Suricata 1.3.1 available

Picture by Eric LeblondThe OISF development team is pleased to announce Suricata 1.3.1. This is the first maintenance release of Suricata 1.3 with some important fixes. As a bonus AF_PACKET’s performance was greatly improved.

Because of the fixes below, upgrading is highly recommended. When upgrading, please review: Upgrading Suricata 1.3 to Suricata 1.3.1 

Download: Suricata-1.3.1.tar.gz

Improvements

– AF_PACKET performance improvements
– Defrag engine performance improvements
– HTTP: add per server options to enable/disable double decoding of URI (#464, #504)

Fixes

– Stream engine packet handling for packets with non-standard flag combinations (#508)
– Improved stream engine handling of packet loss (#523)
– Stream engine checksum alerting fixed
– Various rule analyzer fixes (#495, #496, #497)
– (Rule) profiling fixed and improved (#460, #466)
– Enforce limit on max-pending-packets (#510)
– fast_pattern on negated content improved
– TLS rule keyword parsing issues
– Windows build fixes (#502)
– Host OS parsing issues fixed (#499)
– Reject signatures where content length is bigger than “depth” setting (#505)
– Removed unused “prune-flows” option
– Set main thread and live reload thread names (#498)

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

Tags: , , , , ,