Suricata Changelog

New in version 2.0.5

December 12th, 2014
  • Bug #1190: http_header keyword not matching when SYN|ACK and ACK missing
  • Bug #1246: EVE output Unix domain socket not working
  • Bug #1272: Segfault in libhtp 0.5.15
  • Bug #1298: Filestore keyword parsing issue
  • Bug #1303: improve stream ‘bad window update’ detection
  • Bug #1304: improve stream handling of bad SACK values
  • Bug #1305: fix tcp session reuse for ssh/ssl sessions
  • Bug #1307: byte_extract, within combination not working
  • Bug #1326: pcre pkt/flowvar capture broken for non-relative matches
  • Bug #1329: Invalid rule being processed and loaded
  • Bug #1330: Flow memuse bookkeeping error (2.0.x)

New in version 2.0.4 (September 24th, 2014)

  • Changes:
  • Bug #1276: ipv6 defrag issue with routing headers
  • Bug #1278: ssh banner parser issue
  • Bug #1254: sig parsing crash on malformed rev keyword
  • Bug #1267: issue with ipv6 logging
  • Bug #1273: Lua – http.request_line not working
  • Bug #1284: AF_PACKET IPS mode not logging drops and stream inline issue
  • Security:
  • CVE-2014-6603

New in version 2.0.3 (August 8th, 2014)

  • Bug #1236: fix potential crash in http parsing
  • Bug #1244: ipv6 defrag issue
  • Bug #1238: Possible evasion in stream-tcp-reassemble.c
  • Bug #1221: lowercase conversion table missing last value
  • Support #1207: Cannot compile on CentOS 5 x64 with –enable-profiling
  • Updated bundled libhtp to 0.5.15

New in version 2.0 RC1 (February 14th, 2014)

  • Unified JSON output was added. VLAN handling was improved.
  • QinQ support was added.
  • A commandline option for overriding configuration settings was added.
  • ICMPv6 handling was improved.
  • Memcaps for DNS and HTTP handling were added.
  • Several packet capture improvements were made.
  • An optimized NSM runmode was added.
  • Many other issues were fixed.

New in version 2.0 Beta 2 (December 19th, 2013)

  • VLAN support was improved.
  • IP Defrag options were added.
  • Options were added for enabling and disabling protocol parsers.
  • Protocol detection was improved.
  • IPv6 improvements were made.
  • HTTP inspection was improved.
  • Profiling options were expanded.
  • Many more changes were made.

New in version 1.4.7 (December 17th, 2013)

  • Fixes:
  • Bug #996: tag keyword: tagging sessions per time is broken
  • Bug #1000: delayed detect inits thresholds before de_ctx
  • Bug #1001: ip_rep loading problem with multiple values for a single ip
  • Bug #1022: StreamTcpPseudoPacketSetupHeader : port swap logic isn’t consistent
  • Bug #1047: detect-engine.profile – custom value parsing broken
  • Bug #1063: rule ordering with multiple vars

New in version 1.4.6 (September 25th, 2013)

  • Bug 958: malformed SSL records leading to crash. Reported by Sebastian Roschke. CVE-2013-5919.
  • Bug 971: AC pattern matcher out of bounds memory read.
  • Bug 965: improve negated content handling. Reported by Will Metcalf.
  • Bug 937: fix IPv6-in-IPv6 decoding.
  • Bug 934: improve address parsing.
  • Bug 969: fix unified2 not logging tagged packets.

New in version 1.4.5 (July 27th, 2013)

  • IPv6 issues were fixed.

New in version 1.4.4 (July 19th, 2013)

  • Bug #834: Unix socket – showing as compiled when it is not desired to do so
  • Bug #841: configure –enable-unix-socket does not err out if libs/pkgs are not present
  • Bug #846: FP on IP frag and sig using udp port 0, thanks to Rmkml
  • Bug #864: fix pass action not working correctly in all cases, thanks Kevin Branch
  • Bug #876: http connect tunnel crash fixed
  • Bug #877: Flowbit check with content doesn’t match consistently, thanks to Francis Trudeau