-
Notifications
You must be signed in to change notification settings - Fork 1.5k
/
ChangeLog
2761 lines (2591 loc) · 147 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
7.0.2 -- 2023-10-18
Security #6306: mime: quadratic complexity in MimeDecAddEntity
Bug #6402: detect: multi-level tunneling inspection fails
Bug #6397: detect: multiple legacy buffer selection leading to multi-buffer
Bug #6381: DPDK 23.11 changed function name of Bond API
Bug #6380: email: disabled fields in suricata.yaml also get logged
Bug #6303: conf: an empty child node is not checked for NULL
Bug #6300: config: includes provided as a sequence are loaded into the wrong parent configuration node
Bug #6297: configure/docs: check for a supported version of sphinx-build
Bug #6104: detect/multi-buffer: Heap-buffer-overflow in SigMatchAppendSMToList
Bug #6009: dpdk: incorrect final stats
Bug #5831: af-packet/ips: excessive mtu log messages
Bug #5211: detect/frames: crash with detect.profiling.grouping.dump-to-disk
Bug #4624: byte_jump with negative post_offset before start of buffer failure
Feature #6367: SMTP: do not delay mime chunk processing
Feature #5966: dpdk: Analyze hugepage allocation on startup
Feature #4968: QUIC v2 support
Task #6348: detect/analyzer: add more details for the ipopts keyword
Task #6235: decode: add drop reason for stream reassembly memcap
Documentation #6349: userguide: add section about tcp.flags
Documentation #6342: userguide: cover install-full and install-conf in the install page
7.0.1 -- 2023-09-13
Security #6279: Crash in SMTP parser during parsing of email
Security #6195: process exit in hyperscan error handling
Bug #6276: community-id: Fix IPv6 address sorting not respecting byte order
Bug #6256: eve: crash if output dir isn't writeable
Bug #6255: flow: possible divide by zero at start up
Bug #6247: pcre: parsing crash in multi-tenant multi-loader setup
Bug #6244: tcp: RST with data used in reassembly
Bug #6243: Parsing ip-reputation reputation config files now rejects CR and CR+LF
Bug #6240: pcap/file: negative pcap file timestamps lead to weird output
Bug #6233: dpdk: fix overall threads check for IPS mode
Bug #6232: dpdk: treat unknown socket value as a valid value
Bug #6222: Decode-events of IPv6 GRE are not triggered
Bug #6201: multi-tenancy: crash under test mode when tenant signature load fails
Bug #6191: if protocol dcerpc first packet type is Alter_context, it will not parse dcerpc
Bug #6095: windows: lua script path truncated
Bug #6094: eve/stats: memcap_pressure and memcap_pressure_max not logged
Bug #6044: detect: multi-tenancy leaks memory if more than 1 tenant registered
Bug #5870: ips/af-packet: crash when copy-iface is the same as the interface
Bug #5619: dpdk/ips: crash at shutdown with mlx
Bug #5443: ftp-data: failed assertion
Bug #4881: alert event incorrectly log stored files
Optimization #6265: threading: set a higher default stack size for threads
Optimization #6263: mpm/ac: reduce stack usage
Optimization #5920: investigate: check and fix unhandled divisions by 0
Optimization #3637: Performance impact of Cisco Fabricpath
Feature #6267: multi-tenancy: reload-tenants command
Feature #6230: stats: add drop reason counters
Feature #4756: capture: support ips stats for all IPS capture methods
Feature #4587: dhcp: vendor class indentifier support
Documentation #6231: userguide: add installation from Ubuntu PPA section
Documentation #6124: userguide: add instructions/explanation for (not) running suricata with root
7.0.0 -- 2023-07-18
Bug #6212: file.magic: rule reload can lead to crashes
Bug #6211: file: assert failed (!((txd->files_logged > txd->files_opened))), function CloseFile, file output-file.c, line 96.
Bug #6207: util/mime: fuzz failure on base64 remainder parser
Bug #6205: flow/hash: flow by flow_id getter never reaches right flow_id
Bug #6185: smtp: use every byte to compute email.body_md5
Bug #6169: exceptions: master switch not applied to midstream
Bug #6165: http2: fileinfo events log http2 object instead of http object as alerts and http2 do
Bug #6163: http: request_heaser keyword does not support multibuffer
Bug #6149: exceptions: 'auto' policy not considered valid value in IDS mode
Bug #6135: base64: complete support for RFC2045
Bug #6130: http2: quadratic complexity in http2_range_key_get
Bug #6116: dpdk: demote log level of some DPDK messages
Bug #6115: dpdk: NUMA warning signals to non-existent negative id NUMA
Bug #6105: byte_jump does not allow variable name to be used consistently
Bug #6081: pcap: device reopen broken
Bug #6023: smtp: Attachment not being md5 matched
Bug #5964: dpdk: Evaluate input of EAL arguments
Bug #5916: NFQ calls TmqhOutputPacketpool before release packet function is set
Bug #5912: rfb: parser returns error on unimplemented record types
Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes)
Bug #5832: source-xdp: build errors/warnings with libbpf 0.8+
Bug #5757: http: response content encoding value "none" considered invalid
Bug #5464: eve: if alert and drop rules match for a packet, "alert.action" is ambigious
Bug #5022: log-pcap: fix segfault on lz4 compressed pcaps
Bug #4797: pcre2 crash in multi-tenant
Bug #4750: pcap: memory leaks
Bug #2917: Unable to find the sm in any of the sm lists
Optimization #6194: detect: modernize filename fileext filemagic
Optimization #6151: suricatasc: Gracefully handle unsupported commands
Optimization #4145: file keywords: unify keyword registration
Optimization #4141: file.data: inspect File objects for HTTP
Feature #6162: libhtp: recognize Bearer authentication
Feature #6145: byte_math: allow variable name for nbytes
Feature #6144: byte_test: allow variable name for nbytes
Feature #6106: dpdk: fail startup on uninitialized thread affinity setting
Feature #4201: http2: full protocol support
Task #6183: flash decompression: add deprecation warning
Task #6159: libhtp: event on chunk extension
Task #6157: libhtp 0.5.45
Task #6128: af-packet: remove rollover options
Task #4163: rust: set new minimum Rust version for 7
Documentation #6032: detect: document new multi-instance logic
Documentation #5987: doc: update build instructions
Documentation #5930: doc: multi-tenant states that only vlan can be used live, should also include interface
7.0.0-rc2 -- 2023-06-14
Feature #6099: dpdk: add support for bonding interface
Feature #6085: detect: set explicit rule types
Feature #5975: Add support for 'inner' PF_RING clustering modes
Feature #5937: dpdk: Improve DPDK version checking
Feature #5876: eve: add stream tcp logging
Feature #5849: dpdk: add virtio-pmd support
Feature #5822: yaml: set suricata version in generated config
Feature #5803: github-ci: Add netmap as a Github Action
Feature #5784: detect: allow cross buffer inspection on multi-buffer matches
Feature #5746: http.connection - allow in server response
Feature #5717: rfb: add frame support
Security #6129: dcerpc: max-tx config parameter, also for UDP
Security #6118: datasets: absolute path in rules can overwrite arbitrary files
Security #5945: byte_math: Division by zero possible.
