forked from OISF/suricata
-
Notifications
You must be signed in to change notification settings - Fork 2
/
ChangeLog
1878 lines (1724 loc) · 94.2 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
6.0.0-rc1 -- 2020-09-11
Feature #2970: DNS: Parse and extract SOA app layer data from DNS packets
Feature #3063: protocol decoder: geneve
Task #3178: json: remove individual loggers
Task #3559: http: support GAP recovery
Task #3759: datasets: finalize to move out of 'experimental'
Task #3824: libhtp 0.5.34
Task #3868: GitHub CI: Add Fedora 32 runner with ASAN and Suricata-Verify
Task #3903: remove BUG_ON from app-layer AppLayerResult eval
Documentation #3497: Document the removal of unified2 and migration options
Documentation #3799: Deprecated configuration keyword in "Hardware bypass with Netronome"
Bug #2433: memleak with suppression rules defined in threshold.conf
Bug #3776: Timeout in libhtp due to multiple responses with double lzma encoding
Bug #3816: Coverity scan issue -- null pointer deref in reject dev handling
Bug #3842: eve: logging silently continues if disk is full
Bug #3850: Invalid state for JsonBuilder with metadata signature keyword
Bug #3858: pcap recursive: coverity issues
Bug #3861: flow: check flow bypass handling
Bug #3863: reject: compile warning
Bug #3864: plugin: coverity issues
Bug #3865: flow: coverity issues
Bug #3866: http2: http1 to http2 upgrade support
Bug #3871: Include acsite.m4 in distribution
Bug #3872: Fail CROSS_COMPILE check for PCRE JIT EXEC
Bug #3874: configure: fails to check for netfilter_queue headers on older header packages
Bug #3879: detasets related memleak
Bug #3880: http parsing/alerting - continue
Bug #3882: Plugin support typo
Bug #3883: Runmode Single Memory Leak
Bug #3885: 6.0.0-beta1 stream-tcp-reassemble.c:1066: AdjustToAcked: Assertion `!(adjusted > check)' failed
Bug #3888: 6.0.0-dev - heap-buffer-overflow /opt/suricata/src/flow-manager.c:472:34 in FlowTimeoutHash with AFPv3
Bug #3890: AddressSanitizer: SEGV on unknown address - failed to setup/expand stream segment pool.
Bug #3895: Assert failed in DNS incomplete parsing
Bug #3897: Integer overflow in SCSigOrderByPriorityCompare
Bug #3898: Leak from bad signature with DCERPC keyword, then another protocol keyword
Bug #3902: flow/bypass: SEGV src/flow.c:1158:9 in FlowUpdateState
Bug #3906: mqtt 'assertion failed: `(left == right)` src/mqtt/parser.rs:500:13
Bug #3907: http2 rust - 'index out of bounds: the len is 2 but the index is 63'
Bug #3908: Port prscript to Python 3
Bug #3911: datasets: path handling issues with default-rule-path vs -S <file>
Bug #3913: Memory leak from signature with pcrexform
Bug #3914: Protocol detection gets not retries on protocol change if there is not enough data
Bug #3915: Eve output in threaded mode does not rotate logs on request (eg: SIGHUP)
Bug #3916: Dataset filename not always found on load
Bug #3917: HTTP2 incorrect incomplete after banner
6.0.0-beta1 -- 2020-08-07
Feature #641: Flowbits group for ORing
Feature #1807: Cisco HDLC Decoder
Feature #1947: HTTP2 decoder
Feature #2015: eve: add fileinfo in alert
Feature #2196: Add flow_id to the file extracted .meta file
Feature #2311: math on extracted values
Feature #2312: http: parsing for async streams
Feature #2385: deprecate: unified2
Feature #2524: Allow user to choose the reject iface
Feature #2553: support 'by_both' in threshold rule keyword
Feature #2694: thresholding: feature parity between global and per-rule options
Feature #2698: hassh and hasshServer for ssh fingerprinting
Feature #2859: Oss-fuzz integration
Feature #3199: transformation should be able to take options
Feature #3200: pcre: allow operation as transform
Feature #3293: eve: per thread output files
Feature #3332: Dynamic Loadable Module/Plugin Support
Feature #3422: GRE ERSPAN Type 1 Support
Feature #3444: app-layer: signal stream engine about expected data size
Feature #3445: Convert SSH parser to Rust
Feature #3501: Add RFB parser
Feature #3546: Teredo port configuration
Feature #3549: Add MQTT parser
Feature #3626: implement from_end byte_jump keyword
Feature #3635: datasets: add 'dataset-remove' unix command
Feature #3661: validate strip_whitespace content before loading a rule
Feature #3693: DCERPC multi tx support
Feature #3694: DCERPC logging support
Feature #3760: datasets: distinguish between 'static' and 'dynamic' sets
Feature #3823: conditional logging: tx log filtering
Optimization #749: pcre 8.32 introduces JIT pcre_jit_exec(...)
Optimization #947: dynamic allocation of thread queues
Optimization #1038: Flow Queue should be a stack
Optimization #2779: Convert DCE_RPC from C to Rust
Optimization #2845: Counters for kernel_packets decreases at times without restart
Optimization #2977: replace asn1 parser with rust based implementation
Optimization #3234: dns app-layer c vs rust cleanup
Optimization #3308: rust: use cbindgen to generate bindings
Optimization #3538: dns: use app-layer incomplete support
Optimization #3539: rdp: use app-layer incomplete support
Optimization #3541: applayertemplate: use app-layer incomplete support
Optimization #3655: default to c11 standard
Optimization #3708: Convert SSH logging to JsonBuilder
Optimization #3709: Convert DNP3 logging to JsonBuilder
Optimization #3710: Convert SMTP logging to JsonBuilder
Optimization #3711: Convert NFS logging to JsonBuilder
Optimization #3712: Convert SMB logging to JsonBuilder
Optimization #3713: Convert RFB logging to JsonBuilder
Optimization #3714: Convert FTP logging to JsonBuilder
Optimization #3715: Convert RDP logging to JsonBuilder
Optimization #3716: Use uuid crate wherever possible in smb rust parser
Optimization #3754: Convert KRB to JsonBuilder
Optimization #3755: Convert IKEv2 to JsonBuilder
Optimization #3756: Convert SNMP to JsonBuilder
Optimization #3757: Convert Netflow to JsonBuilder
Optimization #3764: Convert TFTP to JsonBuilder
Optimization #3765: Convert Templates to JsonBuilder
Optimization #3773: DNP3 CRC disabled when fuzzing
Optimization #3838: Convert 'vars' (metadata logging) to JsonBuilder
Task #2381: deprecate: 'drop' log output
Task #2959: deprecate: filestore v1
Task #3128: nom 5
Task #3167: convert all _Bool use to bool
Task #3255: rdp: enable by default
Task #3256: sip: enable by default
Task #3331: Rust: Move to 2018 Edition
Task #3344: devguide: setup sphinx
Task #3408: FTP should place constraints on filename lengths
Task #3409: SMTP should place restraints on variable length items (e.g., filenames)
Task #3460: autotools: check autoscan output
Task #3515: GRE ERSPAN Type 1 Support configuration
Task #3564: dcerpc: support GAP recovery
Documentation #3335: doc: add ipv4.hdr and ipv6.hdr
Bug #2506: filestore v1: with stream-depth not null, files are never truncated
Bug #2525: Add VLAN support to reject feature
Bug #2639: Alert for tcp rules with established without 3whs
Bug #2726: writing large number of json events on high speed traffic results in packet drops
Bug #2737: Invalid memory read on malformed rule with Lua script
Bug #3053: Replace atoi with StringParse* for better error handling
Bug #3078: flow-timeout: check that 'emergency' settings are < normal settings
Bug #3096: random failures on sip and http-evader suricata-verify tests
Bug #3108: Calculation of threads in autofp mode is wrong
Bug #3188: Use FatalError wherever possible
Bug #3265: Dropping privileges does not work with NFLOG
Bug #3282: --list-app-layer-protos only uses default suricata.yaml location.
