We are proud to announce that the second release candidate for the upcoming Suricata 4.0.0 is ready for your testing.
We’re aiming for a final 4.0.0 release about 2 weeks from now. Please help us test!
- Feature #744: Teredo configuration
- Feature #1748: lua: expose tx in alert lua scripts
- Bug #1855: alert number output
- Bug #1888: noalert in a pass rule disables the rule
- Bug #1957: PCRE lowercase enforcement in http_host buffer does not allow for upper case in hex-encoding
- Bug #1958: Possible confusion or bypass within the stream engine with retransmits.
- Bug #2110: isdataat: keyword memleak
- Bug #2162: rust/nfs: reachable asserting rust panic
- Bug #2175: rust/nfs: panic – 4.0.0-dev (rev 7c25a2d)
- Bug #2176: gcc 7.1.1 ‘format truncation’ compiler warnings
- Bug #2177: asn1/der: stack overflow
AFL project, Abdullah Ada
- Developer Training in Cork, Ireland. September 11 to 15: https://www.eventbrite.com/e/5-day-suricata-developer-training-ireland-tickets-33676049972 Hosted by FireEye.
- User Training at SuriCon 2017, in Prague: https://www.eventbrite.com/e/2-day-suricata-training-suricon-2017-tickets-32303327121
Come meet the Suricata community and development team to discuss all things Suricata at the third edition of the annual Suricata Conference. SuriCon 2017 will be in November in Prague: https://suricon.net
The OISF development team is proud to announce Suricata 1.4.1. This is a major update over the 1.4 release, adding some exiting features, many improvements and fixing some important bugs.
Get the new release here: suricata-1.4.1.tar.gz
The most interesting new feature is the GeoIP support. Great contribution by Ignacio Sanchez. It adds “geoip” rule keyword that allows you to match on source of destination of a packet per country.
- GeoIP keyword, allowing matching on Maxmind’s database, contributed by Ignacio Sanchez (#559)
- Introduce http_host and http_raw_host keywords (#733, #743)
- Add python module for interacting with unix socket (#767)
- Add new unix socket commands: fetching config, counters, basic runtime info (#764, #765)
- Big Napatech support update by Matt Keeler
- Configurable sensor id in unified2 output, contributed by Jake Gionet (#667)
- FreeBSD IPFW fixes by Nikolay Denev
- Add “default” interface setting to capture configuration in yaml (#679)
- Make sure “snaplen” can be set by the user (#680)
- Improve HTTP URI query string normalization (#739)
- Improved error reporting in MD5 loading (#693)
- Improve reference.config parser error reporting (#737)
- Improve build info output to include all configure options (#738)
- Segfault in TLS parsing reported by Charles Smutz (#725)
- Fix crash in teredo decoding, reported by Rmkml (#736)
- fixed UDPv4 packets without checksum being detected as invalid (#760)
- fixed DCE/SMB parsers getting confused in some fragmented cases (#764)
- parsing ipv6 address/subnet parsing in thresholding was fixed by Jamie Strandboge (#697)
- FN: IP-only rule ip_proto not matching for some protocols (#689)
- Fix build failure with other libhtp installs (#688)
- Fix malformed yaml loading leading to a crash (#694)
- Various Mac OS X fixes (#700, #701, #703)
- Fix for autotools on Mac OS X by Jason Ish (#704)
- Fix AF_PACKET under high load not updating stats (#706)
- Ignacio Sanchez
- Matt Keeler — nPulse
- Jake Gionet
- Nikolay Denev
- Jason Ish — Endace
- Jamie Strandboge
- Charles Smutz
Known issues & missing features
As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.