Bug #6137: SNMP: version is logged from state, instead of from transaction
Bug #6132: suricata-update: dump-sample-configs: configuration files not found
Bug #6120: streaming-buffer: exceeds limit when downloading large file with file-store enabled
Bug #6117: tcp regions streaming buffer: assert failed (!((region->stream_offset == sbb->offset && region->buf_offset > sbb->len))), function StreamingBufferSBBGetData
Bug #6109: exception/policy: reject changes flow action in IDS mode
Bug #6103: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks
Bug #6093: flow: occasional sudden spike in flow.memuse
Bug #6089: suricata --list-keywords does not work with debug validation
Bug #6087: FTP bounce detection doesn't work for big-endian platforms
Bug #6086: Decode-events of IPv6 packets are not triggered
Bug #6066: Memory Corruption in util-streaming-buffer
Bug #6064: dpdk: detect reload stuck if there are no packets
Bug #6062: flow: memory leaks at shutdown
Bug #6060: IP Datasets not supported from suricata.yaml
Bug #6057: rust/jsonbuilder: better handling of memory allocation errors
Bug #6054: ftp: long line discard logic should be separate for server and client
Bug #6053: smtp: long line discard logic should be separate for server and client
Bug #6046: runmode/unix-socket: http range memory leak
Bug #6043: detect: multi-tenancy fails to start
Bug #6041: ASSERT: !(sb->region.buf_offset != 0)
Bug #6038: TCP resets have incorrect len, nh in IPv6
Bug #6025: detect: allow bsize 0 for existing empty buffers
Bug #6021: af-packet: reload not occurring until packets are seen
Bug #6019: smtp: fuzz debug assertion trigger
Bug #6008: smb: wrong offset when parse SMB_COM_WRITE_ANDX record
Bug #6006: dpdk: query eth stats only by the first worker
Bug #5998: exception/policy: make work with simulated flow memcap
Bug #5989: smtp: any command post a long command gets skipped
Bug #5981: smtp: Long DATA line post boundary is capped at 4k Bytes
Bug #5979: rust: update sawp dependencies to avoid future compile issues
Bug #5978: stream/reassembly: memcap exception policy incorrectly applied
Bug #5971: libhtp: differential fuzzing with rust version: only trim spaces at headers names end
Bug #5969: detect: reload can stall if flow housekeeping takes too long
Bug #5968: flowworker: per packet flow housekeeping can process too many flows
Bug #5963: dpdk: handle packets splitted in multiple segments
Bug #5960: Postpone setting of master exception policy
Bug #5957: bpf: postpone IPS check after IPS runmode is determined from the configuration file
Bug #5952: http: multipart data is not filled up to request.body-limit
Bug #5940: exception/policy: flow action doesn't fall back to packet action when there's no flow
Bug #5936: dpdk: Release mempool only after the device closes
Bug #5931: http2: urilen not supported
Bug #5929: fast_pattern assignment of specific content in combination with urilen results in FN
Bug #5927: smtp: quadratic complexity for tx iterator with linked list
Bug #5925: dpdk: VMXNET3 fails to configure
Bug #5924: AF_XDP compile error
Bug #5923: dpdk: change in NUMA-determining API
Bug #5919: flow/manager: fix unhandled division by 0 (prealloc: 0)
Bug #5917: http: libhtp errors on multiple 100 continue response
Bug #5909: http2: quadratic complexity when reducing dynamic headers table size
Bug #5907: tcp: failed assertion ASSERT: !(ssn->state != TCP_SYN_SENT)
Bug #5905: invalid bsize and distance rule being loaded by suricata
Bug #5900: UBSAN: undefined shift in DetectByteMathDoMatch
Bug #5885: base64_decode not populating up to an invalid character
Bug #5883: mime: debug assertion on fuzz input
Bug #5881: stream: overlap with different data false positive
Bug #5877: stream: connections time out too early
Bug #5875: stream/ips: dropping spurious retransmissions times out connections
Bug #5867: false-positive drop event_types possible on passed packets
Bug #5866: detect: multi-tenancy crash
Bug #5862: netmap: packet stalls
Bug #5856: stream: SYN/ACK timestamp checking blocks valid traffic
Bug #5855: af-xdp: may fail to build on Linux systems with kernel older than 5.11
Bug #5850: frames: Assertion failed: buffer initialized
Bug #5843: tcp/stream: session reuse on tcp flows w/o sessions
Bug #5836: output: abort triggered on no permission test
Bug #5835: debug: segv on enabling debugging output
Bug #5834: tcp/regions: list corruption
Bug #5833: tcp/regions: use after free error
Bug #5825: stream.midstream: if enabled breaks exception policy
Bug #5823: smtp: config and built-in defaults mismatch
Bug #5819: SMTP does not handle LF post line limit properly
Bug #5818: time: integer comparison with different signs
Bug #5808: http2: leak with range files
Bug #5802: ips: txs still logged for dropped flow
Bug #5799: detect: sigs using DETECT_SM_LIST_PMATCH can break other signatures
Bug #5786: smb: possible evasion with trailing nbss data
Bug #5783: smb: wrong endian conversion when parse NTLM Negotiate Flags
Bug #5780: HTTP/2 - FN when matching on multiple http2.header contents
Bug #5770: smb: no consistency check between NBSS length and length field for some SMB operations
Bug #5740: content: within and distance lengths should be bounded
Bug #5667: Enable rule profiling via socket
Bug #5627: windows: windivert build broken
Bug #5621: security.limit-noproc: disabled if not provided in the configuration file
Bug #5563: stream: issue with stream debug tracking of memuse
Bug #5541: Unexpected behavior of `endswith` in combination with negated content matches
Bug #5526: tcp: Assertion failed: (!((last_ack_abs < left_edge && StreamTcpInlineMode() == 0 && !f->ffr && ssn->state < TCP_CLOSED)))
Bug #5498: flowworker: Assertion in CheckWorkQueue
Bug #5437: 'unseen' http midstream packets with TCP FIN flag set
Bug #5320: Key collisions in HTTP JSON eve-logs
Bug #5270: Flow hash table collision and flow state corruption between different capture interfaces
Bug #5261: rust: reconsider bundling Cargo.lock
Bug #5017: counters: tcp.syn, tcp.synack, tcp.rst depend on flow
Bug #4952: scan-build: Access to field 'de_state' results in a dereference of a null pointer
Bug #4759: TCP DNS query not found when tls filter is active
Bug #4578: perf shows excessive time in IPOnlyMatchPacket
Bug #4529: Not keyword matches in Kerberos requests
Bug #3152: scan-build warning for detect sigordering
Bug #3151: scan-build warning for detect port handling
Bug #3150: scan-build warnings for detect address handling
Bug #3149: scan-build warnings in radix implementation
Bug #3148: scan-build warnings for ac implementations
Bug #3147: scan-build warning for mime decoder
Optimization #6100: mqtt: quadratic complexity in get_tx_by_pkt_id
Optimization #6036: pgsql: remove unused Kerb5 auth message
Optimization #5959: detect using uninitialized engine mode
Optimization #5718: time: compact alternative to struct timeval
Optimization #5544: tls keywords: increase code coverage and update documentation (if need be)
Optimization #4378: file.data: split mpm per app_proto
Task #5993: rust: x509-parser 0.15
Task #5992: rust: snmp-parser 0.9.0
Task #5991: rust: der-parser 8.2.0
Task #5983: libhtp 0.5.44
Task #5965: tracking: Improving DPDK capture interface and docs
Task #5939: config: deprecate multiple "include" statements at the same level
Task #5918: libhtp 0.5.43
Task #5741: rust/src/rfb/* add more unittests
Task #5628: github-ci: add windows + windivert build
Task #5474: test: review how 7 works with config from 5 and 6
Task #4067: http2: overload existing http keywords to support http/2
Task #4051: Convert unittests to new FAIL/PASS API: detect-lua.c
Documentation #5962: documentation: mention the use of http1 in rule protocol
Documentation #5884: docs: update CentOS names according to their new conventions
Documentation #5859: docs: add build instructions for DPDK capture interface