Bug #3283: bitmask option of payload-keyword byte_test not working
Bug #3339: Missing community ID in smb, rdp, tftp, dhcp
Bug #3378: ftp: asan detects leaks of expectations
Bug #3435: afl: Compile/make fails on openSUSE Leap-15.1
Bug #3441: alerts: missing rdp and snmp metadata
Bug #3451: gcc10: compilation failure unless -fcommon is supplied
Bug #3463: Faulty signature with two threshold keywords does not generate an error and never match
Bug #3465: build-info and configure wrongly display libnss status
Bug #3468: BUG_ON(strcasecmp(str, "any") in DetectAddressParseString
Bug #3476: datasets: Dataset not working in unix socket mode
Bug #3483: SIP: Input not parsed when header values contain trailing spaces
Bug #3486: Make Rust probing parsers optional
Bug #3489: rule parsing: memory leaks
Bug #3490: Segfault when facing malformed SNMP rules
Bug #3496: defrag: asan issue
Bug #3504: http.header.raw prematurely truncates in some conditions
Bug #3509: Behavior for tcp fastopen
Bug #3517: Convert DER parser to Rust
Bug #3519: FTP: Incorrect ftp_memuse calculation.
Bug #3522: TCP Fast Open - Bypass of stateless alerts
Bug #3523: Suricata does not log alert metadata info when running in unix-socket mode
Bug #3525: Kerberos vulnerable to TCP splitting evasion
Bug #3529: rust: smb compile warnings
Bug #3532: Skip over ERF_TYPE_META records
Bug #3547: file logging: complete files sometimes marked 'TRUNCATED'
Bug #3565: ssl/tls: ASAN issue in SSLv3ParseHandshakeType
Bug #3566: rules: minor memory leak involving pcre_get_substring
Bug #3567: rules/bsize: memory issue during parsing
Bug #3568: rules: bad rule leads to memory exhaustion
Bug #3569: fuzz: memory leak in bidir rules
Bug #3570: rfb: invalid AppLayerResult use
Bug #3583: rules: missing 'consumption' of transforms before pkt_data would lead to crash
Bug #3584: rules: crash on 'internal'-only keywords
Bug #3586: rules: bad address block leads to stack exhaustion
Bug #3593: Stack overflow when parsing ERF file
Bug #3594: rules: memory leaks in pktvar keyword
Bug #3595: sslv3: asan detects leaks
Bug #3615: Protocol detection evasion by packet splitting
Bug #3628: Incorrect ASN.1 long form length parsing
Bug #3630: Recursion stack-overflow in parsing YAML configuration
Bug #3631: FTP response buffering against TCP stream
Bug #3632: rules: memory leaks on failed rules
Bug #3638: TOS IP Keyword not triggering an alert
Bug #3640: coverity: leak in fast.log setup error path
Bug #3641: coverity: data directory handling issues
Bug #3642: RFB parser wrongly handles incomplete data
Bug #3643: Libhtp request: extra whitespace interpreted as dummy new request
Bug #3654: Rules reload with Napatech can hang Suricata UNIX manager process
Bug #3657: Multiple DetectEngineReload and bad insertion into linked list lead to buffer overflow
Bug #3662: Signature with an IP range creates one IPOnlyCIDRItem by IP address
Bug #3677: Segfault on SMTP TLS
Bug #3680: Dataset reputation invalid value logging
Bug #3683: rules: memory leak on bad rule
Bug #3687: Null dereference in DetectEngineSignatureIsDuplicate
Bug #3689: Protocol detection evasion by packet splitting on enip/nfs
Bug #3690: eve.json windows timestamp field has "Eastern Daylight Time" appended to timestamp
Bug #3699: smb: post-GAP file handling
Bug #3700: nfs: post-GAP file handling
Bug #3720: Incorrect handling of ASN1 relative_offset keyword
Bug #3732: filemagic logging resulting in performance hit
Bug #3749: redis: Reconnect is invalid in batch mode
Bug #3750: redis: no or delayed data in low speed network
Bug #3772: DNP3 probing parser does not detect the proper direction in midstream
Bug #3779: Exit on signature with invalid transform pcrexform
Bug #3783: Stack overflow in DetectFlowbitsAnalyze
Bug #3802: Rule filename mutation when reading file hash files from a directory other than the default-rule-directory
Bug #3808: pfring: compile warnings
Bug #3814: Coverity scan issue -- null pointer deref in ftp logger
Bug #3815: Coverity scan issue -- control flow issue ftp logger
Bug #3817: Coverity scan issue -- resource leak in filestore output logger
Bug #3818: Coverity scan issue -- null pointer deref in detect engine
Bug #3820: ssh: invalid use to 'AppLayerResult::incomplete`
Bug #3821: Memory leak in signature parsing with keyword rfb.secresult
Bug #3822: Rust panic at DCERPC signature parsing
Bug #3840: Integer overflow in DetectContentPropagateLimits leading to unintended signature behavior
Bug #3841: Heap-buffer-overflow READ 8 · DetectGetLastSMByListId
Bug #3851: Invalid DNS incomplete result
Bug #3855: mqtt: coverity static analysis issues
5.0.1 -- 2019-12-13
Bug #1871: intermittent abort()s at shutdown and in unix-socket
Bug #2810: enabling add request/response http headers in master
Bug #3047: byte_extract does not work in some situations
Bug #3073: AC_CHECK_FILE on cross compile
Bug #3103: --engine-analysis warning for flow on an icmp request rule
Bug #3120: nfq_handle_packet error -1 Resource temporarily unavailable warnings
Bug #3237: http_accept not treated as sticky buffer by --engine-analysis
Bug #3254: tcp: empty SACK option leads to decoder event
Bug #3263: nfq: invalid number of bytes reported
Bug #3264: EVE DNS Warning about defaulting to v2 as version is not set.
Bug #3266: fast-log: icmp type prints wrong value
Bug #3267: Support for tcp.hdr Behavior
Bug #3275: address parsing: memory leak in error path
Bug #3277: segfault when test a nfs pcap file
Bug #3281: Impossible to cross-compile due to AC_CHECK_FILE
Bug #3284: hash function for string in dataset is not correct
Bug #3286: TCP evasion technique by faking a closed TCP session
Bug #3324: TCP evasion technique by overlapping a TCP segment with a fake packet
Bug #3328: bad ip option evasion
Bug #3340: DNS: DNS over TCP transactions logged with wrong direction.
