mode & error +Bug #4442: build: Build failure on FreeBSD +Bug #4440: eve: log if flow had gap +Bug #4438: Null-dereference in HTTP2MimicHttp1Request in midstream +Bug #4437: dns: high resource usage on long lived dns connections +Bug #4436: Buffer overread in SMTP SMTPParseCommandBDAT +Bug #4434: Duplicate alert record in eve log when using unix-socket mode +Bug #4433: Debug assert failed in ikev1 logger +Bug #4428: Rust panic in suricata::dcerpc::detect::handle_input_data (buffer overread) +Bug #4425: threaded eve: files not closed on deinitialization +Bug #4424: ftp: Memory leak with duplicate FTP expectation +Bug #4407: threshold: slow startup on threshold.config with many addresses in suppression +Bug #4404: eve/mqtt: mqtt logging crashes when eve is multithreaded +Bug #4403: Use after free or read overflow or use of unitized memory in TransformStripWhitespace called by HttpServerBodyXformsGetDataCallback +Bug #4401: Quadratic complexity in libhtp chunk parsing +Bug #4400: Panic in Rust HTTP2 dynamic headers table eviction +Bug #4397: eve.drop: alerts option logs lowest priority alert +Bug #4395: Incorrect AppLayerResult::incomplete for RDP +Bug #4394: detect: "drop" on protocol detect only rule doesn't drop flow +Bug #4389: Protocol detection tls-dcerpc +Bug #4388: Protocol detection evasion enip-dns +Bug #4387: Heap-use-after-free READ 8 · JsonDNP3LoggerToClient +Bug #4379: flow manager: using too much CPU during idle +Bug #4376: TCP flow that retransmits the SYN with a newer TSval not properly tracked +Bug #4375: segv in ApplyToU8Hash +Bug #4369: Configuration test mode succeeds when threshold.config file contains invalid content +Bug #4361: detect: file.data performance regression +Bug #4348: ftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle function +Bug #4335: Stack-buffer-overflow READ 4 in SetupU8Hash +Bug #4331: libhtp: don't put stream in error state on compression issues +Bug #4320: Heap use after free in parsing signatures with ip_proto and prefilter +Bug #4280: Suricata is not fully reading or loading the iprep files +Bug #4277: SIGABRT: rust panic HTTP2State +Bug #4274: Suricata crashes at exit in NFQ mode +Bug #4273: protodetect: SEGV due to NULL ptr deref +Bug #4272: Timeout in libhtp with lzma in gzip to be decompressed in many responses +Bug #4271: datasets: reference counter issue in string lookup +Bug #4267: output: don't use /etc/protocols +Bug #4262: ebpf: llc detection failure +Bug #4261: Mismatch between capture and outputs in rules leads to seg fault +Bug #4258: ftp-data: support for file.name keyword is incomplete +Bug #4254: Leak in signature parsing with urilen +Bug #4253: lua: flowint/flowvar API naming consistency +Bug #4247: detect: NOOPT flag not enforced correctly +Bug #4246: Assertion failed in AdjustToAcked delta > 10000000ULL && delta > stream->window +Bug #4245: SMTP/Email Body md5: Only logs the md5 of the first part in a multi-part mime message +Bug #4239: dataset file not written when run as user +Bug #4238: tcp/fastopen: false positive on "invalid option" +Bug #4233: ssl : Integer underflow in ssl parsing SSLV3_HANDSHAKE_PROTOCOL +Bug #4232: Protocol detection evasion enip-SMB +Bug #4231: ICMPv6 failed assert p->icmpv6h == NULL with icmpv6.hdr +Bug #4228: tcp/async: incorrect flagging of ACK values as invalid +Bug #4225: SC_ERROR_CONF_YAML_ERROR anomaly logger error when in socket mode +Bug #4224: modbus: Request flood leads to CPU exhaustion +Bug #4216: 5.0.5 in socket mode crashes when using file-store due to uninitialized stats_ctx +Bug #4211: Not all manpages are built by docs Makefile +Bug #4210: Alert not generated with 2 rules - http.request body (alone) and http.request_body/url_decode +Bug #4208: Suricata crashes with multi-threaded eve logger and HTTP/2 traffic +Bug #4206: dns: output flags not set correctly on 32 bit systems +Bug #4205: eve: Memory leak from