Documentation #5858: docs: add list of supported NICs in DPDK mode
Documentation #5857: docs: refactor DPDK documentation
Documentation #5596: doc/optimization: move 'suricata.git/doc/userguide/convert.py' to Python3
7.0.0-rc1 -- 2023-01-31
Feature #5761: Unknown ethertype packets are not counted
Feature #5516: tls: client cert detection
Feature #5384: Thread Synchronisation: wait for all threads to be in an operating state before continuing initialisation
Feature #5383: Support for IP addresses in dataset
Feature #5219: ips: add 'master switch' to enable dropping on traffic (handling) exceptions
Feature #5184: Add more dataset user interaction
Feature #4981: frames: add general <app_proto>.stream frames
Feature #4979: frames: implement dynamic logic to disable frames of a type
Feature #4751: dns/eve: add 'HTTPS' type logging
Feature #4269: Additional dataset operations
Feature #3306: Support AF_XDP capture method
Feature #3086: app_proto for Torrent traffic
Feature #2497: error messages usability improvement
Security #5712: tcp: crafted packets lead to resource starvation
Security #5703: smb: crash inside of streaming buffer Grow()
Security #5701: Suricata crashes while processing FTP
Security #5700: SCRealloc of large chunk crashes Suricata
Security #5686: decoder/tunnel: tunnel depth not limited properly
Security #5623: smtp/base64: crash / memory corruption
Bug #5817: tls: certificates with dates prior to 1970 are not logged correctly
Bug #5814: smb: duplicate interface fields logged
Bug #5813: rfb/eve: depth in pixel format logged twice
Bug #5811: smb: tx logs sometimes have duplicate `tree_id` output
Bug #5781: smb: unbounded file chunk queuing after gap
Bug #5779: dcerpc: max-tx config parameter
Bug #5769: Incomplete values for .stats."app_layer".flow.proto
Bug #5765: exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow
Bug #5753: smb: convert transaction list to vecdeque
Bug #5747: iprep/ipv6: warning issued on valid reputation input
Bug #5725: smtp: quoted-printable encoding skips empty lines in files
Bug #5707: quic: ja3 Stack-use-after-return READ 1
Bug #5706: app-layer-htp: Condition depending on enabled IPS mode never true
Bug #5693: decode: Padded packet to minimal Ethernet length marked with invalid length event
Bug #5691: HTTP/2 decompression bug
Bug #5663: tls: buffer overhead off by one in TLSDecodeHSHelloExtensionSupportedVersions
Bug #5661: security.limit-noproc: break ASAN/LSAN when non-root user
Bug #5658: SMTP: segfault on boundary data
Bug #5654: readthedocs: not showing pdf download option for recent versions
Bug #5644: Integer overflow at dcerpc.rs:846
Bug #5637: quic: convert to vecdeque
Bug #5624: quic: rule with ja3.hash keyword fails to load
Bug #5617: dpdk: avoid per thread warnings
Bug #5580: dpdk: IDS vs IPS confusion
Bug #5579: pgsql: support out of order parameter in startup message
Bug #5574: base64: skip over all invalid characters for RFC 2045 mode
Bug #5572: pcre2: allow different include/lib paths
Bug #5567: smb: failed assertion (!((f->alproto == ALPROTO_SMB && txd->files_logged != 0))), function CloseFile, file output-file.c
Bug #5564: tls: buffer overread
Bug #5558: detect: invalid hex character in content leads to bad debug message
Bug #5557: dcerpc: rust integer underflow
Bug #5553: dpdk: Packets with invalid checksums are not counted in DPDK capture mode
Bug #5530: frames: buffer overflow in signatures parsing
Bug #5529: frame: memory leak in signature parsing
Bug #5528: tcp: assertion failed in function DoInsertSegment
Bug #5456: detect: config keyword prevents tx cleanup
Bug #5444: dns: allow dns messages with invalid opcodes
Bug #5379: detect/udp: different detection from rules when UDP/TCP header is broken
Bug #5374: pcap-log: breaking change in file names
Bug #5258: smb/ntlmssp: parser incorrectly assumes fixed field order
Bug #5235: ftp: add event when command request or response is too long
Bug #5205: FTP-data unrecognized depending on multi-threading
Bug #5198: eve/stats: ASAN error when eve output file can't be opened.
Bug #5161: smb: file not tracked on smb2 async
Bug #4580: smb: large streams can cause large memory moves (memmove)
Bug #4554: Configuration test mode succeeds when classification.config file contains invalid content
Bug #3253: tls: handling of 'Not Before' date before unix epoch
Bug #2982: invalid dsize distance rule being loaded by suricata
Optimization #5782: smb: set defaults for file chunk limits
Optimization #5373: Prevent process creation by Suricata process
Optimization #4977: frames: gap handling in inspection
Optimization #4908: ftp: use AppLayerResult instead of buffering wherever possible
Optimization #4614: Fix warning about "field reassign with default"
Optimization #4612: Fix warning about "nonminimal bool"
Optimization #4611: Fix warning about "extra unused lifetimes"
Optimization #4610: Fix warning about "explicit counter loop"
Optimization #4608: Fix warning about "redundant pattern matching"
Optimization #4606: Fix warning about "match ref pats"
Optimization #4603: Fix warning about "type complexity"
Optimization #4602: Fix warning about "new without default"
Optimization #4601: Fix warning about "while let loop"
Optimization #4600: Fix warning about "needless lifetimes"
Optimization #4598: Fix warning about "needless_range_loop"
Optimization #4596: Fix warning about "single match"
Optimization #4594: Fix warning about "this loop never actually loops"
Optimization #4592: Fix warning about "for loop over fallibles"
Optimization #4591: Fix Rust clippy lints
Optimization #3160: clean up error codes
Task #5638: SWF decompression: Do not depend on libhtp
Task #5632: Disable swf decompression by default
Task #5587: ips/tap: in layer 2 ips/tap setups, warn that mixed usage of ips and tap will be removed in 8.0
Task #5586: rust/applayertemplate: remove pub and no_mangle from extern functions that don't need it
Task #5504: exceptions: error out when invalid configuration value is passed
Task #5496: detect/parse: add tests for parsing signatures with reject and drop action
Task #4939: app-layer: template and setup script
Task #4054: Convert unittests to new FAIL/PASS API: detect-replace.c
Task #4050: Convert unittests to new FAIL/PASS API: detect-l3proto.c
Task #4049: Convert unittests to new FAIL/PASS API: detect-itype.c
Task #4043: Convert unittests to new FAIL/PASS API: detect-icmp-seq.c
Task #4042: Convert unittests to new FAIL/PASS API: detect-icmp-id.c
Task #4039: Convert unittests to new FAIL/PASS API: detect-filesize.c
Task #4030: Convert unittests to new FAIL/PASS API: detect-engine-tag.c
Task #4029: Convert unittests to new FAIL/PASS API: detect-engine-sigorder.c
Task #4020: Convert unittests to new FAIL/PASS API - detect-distance.c
Documentation #5616: Ubuntu PPA: Package software-properties-common
Documentation #5585: devguide: bring section about installation from redmine wiki into DevGuide
Documentation #5515: userguide: add a dedicated chapter/section for the Exception Policies
Documentation #5129: devguide: clarify style guide for getframe functions
Documentation #4929: devguide: bring Contributing process page into it
Documentation #4697: devguide: document app-layer frame support
7.0.0-beta1 -- 2022-10-26
Feature #5509: App-layer event for protocol change failure
Feature #5506: DHCP: signature keyword for rebinding_time
Feature #5503: ips: add "reject" action to exception policies
Feature #5479: Add landlock support
Feature #5468: ips: midstream: add "exception policy" for midstream
Feature #5442: kerberos: log ticket encryption method
Feature #5435: DHCP: signature keyword for lease_time
Feature #5416: SNMP: signature keyword for usm
Feature #5218: ips: allow dropping of flow if applayer reaches error state
Feature #5216: ips: allow dropping of flow if flow.memcap is hit