Bug #3341: tcp.hdr content matches don't work as expected
Bug #3345: App-Layer: Not all parsers register TX detect flags that should
Bug #3346: BPF filter on command line not honored for pcap file
Bug #3362: cross compiling not affecting rust component of surrcata
Bug #3376: http: pipelining tx id handling broken
Bug #3386: Suricata is unable to get MTU from NIC after 4.1.0
Bug #3389: EXTERNAL_NET no longer working in 5.0 as expected
Bug #3390: Eve log does not generate pcap_filename when Interacting via unix socket in pcap processing mode
Bug #3397: smtp: file tracking issues when more than one attachment in a tx
Bug #3398: smtp: 'raw-message' option file tracking issues with multi-tx
Bug #3399: smb: post-GAP some transactions never close
Bug #3401: smb1: 'event only' transactions for bad requests never close
Bug #3411: detect/asn1: crashes on packets smaller than offset setting
Task #3364: configure: Rust 1.37+ has cargo-vendor support bundled into cargo.
Documentation #2885: update documentation to indicate -i can be used multiple times
5.0.0 -- 2019-10-15
Feature #1851: add verbosity level description to the help command
Feature #1940: Debian Jessie - better message when trying to run 2 suricata with afpacket
Feature #3204: ja3(s): automatically enable when rules require it
Bug #1443: deprecated library calls
Bug #1778: af_packet: IPS and defrag
Bug #2386: check if default log dir is writable at start up
Bug #2465: Eve Stats will not be reported unless stats.log is enabled
Bug #2490: Filehash rule does not fire without filestore keyword
Bug #2668: make install-full fails if CARGO_TARGET_DIR has spaces in the directory path
Bug #2669: make install-full fails due to being unable to find libhtp.so.2
Bug #2955: lua issues on arm (fedora:29)
Bug #3113: python-yaml dependency is actually ptyhon3-yaml dependency
Bug #3139: enip: compile warnings on gcc-8
Bug #3143: datasets: don't use list in global config
Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rule
Bug #3196: Distributed archive do not include eBPF files
Bug #3209: Copy engine provided classification.config to $datadir/suricata.
Bug #3210: Individual output log levels capped by the default log level
Bug #3216: MSN protocol detection/parser is not working
Bug #3223: --disable-geoip does not work
Bug #3226: ftp: ASAN error
Bug #3232: Static build with pcap fails
Optimization #3039: configure: don't generate warnings on missing features
Documentation #2640: http-body and http-body-printable in eve-log require metadata to be enabled, yet there is no indication of this anywhere
Documentation #2839: Update perf and tuning user guides
Documentation #2876: doc: add nftables with nfqueue section
Documentation #3207: Update the http app-layer doc and config
Documentation #3230: EVE DNS logger defaults to version 2 instead of version when version not specified.
5.0.0-rc1 -- 2019-09-24
Feature #524: detect double encoding in URI
Feature #713: tls.fingerprint - file usage
Feature #997: Add libhtp event for every htp_log() that needs an event.
Feature #1203: TCP Fast Open support
Feature #1249: http/dns ip-reputation alike technique
Feature #1757: URL Reputation
Feature #2200: Dynamically add md5 to blacklist without full restart
Feature #2283: turn content modifiers into 'sticky buffers'
Feature #2314: protocol parser: rdp
Feature #2315: eve: ftp logging
Feature #2318: matching on large amounts of data with dynamic updates
Feature #2529: doc: include quick start guide
Feature #2539: protocol parser: vxlan
Feature #2670: tls_cert sticky buffer
Feature #2684: Add JA3S
Feature #2738: SNMP parser, logging and detection
Feature #2754: JA3 and JA3S - sets / reputation
Feature #2758: intel / reputation matching on arbitrary data
Feature #2789: Use clang for building eBPF programs even if Suricata is built using GCC
Feature #2916: FTP decoder should have Rust port parsers
Feature #2940: document anomaly log
Feature #2941: anomaly log: add protocol detection events
Feature #2952: modernize http_header_names
Feature #3011: Add new 'cluster_peer' runmode to allow for load balancing by IP header (src<->dst) only
Feature #3058: Hardware offload for XDP bypass
Feature #3059: Use pinned maps in XDP bypass
Feature #3060: Add way to detect TCP MSS values
Feature #3061: Add way to inspect TCP header
Feature #3062: Add way to inspect UDP header
Feature #3074: DNS full domain matching within the dns_query buffer
Feature #3080: Provide a IP pair XDP load balancing
Feature #3081: Decapsulation of GRE in XDP filter
Feature #3084: SIP parser, logging and detection
Feature #3165: New rule keyword: dns.opcode; For matching on the the opcode in the DNS header.
Bug #941: Support multiple stacked compression, compression that specifies the wrong compression type
Bug #1271: Creating core dump with dropped privileges
Bug #1656: several silent bypasses at the HTTP application level (chunking, compression, HTTP 0.9...)
Bug #1776: Multiple Content-Length headers causes HTP_STREAM_ERROR
Bug #2080: Rules with bad port group var do not error
Bug #2146: DNS answer not logged with eve-log
Bug #2210: logging: SC_LOG_OP_FILTER still displays some lines not matching filter
Bug #2264: file-store.stream-depth not working as expected when configured to a specfic value
Bug #2395: File_data inspection depth while inspecting base64 decoded data
Bug #2619: Malformed HTTP causes FN using http_header_names;
Bug #2626: doc/err: More descriptive message on err for escaping backslash
Bug #2654: Off-by-one iteration of EBPF flow_table_vX in EBPFForEachFlowVXTable (util-ebpf.c)
Bug #2655: GET/POST HTTP-request with no Content-Length, http_client_body miss
Bug #2662: unix socket - memcap read/set showing unlimited where there are limited values configured by default
Bug #2686: Fancy Quotes in Documentation
Bug #2765: GeoIP keyword depends on now discontinued legacy GeoIP database
Bug #2769: False positive alerts firing after upgrade suricata 3.0 -> 4.1.0
Bug #2786: make install-full does not install some source events rules
Bug #2840: xdp modes - Invalid argument (-22) on certain NICs
Bug #2847: Confusing warning “Rule is inspecting both directions” when inspecting engine analysis output
Bug #2853: filestore (v1 and v2): dropping of "unwanted" files
Bug #2926: engine-analysis with content modifiers not always issues correct warning
Bug #2942: anomaly log: app layer events
Bug #2951: valgrind warnings in ftp
Bug #2953: bypass keyword: Suricata 4.1.x Segmentation Faults
Bug #2961: filestore: memory leaks
Bug #2965: Version 5 Beta1 - Multiple NFQUEUE failed
Bug #2986: stream bypass not making callback as expected
Bug #2992: Build failure on m68k with uclibc
Bug #2999: AddressSanitizer: heap-buffer-overflow in HTPParseContentRange
Bug #3000: tftp: missing logs because of broken tx handling
Bug #3004: SC_ERR_PCAP_DISPATCH with message "error code -2" upon rule reload completion
Bug #3006: improve rule keyword alproto registration
Bug #3007: rust: updated libc crate causes depration warnings
Bug #3009: Fixes warning about size of integers in string formats
Bug #3051: mingw/msys: compile errors
Bug #3054: Build failure with --enable-rust-debug
Bug #3070: coverity warnings in protocol detection
Bug #3072: Rust nightly warning
Bug #3076: Suricata sometimes doesn't store the vlan id when vlan.use-for-tracking is false
Bug #3089: Fedora rawhide af-packet compilation err
Bug #3098: rule-reloads Option?
