May 30th, 2013· Several accuracy issues were fixed.
March 9th, 2013· The GeoIP keyword was added.
· HTTP host header matching was added.
· New Unix socket commands were added.
· Napatech support was improved.
· IPFW support was improved.
· HTTP query string normalization was improved.
· Many issues were fixed.
March 8th, 2013· fix decoder event rules not checked in all cases (#671)
· checksum detection for icmpv6 was fixed (#673)
· crash in HTTP server body inspection code fixed (#675)
· fixed a icmpv6 payload bug (#676)
· IP-only rule ip_proto not matching for some protocols was addressed (#690)
· fixed malformed yaml crashing suricata (#702)
· parsing ipv6 address/subnet parsing in thresholding was fixed by Jamie Strandboge (#717)
· crash in tls parser was fixed (#759)
· fixed UDPv4 packets without checksum being detected as invalid (#762)
· fixed DCE/SMB parsers getting confused in some fragmented cases (#763)
December 14th, 2012· Interactive Unix Socket mode was added.
· IP Reputation support was added.
· A Lua scripting detection keyword was added.
· IP Defrag engine performance was much improved.
· Global thresholding was improved.
· AF_PACKET IPS mode support was added.
· File log output was improved.
· HTTP inspection was made more configurable.
· Live packet capture stats support was added.
· The stream reassembly engine was improved.
· TLS cert logging, storing, and fingerprint matching was added.
· Support for decoding various tunnel protocols was added.
· Delayed detection engine initialization support was added.
December 7th, 2012· This version fixes a major flow engine memory leak, a case in which unified2 could overwrite its own alert files, and the Windows build.
November 30th, 2012· Interactive Unix Socket mode was added.
· IP Reputation support was added.
· Command line options were improved.
· The rule analyzer was improved.
· File log output was improved.
· Endace DAG card live stats support was added.
· A new HTTP event was added.
· Many issues were fixed.
November 15th, 2012· Napatech capture card support was improved.
· Support for the pkt_data keyword was added.
· HTTP inspection was made more configurable.
· Live packet capture stats support was added.
· The stream reassembly engine was improved.
· Performance enhancements were made.
· The rule analyzer was improved.
· Many issues were fixed
November 2nd, 2012· This version fixes several accuracy and stability issues, serveral false positives, and a file extraction corruption bug.
October 5th, 2012· A Lua scripting detection keyword was added.
· Per-server HTTP parsing settings were made much more configurable.
· IP Defrag engine performance was much improved.
· Global thresholding was improved.
· Rule profiling performance was improved.
· Many other performance enhancements were made.
· Many issues were fixed.
October 4th, 2012· Several accuracy issues were fixed.
· HTTP multipart parsing bugs were fixed.
· Several packet acquisition bugs were fixed.
· A stream engine bug was fixed.
September 7th, 2012· AF_PACKET IPS mode support was added.
· Custom HTTP logging was added.
· TLS cert logging, storing, and fingerprint matching was added.
· Support for decoding various tunnel protocols was added.
· NFQ fail-open support was added.
· A rule option for limiting inspection to IPv4 or IPv6 was added.
· The filesize keyword was added.
· Delayed detection engine initialization support was added.
· Various performance improvements were made.
August 22nd, 2012· AF_PACKET performance was much improved.
· Defrag engine performance was improved.
· HTTP URI double decoding handling was made configurable.
· The stream engine was made more robust.
· The Windows build was fixed.
· Various other issues were fixed.
June 30th, 2012· This version adds live rule reload support, AF_PACKET bpf support, a rule analyzer, improved file MD5 matching, a keyword to match on User-Agent in HTTP, and general accuracy and stability improvements.
June 9th, 2012· This version adds a rule keyword to match files against large MD5 blacklists, improves performance, supports PF_RING 5.4.x, and fixes various bugs.
April 5th, 2012· TLS handshake decoder and detection keywords were added.
· Napatech capture card support was added.
· Md5 calculation for files was added.
· File log was added.
· HTTP CONNECT handling was improved.
· IPv6 issues were fixed.
· Major scalability improvements were made.
January 23rd, 2012· Writing of malformed unified2 log records was fixed.
· TCP timeout handling was improved.
January 20th, 2012· PCAP live runmodes were fixed.
· CPU affinity settings for live runmodes were fixed.
· Windows/Cygwin path handling was improved.
January 12th, 2012· Auto-detection of interfaces with checksum offloading was added.
· HTTP and SMTP parser event matching was added.
· Unixsock output options were added.
· Performance was improved.
· IPS mode was improved.
· File inspection and extraction was improved.
November 6th, 2011· Extended HTTP request logging was added.
· AF_PACKET drop stats were added.
· Flow and stream engine counters were added.
· SMTP and HTTP parsers were improved.
· Prelude output was improved.
· Stability and accuracy were improved.
October 26th, 2011· Support for AF_PACKET, replace keyword, workers runmode, event suppression, and byte_extract was added.
· Accuracy and performance was greatly improved. Stability and memory hygiene were improved.
July 25th, 2011· A stream engine bug was fixed.
· Various issues found by the Coverity source code analyzers were fixed.
June 27th, 2011· LibHTP updated to 0.2.6
· Large number of (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.
· Large number of (potential) issues fixed after source code scans with the Clang static analyzer.
December 22nd, 2010· Support for http_raw_header, http_stat_msg, and http_stat_code was added.
· A new default pattern matcher was added.
· Reference.config support was added.
· Performance was much improved.
· Fast_pattern support was improved.
September 3rd, 2010· An SSH module was added.
· Several TCP evasions were fixed.
· Language compatibility was improved.
· HTTP detection accuracy was improved.
· Inline mode was improved.
September 3rd, 2010· An SSH module was added.
· Several TCP evasions were fixed.
· Language compatibility was improved.
· HTTP detection accuracy was improved.
· Inline mode was improved.
July 31st, 2010· Major detection accuracy improvements.
· ip_proto keyword was fixed for malformed packets.
· Fix a TCP RST packet evasion issue (http://www.packetstan.com/2010/06/recently ive-been-on-campaign-to-make.html)
· Stream reassembly improvements.
July 2nd, 2010· This version adds support for tag keywords,, support for DCERPC over UDP, duplicate signature detection, and improved CUDA support, URI inspection, stability, and performance.
June 24th, 2010· Support was added for DAG cards, reassembled stream scanning, the http_uri keyword, dce keywords, and ratefilter.
· Support was improved for uricontent, asn1, and threshold.
· Memory leaks were fixed. Performance was improved.
May 26th, 2010New features:
· Support for the http_headers keyword was added
· libhtp was updated to version 0.2.3
· Privilege dropping using libcap-ng is now supported
· Proper support for "pass" rules was added
· Inline mode for Windows was added
Improvements:
· A regression in the detection engine causing false negatives was fixed
· Many accuracy and stability improvements have been made
Find us on Google+