Feature #5215: ips: allow dropping of flow if stream.reassembly.memcap is hit
Feature #5214: ips: allow dropping of flow if stream.memcap is hit
Feature #5202: eve/drop: include drop "reason"
Feature #5191: new keyword for self signed certificates
Feature #5190: new tls.random keyword
Feature #5036: sip: add frames support
Feature #4984: dns: add frames support
Feature #4983: frames: support UDP
Feature #4967: QUIC v1 support
Feature #4872: nfs: add stream app-layer frame support
Feature #4556: HTTP2: support deflate decompression
Feature #4551: eve: add direct base64 to json option to json builder
Feature #4550: pthreads: set minimum stack size
Feature #4541: netmap: new API version (14) supports multi-ring software mode
Feature #4526: SIGSEGV handling -- log stack before aborting
Feature #4515: Add DNS logging of Z flag
Feature #4507: dpdk: initial support for IDS and IPS modes
Feature #4498: decoder: add VN-Tag support
Feature #4406: unix socket: Get flow information by flow_id
Feature #4386: Support for RFC2231
Feature #4332: Makes libhtp decompression time limit configurable from Suricata
Feature #4241: Protocol support: PostgreSQL (pgsql)
Feature #4144: file.data: support for request side files in HTTP
Feature #4142: file.data: support for NFS
Feature #4117: http2: byte-range support
Feature #4116: http2: body compression handling
Feature #3957: Convert protocol to Rust: Modbus
Feature #3887: yaml: Increase maximum size for address vars
Feature #3767: Add IKEv1 parser
Feature #3701: eve: add tenant_id in eve-log for other types than alert
Feature #3512: stream depth event rule
Feature #3440: Add GQUIC Protocol Analysis and CYU Fingerprinting
Feature #3292: support for network service header (NSH)
Feature #3285: rules: XOR keyword
Feature #3002: Flow and Netflow Not Logging ESP Traffic
Feature #2697: prefilter support for stream_size
Feature #2450: lua: scripts access to calling rule informations
Feature #2323: Applayer support for telnet
Feature #2096: eve: event_type for MODBUS
Feature #2054: Extracting HTTPS URL´s from SMTP, currently only HTTP is supported
Feature #1576: http: byte-range support
Feature #1478: Active flow counters
Feature #1369: eve: json schema
Feature #1096: tls: client certificate handling
Feature #120: Capture full session on alert
Security #5408: filestore: Segfault with filestore enabled and forced
Security #5399: mqtt: DOS by quadratic with too many transactions in one parse
Security #5244: Infinite loop in JsonFTPLogger
Security #5243: protocol detection: exploitable type confusion due to concurrent protocol changes
Security #5237: nfs: arbitrary allocation from nfs4_res_secinfo_no_name
Security #5187: Rust regex crate security advisory CVE-2022-24713
Security #5024: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input
Security #5023: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input
Security #4857: ftp: SEGV at flow cleanup due to protocol confusion
Security #4710: tcp: Bypass of Payload Detection on TCP RST with options of MD5header
Security #4569: tcp: crafted injected packets cause desync after 3whs
Security #4504: tcp: Evasion possibility on wrong/unexpected ACK value in crafted SYN packets
Bug #5595: eve/alert: SEGV in files to alert logging
Bug #5584: detect/tag: timeout handling issues on windows
Bug #5581: eve: mac address logging for packet records reverses direction
Bug #5571: ips: encapsulated packet logged as dropped, but not actually dropped
Bug #5538: Compiler Warning on Fedora 36 / gcc 12.2.1
Bug #5536: detect: flow.age keyword
Bug #5527: postgresql: limit number of live transactions
Bug #5521: detect: transform strip whitespace creates a 0-sized variable-length array
Bug #5518: dcerpc: More efficient transaction handling for UDP
Bug #5508: SMB2 async responses are not matched with its request
Bug #5507: DHCP: signature keyword for renewal_time
Bug #5458: Reject action is no longer working
Bug #5457: Counters are not initialized in all places.
Bug #5455: ike: logging state transforms instead of transaction transforms
Bug #5419: Failed assert DeStateSearchState
Bug #5409: PCRE: use match and recursion limit for pcrexform
Bug #5402: detect: will still inspect packets of a "dropped" flow for non-TCP
Bug #5401: tcp: assertion failed in DoInsertSegment (BUG_ON)
Bug #5392: fileinfo: inconsistent file size tracking for GAPs
Bug #5391: events: PACKET_RECYCLE does not reset event_last_logged
Bug #5390: smb: have default stream-depth of 0
Bug #5386: detect/threshold: offline time handling issue
Bug #5377: modbus: probing parser recognizes modbus with unknown function code
Bug #5368: bypass: Memory leak of some flow bypass objects.
Bug #5361: IPS: ip only rules, but with negated addresses not treated like pure ip-only rules in IPS context
Bug #5353: detect/alert: fix segvfault when incrementing discarded alerts if alert-queue-expand fails
Bug #5331: stacktrace-on-signal: Kills all processes in the same process group
Bug #5330: flow: vlan.use-for-tracking is not used for ICMPv4
Bug #5329: rust: inconsistency between rust structure RustParser and C structure AppLayerParser
Bug #5327: track by_rule|by_both incorrectly rejected for global thresholds
Bug #5321: dcerpc: More efficient transaction handling
Bug #5317: flow manager: end of flow counters not working
Bug #5316: smtp: PreProcessCommands does not handle all the edge cases
Bug #5315: decode/mime: base64 decoding for data with spaces is broken
Bug #5314: ftp: quadratic complexity for tx iterator with linked list
Bug #5313: python: distutils deprecation warning
Bug #5312: test failure on Ubuntu 22.04 with GCC 12
Bug #5310: detect: several potential infinite loops by comparing u16 to size_t
Bug #5309: CIDR prefix calculation fails on big endian archs
Bug #5308: file handling: avoid toctou race conditions
Bug #5306: dcerpc: unsigned integer overflow in parse_dcerpc_bindack
Bug #5298: template (rust): convert transaction list to vecdeque
Bug #5297: pgsql: convert transaction list to vecdeque
Bug #5296: http2: convert transaction list to vecdeque
Bug #5295: rdp: convert transaction list to vecdeque
Bug #5294: mqtt: convert to vecdeque
Bug #5291: cppcheck: various static analyzer "warning"s
Bug #5285: frame: assertion failed in PrefilterMpmFrame
Bug #5281: ftp: don't let first incomplete segment be over maximum length
Bug #5280: nfs: ASSERT: attempt to subtract with overflow (compound)
Bug #5278: app-layer: Allow for non slice based transaction containers in generate get iterator (rust)
Bug #5277: dns: More efficient transaction handling
Bug #5276: eve: payload field randomly missing even if the packet field is present
Bug #5271: app-layer: timeout when removing many transactions from the beginning
Bug #5268: mqtt: integer underflow with truncated
Bug #5260: rust: update regex dependency
Bug #5259: rust: update time dependency
Bug #5248: flow: double unlock in tcp reuse case
Bug #5246: smb: integer underflows and overflows
Bug #5238: frame: memory leak in signature parsing
Bug #5236: frame: buffer over read in SCACSearch
Bug #5228: pcre2: SEGV during rule loading
Bug #5226: Frames: failed assertion !((int64_t)data_len > frame->len)
Bug #5223: base64_decode does not populate base64_data buffer once hitting non-base64 chars
Bug #5208: DCERPC protocol detection when nested in SMB
Bug #5205: FTP-data unrecognized depending on multi-threading
Bug #5201: content:"22 2 22"; is parsed without error
Bug #5197: fast_pattern assignment of specific content results in FN
Bug #5188: SSL : over allocation for certificates
Bug #5183: TLS Handshake Fragments not Reassembled
Bug #5174: MIME URL extraction creates invalid url in JSON
Bug #5168: detect/iponly: non-cidr netmask settings can lead incorrect detection
Bug #5162: inspection of smb traffic without smb/dcerpc doesn't work correct.