Bug #3111: ftp warnings during compile
Bug #3112: engine-analysis warning on http_content_type
Bug #3133: http_accept_enc warning with engine-analysis
Bug #3136: rust: Remove the unneeded macros
Bug #3138: Don't install Suricata provided rules to /etc/suricata/rules as part of make install-rules.
Bug #3140: ftp: compile warnings on gcc-8
Bug #3158: 'wrong thread' tracking inaccurate for bridging IPS modes
Bug #3162: TLS Lua output does not work without TLS log
Bug #3169: tls: out of bounds read (5.x)
Bug #3171: defrag: out of bounds read (5.x)
Bug #3176: ipv4: ts field decoding oob read (5.x)
Bug #3177: suricata is logging tls log repeatedly if custom mode is enabled
Bug #3185: decode/der: crafted input can lead to resource starvation (5.x)
Bug #3189: NSS Shutdown triggers crashes in test mode (5.x)
Optimization #879: update configure.ac with autoupdate
Optimization #1218: BoyerMooreNocase could avoid tolower() call
Optimization #1220: Boyer Moore SPM pass in ctx instead of indivual bmBc and bmBg
Optimization #2602: add keywords to --list-keywords output
Optimization #2843: suricatact/filestore/prune: check that directory is a filestore directory before removing files
Optimization #2848: Rule reload when run with -s or -S arguments
Optimization #2991: app-layer-event keyword tx handling
Optimization #3005: make sure DetectBufferSetActiveList return codes are always checked
Optimization #3077: FTP parser command lookup
Optimization #3085: Suggest more appropriate location to store eBPF binaries
Optimization #3137: Make description of all keywords consistent and pretty
Task #2629: tracking: Rust 2018 edition
Task #2974: detect: check all keyword urls
Task #3014: Missing documentation for "flags" option
Task #3092: Date of revision should also be a part of info from suricata -v
Task #3135: counters: new default for decoder events
Task #3141: libhtp 0.5.31
5.0.0-beta1 -- 2019-04-30
Feature #884: add man pages
Feature #984: libhtp HTP_AUTH_UNRECOGNIZED
Feature #1970: json: make libjansson mandatory
Feature #2081: document byte_test
Feature #2082: document byte_jump
Feature #2083: document byte_extract
Feature #2282: event log aka weird.log
Feature #2332: Support for common http response headers - Location and Server
Feature #2421: add system mode and user mode
Feature #2459: Support of FTP active mode
Feature #2484: no stream events after known pkt loss in flow
Feature #2485: http: log byte range with file extraction
Feature #2507: Make Rust mandatory
Feature #2561: Add possibility for smtp raw extraction
Feature #2563: Add dump of all headers in http eve-log
Feature #2572: extend protocol detection to specify flow direction
Feature #2741: netmap: add support for lb and vale switches
Feature #2766: Simplified Napatech Configuration
Feature #2820: pcap multi dev support for Windows (5.0.x)
Feature #2837: Add more custom HTTP Header values for HTTP JSON Logging
Feature #2895: OpenBSD pledge support
Feature #2897: update http_content_type and others to new style sticky buffers
Feature #2914: modernize tls sticky buffers
Feature #2930: http_protocol: use mpm and content inspect v2 apis
Feature #2937: sticky buffer access from lua script
Optimization #2530: Print matching rule SID in filestore meta file
Optimization #2632: remove C implementations where we have Rust as well
Optimization #2793: Python 3 support for python tools
Optimization #2808: Prefer Python 3 in ./configure
Bug #1013: command line parsing
Bug #1324: vlan tag in eve.json
Bug #1427: configure with libnss and libnspr
Bug #1694: unix-socket reading 0 size pcap
Bug #1860: 2220005: SURICATA SMTP bdat chunk len exceeded when using SMTP connection caching
Bug #2057: eve.json flow logs do not contain in_iface
Bug #2432: engine-analysis does not print out the tls buffers
Bug #2503: rust: nom 4.2 released
Bug #2527: FTP file extraction only working in passive mode
Bug #2605: engine-analysis warning on PCRE
Bug #2733: rust/mingw: libc::IPPROTO_* not defined
Bug #2751: Engine unable to disable detect thread, Killing engine. (in libpcap mode)
Bug #2775: dns v1/2 with rust results in less app layer data available in the alert record (for dns related alerts/rules)
Bug #2797: configure.ac: broken --{enable,disable}-xxx options
Bug #2798: --engine-analysis is unaware of http_host buffer
Bug #2800: Undocumented commands for suricatasc
Bug #2812: suricatasc multiple python issues
Bug #2813: suricatasc: failure with extra commands
Bug #2817: Syricata.yaml encrypt-handling instead encryption-handling
Bug #2821: netmap/afpacket IPS: stream.inline: auto broken (5.0.x)
Bug #2822: SSLv3 - AddressSanitizer heap-buffer-overflow (5.0.x)
Bug #2833: mem leak - rules loading hunt rules
Bug #2838: 4.1.x gcc 9 compilation warnings
Bug #2844: alignment issues in dnp3
Bug #2846: IPS mode crash under load (5.0.x)
Bug #2857: nfq asan heap-use-after-free error
Bug #2877: rust: windows build fails in gen-c-headers.py
Bug #2889: configure doesn't display additional information for missing requirements
Bug #2896: smb 1 create andx request does not parse the filename correctly (master)
Bug #2899: Suricata 4.1.2 and up to 5.x Dev branch - Make compile issue when using PF_ring library on Redhat only
Bug #2901: pcap logging with lz4 coverity warning (master)
Bug #2909: segfault on logrotation when the files cannot be opened
Bug #2912: memleaks in nflog
Bug #2915: modernize ssh sticky buffers
Bug #2921: chmod file mode warning expressed in incorrect base
Bug #2929: error messages regarding byte jump and byte extract
Bug #2944: ssh: heap buffer overflow (master)
Bug #2945: mpls: heapbuffer overflow in file decode-mpls.c (master)
Bug #2946: decode-ethernet: heapbuffer overflow in file decode-ethernet.c (master)
Bug #2947: rust/dhcp: panic in dhcp parser (master)
Bug #2948: mpls: cast of misaligned data leads to undefined behvaviour (master)
Bug #2949: rust/ftp: panic in ftp parser (master)
Bug #2950: rust/nfs: integer underflow (master)
Task #2297: deprecate: dns.log
Task #2376: deprecate: files-json.log
Task #2379: deprecate: Tilera / Tile support
Task #2849: Remove C SMB parser.
Task #2850: Remove C DNS parsers.
4.1.2 -- 2018-12-21
Feature #1863: smtp: improve pipelining support
Feature #2748: bundle libhtp 0.5.29
Feature #2749: bundle suricata-update 1.0.3
Bug #2682: python-yaml Not Listed As Ubuntu Prerequisite
Bug #2736: DNS Golden Transaction ID - detection bypass
Bug #2745: Invalid detect-engine config could lead to segfault
Bug #2752: smb: logs for IOCTL and DCERPC have tree_id value of 0
4.1.1 -- 2018-12-17
Feature #2637: af-packet: improve error output for BPF loading failure
Feature #2671: Add Log level to suricata.log when using JSON type
Bug #2502: suricata.c ConfigGetCaptureValue - PCAP/AFP fallthrough to strip_trailing_plus
Bug #2528: krb parser not always parsing tgs responses
Bug #2633: Improve errors handling in AF_PACKET
Bug #2653: llc detection failure in configure.ac
Bug #2677: coverity: ja3 potential memory leak
Bug #2679: build with profiling enabled on generates compile warnings
Bug #2704: DNSv1 for Rust enabled builds.