jsonbuilder in @MetadataJson@ +Bug #4202: Wrong stream side after direction change +Bug #4199: Transformation keyword can’t trigger an alert +Bug #4198: dcerpc: no alert triggered with dce opnum in 6.0 +Bug #4187: rs_dcerpc_udp_get_tx takes out unusual amount of CPU +Bug #4171: Failed assert in TCPProtoDetectCheckBailConditions size_ts > 1000000UL +Bug #4152: fatal error: 'gnu/stubs-32.h' file not found +Bug #4106: Duplicate TLS subjects in tls metadata. +Bug #4096: flow manager: 200% CPU in KVM host with no activity with Suricata 6 +Bug #4080: DCERPCUDPState handle fragmented data functions pegging certain CPU cores/threads +Bug #3996: SIGABRT: SMTPTransactionComplete +Bug #3995: SIGABRT stream-tcp-reassemble +Bug #3846: Infinite loop if the sniffing interface temporarily goes down +Bug #3703: fileinfo "stored: false" even if the file is kept on disk +Bug #3685: Incorrect logging level for messages +Bug #3542: FTP: expectation created in wrong direction. +Bug #3475: SMB evasion against EICAR file detection +Bug #3419: af-packet: cluster_id is not used when trying to set fanout support +Bug #3109: dcerpc engine not generating alerts +Bug #2809: Applayer Mismatch protocol both directions for kerberos AS-REQ/KDC_ERR_PREAUTH_REQUIRED exchange +Bug #2802: iprep: use_cnt can get desynchronized (SIGABRT) +Bug #2510: Suricata doesnt decompress HTTP Post body +Bug #2190: apparent 1000 character limit in threshold.conf IP lists +Optimization #5592: tunnel: spinlock for tunnel packet sync +Optimization #5577: Fix warning about "comparing with null" in debug code +Optimization #5481: tls: support incomplete API to replace internal buffering +Optimization #5454: http2: slow http2_frames_get_header_value_vec because of allocation +Optimization #5400: dpdk: allow specifying of `rss_hf` flags in config +Optimization #5232: rules: pattern id assignment is too slow +Optimization #5231: rules: mpm setup more costly than needed +Optimization #5230: rules: too much time spent in DetectUnregisterThreadCtxFuncs due to pcre2 +Optimization #5229: rules: too much time spent in SigMatchListSMBelongsTo at startup +Optimization #4991: pgsql: convert parser to nom7 functions +Optimization #4907: smtp: use AppLayerResult instead of buffering wherever possible +Optimization #4805: af-packet: move vlan hdr insert logic to capture/decode +Optimization #4795: Remove PASS_IF macro from the FAIL/PASS API +Optimization #4748: app-layer/rust: explore if tx iterator can be implemented as a trait +Optimization #4711: Clang 14 and rust nightly new warnings +Optimization #4653: Flow cleaning with chunked approach is memory hungry +Optimization #4609: Fix warning about "if same then else" +Optimization #4604: Fix warning about "branches sharing code" +Optimization #4599: Fix warning about "ptr_arg" +Optimization #4597: Fix warning about "enum's name" +Optimization #4593: Fix warning about "mixed case hex literals" +Optimization #4555: HTTP2: what to do when HTTP upgrade is requested and HTTP2 is disabled ? +Optimization #4497: rust: clean up constructors of state, transaction structs +Optimization #4496: decode: remove NULL checks after header casts +Optimization #4475: Rust: Make default_port in parser registration an Option +Optimization #4427: storage api: use dedicated 'id' type +Optimization #4366: decoder: limit number of decoding layers +Optimization #4319: dcerpc: improve protocol detection +Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@ +Optimization #4154: Rust Parsers: Abstract AppLayer events to a derive macro +Optimization #4126: Threaded eve logging for output types other than regular file (socket, plugins, redis etc) +Optimization #4112: Use generic rust DetectU32Data in every keyword needing this +Optimization #3832: rust: Make core::* as enum to improve readability +Optimization #3825: Defining only one basic rust Files structure +Optimization #3658: Use WARN_UNUSED for ByteExtract* functions +Optimization #3315: app-layer: unify registration logic +Task #5569: transversal: update references to suricata webpage version 2 +Task #5497: github-ci: update runners using ubuntu-18.04 image +Task #5475: doc: add exception policy documentation +Task #5319: add `alert-queue-expand-fails` command-line option +Task #5179: stats/alert: log out to stats alerts that have been discarded from packet queue +Task #5175: nfs4: Improve compound record parsers +Task #5166: quic: Support older versions like Q039 and Q043 +Task #5143: QUIC: support JA3 +Task #5002: applayertemplate: convert parser to nom7 functions +Task #5001: x509: convert parser to nom7 functions +Task #5000: rfb: convert parser to nom7 functions +Task #4999: ntp: convert parser to nom7 functions +Task #4998: krb: convert parser to nom7 functions +Task #4997: mime: convert parser to nom7 functions +Task #4996: rdp: convert parser to nom7 functions +Task #4995: snmp: convert parser to nom7 functions +Task #4994: ike: convert parser to nom7 functions +Task #4993: asn1: convert parser to nom7 functions +Task #4992: dcerpc: convert parser to nom7 functions +Task #4970: libhtp 0.5.40 +Task #4915: transversal: update references to suricata webpage +Task #4912: Update default rule path to /var/lib/suricata/rules. +Task #4909: devguide: move into userguide as last chapter +Task #4796: af-packet: remove non-mmap tpacket-v1 support +Task #4784: config: add suricata version as a comment to the top of the configuration file +Task #4721: http2: enable by default +Task #4668: Remove Prelude output +Task #4667: libhtp 0.5.39 +Task #4446: pcre2: document changes vs prce1 for rule writers +Task #4444: files: store files in transactions instead of per flow state +Task #4221: Build Suricata into a static and shared library +Task #4182: lua: Use lua_pushinteger for pushing integer types as integers instead of floats +Task #4157: deprecation: remove dns eve v1 logging (May 2022) +Task #4058: Convert unittests to new FAIL/PASS API: detect-sid.c +Task #4056: Convert unittests to new FAIL/PASS API: detect-rpc.c +Task #4053: Convert unittests to new FAIL/PASS API: detect-msg.c +Task #4038: Convert unittests to new FAIL/PASS API: detect-filesha256.c +Task #4036: Convert unittests to new FAIL/PASS API: detect-filename.c +Task #4035: Convert unittests to new FAIL/PASS API: detect-filemd5.c +Task #4034: Convert unittests to new FAIL/PASS API: detect-filemagic.c +Task #4033: Convert unittests to new FAIL/PASS API: detect-fileext.c +Task #4032: Convert unittests to new FAIL/PASS API: detect-file-data.c +Task #3905: GitHub CI: use sccache for commits build +Task #3194: pcre2 support +Documentation #5511: userguide: add subsection about setting up Suri in IPS mode with DPDK +Documentation #5441: userguide: rules meta page updates +Documentation #5385: userguide: update rule's format document +Documentation #5364: userguide: reorganize `Application Layers Parsers` and `Application layers` subsections in the suricata.yaml page +Documentation #5130: doc: add flowbits ORing doc +Documentation #4949: userguide: add explanation on max-streams in the suricata.yaml page +Documentation #4671: Document changes to HTTP events with respect to http/http2 normalization +Documentation #4396: Devguide: Transactions and State overview +Documentation #3029: No documentation for "dcerpc" keywords +Documentation #3017: No documentation for "rawbytes" keyword + 6.0.1 -- 2020-12-04 Feature #2689: http: Normalized HTTP client body buffer diff --git a/configure.ac b/configure.ac index 1ce0461ca7cd..b3deb941564a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ - AC_INIT([suricata],[7.0.0-dev]) + AC_INIT([suricata],[7.0.0-beta1]) m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes]) AC_CONFIG_HEADERS([src/autoconf.h]) AC_CONFIG_SRCDIR([src/suricata.c])