Bug #5147: frames: debug assertion on SMB2 traffic
Bug #5146: libhtp: does not handle 100 continue if there is a 0 Content Length
Bug #5145: nfs: Integer underflow in NFS
Bug #5144: Failed assert DeStateSearchState
Bug #5132: segfault: master - HTPFileCloseHandleRange
Bug #5094: output: timestamp missing usecs on Arm 32bit + Musl
Bug #5093: rust/proc-macro-crate: pin to old version to support our MSRV
Bug #5086: htp: server personality radix handling issue
Bug #5085: defrag: policy config can setup radix incorrectly
Bug #5084: iprep: cidr support can set up radix incorrectly
Bug #5081: detect/iponly: rule parsing does not always apply netmask correctly
Bug #5080: eve/dnp3: coverity warnings for string handling
Bug #5079: swf: coverity warning
Bug #5077: byte_math rule options need to be in order or will fail otherwise
Bug #5073: Off-by-one in flow-manager flow_hash row allocation
Bug #5070: Stacktrace logger should propagate original signal
Bug #5066: detect/iponly: mixing netblocks can lead to FN/FP
Bug #5065: frames: coverity warning
Bug #5046: Documentation copyright years are invalid
Bug #5040: stats: add app-layer error counters
Bug #5034: dns: probing/parser can return error when it should return incomplete
Bug #5019: dataset: error with space in rule language
Bug #5018: MQTT can return AppLayerResult::incomplete forever and buffer forever
Bug #5011: frames: buffer overread in SigValidate
Bug #5009: dpdk: fails to compile on ubuntu 22.04
Bug #5007: pgsql: coverity warning
Bug #4972: Null deference in ConfigApplyTx
Bug #4969: Libhtp timeout lzma reallocing dictionary
Bug #4953: stream: too aggressive pruning in lossy streams
Bug #4948: SMTP assertion triggered
Bug #4947: suricatasc loop if recv returns no data
Bug #4945: smb: excessive CPU utilization and higher packet processing latency due to excessive calls to Vec::extend_from_slice()
Bug #4941: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit
Bug #4935: DPDK: Packet counters set incorrectly
Bug #4924: dns: transaction not created when z-bit set
Bug #4920: detect/app-layer-protocol: app-layer-protocol:http broken
Bug #4882: Netmap configuration -- need a configuration option for non-standard library locations.
Bug #4877: Run stream reassembly on both directions upon receiving a FIN packet
Bug #4862: MQTT : transactions are never cleaned by AppLayerParserTransactionsCleanup
Bug #4860: eve.json remove app-layer specific fields from root object
Bug #4859: dnp3: buffer over read in logging base64 empty objects
Bug #4849: protodetect: SMB vs TLS protocol detection in midstream
Bug #4848: TFTP: memory leak due to missing detect state
Bug #4842: smb: excessive memory use during file transfer
Bug #4839: Memory leak with signature using file_data and NFS
Bug #4836: profiling: Invalid performance counter when using sampling
Bug #4828: flow: flows not evicted & freed in time
Bug #4817: smtp: smtp transaction not logged if no email is present
Bug #4812: conf: quadratic complexity
Bug #4811: Range: memory leak from HTTP2
Bug #4810: pppoe decoder fails when protocol identity field is only 1 byte
Bug #4808: flow: worker-evicted flows need to be processed quicker
Bug #4807: packetpool: packets in pool may have capture method ReleasePacket callbacks set
Bug #4804: af-packet: tpacket v3 if/down logic broken
Bug #4803: af-packet: up/down logic leaks resources in autofp (tpacket v2)
Bug #4801: af-packet: tpacket v3 socket reference handling broken
Bug #4800: af-packet: flag collision between kernel and Suricata
Bug #4785: af-packet: threads sometimes get stuck in capture
Bug #4779: flow/bypass: flow worker not performing flow timeout "housekeeping"
Bug #4778: flow/bypass: app-layer/stream resources not freed when bypass activated
Bug #4771: pcrexform: does not capture substring but whole match
Bug #4769: dcerpc dce_iface just match a packet
Bug #4767: Rule error in SMB dce_iface and dce_opnum keywords
Bug #4766: Flow leaked when flow->use_cnt access race happens
Bug #4765: loopback: different AF_INET6 values per OS
Bug #4764: range: no validity check with HTTP2 leads to over allocation
Bug #4757: Incomplete range with overlap, and expected new bytes, lead to incomplete reassembly
Bug #4754: Invalid range leads to OOM
Bug #4752: Memory leak in SNMP with DetectEngineState
Bug #4741: Quadratic complexity in modus due to missing tx_iterator
Bug #4739: Absent app-layer protocol is always enabled by default
Bug #4737: ubsan: bytejump warning
Bug #4731: flows: spare pool not freeing flows aggressively enough
Bug #4724: pcre2: scan-build warning
Bug #4722: flows: TCP flow timeout handling stuck if there is no traffic
Bug #4720: pcre2: ASAN heap-buffer-overflow
Bug #4719: http2: byte-range test fails intermittently
Bug #4699: coverity warnings after output changes
Bug #4692: lua: file info callback returns wrong value
Bug #4685: detect: too many prefilter engines lead to FNs
Bug #4681: Wrong list_id with transforms for http_client_body and http file_data
Bug #4680: nfs: failed assert self.tx_data.files_logged > 1
Bug #4679: IPv6 : decoder event on invalid fragment length
Bug #4670: rules: mix of drop and pass rules issues
Bug #4666: http: ipv6 address is a valid host
Bug #4664: ipv6 evasions : fragmentation
Bug #4663: rules: drop rules with noalert not fully dropping
Bug #4659: Configuration test mode succeeds when reference.config file contains invalid content
Bug #4654: tcp: insert_data_normal_fail can hit without triggering memcap
Bug #4650: Stream TCP raw reassembly is leaking
Bug #4622: File deletions over SMB are not always logged
Bug #4621: rust panic: when using smb stream-depth
Bug #4620: Protocol detection : confusion with SMB in midstream
Bug #4619: HTTP2 null dereference in upgrade
Bug #4586: segmentfault when reopen redis
Bug #4582: BUG_ON triggered from TmThreadsInjectFlowById
Bug #4581: Excessive qsort/msort time when large number of rules using tls.fingerprint
Bug #4577: coverity: minor warnings
Bug #4570: eve/flow: many flows logged with reason==unknown
Bug #4563: Rules based on SSH banner-related keywords only match on acked data
Bug #4562: Memory leak in Protocol change during protocol detection
Bug #4561: Failed assertion in SMTP SMTPTransactionComplete
Bug #4560: Quadratic complexity in HTTP2 gzip decompression
Bug #4558: DNP3: intra structure overflow in DNP3DecodeObjectG70V6
Bug #4549: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned
Bug #4540: unused variables warnings on Windows compiles with rust
Bug #4537: alert count shows up as 0 when stats are disabled
Bug #4536: SWF decompression overread
Bug #4534: Timeout in ikev2 parsing
Bug #4533: Rust modbus parser does not handle gaps as it claims
Bug #4530: DOS Quadratic complexity when having too many transactions
Bug #4527: Fix implicit conversions in traffic facing source code modules
Bug #4525: segv with --set cmdline option if incorrect key is provided
Bug #4523: Application log cannot to be re-opened when running as non-root user
Bug #4516: Integer overflows
Bug #4509: Incorrect flags in Rust
Bug #4508: SSH bypass is not working
Bug #4505: Rust panic while parsing (new rust) modbus rule
Bug #4503: Buffer overflow in "by_rule" threshold context
Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped
Bug #4495: output: threaded output coverity warning
Bug #4494: Failed assertion in HTTP2 decompression