Bug #2705: configure: Test for PyYAML and disable suricata-update if not installed.
Bug #2716: Stats interval are 1 second too early each tick
Bug #2717: nfs related panic in 4.1
Bug #2719: Failed Assertion, Suricata Abort - util-mpm-hs.c line 163 (4.1.x)
Bug #2723: dns v2 json output should always set top-level rrtype in responses
Bug #2730: rust/dns/lua - The Lua calls for DNS values when using Rust don't behave the same as the C implementation.
Bug #2731: multiple instances of transaction loggers are broken
Bug #2734: unix runmode deadlock when using too many threads
4.1.0 -- 2018-11-06
Bug #2467: 4.1beta1 - non rust builds with SMB enabled
Bug #2657: smtp segmentation fault
Bug #2663: libhtp 0.5.28
4.1.0-rc2 -- 2018-10-16
Feature #2279: TLS 1.3 decoding, SNI extraction and logging
Feature #2562: Add http_port in http eve-log if specified in the hostname
Feature #2567: multi-tenancy: add 'device' selector
Feature #2638: community flow id
Optimization #2579: tcp: SegmentSmack
Optimization #2580: ip: FragmentSmack
Bug #2100: af_packet: High latency
Bug #2212: profiling: app-layer profiling shows time spent in HTTP on UDP
Bug #2419: Increase size of length of Decoder handlers from uint16 to uint32
Bug #2491: async-oneside and midstream not working as expected
Bug #2522: The cross-effects of rules on each other, without the use of flowbits.
Bug #2541: detect-parse: missing space in error message
Bug #2552: "Drop" action is logged as "allowed" in af_packet and netmap modes
Bug #2554: suricata does not detect a web-attack
Bug #2555: Ensure strings in eve-log are json-encodable
Bug #2558: negated fileext and filename do not work as expected
Bug #2559: DCE based rule false positives
Bug #2566: memleak: applayer dhcp with 4.1.0-dev (rev 9370805)
Bug #2570: Signature affecting another's ability to detect and alert
Bug #2571: coredump: liballoc/vec.rs dhcp
Bug #2573: prefilter keyword doesn't work when detect.prefilter.default=mpm
Bug #2574: prefilter keyword as alias for fast_pattern is broken
Bug #2603: memleak/coredump: Ja3BufferInit
Bug #2604: memleak: DetectEngineStateAlloc with ipsec-events.rules
Bug #2606: File descriptor leak in af-packet mode
Bug #2615: processing of nonexistent pcap
4.1.0-rc1 -- 2018-07-20
Feature #2292: flow: add icmpv4 and improve icmpv6 flow handling
Feature #2298: pcap: store pcaps in compressed form
Feature #2416: Increase XFF coverage to files and http log
Feature #2417: Add Option to Delete Pcap Files After Processing
Feature #2455: Add WinDivert source to Windows builds
Feature #2456: LZ4 compression for pcap logs
Optimization #2461: Let user to explicit disable libnss and libnspr support
Bug #1929: yaml: ConfYamlHandleInclude memleak
Bug #2090: Rule-reload in multi-tenancy is buggy
Bug #2217: event_type flow is missing icmpv4 (while it has icmpv6) info wherever available
Bug #2463: memleak: gitmaster flash decompression - 4.1.0-dev (rev efdc592)
Bug #2469: The autoconf script throws and error when af_packet is enabled and then continues
Bug #2481: integer overflow caused by casting uin32 to uint16 in detection
Bug #2492: Inverted IP params in fileinfo events
Bug #2496: gcc 8 warnings
Bug #2498: Lua file output script causes a segfault when protocol is not HTTP
Bug #2501: Suricata stops inspecting TCP stream if a TCP RST was met
Bug #2504: ntp parser update cause build failure
Bug #2505: getrandom prevents any suricata start commands on more later OS's
Bug #2511: Suricata gzip unpacker bypass
Bug #2515: memleak: when using smb rules without rust
Bug #2516: Dead lock caused by unix command register-tenant
Bug #2518: Tenant rules reload completely broken in 4.x.x
Bug #2520: Invalid application layer logging in alert for DNS
Bug #2521: rust: dns warning during compile
Bug #2536: libhtp 0.5.27
Bug #2542: ssh out of bounds read
Bug #2543: enip out of bounds read
4.1.0-beta1 -- 2018-03-22
Feature #550: Extract file attachments from FTP
Feature #646: smb log feature to be introduced
Feature #719: finish/enable smb2 app layer parser
Feature #723: Add support for smb 3
Feature #724: Prevent resetting in UNIX socket mode
Feature #735: Introduce content_len keyword
Feature #741: Introduce endswith keyword
Feature #742: startswith keyword
Feature #1006: transformation api
Feature #1198: more compact dns logging
Feature #1201: file-store metadata in JSON format
Feature #1386: offline: add pcap file name to EVE
Feature #1458: unix-socket - make rule load errs available
Feature #1476: Suricata Unix socket PCAP processing stats should not need to reset after each run
Feature #1579: Support Modbus Unit Identifier
Feature #1585: unix-socket: improve information regarding ruleset
Feature #1600: flash file decompression for file_data
Feature #1678: open umask settings or make them configurable
Feature #1948: allow filestore name configuration options
Feature #1949: only write unique files
Feature #2020: eve: add body of signature to eve.json alert
Feature #2062: tls: reimplement tls.fingerprint
Feature #2076: Strip whitespace from buffers
Feature #2086: DNS answer for a NS containing multiple name servers should only be one line
Feature #2142: filesize: support other units than only bytes
Feature #2192: JA3 TLS client fingerprinting
Feature #2199: DNS answer events compacted
Feature #2222: Batch submission of PCAPs over the socket
Feature #2253: Log rule metadata in alert event
Feature #2285: modify memcaps over unix socket
Feature #2295: decoder: support PCAP LINKTYPE_IPV4
Feature #2299: pcap: read directory with pcaps from the commandline
Feature #2303: file-store enhancements (aka file-store v2): deduplication; hash-based naming; json metadata and cleanup tooling
Feature #2352: eve: add "metadata" field to alert (rework of vars)
Feature #2382: deprecate: CUDA support
Feature #2399: eBPF and XDP bypass for AF_PACKET capture method
Feature #2464: tftp logging
Optimization #2193: random: support getrandom(2) if available
Optimization #2302: rule parsing: faster parsing by not using pcre
Bug #993: libhtp upgrade to handle responses first
Bug #1503: lua output setup failure does not exit engine with --init-errors-fatal
Bug #1788: af-packet coverity warning
Bug #1842: Duplicated analyzer in Prelude alert
Bug #1904: modbus: duplicate alerts / detection unaware of direction
Bug #2202: BUG_ON asserts in AppLayerIncFlowCounter
Bug #2229: mem leak AFP with 4.0.0-dev (rev 1180687)
Bug #2240: suricatasc dump-counters returns error when return message is larger than 4096
Bug #2252: Rule parses in 4.0 when flow to client is set and http_client_body is used.
