New in version 2.0.5
December 12th, 2014
- Bug #1190: http_header keyword not matching when SYN|ACK and ACK missing
- Bug #1246: EVE output Unix domain socket not working
- Bug #1272: Segfault in libhtp 0.5.15
- Bug #1298: Filestore keyword parsing issue
- Bug #1303: improve stream ‘bad window update’ detection
- Bug #1304: improve stream handling of bad SACK values
- Bug #1305: fix tcp session reuse for ssh/ssl sessions
- Bug #1307: byte_extract, within combination not working
- Bug #1326: pcre pkt/flowvar capture broken for non-relative matches
- Bug #1329: Invalid rule being processed and loaded
- Bug #1330: Flow memuse bookkeeping error (2.0.x)
New in version 2.0.4 (September 24th, 2014)
- Bug #1276: ipv6 defrag issue with routing headers
- Bug #1278: ssh banner parser issue
- Bug #1254: sig parsing crash on malformed rev keyword
- Bug #1267: issue with ipv6 logging
- Bug #1273: Lua – http.request_line not working
- Bug #1284: AF_PACKET IPS mode not logging drops and stream inline issue
New in version 2.0.3 (August 8th, 2014)
- Bug #1236: fix potential crash in http parsing
- Bug #1244: ipv6 defrag issue
- Bug #1238: Possible evasion in stream-tcp-reassemble.c
- Bug #1221: lowercase conversion table missing last value
- Support #1207: Cannot compile on CentOS 5 x64 with –enable-profiling
- Updated bundled libhtp to 0.5.15
New in version 2.0 RC1 (February 14th, 2014)
- Unified JSON output was added. VLAN handling was improved.
- QinQ support was added.
- A commandline option for overriding configuration settings was added.
- ICMPv6 handling was improved.
- Memcaps for DNS and HTTP handling were added.
- Several packet capture improvements were made.
- An optimized NSM runmode was added.
- Many other issues were fixed.
New in version 2.0 Beta 2 (December 19th, 2013)
- VLAN support was improved.
- IP Defrag options were added.
- Options were added for enabling and disabling protocol parsers.
- Protocol detection was improved.
- IPv6 improvements were made.
- HTTP inspection was improved.
- Profiling options were expanded.
- Many more changes were made.
New in version 1.4.7 (December 17th, 2013)
- Bug #996: tag keyword: tagging sessions per time is broken
- Bug #1000: delayed detect inits thresholds before de_ctx
- Bug #1001: ip_rep loading problem with multiple values for a single ip
- Bug #1022: StreamTcpPseudoPacketSetupHeader : port swap logic isn’t consistent
- Bug #1047: detect-engine.profile – custom value parsing broken
- Bug #1063: rule ordering with multiple vars
New in version 1.4.6 (September 25th, 2013)
- Bug 958: malformed SSL records leading to crash. Reported by Sebastian Roschke. CVE-2013-5919.
- Bug 971: AC pattern matcher out of bounds memory read.
- Bug 965: improve negated content handling. Reported by Will Metcalf.
- Bug 937: fix IPv6-in-IPv6 decoding.
- Bug 934: improve address parsing.
- Bug 969: fix unified2 not logging tagged packets.
New in version 1.4.5 (July 27th, 2013)
New in version 1.4.4 (July 19th, 2013)
- Bug #834: Unix socket – showing as compiled when it is not desired to do so
- Bug #841: configure –enable-unix-socket does not err out if libs/pkgs are not present
- Bug #846: FP on IP frag and sig using udp port 0, thanks to Rmkml
- Bug #864: fix pass action not working correctly in all cases, thanks Kevin Branch
- Bug #876: http connect tunnel crash fixed
- Bug #877: Flowbit check with content doesn’t match consistently, thanks to Francis Trudeau