Bug #4491: rules: rules w/o sid accepted, leading to alerts with signature_id: 0
Bug #4478: freebsd: lockups due to mutex handling issues
Bug #4477: Infinite loops in when using InspectionBufferMultipleForList
Bug #4476: heap-buffer-overflow WRITE in InspectionBufferSetup with use of InspectionBufferGetMulti
Bug #4473: Timeout in ftp parsing rs_ftp_active_eprt
Bug #4472: YAML -- interpretation of "~" (tilde)
Bug #4448: Properly set the ICMP emergency-bypassed value
Bug #4447: ipv6 & ftp & passive mode & error
Bug #4442: build: Build failure on FreeBSD
Bug #4440: eve: log if flow had gap
Bug #4438: Null-dereference in HTTP2MimicHttp1Request in midstream
Bug #4437: dns: high resource usage on long lived dns connections
Bug #4436: Buffer overread in SMTP SMTPParseCommandBDAT
Bug #4434: Duplicate alert record in eve log when using unix-socket mode
Bug #4433: Debug assert failed in ikev1 logger
Bug #4428: Rust panic in suricata::dcerpc::detect::handle_input_data (buffer overread)
Bug #4425: threaded eve: files not closed on deinitialization
Bug #4424: ftp: Memory leak with duplicate FTP expectation
Bug #4407: threshold: slow startup on threshold.config with many addresses in suppression
Bug #4404: eve/mqtt: mqtt logging crashes when eve is multithreaded
Bug #4403: Use after free or read overflow or use of unitized memory in TransformStripWhitespace called by HttpServerBodyXformsGetDataCallback
Bug #4401: Quadratic complexity in libhtp chunk parsing
Bug #4400: Panic in Rust HTTP2 dynamic headers table eviction
Bug #4397: eve.drop: alerts option logs lowest priority alert
Bug #4395: Incorrect AppLayerResult::incomplete for RDP
Bug #4394: detect: "drop" on protocol detect only rule doesn't drop flow
Bug #4389: Protocol detection tls-dcerpc
Bug #4388: Protocol detection evasion enip-dns
Bug #4387: Heap-use-after-free READ 8 · JsonDNP3LoggerToClient
Bug #4379: flow manager: using too much CPU during idle
Bug #4376: TCP flow that retransmits the SYN with a newer TSval not properly tracked
Bug #4375: segv in ApplyToU8Hash
Bug #4369: Configuration test mode succeeds when threshold.config file contains invalid content
Bug #4361: detect: file.data performance regression
Bug #4348: ftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle function
Bug #4335: Stack-buffer-overflow READ 4 in SetupU8Hash
Bug #4331: libhtp: don't put stream in error state on compression issues
Bug #4320: Heap use after free in parsing signatures with ip_proto and prefilter
Bug #4280: Suricata is not fully reading or loading the iprep files
Bug #4277: SIGABRT: rust panic HTTP2State
Bug #4274: Suricata crashes at exit in NFQ mode
Bug #4273: protodetect: SEGV due to NULL ptr deref
Bug #4272: Timeout in libhtp with lzma in gzip to be decompressed in many responses
Bug #4271: datasets: reference counter issue in string lookup
Bug #4267: output: don't use /etc/protocols
Bug #4262: ebpf: llc detection failure
Bug #4261: Mismatch between capture and outputs in rules leads to seg fault
Bug #4258: ftp-data: support for file.name keyword is incomplete
Bug #4254: Leak in signature parsing with urilen
Bug #4253: lua: flowint/flowvar API naming consistency
Bug #4247: detect: NOOPT flag not enforced correctly
Bug #4246: Assertion failed in AdjustToAcked delta > 10000000ULL && delta > stream->window
Bug #4245: SMTP/Email Body md5: Only logs the md5 of the first part in a multi-part mime message
Bug #4239: dataset file not written when run as user
Bug #4238: tcp/fastopen: false positive on "invalid option"
Bug #4233: ssl : Integer underflow in ssl parsing SSLV3_HANDSHAKE_PROTOCOL
Bug #4232: Protocol detection evasion enip-SMB
Bug #4231: ICMPv6 failed assert p->icmpv6h == NULL with icmpv6.hdr
Bug #4228: tcp/async: incorrect flagging of ACK values as invalid
Bug #4225: SC_ERROR_CONF_YAML_ERROR anomaly logger error when in socket mode
Bug #4224: modbus: Request flood leads to CPU exhaustion
Bug #4216: 5.0.5 in socket mode crashes when using file-store due to uninitialized stats_ctx
Bug #4211: Not all manpages are built by docs Makefile
Bug #4210: Alert not generated with 2 rules - http.request body (alone) and http.request_body/url_decode
Bug #4208: Suricata crashes with multi-threaded eve logger and HTTP/2 traffic
Bug #4206: dns: output flags not set correctly on 32 bit systems
Bug #4205: eve: Memory leak from jsonbuilder in @MetadataJson@
Bug #4202: Wrong stream side after direction change
Bug #4199: Transformation keyword can’t trigger an alert
Bug #4198: dcerpc: no alert triggered with dce opnum in 6.0
Bug #4187: rs_dcerpc_udp_get_tx takes out unusual amount of CPU
Bug #4171: Failed assert in TCPProtoDetectCheckBailConditions size_ts > 1000000UL
Bug #4152: fatal error: 'gnu/stubs-32.h' file not found
Bug #4106: Duplicate TLS subjects in tls metadata.
Bug #4096: flow manager: 200% CPU in KVM host with no activity with Suricata 6
Bug #4080: DCERPCUDPState handle fragmented data functions pegging certain CPU cores/threads
Bug #3996: SIGABRT: SMTPTransactionComplete
Bug #3995: SIGABRT stream-tcp-reassemble
Bug #3846: Infinite loop if the sniffing interface temporarily goes down
Bug #3703: fileinfo "stored: false" even if the file is kept on disk
Bug #3685: Incorrect logging level for messages
Bug #3542: FTP: expectation created in wrong direction.
Bug #3475: SMB evasion against EICAR file detection
Bug #3419: af-packet: cluster_id is not used when trying to set fanout support
Bug #3109: dcerpc engine not generating alerts
Bug #2809: Applayer Mismatch protocol both directions for kerberos AS-REQ/KDC_ERR_PREAUTH_REQUIRED exchange
Bug #2802: iprep: use_cnt can get desynchronized (SIGABRT)
Bug #2510: Suricata doesnt decompress HTTP Post body
Bug #2190: apparent 1000 character limit in threshold.conf IP lists
Optimization #5592: tunnel: spinlock for tunnel packet sync
Optimization #5577: Fix warning about "comparing with null" in debug code
Optimization #5481: tls: support incomplete API to replace internal buffering
Optimization #5454: http2: slow http2_frames_get_header_value_vec because of allocation
Optimization #5400: dpdk: allow specifying of `rss_hf` flags in config
Optimization #5232: rules: pattern id assignment is too slow
Optimization #5231: rules: mpm setup more costly than needed
Optimization #5230: rules: too much time spent in DetectUnregisterThreadCtxFuncs due to pcre2
Optimization #5229: rules: too much time spent in SigMatchListSMBelongsTo at startup
Optimization #4991: pgsql: convert parser to nom7 functions
Optimization #4907: smtp: use AppLayerResult instead of buffering wherever possible
Optimization #4805: af-packet: move vlan hdr insert logic to capture/decode
Optimization #4795: Remove PASS_IF macro from the FAIL/PASS API
Optimization #4748: app-layer/rust: explore if tx iterator can be implemented as a trait
Optimization #4711: Clang 14 and rust nightly new warnings
Optimization #4653: Flow cleaning with chunked approach is memory hungry
Optimization #4609: Fix warning about "if same then else"
Optimization #4604: Fix warning about "branches sharing code"
Optimization #4599: Fix warning about "ptr_arg"
Optimization #4597: Fix warning about "enum's name"
Optimization #4593: Fix warning about "mixed case hex literals"
Optimization #4555: HTTP2: what to do when HTTP upgrade is requested and HTTP2 is disabled ?