Bug #2258: rate_filter inconsistency: triggered after "count" detections when by_rule, and after count+1 detections when by_src/by_dst.
Bug #2268: Don't printf util-enum errors
Bug #2288: Suricata segfaults on ICMP and flowint check
Bug #2294: rules: depth < content rules not rejected (master)
Bug #2307: segfault in http_start with 4.1.0-dev (rev 83f220a)
Bug #2335: conf: stack-based buffer-overflow in ParseFilename
Bug #2345: conf: Memory-leak in DetectAddressTestConfVars
Bug #2346: conf: NULL-pointer dereference in ConfUnixSocketIsEnable
Bug #2347: conf: use of NULL-pointer in DetectLoadCompleteSigPath
Bug #2349: conf: multiple NULL-pointer dereferences in FlowInitConfig
Bug #2353: Command Line Options Ignored with pcap-file-continuous setting
Bug #2354: conf: multiple NULL-pointer dereferences in StreamTcpInitConfig
Bug #2356: coverity issues in new pcap file/directory handling
Bug #2360: possible deadlock with signal handling
Bug #2364: rust/dns: logging missing string versions of rtypes and rcodes
Bug #2365: rust/dns: flooded by 'LogDnsLogger not implemented for Rust DNS'
Bug #2367: Conf: Multipe NULL-pointer dereferences in HostInitConfig
Bug #2368: Conf: Multipe NULL-pointer dereferences after ConfGetBool in StreamTcpInitConfig
Bug #2370: Conf: Multipe NULL-pointer dereferences in PostConfLoadedSetup
Bug #2390: mingw linker error with rust
Bug #2391: libhtp 0.5.26
Bug #2394: Pcap Directory May Miss Files
Bug #2397: Call to panic()! macro in Rust NFS decoder causes crash on malformed NFS traffic
Bug #2398: Lua keyword cmd help documentation pointing to old docs
Bug #2402: http_header_names doesn't operate as documented
Bug #2403: Crash for offline pcap mode when running in single mode
Bug #2407: Fix timestamp offline when pcap timestamp is zero
Bug #2408: fix print backslash in PrintRawUriFp
Bug #2414: NTP parser registration frees used memory
Bug #2418: Skip configuration "include" nodes when file is empty
Bug #2420: Use pthread_sigmask instead of sigprogmask for signal handling
Bug #2425: DNP3 memcpy buffer overflow
Bug #2427: Suricata 3.x.x and 4.x.x do not parse HTTP responses if tcp data was sent before 3-way-handshake completed
Bug #2430: http eve log data source/dest flip
Bug #2437: rust/dns: Core Dump with malformed traffic
Bug #2442: der parser: bad input consumes cpu and memory
Bug #2446: http bodies / file_data: thread space creation writing out of bounds (master)
Bug #2451: Missing Files Will Cause Pcap Thread to No Longer Run in Unix Socket Mode
Bug #2454: master - suricata.c:2473-2474 - SIGUSR2 not wrapped in #ifndef OS_WIN32
Bug #2466: [4.1beta1] Messages with SC_LOG_CONFIG level are logged to syslog with EMERG priority
4.0.1 -- 2017-10-18
Bug #2050: TLS rule mixes up server and client certificates
Bug #2064: Rules with dual classtype do not error
Bug #2074: detect msg: memory leak
Bug #2102: Rules with dual sid do not error
Bug #2103: Rules with dual rev do not error
Bug #2151: The documentation does not reflect current suricata.yaml regarding cpu-affinity
Bug #2194: rust/nfs: sigabrt/rust panic - 4.0.0-dev (rev fc22943)
Bug #2197: rust build with lua enabled fails on x86
Bug #2201: af_packet: suricata leaks memory with use-mmap enabled and incorrect BPF filter
Bug #2207: DNS UDP "Response" parsing recording an incorrect value
Bug #2208: mis-structured JSON stats output if interface name is shortened
Bug #2226: improve error message if stream memcaps too low
Bug #2228: enforcing specific number of threads with autofp does not seem to work
Bug #2244: detect state uses broken offset logic (4.0.x)
Feature #2114: Redis output: add RPUSH support
Feature #2152: Packet and Drop Counters for Napatech
4.0.0 -- 2017-07-27
Feature #2138: Create a sample systemd service file.
Feature #2184: rust: increase minimally supported rustc version to 1.15
Bug #2169: dns/tcp: reponse traffic leads to 'app_proto_tc: failed'
Bug #2170: Suricata fails on large BPFs with AF_PACKET
Bug #2185: rust: build failure if libjansson is missing
Bug #2186: smb dcerpc segfaults in StubDataParser
Bug #2187: hyperscan: mpm setup error leads to crash
4.0.0-rc2 -- 2017-07-13
Feature #744: Teredo configuration
Feature #1748: lua: expose tx in alert lua scripts
Bug #1855: alert number output
Bug #1888: noalert in a pass rule disables the rule
Bug #1957: PCRE lowercase enforcement in http_host buffer does not allow for upper case in hex-encoding
Bug #1958: Possible confusion or bypass within the stream engine with retransmits.
Bug #2110: isdataat: keyword memleak
Bug #2162: rust/nfs: reachable asserting rust panic
Bug #2175: rust/nfs: panic - 4.0.0-dev (rev 7c25a2d)
Bug #2176: gcc 7.1.1 'format truncation' compiler warnings
Bug #2177: asn1/der: stack overflow
4.0.0-rc1 -- 2017-06-28
Feature #2095: eve: http body in alert event
Feature #2131: nfs: implement GAP support
Feature #2156: Add app_proto or partial flow entry to alerts
Feature #2163: ntp parser
Feature #2164: rust: external parser crate support
Bug #1930: Segfault when event rule is invalid
Bug #2038: validate app-layer API use
Bug #2101: unix socket: stalling due to being unable to disable detect thread
Bug #2109: asn1: keyword memleak
Bug #2117: byte_extract and byte_test collaboration doesnt work on 3.2.1
Bug #2141: 4.0.0-dev (rev 8ea9a5a) segfault
Bug #2143: Bypass cause missing alert on packets only signatures
Bug #2144: rust: panic in dns/tcp
Bug #2148: rust/dns: panic on malformed rrnames
Bug #2153: starttls 'tunnel' packet issue - nfq_handle_packet error -1
Bug #2154: Dynamic stack overflow in payload printable output
Bug #2155: AddressSanitizer double-free error
Bug #2157: Compilation Issues Beta 4.0
Bug #2158: Suricata v4.0.0-beta1 dns_query; segmentation fault
Bug #2159: http: 2221028 triggers on underscore in hostname
Bug #2160: openbsd: pcap with raw datalink not supported
Bug #2161: libhtp 0.5.25
Bug #2165: rust: releases should include crate dependencies (cargo-vendor)
4.0.0-beta1 -- 2017-06-07
Feature #805: Add support for applayer change
Feature #806: Implement STARTTLS support
Feature #1636: Signal rotation of unified2 log file without restart
Feature #1953: lua: expose flow_id
Feature #1969: TLS transactions with session resumption are not logged
Feature #1978: Using date in logs name
Feature #1998: eve.tls: custom TLS logging
Feature #2006: tls: decode certificate serial number
Feature #2011: eve.alert: print outside IP addresses on alerts on traffic inside tunnels
Feature #2046: Support custom file permissions per logger
Feature #2061: lua: get timestamps from flow
Feature #2077: Additional HTTP Header Contents and Negation
Feature #2123: unix-socket: additional runmodes
Feature #2129: nfs: parser, logger and detection
Feature #2130: dns: rust parser with stateless behaviour
Feature #2132: eve: flowbit and other vars logging
Feature #2133: unix socket: add/remove hostbits
Bug #1335: suricata option --pidfile overwrites any file
Bug #1470: make install-full can have race conditions on OSX.
