The OISF development team is proud to announce Suricata 1.3beta2. This is the second beta release for the upcoming 1.3 version. Focus has been on stabilizing the codebase after the big changes from the beta1 release.
116 files changed, 3610 insertions(+), 1801 deletions(-)
Release should be much more stable and should be approaching release candidate quality.
Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.3beta2.tar.gz
New features
- Experimental support for matching on large lists of known file MD5 checksums
Improvements
- Improved performance for file_data, http_server_body and http_client_body keywords.
- Improvements to HTTP handling: multipart parsing, gzip decompression.
- Byte_extract can support negative offsets now (#445).
- Support for PF_RING 5.4 added. Many thanks to Chris Wakelin (#459).
- HOME_NET and EXTERNAL_NET and the other vars are now checked for common errors (#454).
- Improved error reporting when using too long address strings (#451).
- MD5 calculation improvements for daemon mode and other cases (#449).
- File inspection scripts: Added Syslog action for logging to local syslog. Thanks to Martin Holste.
- Rule parser is made more strict.
- Unified2 output overhaul, logging individual segments in more cases.
Fixes
- detection_filter keyword accuracy problem was fixed (#453).
- Don't inspect cookie header with http header (#461).
- Crash with a rule with two byte_extract keywords (#456).
- SSL parser fixes. Thanks to Chris Wakelin for testing the patches! (#476)
- Accuracy issues in HTTP inspection fixed. Thanks to Rmkml (#452).
- Improve escaping of some characters in logs (#418).
- Checksum calculation bugs fixed.
- IPv6 parsing issues fixed. Thanks to Michel Saborde.
- Endace DAG issues fixed. Thanks to Jason Ish from Endace.
- Various OpenBSD related fixes.
- Fixes for bugs found by Coverity source code analyzer.
Credits
We'd like to thank the following people and corporations for their contributions and feedback:
Michel Saborde
Rmkml
Chris Wakelin
Martin Holste
Coverity source code analyzer
Jason Ish, Endace
Known issues & missing features
In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.
| < Prev | Next > |
|---|