Optimization #4497: rust: clean up constructors of state, transaction structs
Optimization #4496: decode: remove NULL checks after header casts
Optimization #4475: Rust: Make default_port in parser registration an Option
Optimization #4427: storage api: use dedicated 'id' type
Optimization #4366: decoder: limit number of decoding layers
Optimization #4319: dcerpc: improve protocol detection
Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@
Optimization #4154: Rust Parsers: Abstract AppLayer events to a derive macro
Optimization #4126: Threaded eve logging for output types other than regular file (socket, plugins, redis etc)
Optimization #4112: Use generic rust DetectU32Data in every keyword needing this
Optimization #3832: rust: Make core::* as enum to improve readability
Optimization #3825: Defining only one basic rust Files structure
Optimization #3658: Use WARN_UNUSED for ByteExtract* functions
Optimization #3315: app-layer: unify registration logic
Task #5569: transversal: update references to suricata webpage version 2
Task #5497: github-ci: update runners using ubuntu-18.04 image
Task #5475: doc: add exception policy documentation
Task #5319: add `alert-queue-expand-fails` command-line option
Task #5179: stats/alert: log out to stats alerts that have been discarded from packet queue
Task #5175: nfs4: Improve compound record parsers
Task #5166: quic: Support older versions like Q039 and Q043
Task #5143: QUIC: support JA3
Task #5002: applayertemplate: convert parser to nom7 functions
Task #5001: x509: convert parser to nom7 functions
Task #5000: rfb: convert parser to nom7 functions
Task #4999: ntp: convert parser to nom7 functions
Task #4998: krb: convert parser to nom7 functions
Task #4997: mime: convert parser to nom7 functions
Task #4996: rdp: convert parser to nom7 functions
Task #4995: snmp: convert parser to nom7 functions
Task #4994: ike: convert parser to nom7 functions
Task #4993: asn1: convert parser to nom7 functions
Task #4992: dcerpc: convert parser to nom7 functions
Task #4970: libhtp 0.5.40
Task #4915: transversal: update references to suricata webpage
Task #4912: Update default rule path to /var/lib/suricata/rules.
Task #4909: devguide: move into userguide as last chapter
Task #4796: af-packet: remove non-mmap tpacket-v1 support
Task #4784: config: add suricata version as a comment to the top of the configuration file
Task #4721: http2: enable by default
Task #4668: Remove Prelude output
Task #4667: libhtp 0.5.39
Task #4446: pcre2: document changes vs prce1 for rule writers
Task #4444: files: store files in transactions instead of per flow state
Task #4221: Build Suricata into a static and shared library
Task #4182: lua: Use lua_pushinteger for pushing integer types as integers instead of floats
Task #4157: deprecation: remove dns eve v1 logging (May 2022)
Task #4058: Convert unittests to new FAIL/PASS API: detect-sid.c
Task #4056: Convert unittests to new FAIL/PASS API: detect-rpc.c
Task #4053: Convert unittests to new FAIL/PASS API: detect-msg.c
Task #4038: Convert unittests to new FAIL/PASS API: detect-filesha256.c
Task #4036: Convert unittests to new FAIL/PASS API: detect-filename.c
Task #4035: Convert unittests to new FAIL/PASS API: detect-filemd5.c
Task #4034: Convert unittests to new FAIL/PASS API: detect-filemagic.c
Task #4033: Convert unittests to new FAIL/PASS API: detect-fileext.c
Task #4032: Convert unittests to new FAIL/PASS API: detect-file-data.c
Task #3905: GitHub CI: use sccache for commits build
Task #3194: pcre2 support
Documentation #5511: userguide: add subsection about setting up Suri in IPS mode with DPDK
Documentation #5441: userguide: rules meta page updates
Documentation #5385: userguide: update rule's format document
Documentation #5364: userguide: reorganize `Application Layers Parsers` and `Application layers` subsections in the suricata.yaml page
Documentation #5130: doc: add flowbits ORing doc
Documentation #4949: userguide: add explanation on max-streams in the suricata.yaml page
Documentation #4671: Document changes to HTTP events with respect to http/http2 normalization
Documentation #4396: Devguide: Transactions and State overview
Documentation #3029: No documentation for "dcerpc" keywords
Documentation #3017: No documentation for "rawbytes" keyword
6.0.1 -- 2020-12-04
Feature #2689: http: Normalized HTTP client body buffer
Feature #4121: http2: support file inspection API
Bug #1275: ET Rule 2003927 not matching in suricata
Bug #3467: Alert metadata not present in EVE output when using Socket Control Pcap Processing Mode
Bug #3616: strip_whitespace causes FN
Bug #3726: Segmentation fault on rule reload when using libmagic
Bug #3856: dcerpc: last response packet not logged
Bug #3924: asan leak htp_connp_create
Bug #3925: dcerpc: crash in eve logging
Bug #3930: Out of memory from THashInitConfig called by DetectDatasetSetup
Bug #3994: SIGABRT TCPProtoDetectCheckBailConditions
Bug #4018: Napatech: Double release of packet possible in certain error cases.
Bug #4069: dcerpc: fix UDP transaction handling, free_tx, etc
Bug #4071: Null dereference in ipv4hdr GetData
Bug #4072: ssl: Integer underflow in SSL parser
Bug #4073: Protocol detection evasion by packet splitting on enip/SMB
Bug #4074: Timeout while loading many rules with keyword ssl_version
Bug #4076: http2: Memory leak when parsing signature with filestore
Bug #4085: Assertion from AdjustToAcked
Bug #4086: dns: memory leak in v1 dns eve logging
Bug #4090: icmpv4: header handling issue(s)
Bug #4091: byte_math: Offset is a signed value
Bug #4094: AddressSanitizer: dynamic-stack-buffer-overflow (util-crypt)
Bug #4100: ftp: Quadratic complexity in FTPGetOldestTx may lead to DOS
Bug #4109: mac address logging crash
Bug #4110: http: LibHTP wrong protocol with content duplication
Bug #4111: dnp3: DOS in long loop of zero sized objects
Bug #4120: http2: null ptr deref in http2 alert metadata
Bug #4124: dcerpc: UDP request response pair match is incorrect
Bug #4155: dnp3: memory leak when parsing objects with bytearrays
Bug #4156: dnp3: signed integer overflow
Bug #4158: PacketCopyData sets packet length even on failure
Bug #4173: dnp3: SV tests fail on big endian
Bug #4177: Rustc nightly warning getting the inner pointer of a temporary `CString`
Optimization #4114: Optimize Rust logging macros: SCLogInfo, SCLogDebug and friends
Task #4137: deprecate: eve.dns v1 record support
Task #4180: libhtp 0.5.36
6.0.0 -- 2020-10-08
Bug #3099: Weird handling of IKEv2 flows when alerts happen
Bug #3691: strip_whitespace doesn't strip_whitespace
Bug #3772: DNP3 probing parser does not detect the proper direction in midstream
Bug #3774: Assert failed in TLS due to integer underflow
Bug #3775: Memory leak in libhtp in error case
Bug #3853: Multi-byte Heap buffer over-read in ssl parser
Bug #3857: Protocol detection evasion by packet splitting on enip/dnp3
Bug #3877: Transaction list grows without bound on parsers that use unidirectional transactions
Bug #3896: app-layer-parser.c:1264: AppLayerParserParse: Assertion `!(res.needed + res.consumed < input_len)' failed.