Bug #1759: CentOS5 EOL tasks
Bug #2037: travis: move off legacy support
Bug #2039: suricata stops processing when http-log output via unix_stream backs up
Bug #2041: bad checksum 0xffff
Bug #2044: af-packet: faulty VLAN handling in tpacket-v3 mode
Bug #2045: geoip: compile warning on CentOS 7
Bug #2049: Empty rule files cause failure exit code without corresponding message
Bug #2051: ippair: xbit unset memory leak
Bug #2053: ippair: pair is direction sensitive
Bug #2070: file store: file log / file store mismatch with multiple files
Bug #2072: app-layer: fix memleak on bad traffic
Bug #2078: http body handling: failed assertion
Bug #2088: modbus: clang-4.0 compiler warnings
Bug #2093: Handle TCP stream gaps.
Bug #2097: "Name of device should not be null" appears in suricata.log when using pfring with configuration from suricata.yaml
Bug #2098: isdataat: fix parsing issue with leading spaces
Bug #2108: pfring: errors when compiled with asan/debug
Bug #2111: doc: links towards http_header_names
Bug #2112: doc: links towards certain http_ keywords not working
Bug #2113: Race condition starting Unix Server
Bug #2118: defrag - overlap issue in linux policy
Bug #2125: ASAN SEGV - Suricata version 4.0dev (rev 922a27e)
Optimization #521: Introduce per stream thread segment pool
Optimization #1873: Classtypes missing on decoder-events,files, and stream-events
3.2.1 -- 2017-02-15
Feature #1951: Allow building without libmagic/file
Feature #1972: SURICATA ICMPv6 unknown type 143 for MLDv2 report
Feature #2010: Suricata should confirm SSSE3 presence at runtime when built with Hyperscan support
Bug #467: compilation with unittests & debug validation
Bug #1780: VLAN tags not forwarded in afpacket inline mode
Bug #1827: Mpm AC fails to alloc memory
Bug #1843: Mpm Ac: int overflow during init
Bug #1887: pcap-log sets snaplen to -1
Bug #1946: can't get response info in some situation
Bug #1973: suricata fails to start because of unix socket
Bug #1975: hostbits/xbits memory leak
Bug #1982: tls: invalid record event triggers on valid traffic
Bug #1984: http: protocol detection issue if both sides are malformed
Bug #1985: pcap-log: minor memory leaks
Bug #1987: log-pcap: pcap files created with invalid snaplen
Bug #1988: tls_cert_subject bug
Bug #1989: SMTP protocol detection is case sensitive
Bug #1991: Suricata cannot parse ports: "![1234, 1235]"
Bug #1997: tls-store: bug that cause Suricata to crash
Bug #2001: Handling of unsolicited DNS responses.
Bug #2003: BUG_ON body sometimes contains side-effectual code
Bug #2004: Invalid file hash computation when force-hash is used
Bug #2005: Incoherent sizes between request, capture and http length
Bug #2007: smb: protocol detection just checks toserver
Bug #2008: Suricata 3.2, pcap-log no longer works due to timestamp_pattern PCRE
Bug #2009: Suricata is unable to get offloading settings when run under non-root
Bug #2012: dns.log does not log unanswered queries
Bug #2017: EVE Log Missing Fields
Bug #2019: IPv4 defrag evasion issue
Bug #2022: dns: out of bound memory read
3.2 -- 2016-12-01
Bug #1117: PCAP file count does not persist
Bug #1577: luajit scripts load error
Bug #1924: Windows dynamic DNS updates trigger 'DNS malformed request data' alerts
Bug #1938: suricata: log handling issues
Bug #1955: luajit script init failed
Bug #1960: Error while parsing rule with PCRE keyword with semicolon
Bug #1961: No error on missing semicolon between depth and classtype
Bug #1965: dnp3/enip/cip keywords naming convention
Bug #1966: af-packet fanout detection broken on Debian Jessie (master)
3.2RC1 -- 2016-11-01
Feature #1906: doc: install man page and ship pdf
Feature #1916: lua: add an SCPacketTimestamp function
Feature #1867: rule compatibility: flow:not_established not supported.
Bug #1525: Use pkg-config for libnetfilter_queue
Bug #1690: app-layer-proto negation issue
Bug #1909: libhtp 0.5.23
Bug #1914: file log always shows stored: no even if file is stored
Bug #1917: nfq: bypass SEGV
Bug #1919: filemd5: md5-list does not allow comments any more
Bug #1923: dns - back to back requests results in loss of response
Bug #1928: flow bypass leads to memory errors
Bug #1931: multi-tenancy fails to start
Bug #1932: make install-full does not install tls-events.rules
Bug #1935: Check redis reply in non pipeline mode
Bug #1936: Can't set fast_pattern on tls_sni content
3.2beta1 -- 2016-10-03
Feature #509: add SHA1 and SHA256 checksum support for files
Feature #1231: ssl_state negation support
Feature #1345: OOBE -3- disable NIC offloading by default
Feature #1373: Allow different reassembly depth for filestore rules
Feature #1495: EtherNet/IP and CIP support
Feature #1583: tls: validity fields (notBefore and notAfter)
Feature #1657: Per application layer stats
Feature #1896: Reimplement tls.subject and tls.isserdn
Feature #1903: tls: tls_cert_valid and tls_cert_expired keywords
Feature #1907: http_request_line and http_response_line
Optimization #1044: TLS buffers evaluated by fast_pattern matcher.
Optimization #1277: Trigger second live rule-reload while first one is in progress
Bug #312: incorrect parsing of rules with missing semi-colon for keywords
Bug #712: wildcard matches on tls.subject
Bug #1353: unix-command socket created with last character missing
Bug #1486: invalid rule: parser err msg not descriptive enough
Bug #1525: Use pkg-config for libnetfilter_queue
Bug #1893: tls: src_ip and dest_ip reversed in TLS events for IPS vs IDS mode.
Bug #1898: Inspection does not always stop when stream depth is reached
3.1.2 -- 2016-09-06
Feature #1830: support 'tag' in eve log
Feature #1870: make logged flow_id more unique
Feature #1874: support Cisco Fabric Path / DCE
Feature #1885: eve: add option to log all dropped packets
Bug #1849: ICMPv6 incorrect checksum alert if Ethernet FCS is present
Bug #1853: suricata is matching everything on dce_stub_data buffer
Bug #1854: unified2: logging of tagged packets not working
Bug #1856: PCAP mode device not found
Bug #1858: Lots of TCP 'duplicated option/DNS malformed request data' after upgrading from 3.0.1 to 3.1.1
Bug #1878: dns: crash while logging sshfp records
Bug #1880: icmpv4 error packets can lead to missed detection in tcp/udp
Bug #1884: libhtp 0.5.22
3.1.1 -- 2016-07-13
Feature #1775: Lua: SMTP-support
Bug #1419: DNS transaction handling issues
Bug #1515: Problem with Threshold.config when using more than one IP
Bug #1664: Unreplied DNS queries not logged when flow is aged out
Bug #1808: Can't set thread priority after dropping privileges.