Bug #3904: Suricata ASAN issue when detect.profiling.grouping.dump-to-disk=true
Bug #3926: dcerpc: Rust panic in handle_common_stub
Bug #3927: Alert "fileinfo" array conflicts with "fileinfo" event type
Bug #3928: eve: metadata section mixup with anomaly
Bug #3929: Unexpected exit from THashInitConfig called by DetectDatasetSetup
Bug #3930: Out of memory from THashInitConfig called by DetectDatasetSetup
Bug #3931: Memory leak from signature with file.name
Bug #3956: HTTP2 support variable integer lengths for headers
Bug #3972: HTTP2: stream_id_reuse
Bug #3977: SNMP: Better handling of unidirectional transactions
Bug #3978: DHCP: Add unidirectional transaction handling
Bug #3979: IKEv2: Add unidirectional transaction handling
Bug #3980: MQTT: Add unidirectional transaction handling
Bug #3981: SIP: Add unidirectional transaction handling
Bug #3982: RDP: Add unidirectional transaction handling
Bug #3983: KRB5: Add unidirectional transaction handling
Bug #3984: NTP: Add unidirectional transaction handling
Bug #3987: Hang while processing HTTP traffic
Bug #3989: HTTP2: invalid_frame_data anomaly
Bug #3991: Libhtp timeout in data_probe_chunk_length
Bug #3992: RDP incorrect AppLayerResult::incomplete
Bug #3993: Use of uninitialized value in DetectDatarepParse
Bug #3998: HTTP2: invalid header anomaly
Bug #4009: ENIP: Unidirectional transaction handling
Feature #3955: Protocol detection : run probing parser for protocol found in other direction
Task #3922: libhtp 0.5.35
Task #4017: suricata-update: bundle 1.2.0
Documentation #2211: doc: document issues with --set and lists in the command line parameters section of the manual
6.0.0-rc1 -- 2020-09-11
Feature #2970: DNS: Parse and extract SOA app layer data from DNS packets
Feature #3063: protocol decoder: geneve
Task #3178: json: remove individual loggers
Task #3559: http: support GAP recovery
Task #3759: datasets: finalize to move out of 'experimental'
Task #3824: libhtp 0.5.34
Task #3868: GitHub CI: Add Fedora 32 runner with ASAN and Suricata-Verify
Task #3903: remove BUG_ON from app-layer AppLayerResult eval
Documentation #3497: Document the removal of unified2 and migration options
Documentation #3799: Deprecated configuration keyword in "Hardware bypass with Netronome"
Bug #2433: memleak with suppression rules defined in threshold.conf
Bug #3776: Timeout in libhtp due to multiple responses with double lzma encoding
Bug #3816: Coverity scan issue -- null pointer deref in reject dev handling
Bug #3842: eve: logging silently continues if disk is full
Bug #3850: Invalid state for JsonBuilder with metadata signature keyword
Bug #3858: pcap recursive: coverity issues
Bug #3861: flow: check flow bypass handling
Bug #3863: reject: compile warning
Bug #3864: plugin: coverity issues
Bug #3865: flow: coverity issues
Bug #3866: http2: http1 to http2 upgrade support
Bug #3871: Include acsite.m4 in distribution
Bug #3872: Fail CROSS_COMPILE check for PCRE JIT EXEC
Bug #3874: configure: fails to check for netfilter_queue headers on older header packages
Bug #3879: datasets related memleak
Bug #3880: http parsing/alerting - continue
Bug #3882: Plugin support typo
Bug #3883: Runmode Single Memory Leak
Bug #3885: 6.0.0-beta1 stream-tcp-reassemble.c:1066: AdjustToAcked: Assertion `!(adjusted > check)' failed
Bug #3888: 6.0.0-dev - heap-buffer-overflow /opt/suricata/src/flow-manager.c:472:34 in FlowTimeoutHash with AFPv3
Bug #3890: AddressSanitizer: SEGV on unknown address - failed to setup/expand stream segment pool.
Bug #3895: Assert failed in DNS incomplete parsing
Bug #3897: Integer overflow in SCSigOrderByPriorityCompare
Bug #3898: Leak from bad signature with DCERPC keyword, then another protocol keyword
Bug #3902: flow/bypass: SEGV src/flow.c:1158:9 in FlowUpdateState
Bug #3906: mqtt 'assertion failed: `(left == right)` src/mqtt/parser.rs:500:13
Bug #3907: http2 rust - 'index out of bounds: the len is 2 but the index is 63'
Bug #3908: Port prscript to Python 3
Bug #3911: datasets: path handling issues with default-rule-path vs -S <file>
Bug #3913: Memory leak from signature with pcrexform
Bug #3914: Protocol detection gets not retries on protocol change if there is not enough data
Bug #3915: Eve output in threaded mode does not rotate logs on request (eg: SIGHUP)
Bug #3916: Dataset filename not always found on load
Bug #3917: HTTP2 incorrect incomplete after banner
6.0.0-beta1 -- 2020-08-07
Feature #641: Flowbits group for ORing
Feature #1807: Cisco HDLC Decoder
Feature #1947: HTTP2 decoder
Feature #2015: eve: add fileinfo in alert
Feature #2196: Add flow_id to the file extracted .meta file
Feature #2311: math on extracted values
Feature #2312: http: parsing for async streams
Feature #2385: deprecate: unified2
Feature #2524: Allow user to choose the reject iface
Feature #2553: support 'by_both' in threshold rule keyword
Feature #2694: thresholding: feature parity between global and per-rule options
Feature #2698: hassh and hasshServer for ssh fingerprinting
Feature #2859: Oss-fuzz integration
Feature #3199: transformation should be able to take options
Feature #3200: pcre: allow operation as transform
Feature #3293: eve: per thread output files
Feature #3332: Dynamic Loadable Module/Plugin Support
Feature #3422: GRE ERSPAN Type 1 Support
Feature #3444: app-layer: signal stream engine about expected data size
Feature #3445: Convert SSH parser to Rust
Feature #3501: Add RFB parser
Feature #3546: Teredo port configuration
Feature #3549: Add MQTT parser
Feature #3626: implement from_end byte_jump keyword
Feature #3635: datasets: add 'dataset-remove' unix command
Feature #3661: validate strip_whitespace content before loading a rule
Feature #3693: DCERPC multi tx support
Feature #3694: DCERPC logging support
Feature #3760: datasets: distinguish between 'static' and 'dynamic' sets
Feature #3823: conditional logging: tx log filtering
Optimization #749: pcre 8.32 introduces JIT pcre_jit_exec(...)
Optimization #947: dynamic allocation of thread queues
Optimization #1038: Flow Queue should be a stack
Optimization #2779: Convert DCE_RPC from C to Rust
Optimization #2845: Counters for kernel_packets decreases at times without restart
Optimization #2977: replace asn1 parser with rust based implementation
Optimization #3234: dns app-layer c vs rust cleanup
Optimization #3308: rust: use cbindgen to generate bindings
Optimization #3538: dns: use app-layer incomplete support
Optimization #3539: rdp: use app-layer incomplete support
Optimization #3541: applayertemplate: use app-layer incomplete support
Optimization #3655: default to c11 standard
Optimization #3708: Convert SSH logging to JsonBuilder
Optimization #3709: Convert DNP3 logging to JsonBuilder
Optimization #3710: Convert SMTP logging to JsonBuilder
Optimization #3711: Convert NFS logging to JsonBuilder
Optimization #3712: Convert SMB logging to JsonBuilder
Optimization #3713: Convert RFB logging to JsonBuilder
Optimization #3714: Convert FTP logging to JsonBuilder
Optimization #3715: Convert RDP logging to JsonBuilder
Optimization #3716: Use uuid crate wherever possible in smb rust parser
Optimization #3754: Convert KRB to JsonBuilder
Optimization #3755: Convert IKEv2 to JsonBuilder
Optimization #3756: Convert SNMP to JsonBuilder
Optimization #3757: Convert Netflow to JsonBuilder
Optimization #3764: Convert TFTP to JsonBuilder
Optimization #3765: Convert Templates to JsonBuilder
Optimization #3773: DNP3 CRC disabled when fuzzing
Optimization #3838: Convert 'vars' (metadata logging) to JsonBuilder
Task #2381: deprecate: 'drop' log output
Task #2959: deprecate: filestore v1
Task #3128: nom 5
Task #3167: convert all _Bool use to bool
Task #3255: rdp: enable by default
Task #3256: sip: enable by default
Task #3331: Rust: Move to 2018 Edition
Task #3344: devguide: setup sphinx
Task #3408: FTP should place constraints on filename lengths