Bug #1821: Suricata 3.1 fails to start on CentOS6
Bug #1839: suricata 3.1 configure.ac says >=libhtp-0.5.5, but >=libhtp-0.5.20 required
Bug #1840: --list-keywords and --list-app-layer-protos not working
Bug #1841: libhtp 0.5.21
Bug #1844: netmap: IPS mode doesn't set 2nd iface in promisc mode
Bug #1845: Crash on disabling a app-layer protocol when it's logger is still enabled
Optimization #1846: af-packet: improve thread calculation logic
Optimization #1847: rules: don't warn on empty files
3.1 -- 2016-06-20
Bug #1589: Cannot run nfq in workers mode
Bug #1804: yaml: legacy detect-engine parsing custom values broken
3.1RC1 -- 2016-06-07
Feature #681: Implement TPACKET_V3 support in AF_PACKET
Feature #1134: tls: server name rule keyword
Feature #1343: OOBE -1- increasing the default stream.memcap and stream.reassembly.memcap values
Feature #1344: OOBE -2- decreasing the default flow-timeouts (at least for TCP)
Feature #1563: dns: log sshfp records
Feature #1760: Unit tests: Don't register return value, use 1 for success, 0 for failure.
Feature #1761: Unit tests: Provide macros for clean test failures.
Feature #1762: default to AF_PACKET for -i if available
Feature #1785: hyperscan spm integration
Feature #1789: hyperscan mpm: enable by default
Feature #1797: netmap: implement 'threads: auto'
Feature #1798: netmap: warn about NIC offloading on FreeBSD
Feature #1800: update bundled libhtp to 0.5.20
Feature #1801: reduce info level verbosity
Feature #1802: yaml: improve default layout
Feature #1803: reimplement rule grouping
Bug #1078: 'Not" operator (!) in Variable causes extremely slow loading of Suricata
Bug #1202: detect-engine profile medium consumes more memory than detect-engine profile high
Bug #1289: MPM b2gm matcher has questionable code
Bug #1487: Configuration parser depends on key ordering
Bug #1524: Potential Thread Name issues due to RHEL7 Interface Naming Contentions
Bug #1584: Rule keywords conflict will cause Suricata restart itself in loop
Bug #1606: [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl: 6
Bug #1665: Default maximum packet size is insufficient when VLAN tags are present (and not stripped)
Bug #1714: Kernel panic on application exit with netmap Suricata 3.0 stable
Bug #1746: deadlock with autofp and --disable-detection
Bug #1764: app-layer-modbus: AddressSanitizer error (segmentation fault)
Bug #1768: packet processing threads doubled
Bug #1771: tls store memory leak
Bug #1773: smtp: not all attachments inspected in all cases
Bug #1786: spm crash on rule reload
Bug #1792: dns-json-log produces no output
Bug #1795: Remove unused CPU affinity settings from suricata.yaml
Optimization #563: pmq optimization -- remove patter_id_array
Optimization #1037: Optimize TCP Option storage
Optimization #1418: lockless flow handling during capture (autofp)
Optimization #1784: reduce storage size of IPv4 options and IPv6 ext hdrs
3.0.1 -- 2016-04-04
Feature #1704: hyperscan mpm integration
Feature #1661: Improved support for xbits/hostbits (in particular ip_pair) when running with multiple threads
Bug #1697: byte_extract incompatibility with Snort.
Bug #1737: Stats not reset between PCAPs when Suricata runs in socket mode
3.0.1RC1 -- 2016-03-23
Feature #1535: Expose the certificate itself in TLS-lua
Feature #1696: improve logged flow_id
Feature #1700: enable "relro" and "now" in compile options for 3.0
Feature #1734: gre: support transparent ethernet bridge decoding
Feature #1740: Create counters for decode-events errors
Bug #873: suricata.yaml: .mgc is NOT actually added to value for magic file
Bug #1166: tls: CID 1197759: Resource leak (RESOURCE_LEAK)
Bug #1268: suricata and macos/darwin: [ERRCODE: SC_ERR_MAGIC_LOAD(197)] - magic_load failed: File 5.19 supports only version 12 magic files. `/usr/share/file/magic.mgc' is version 7
Bug #1359: memory leak
Bug #1411: Suricata generates huge load when nfq_create_queue failed
Bug #1570: stream.inline defaults to IDS mode if missing
Bug #1591: afpacket: unsupported datalink type 65534 on tun device
Bug #1619: Per-Thread Delta Stats Broken
Bug #1638: rule parsing issues: rev
Bug #1641: Suricata won't build with --disable-unix-socket when libjansson is enabled
Bug #1646: smtp: fix inspected tracker values
Bug #1660: segv when using --set on a list
Bug #1669: Suricate 3.0RC3 segfault after 10 hours
Bug #1670: Modbus compiler warnings on Fedora 23
Bug #1671: Cygwin Windows compilation with libjansson from source
Bug #1674: Cannot use 'tag:session' after base64_data keyword
Bug #1676: gentoo build error
Bug #1679: sensor-name configuration parameter specified in wrong place in default suricata.yaml
Bug #1680: Output sensor name in json
Bug #1684: eve: stream payload has wrong direction in IPS mode
Bug #1686: Conflicting "no" for "totals" and "threads" in stats output
Bug #1689: Stack overflow in case of variables misconfiguration
Bug #1693: Crash on Debian with libpcre 8.35
Bug #1695: Unix Socket missing dump-counters mode
Bug #1698: Segmentation Fault at detect-engine-content-inspection.c:438 (master)
Bug #1699: CUDA build broken
Bug #1701: memory leaks
Bug #1702: TLS SNI parsing issue
Bug #1703: extreme slow down in HTTP multipart parsing
Bug #1706: smtp memory leaks
Bug #1707: malformed json if message is too big
Bug #1708: dcerpc memory leak
Bug #1709: http memory leak
Bug #1715: nfq: broken time stamps with recent Linux kernel 4.4
Bug #1717: Memory leak on Suricata 3.0 with Netmap
Bug #1719: fileinfo output wrong in eve in http
Bug #1720: flowbit memleak
Bug #1724: alert-debuglog: non-decoder events won't trigger rotation.
Bug #1725: smtp logging memleak
Bug #1727: unix socket runmode per pcap memory leak
Bug #1728: unix manager command channel memory leaks
Bug #1729: PCRE jit is disabled/blacklisted when it should not
Bug #1731: detect-tls memory leak
Bug #1735: cppcheck: Shifting a negative value is undefined behaviour
Bug #1736: tls-sni: memory leaks on malformed traffic
Bug #1742: vlan use-for-tracking including Priority in hashing
Bug #1743: compilation with musl c library fails
Bug #1744: tls: out of bounds memory read on malformed traffic
Optimization #1642: Add --disable-python option
3.0 -- 2016-01-27